From 2f8616769fda3acaab29567802ea8183f00a52e0 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Thu, 11 Apr 2024 16:15:05 +0300 Subject: [PATCH 001/357] DasharoPayloadPkg: Create as a copy of UefiPayloadPkg from 2019 To be precise, this is what UefiPayloadPkg looked like in commit dd7523b5b123de6f0730f2f2abb207f2a5c1ccd4. At that point there were only 12 commits in that directory, so not much of history was lost by making a copy. This does not build with a more recent EDK2 deliberately to have all changes necessary to make it build in a separate commit. Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c | 158 ++++ DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.h | 30 + .../BlSupportDxe/BlSupportDxe.inf | 58 ++ DasharoPayloadPkg/BlSupportPei/BlSupportPei.c | 569 ++++++++++++++ DasharoPayloadPkg/BlSupportPei/BlSupportPei.h | 39 + .../BlSupportPei/BlSupportPei.inf | 73 ++ .../BuildAndIntegrationInstructions.txt | 82 ++ .../GraphicsOutputDxe/ComponentName.c | 184 +++++ .../GraphicsOutputDxe/GraphicsOutput.c | 739 ++++++++++++++++++ .../GraphicsOutputDxe/GraphicsOutput.h | 53 ++ .../GraphicsOutputDxe/GraphicsOutputDxe.inf | 53 ++ DasharoPayloadPkg/Include/Coreboot.h | 249 ++++++ .../Include/Guid/AcpiBoardInfoGuid.h | 29 + .../Include/Guid/MemoryMapInfoGuid.h | 36 + .../Include/Guid/SerialPortInfoGuid.h | 31 + .../Include/Guid/SystemTableInfoGuid.h | 26 + .../Include/Library/BlParseLib.h | 120 +++ .../Include/Library/PlatformSupportLib.h | 28 + .../Library/AcpiTimerLib/AcpiTimerLib.c | 270 +++++++ .../Library/AcpiTimerLib/AcpiTimerLib.inf | 40 + .../Library/CbParseLib/CbParseLib.c | 560 +++++++++++++ .../Library/CbParseLib/CbParseLib.inf | 39 + .../Library/PciHostBridgeLib/PciHostBridge.h | 80 ++ .../PciHostBridgeLib/PciHostBridgeLib.c | 222 ++++++ .../PciHostBridgeLib/PciHostBridgeLib.inf | 41 + .../PciHostBridgeLib/PciHostBridgeSupport.c | 584 ++++++++++++++ .../PlatformBootManager.c | 265 +++++++ .../PlatformBootManager.h | 132 ++++ .../PlatformBootManagerLib.inf | 71 ++ .../PlatformBootManagerLib/PlatformConsole.c | 615 +++++++++++++++ .../PlatformBootManagerLib/PlatformConsole.h | 70 ++ .../PlatformBootManagerLib/PlatformData.c | 39 + .../Library/PlatformHookLib/PlatformHookLib.c | 98 +++ .../PlatformHookLib/PlatformHookLib.inf | 39 + .../PlatformSupportLibNull.c | 29 + .../PlatformSupportLibNull.inf | 28 + .../Library/ResetSystemLib/ResetSystemLib.c | 153 ++++ .../Library/ResetSystemLib/ResetSystemLib.inf | 40 + .../Library/SblParseLib/SblParseLib.c | 223 ++++++ .../Library/SblParseLib/SblParseLib.inf | 46 ++ DasharoPayloadPkg/SecCore/FindPeiCore.c | 193 +++++ DasharoPayloadPkg/SecCore/Ia32/SecEntry.nasm | 78 ++ DasharoPayloadPkg/SecCore/Ia32/Stack.nasm | 72 ++ DasharoPayloadPkg/SecCore/SecCore.inf | 58 ++ DasharoPayloadPkg/SecCore/SecMain.c | 288 +++++++ DasharoPayloadPkg/SecCore/SecMain.h | 131 ++++ DasharoPayloadPkg/UefiPayloadPkg.dec | 71 ++ DasharoPayloadPkg/UefiPayloadPkg.fdf | 291 +++++++ DasharoPayloadPkg/UefiPayloadPkgIa32X64.dsc | 578 ++++++++++++++ 49 files changed, 8001 insertions(+) create mode 100644 DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c create mode 100644 DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.h create mode 100644 DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf create mode 100644 DasharoPayloadPkg/BlSupportPei/BlSupportPei.c create mode 100644 DasharoPayloadPkg/BlSupportPei/BlSupportPei.h create mode 100644 DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf create mode 100644 DasharoPayloadPkg/BuildAndIntegrationInstructions.txt create mode 100644 DasharoPayloadPkg/GraphicsOutputDxe/ComponentName.c create mode 100644 DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutput.c create mode 100644 DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutput.h create mode 100644 DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf create mode 100644 DasharoPayloadPkg/Include/Coreboot.h create mode 100644 DasharoPayloadPkg/Include/Guid/AcpiBoardInfoGuid.h create mode 100644 DasharoPayloadPkg/Include/Guid/MemoryMapInfoGuid.h create mode 100644 DasharoPayloadPkg/Include/Guid/SerialPortInfoGuid.h create mode 100644 DasharoPayloadPkg/Include/Guid/SystemTableInfoGuid.h create mode 100644 DasharoPayloadPkg/Include/Library/BlParseLib.h create mode 100644 DasharoPayloadPkg/Include/Library/PlatformSupportLib.h create mode 100644 DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.c create mode 100644 DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf create mode 100644 DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c create mode 100644 DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf create mode 100644 DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridge.h create mode 100644 DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.c create mode 100644 DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf create mode 100644 DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeSupport.c create mode 100644 DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c create mode 100644 DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h create mode 100644 DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf create mode 100644 DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c create mode 100644 DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.h create mode 100644 DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformData.c create mode 100644 DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.c create mode 100644 DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf create mode 100644 DasharoPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.c create mode 100644 DasharoPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.inf create mode 100644 DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.c create mode 100644 DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf create mode 100644 DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c create mode 100644 DasharoPayloadPkg/Library/SblParseLib/SblParseLib.inf create mode 100644 DasharoPayloadPkg/SecCore/FindPeiCore.c create mode 100644 DasharoPayloadPkg/SecCore/Ia32/SecEntry.nasm create mode 100644 DasharoPayloadPkg/SecCore/Ia32/Stack.nasm create mode 100644 DasharoPayloadPkg/SecCore/SecCore.inf create mode 100644 DasharoPayloadPkg/SecCore/SecMain.c create mode 100644 DasharoPayloadPkg/SecCore/SecMain.h create mode 100644 DasharoPayloadPkg/UefiPayloadPkg.dec create mode 100644 DasharoPayloadPkg/UefiPayloadPkg.fdf create mode 100644 DasharoPayloadPkg/UefiPayloadPkgIa32X64.dsc diff --git a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c new file mode 100644 index 0000000000..28dfc8fc55 --- /dev/null +++ b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c @@ -0,0 +1,158 @@ +/** @file + This driver will report some MMIO/IO resources to dxe core, extract smbios and acpi + tables from bootloader. + + Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include "BlSupportDxe.h" + +/** + Reserve MMIO/IO resource in GCD + + @param IsMMIO Flag of whether it is mmio resource or io resource. + @param GcdType Type of the space. + @param BaseAddress Base address of the space. + @param Length Length of the space. + @param Alignment Align with 2^Alignment + @param ImageHandle Handle for the image of this driver. + + @retval EFI_SUCCESS Reserve successful +**/ +EFI_STATUS +ReserveResourceInGcd ( + IN BOOLEAN IsMMIO, + IN UINTN GcdType, + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + IN UINTN Alignment, + IN EFI_HANDLE ImageHandle + ) +{ + EFI_STATUS Status; + + if (IsMMIO) { + Status = gDS->AddMemorySpace ( + GcdType, + BaseAddress, + Length, + EFI_MEMORY_UC + ); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_ERROR, + "Failed to add memory space :0x%lx 0x%lx\n", + BaseAddress, + Length + )); + } + ASSERT_EFI_ERROR (Status); + Status = gDS->AllocateMemorySpace ( + EfiGcdAllocateAddress, + GcdType, + Alignment, + Length, + &BaseAddress, + ImageHandle, + NULL + ); + ASSERT_EFI_ERROR (Status); + } else { + Status = gDS->AddIoSpace ( + GcdType, + BaseAddress, + Length + ); + ASSERT_EFI_ERROR (Status); + Status = gDS->AllocateIoSpace ( + EfiGcdAllocateAddress, + GcdType, + Alignment, + Length, + &BaseAddress, + ImageHandle, + NULL + ); + ASSERT_EFI_ERROR (Status); + } + return Status; +} + + +/** + Main entry for the bootloader support DXE module. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval other Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +BlDxeEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HOB_GUID_TYPE *GuidHob; + SYSTEM_TABLE_INFO *SystemTableInfo; + EFI_PEI_GRAPHICS_INFO_HOB *GfxInfo; + + Status = EFI_SUCCESS; + // + // Report MMIO/IO Resources + // + Status = ReserveResourceInGcd (TRUE, EfiGcdMemoryTypeMemoryMappedIo, 0xFEC00000, SIZE_4KB, 0, ImageHandle); // IOAPIC + ASSERT_EFI_ERROR (Status); + + Status = ReserveResourceInGcd (TRUE, EfiGcdMemoryTypeMemoryMappedIo, 0xFED00000, SIZE_1KB, 0, ImageHandle); // HPET + ASSERT_EFI_ERROR (Status); + + // + // Find the system table information guid hob + // + GuidHob = GetFirstGuidHob (&gUefiSystemTableInfoGuid); + ASSERT (GuidHob != NULL); + SystemTableInfo = (SYSTEM_TABLE_INFO *)GET_GUID_HOB_DATA (GuidHob); + + // + // Install Acpi Table + // + if (SystemTableInfo->AcpiTableBase != 0 && SystemTableInfo->AcpiTableSize != 0) { + DEBUG ((DEBUG_ERROR, "Install Acpi Table at 0x%lx, length 0x%x\n", SystemTableInfo->AcpiTableBase, SystemTableInfo->AcpiTableSize)); + Status = gBS->InstallConfigurationTable (&gEfiAcpiTableGuid, (VOID *)(UINTN)SystemTableInfo->AcpiTableBase); + ASSERT_EFI_ERROR (Status); + } + + // + // Install Smbios Table + // + if (SystemTableInfo->SmbiosTableBase != 0 && SystemTableInfo->SmbiosTableSize != 0) { + DEBUG ((DEBUG_ERROR, "Install Smbios Table at 0x%lx, length 0x%x\n", SystemTableInfo->SmbiosTableBase, SystemTableInfo->SmbiosTableSize)); + Status = gBS->InstallConfigurationTable (&gEfiSmbiosTableGuid, (VOID *)(UINTN)SystemTableInfo->SmbiosTableBase); + ASSERT_EFI_ERROR (Status); + } + + // + // Find the frame buffer information and update PCDs + // + GuidHob = GetFirstGuidHob (&gEfiGraphicsInfoHobGuid); + if (GuidHob != NULL) { + GfxInfo = (EFI_PEI_GRAPHICS_INFO_HOB *)GET_GUID_HOB_DATA (GuidHob); + Status = PcdSet32S (PcdVideoHorizontalResolution, GfxInfo->GraphicsMode.HorizontalResolution); + ASSERT_EFI_ERROR (Status); + Status = PcdSet32S (PcdVideoVerticalResolution, GfxInfo->GraphicsMode.VerticalResolution); + ASSERT_EFI_ERROR (Status); + Status = PcdSet32S (PcdSetupVideoHorizontalResolution, GfxInfo->GraphicsMode.HorizontalResolution); + ASSERT_EFI_ERROR (Status); + Status = PcdSet32S (PcdSetupVideoVerticalResolution, GfxInfo->GraphicsMode.VerticalResolution); + ASSERT_EFI_ERROR (Status); + } + + return EFI_SUCCESS; +} + diff --git a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.h b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.h new file mode 100644 index 0000000000..512105fafd --- /dev/null +++ b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.h @@ -0,0 +1,30 @@ +/** @file + The header file of bootloader support DXE. + +Copyright (c) 2014, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#ifndef __DXE_BOOTLOADER_SUPPORT_H__ +#define __DXE_BOOTLOADER_SUPPORT_H__ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include + +#endif diff --git a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf new file mode 100644 index 0000000000..4c2b4670af --- /dev/null +++ b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf @@ -0,0 +1,58 @@ +## @file +# Bootloader Support DXE Module +# +# Report some MMIO/IO resources to dxe core, extract smbios and acpi tables +# +# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = BlSupportDxe + FILE_GUID = C68DAA4E-7AB5-41e8-A91D-5954421053F3 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = BlDxeEntryPoint + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + BlSupportDxe.c + BlSupportDxe.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UefiPayloadPkg/UefiPayloadPkg.dec + +[LibraryClasses] + UefiDriverEntryPoint + UefiBootServicesTableLib + DxeServicesTableLib + DebugLib + BaseMemoryLib + UefiLib + HobLib + +[Guids] + gEfiAcpiTableGuid + gEfiSmbiosTableGuid + gUefiSystemTableInfoGuid + gUefiAcpiBoardInfoGuid + gEfiGraphicsInfoHobGuid + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution + +[Depex] + TRUE diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c new file mode 100644 index 0000000000..2297245311 --- /dev/null +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c @@ -0,0 +1,569 @@ +/** @file + This PEIM will parse bootloader information and report resource information into pei core. + This file contains the main entrypoint of the PEIM. + +Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include "BlSupportPei.h" + +#define LEGACY_8259_MASK_REGISTER_MASTER 0x21 +#define LEGACY_8259_MASK_REGISTER_SLAVE 0xA1 + +EFI_MEMORY_TYPE_INFORMATION mDefaultMemoryTypeInformation[] = { + { EfiACPIReclaimMemory, FixedPcdGet32 (PcdMemoryTypeEfiACPIReclaimMemory) }, + { EfiACPIMemoryNVS, FixedPcdGet32 (PcdMemoryTypeEfiACPIMemoryNVS) }, + { EfiReservedMemoryType, FixedPcdGet32 (PcdMemoryTypeEfiReservedMemoryType) }, + { EfiRuntimeServicesData, FixedPcdGet32 (PcdMemoryTypeEfiRuntimeServicesData) }, + { EfiRuntimeServicesCode, FixedPcdGet32 (PcdMemoryTypeEfiRuntimeServicesCode) }, + { EfiMaxMemoryType, 0 } +}; + +EFI_PEI_PPI_DESCRIPTOR mPpiBootMode[] = { + { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gEfiPeiMasterBootModePpiGuid, + NULL + } +}; + +EFI_PEI_GRAPHICS_DEVICE_INFO_HOB mDefaultGraphicsDeviceInfo = { + MAX_UINT16, MAX_UINT16, MAX_UINT16, MAX_UINT16, MAX_UINT8, MAX_UINT8 +}; + +/** + Create memory mapped io resource hob. + + @param MmioBase Base address of the memory mapped io range + @param MmioSize Length of the memory mapped io range + +**/ +VOID +BuildMemoryMappedIoRangeHob ( + EFI_PHYSICAL_ADDRESS MmioBase, + UINT64 MmioSize + ) +{ + BuildResourceDescriptorHob ( + EFI_RESOURCE_MEMORY_MAPPED_IO, + (EFI_RESOURCE_ATTRIBUTE_PRESENT | + EFI_RESOURCE_ATTRIBUTE_INITIALIZED | + EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE | + EFI_RESOURCE_ATTRIBUTE_TESTED), + MmioBase, + MmioSize + ); + + BuildMemoryAllocationHob ( + MmioBase, + MmioSize, + EfiMemoryMappedIO + ); +} + +/** + Check the integrity of firmware volume header + + @param[in] FwVolHeader A pointer to a firmware volume header + + @retval TRUE The firmware volume is consistent + @retval FALSE The firmware volume has corrupted. + +**/ +STATIC +BOOLEAN +IsFvHeaderValid ( + IN EFI_FIRMWARE_VOLUME_HEADER *FwVolHeader + ) +{ + UINT16 Checksum; + + // Skip nv storage fv + if (CompareMem (&FwVolHeader->FileSystemGuid, &gEfiFirmwareFileSystem2Guid, sizeof(EFI_GUID)) != 0 ) { + return FALSE; + } + + if ( (FwVolHeader->Revision != EFI_FVH_REVISION) || + (FwVolHeader->Signature != EFI_FVH_SIGNATURE) || + (FwVolHeader->FvLength == ((UINTN) -1)) || + ((FwVolHeader->HeaderLength & 0x01 ) !=0) ) { + return FALSE; + } + + Checksum = CalculateCheckSum16 ((UINT16 *) FwVolHeader, FwVolHeader->HeaderLength); + if (Checksum != 0) { + DEBUG (( DEBUG_ERROR, + "ERROR - Invalid Firmware Volume Header Checksum, change 0x%04x to 0x%04x\r\n", + FwVolHeader->Checksum, + (UINT16)( Checksum + FwVolHeader->Checksum ))); + return TRUE; //FALSE; Need update UEFI build tool when patching entrypoin @start of fd. + } + + return TRUE; +} + +/** + Install FvInfo PPI and create fv hobs for remained fvs + +**/ +VOID +PeiReportRemainedFvs ( + VOID + ) +{ + UINT8* TempPtr; + UINT8* EndPtr; + + TempPtr = (UINT8* )(UINTN) PcdGet32 (PcdPayloadFdMemBase); + EndPtr = (UINT8* )(UINTN) (PcdGet32 (PcdPayloadFdMemBase) + PcdGet32 (PcdPayloadFdMemSize)); + + for (;TempPtr < EndPtr;) { + if (IsFvHeaderValid ((EFI_FIRMWARE_VOLUME_HEADER* )TempPtr)) { + if (TempPtr != (UINT8* )(UINTN) PcdGet32 (PcdPayloadFdMemBase)) { + // Skip the PEI FV + DEBUG((DEBUG_INFO, "Found one valid fv : 0x%lx.\n", TempPtr, ((EFI_FIRMWARE_VOLUME_HEADER* )TempPtr)->FvLength)); + + PeiServicesInstallFvInfoPpi ( + NULL, + (VOID *) (UINTN) TempPtr, + (UINT32) (UINTN) ((EFI_FIRMWARE_VOLUME_HEADER* )TempPtr)->FvLength, + NULL, + NULL + ); + BuildFvHob ((EFI_PHYSICAL_ADDRESS)(UINTN) TempPtr, ((EFI_FIRMWARE_VOLUME_HEADER* )TempPtr)->FvLength); + } + } + TempPtr += ((EFI_FIRMWARE_VOLUME_HEADER* )TempPtr)->FvLength; + } +} + + +/** + Find the board related info from ACPI table + + @param AcpiTableBase ACPI table start address in memory + @param AcpiBoardInfo Pointer to the acpi board info strucutre + + @retval RETURN_SUCCESS Successfully find out all the required information. + @retval RETURN_NOT_FOUND Failed to find the required info. + +**/ +RETURN_STATUS +ParseAcpiInfo ( + IN UINT64 AcpiTableBase, + OUT ACPI_BOARD_INFO *AcpiBoardInfo + ) +{ + EFI_ACPI_3_0_ROOT_SYSTEM_DESCRIPTION_POINTER *Rsdp; + EFI_ACPI_DESCRIPTION_HEADER *Rsdt; + UINT32 *Entry32; + UINTN Entry32Num; + EFI_ACPI_3_0_FIXED_ACPI_DESCRIPTION_TABLE *Fadt; + EFI_ACPI_DESCRIPTION_HEADER *Xsdt; + UINT64 *Entry64; + UINTN Entry64Num; + UINTN Idx; + UINT32 *Signature; + EFI_ACPI_MEMORY_MAPPED_CONFIGURATION_BASE_ADDRESS_TABLE_HEADER *MmCfgHdr; + EFI_ACPI_MEMORY_MAPPED_ENHANCED_CONFIGURATION_SPACE_BASE_ADDRESS_ALLOCATION_STRUCTURE *MmCfgBase; + + Rsdp = (EFI_ACPI_3_0_ROOT_SYSTEM_DESCRIPTION_POINTER *)(UINTN)AcpiTableBase; + DEBUG ((DEBUG_INFO, "Rsdp at 0x%p\n", Rsdp)); + DEBUG ((DEBUG_INFO, "Rsdt at 0x%x, Xsdt at 0x%lx\n", Rsdp->RsdtAddress, Rsdp->XsdtAddress)); + + // + // Search Rsdt First + // + Fadt = NULL; + MmCfgHdr = NULL; + Rsdt = (EFI_ACPI_DESCRIPTION_HEADER *)(UINTN)(Rsdp->RsdtAddress); + if (Rsdt != NULL) { + Entry32 = (UINT32 *)(Rsdt + 1); + Entry32Num = (Rsdt->Length - sizeof(EFI_ACPI_DESCRIPTION_HEADER)) >> 2; + for (Idx = 0; Idx < Entry32Num; Idx++) { + Signature = (UINT32 *)(UINTN)Entry32[Idx]; + if (*Signature == EFI_ACPI_3_0_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE) { + Fadt = (EFI_ACPI_3_0_FIXED_ACPI_DESCRIPTION_TABLE *)Signature; + DEBUG ((DEBUG_INFO, "Found Fadt in Rsdt\n")); + } + + if (*Signature == EFI_ACPI_5_0_PCI_EXPRESS_MEMORY_MAPPED_CONFIGURATION_SPACE_BASE_ADDRESS_DESCRIPTION_TABLE_SIGNATURE) { + MmCfgHdr = (EFI_ACPI_MEMORY_MAPPED_CONFIGURATION_BASE_ADDRESS_TABLE_HEADER *)Signature; + DEBUG ((DEBUG_INFO, "Found MM config address in Rsdt\n")); + } + + if ((Fadt != NULL) && (MmCfgHdr != NULL)) { + goto Done; + } + } + } + + // + // Search Xsdt Second + // + Xsdt = (EFI_ACPI_DESCRIPTION_HEADER *)(UINTN)(Rsdp->XsdtAddress); + if (Xsdt != NULL) { + Entry64 = (UINT64 *)(Xsdt + 1); + Entry64Num = (Xsdt->Length - sizeof(EFI_ACPI_DESCRIPTION_HEADER)) >> 3; + for (Idx = 0; Idx < Entry64Num; Idx++) { + Signature = (UINT32 *)(UINTN)Entry64[Idx]; + if (*Signature == EFI_ACPI_3_0_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE) { + Fadt = (EFI_ACPI_3_0_FIXED_ACPI_DESCRIPTION_TABLE *)Signature; + DEBUG ((DEBUG_INFO, "Found Fadt in Xsdt\n")); + } + + if (*Signature == EFI_ACPI_5_0_PCI_EXPRESS_MEMORY_MAPPED_CONFIGURATION_SPACE_BASE_ADDRESS_DESCRIPTION_TABLE_SIGNATURE) { + MmCfgHdr = (EFI_ACPI_MEMORY_MAPPED_CONFIGURATION_BASE_ADDRESS_TABLE_HEADER *)Signature; + DEBUG ((DEBUG_INFO, "Found MM config address in Xsdt\n")); + } + + if ((Fadt != NULL) && (MmCfgHdr != NULL)) { + goto Done; + } + } + } + + if (Fadt == NULL) { + return RETURN_NOT_FOUND; + } + +Done: + + AcpiBoardInfo->PmCtrlRegBase = Fadt->Pm1aCntBlk; + AcpiBoardInfo->PmTimerRegBase = Fadt->PmTmrBlk; + AcpiBoardInfo->ResetRegAddress = Fadt->ResetReg.Address; + AcpiBoardInfo->ResetValue = Fadt->ResetValue; + AcpiBoardInfo->PmEvtBase = Fadt->Pm1aEvtBlk; + AcpiBoardInfo->PmGpeEnBase = Fadt->Gpe0Blk + Fadt->Gpe0BlkLen / 2; + + if (MmCfgHdr != NULL) { + MmCfgBase = (EFI_ACPI_MEMORY_MAPPED_ENHANCED_CONFIGURATION_SPACE_BASE_ADDRESS_ALLOCATION_STRUCTURE *)((UINT8*) MmCfgHdr + sizeof (*MmCfgHdr)); + AcpiBoardInfo->PcieBaseAddress = MmCfgBase->BaseAddress; + } else { + AcpiBoardInfo->PcieBaseAddress = 0; + } + DEBUG ((DEBUG_INFO, "PmCtrl Reg 0x%lx\n", AcpiBoardInfo->PmCtrlRegBase)); + DEBUG ((DEBUG_INFO, "PmTimer Reg 0x%lx\n", AcpiBoardInfo->PmTimerRegBase)); + DEBUG ((DEBUG_INFO, "Reset Reg 0x%lx\n", AcpiBoardInfo->ResetRegAddress)); + DEBUG ((DEBUG_INFO, "Reset Value 0x%x\n", AcpiBoardInfo->ResetValue)); + DEBUG ((DEBUG_INFO, "PmEvt Reg 0x%lx\n", AcpiBoardInfo->PmEvtBase)); + DEBUG ((DEBUG_INFO, "PmGpeEn Reg 0x%lx\n", AcpiBoardInfo->PmGpeEnBase)); + DEBUG ((DEBUG_INFO, "PcieBaseAddr 0x%lx\n", AcpiBoardInfo->PcieBaseAddress)); + + // + // Verify values for proper operation + // + ASSERT(Fadt->Pm1aCntBlk != 0); + ASSERT(Fadt->PmTmrBlk != 0); + ASSERT(Fadt->ResetReg.Address != 0); + ASSERT(Fadt->Pm1aEvtBlk != 0); + ASSERT(Fadt->Gpe0Blk != 0); + + DEBUG_CODE_BEGIN (); + BOOLEAN SciEnabled; + + // + // Check the consistency of SCI enabling + // + + // + // Get SCI_EN value + // + if (Fadt->Pm1CntLen == 4) { + SciEnabled = (IoRead32 (Fadt->Pm1aCntBlk) & BIT0)? TRUE : FALSE; + } else { + // + // if (Pm1CntLen == 2), use 16 bit IO read; + // if (Pm1CntLen != 2 && Pm1CntLen != 4), use 16 bit IO read as a fallback + // + SciEnabled = (IoRead16 (Fadt->Pm1aCntBlk) & BIT0)? TRUE : FALSE; + } + + if (!(Fadt->Flags & EFI_ACPI_5_0_HW_REDUCED_ACPI) && + (Fadt->SmiCmd == 0) && + !SciEnabled) { + // + // The ACPI enabling status is inconsistent: SCI is not enabled but ACPI + // table does not provide a means to enable it through FADT->SmiCmd + // + DEBUG ((DEBUG_ERROR, "ERROR: The ACPI enabling status is inconsistent: SCI is not" + " enabled but the ACPI table does not provide a means to enable it through FADT->SmiCmd." + " This may cause issues in OS.\n")); + } + DEBUG_CODE_END (); + + return RETURN_SUCCESS; +} + +EFI_STATUS +MemInfoCallback ( + IN MEMROY_MAP_ENTRY *MemoryMapEntry, + IN VOID *Params + ) +{ + PAYLOAD_MEM_INFO *MemInfo; + UINTN Attribue; + EFI_PHYSICAL_ADDRESS Base; + EFI_RESOURCE_TYPE Type; + UINT64 Size; + UINT32 SystemLowMemTop; + + Attribue = EFI_RESOURCE_ATTRIBUTE_PRESENT | + EFI_RESOURCE_ATTRIBUTE_INITIALIZED | + EFI_RESOURCE_ATTRIBUTE_TESTED | + EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE; + + MemInfo = (PAYLOAD_MEM_INFO *)Params; + Type = (MemoryMapEntry->Type == 1) ? EFI_RESOURCE_SYSTEM_MEMORY : EFI_RESOURCE_MEMORY_RESERVED; + Base = MemoryMapEntry->Base; + Size = MemoryMapEntry->Size; + + if ((Base < 0x100000) && ((Base + Size) > 0x100000)) { + Size -= (0x100000 - Base); + Base = 0x100000; + } + + if (Base >= 0x100000) { + if (Type == EFI_RESOURCE_SYSTEM_MEMORY) { + if (Base < 0x100000000ULL) { + MemInfo->UsableLowMemTop = (UINT32)(Base + Size); + } else { + Attribue &= ~EFI_RESOURCE_ATTRIBUTE_TESTED; + } + BuildResourceDescriptorHob ( + EFI_RESOURCE_SYSTEM_MEMORY, + Attribue, + (EFI_PHYSICAL_ADDRESS)Base, + Size + ); + } else if (Type == EFI_RESOURCE_MEMORY_RESERVED) { + BuildResourceDescriptorHob ( + EFI_RESOURCE_MEMORY_RESERVED, + Attribue, + (EFI_PHYSICAL_ADDRESS)Base, + Size + ); + if (Base < 0x100000000ULL) { + SystemLowMemTop = ((UINT32)(Base + Size) + 0x0FFFFFFF) & 0xF0000000; + if (SystemLowMemTop > MemInfo->SystemLowMemTop) { + MemInfo->SystemLowMemTop = SystemLowMemTop; + } + } + } + } + + return EFI_SUCCESS; +} + +/** + This is the entrypoint of PEIM + + @param FileHandle Handle of the file being invoked. + @param PeiServices Describes the list of possible PEI Services. + + @retval EFI_SUCCESS if it completed successfully. +**/ +EFI_STATUS +EFIAPI +BlPeiEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + UINT64 LowMemorySize; + UINT64 PeiMemSize = SIZE_64MB; + EFI_PHYSICAL_ADDRESS PeiMemBase = 0; + UINT32 RegEax; + UINT8 PhysicalAddressBits; + PAYLOAD_MEM_INFO PldMemInfo; + SYSTEM_TABLE_INFO SysTableInfo; + SYSTEM_TABLE_INFO *NewSysTableInfo; + ACPI_BOARD_INFO AcpiBoardInfo; + ACPI_BOARD_INFO *NewAcpiBoardInfo; + EFI_PEI_GRAPHICS_INFO_HOB GfxInfo; + EFI_PEI_GRAPHICS_INFO_HOB *NewGfxInfo; + EFI_PEI_GRAPHICS_DEVICE_INFO_HOB GfxDeviceInfo; + EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *NewGfxDeviceInfo; + + + // + // Report lower 640KB of RAM. Attribute EFI_RESOURCE_ATTRIBUTE_TESTED + // is intentionally omitted to prevent erasing of the coreboot header + // record before it is processed by ParseMemoryInfo. + // + BuildResourceDescriptorHob ( + EFI_RESOURCE_SYSTEM_MEMORY, + ( + EFI_RESOURCE_ATTRIBUTE_PRESENT | + EFI_RESOURCE_ATTRIBUTE_INITIALIZED | + EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE + ), + (EFI_PHYSICAL_ADDRESS)(0), + (UINT64)(0xA0000) + ); + + BuildResourceDescriptorHob ( + EFI_RESOURCE_MEMORY_RESERVED, + ( + EFI_RESOURCE_ATTRIBUTE_PRESENT | + EFI_RESOURCE_ATTRIBUTE_INITIALIZED | + EFI_RESOURCE_ATTRIBUTE_TESTED | + EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE + ), + (EFI_PHYSICAL_ADDRESS)(0xA0000), + (UINT64)(0x60000) + ); + + + // + // Parse memory info + // + ZeroMem (&PldMemInfo, sizeof(PldMemInfo)); + Status = ParseMemoryInfo (MemInfoCallback, &PldMemInfo); + if (EFI_ERROR(Status)) { + return Status; + } + + // + // Install memory + // + LowMemorySize = PldMemInfo.UsableLowMemTop; + PeiMemBase = (LowMemorySize - PeiMemSize) & (~(BASE_64KB - 1)); + DEBUG ((DEBUG_INFO, "Low memory 0x%lx\n", LowMemorySize)); + DEBUG ((DEBUG_INFO, "SystemLowMemTop 0x%x\n", PldMemInfo.SystemLowMemTop)); + DEBUG ((DEBUG_INFO, "PeiMemBase: 0x%lx.\n", PeiMemBase)); + DEBUG ((DEBUG_INFO, "PeiMemSize: 0x%lx.\n", PeiMemSize)); + Status = PeiServicesInstallPeiMemory (PeiMemBase, PeiMemSize); + ASSERT_EFI_ERROR (Status); + + // + // Set cache on the physical memory + // + MtrrSetMemoryAttribute (BASE_1MB, LowMemorySize - BASE_1MB, CacheWriteBack); + MtrrSetMemoryAttribute (0, 0xA0000, CacheWriteBack); + + // + // Create Memory Type Information HOB + // + BuildGuidDataHob ( + &gEfiMemoryTypeInformationGuid, + mDefaultMemoryTypeInformation, + sizeof(mDefaultMemoryTypeInformation) + ); + + // + // Create Fv hob + // + PeiReportRemainedFvs (); + + BuildMemoryAllocationHob ( + PcdGet32 (PcdPayloadFdMemBase), + PcdGet32 (PcdPayloadFdMemSize), + EfiBootServicesData + ); + + // + // Build CPU memory space and IO space hob + // + AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL); + if (RegEax >= 0x80000008) { + AsmCpuid (0x80000008, &RegEax, NULL, NULL, NULL); + PhysicalAddressBits = (UINT8) RegEax; + } else { + PhysicalAddressBits = 36; + } + + // + // Create a CPU hand-off information + // + BuildCpuHob (PhysicalAddressBits, 16); + + // + // Report Local APIC range + // + BuildMemoryMappedIoRangeHob (0xFEC80000, SIZE_512KB); + + // + // Boot mode + // + Status = PeiServicesSetBootMode (BOOT_WITH_FULL_CONFIGURATION); + ASSERT_EFI_ERROR (Status); + + Status = PeiServicesInstallPpi (mPpiBootMode); + ASSERT_EFI_ERROR (Status); + + // + // Create guid hob for frame buffer information + // + Status = ParseGfxInfo (&GfxInfo); + if (!EFI_ERROR (Status)) { + NewGfxInfo = BuildGuidHob (&gEfiGraphicsInfoHobGuid, sizeof (GfxInfo)); + ASSERT (NewGfxInfo != NULL); + CopyMem (NewGfxInfo, &GfxInfo, sizeof (GfxInfo)); + DEBUG ((DEBUG_INFO, "Created graphics info hob\n")); + } + + + Status = ParseGfxDeviceInfo (&GfxDeviceInfo); + if (!EFI_ERROR (Status)) { + NewGfxDeviceInfo = BuildGuidHob (&gEfiGraphicsDeviceInfoHobGuid, sizeof (GfxDeviceInfo)); + ASSERT (NewGfxDeviceInfo != NULL); + CopyMem (NewGfxDeviceInfo, &GfxDeviceInfo, sizeof (GfxDeviceInfo)); + DEBUG ((DEBUG_INFO, "Created graphics device info hob\n")); + } + + + // + // Create guid hob for system tables like acpi table and smbios table + // + Status = ParseSystemTable(&SysTableInfo); + ASSERT_EFI_ERROR (Status); + if (!EFI_ERROR (Status)) { + NewSysTableInfo = BuildGuidHob (&gUefiSystemTableInfoGuid, sizeof (SYSTEM_TABLE_INFO)); + ASSERT (NewSysTableInfo != NULL); + CopyMem (NewSysTableInfo, &SysTableInfo, sizeof (SYSTEM_TABLE_INFO)); + DEBUG ((DEBUG_INFO, "Detected Acpi Table at 0x%lx, length 0x%x\n", SysTableInfo.AcpiTableBase, SysTableInfo.AcpiTableSize)); + DEBUG ((DEBUG_INFO, "Detected Smbios Table at 0x%lx, length 0x%x\n", SysTableInfo.SmbiosTableBase, SysTableInfo.SmbiosTableSize)); + } + + // + // Create guid hob for acpi board information + // + Status = ParseAcpiInfo (SysTableInfo.AcpiTableBase, &AcpiBoardInfo); + ASSERT_EFI_ERROR (Status); + if (!EFI_ERROR (Status)) { + NewAcpiBoardInfo = BuildGuidHob (&gUefiAcpiBoardInfoGuid, sizeof (ACPI_BOARD_INFO)); + ASSERT (NewAcpiBoardInfo != NULL); + CopyMem (NewAcpiBoardInfo, &AcpiBoardInfo, sizeof (ACPI_BOARD_INFO)); + DEBUG ((DEBUG_INFO, "Create acpi board info guid hob\n")); + } + + // + // Parse platform specific information. + // + Status = ParsePlatformInfo (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Error when parsing platform info, Status = %r\n", Status)); + return Status; + } + + // + // Mask off all legacy 8259 interrupt sources + // + IoWrite8 (LEGACY_8259_MASK_REGISTER_MASTER, 0xFF); + IoWrite8 (LEGACY_8259_MASK_REGISTER_SLAVE, 0xFF); + + return EFI_SUCCESS; +} + diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h new file mode 100644 index 0000000000..d11a3570a1 --- /dev/null +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h @@ -0,0 +1,39 @@ +/** @file + The header file of bootloader support PEIM. + +Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#ifndef __PEI_BOOTLOADER_SUPPORT_H__ +#define __PEI_BOOTLOADER_SUPPORT_H__ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +typedef struct { + UINT32 UsableLowMemTop; + UINT32 SystemLowMemTop; +} PAYLOAD_MEM_INFO; + +#endif diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf new file mode 100644 index 0000000000..711fe63fe6 --- /dev/null +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf @@ -0,0 +1,73 @@ +## @file +# Bootloader Support PEI Module +# +# Parses bootloader information and report resource information into pei core. It will install +# the memory as required. +# +# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = BlSupportPeim + FILE_GUID = 352C6AF8-315B-4bd6-B04F-31D4ED1EBE57 + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = BlPeiEntryPoint + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + BlSupportPei.c + BlSupportPei.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + IntelFsp2Pkg/IntelFsp2Pkg.dec + IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec + UefiPayloadPkg/UefiPayloadPkg.dec + UefiCpuPkg/UefiCpuPkg.dec + +[LibraryClasses] + PeimEntryPoint + PeiServicesLib + BaseLib + BaseMemoryLib + DebugLib + HobLib + PcdLib + BlParseLib + MtrrLib + IoLib + PlatformSupportLib + +[Guids] + gEfiMemoryTypeInformationGuid + gEfiFirmwareFileSystem2Guid + gUefiSystemTableInfoGuid + gEfiGraphicsInfoHobGuid + gEfiGraphicsDeviceInfoHobGuid + gUefiAcpiBoardInfoGuid + +[Ppis] + gEfiPeiMasterBootModePpiGuid + +[Pcd] + gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase + gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize + gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory + gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS + gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType + gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData + gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode + +[Depex] + TRUE diff --git a/DasharoPayloadPkg/BuildAndIntegrationInstructions.txt b/DasharoPayloadPkg/BuildAndIntegrationInstructions.txt new file mode 100644 index 0000000000..2cacd48904 --- /dev/null +++ b/DasharoPayloadPkg/BuildAndIntegrationInstructions.txt @@ -0,0 +1,82 @@ +================================================================================ +Build And Integration Instructions +2019 March 27th +================================================================================ + +================================================================================ +DISCLAIMER +================================================================================ +This release note as well as the software described in it is furnished under license +and may only be used or copied in accordance with the terms of the license. The +information in this manual is furnished for informational use only, is subject to +change without notice, and should not be construed as a commitment by Intel Corporation. +Intel Corporation assumes no responsibility or liability for any errors or inaccuracies +that may appear in this document or any software that may be provided in association +with this document. +Except as permitted by such license, no part of this document may be reproduced, +stored in a retrieval system, or transmitted in any form or by any means without +the express written consent of Intel Corporation. + +================================================================================ + INDEX +================================================================================ +A. INTRODUCTION +B. HOW TO BUILD +C. HOW TO INTEGRATE INTO COREBOOT +D. HOW TO INTEGRATE INTO SLIM BOOTLOADER + +================================================================================ +A. INTRODUCTION +================================================================================ +This document provides instructions on how to build UEFI Payload and how to +integrate it into coreboot or Slim Bootloader firmware. + +================================================================================ +B. HOW TO BUILD +================================================================================ +1. Run the below two commands in windows command prompt window: + edksetup.bat + + For debug ia32 build: + build -a IA32 -p UefiPayloadPkg\UefiPayloadPkgIa32.dsc -b DEBUG -t -D BOOTLOADER= + + For release ia32 build: + build -a IA32 -p UefiPayloadPkg\UefiPayloadPkgIa32.dsc -b RELEASE -t -D BOOTLOADER= + + For debug X64 build: + build -a IA32 -a X64 -p UefiPayloadPkg\UefiPayloadPkgIa32X64.dsc -b DEBUG -t -D BOOTLOADER= + + For release X64 build: + build -a IA32 -a X64 -p UefiPayloadPkg\UefiPayloadPkgIa32X64.dsc -b RELEASE -t -D BOOTLOADER= + + is the EDK II build environment on your host. Currently it was tested + with VS2015x86 toolchain. + could be "SBL" for Slim Bootloader and "COREBOOT" for coreboot. + + Refer to https://github.com/tianocore/tianocore.github.io/wiki/UDK2018-How-to-Build for + details about EDK II build steps. + +2. If build is successfully, the payload image (UEFIPAYLOAD.fd) will be generated inside the + folder of Build\UefiPayloadPkg. + +================================================================================ +C. HOW TO INTEGRATE INTO COREBOOT +================================================================================ +1. Copy the payload image (UEFIPAYLOAD.fd) into the top-level directory of Coreboot source tree. +2. Run "make menuconfig" in linux console to start Coreboot configuration surface. +3. In the Payload section, + 1) Choose "An ELF executable payload" for the option of "Add a payload". + 2) Type the path of payload image for the option of "Payload path and filename". + 3) Select the option of "Use LZMA compression for payloads". +4. If the graphics console is required in UEFI payload, enable framebuffer initialization in coreboot. + This could be done by enabling native graphics or using VGA BIOS option rom. +5. Build the coreboot firmware image. + +================================================================================ +D. HOW TO INTEGRATE INTO SLIM BOOTLOADER +================================================================================ +Please refer https://slimbootloader.github.io/how-tos/integrate-multiple-payloads.html for below steps. +1. Copy the payload image (UEFIPAYLOAD.fd) into Slim Bootloader source at PayloadPkg\PayloadBins\UefiPld.fd +2. Update config data to make UEFI payload as default payload if required. +3. Build Slim Bootloader with UEFI payload: + BuildLoader.py build -p "OsLoader.efi:LLDR:Lz4;UefiPld.fd:UEFI:Lzma" diff --git a/DasharoPayloadPkg/GraphicsOutputDxe/ComponentName.c b/DasharoPayloadPkg/GraphicsOutputDxe/ComponentName.c new file mode 100644 index 0000000000..7b7f5683a5 --- /dev/null +++ b/DasharoPayloadPkg/GraphicsOutputDxe/ComponentName.c @@ -0,0 +1,184 @@ +/** @file + UEFI Component Name(2) protocol implementation for the generic GOP driver. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + + +**/ + +#include +#include + +extern EFI_COMPONENT_NAME_PROTOCOL mGraphicsOutputComponentName; +extern EFI_COMPONENT_NAME2_PROTOCOL mGraphicsOutputComponentName2; + +// +// Driver name table for GraphicsOutput module. +// It is shared by the implementation of ComponentName & ComponentName2 Protocol. +// +GLOBAL_REMOVE_IF_UNREFERENCED EFI_UNICODE_STRING_TABLE mGraphicsOutputDriverNameTable[] = { + { + "eng;en", + L"Generic Graphics Output Driver" + }, + { + NULL, + NULL + } +}; + +/** + Retrieves a Unicode string that is the user readable name of the driver. + + This function retrieves the user readable name of a driver in the form of a + Unicode string. If the driver specified by This has a user readable name in + the language specified by Language, then a pointer to the driver name is + returned in DriverName, and EFI_SUCCESS is returned. If the driver specified + by This does not support the language specified by Language, + then EFI_UNSUPPORTED is returned. + + @param This[in] A pointer to the EFI_COMPONENT_NAME2_PROTOCOL or + EFI_COMPONENT_NAME_PROTOCOL instance. + + @param Language[in] A pointer to a Null-terminated ASCII string + array indicating the language. This is the + language of the driver name that the caller is + requesting, and it must match one of the + languages specified in SupportedLanguages. The + number of languages supported by a driver is up + to the driver writer. Language is specified + in RFC 4646 or ISO 639-2 language code format. + + @param DriverName[out] A pointer to the Unicode string to return. + This Unicode string is the name of the + driver specified by This in the language + specified by Language. + + @retval EFI_SUCCESS The Unicode string for the Driver specified by + This and the language specified by Language was + returned in DriverName. + + @retval EFI_INVALID_PARAMETER Language is NULL. + + @retval EFI_INVALID_PARAMETER DriverName is NULL. + + @retval EFI_UNSUPPORTED The driver specified by This does not support + the language specified by Language. + +**/ +EFI_STATUS +EFIAPI +GraphicsOutputComponentNameGetDriverName ( + IN EFI_COMPONENT_NAME_PROTOCOL *This, + IN CHAR8 *Language, + OUT CHAR16 **DriverName + ) +{ + return LookupUnicodeString2 ( + Language, + This->SupportedLanguages, + mGraphicsOutputDriverNameTable, + DriverName, + (BOOLEAN) (This == &mGraphicsOutputComponentName) + ); +} + +/** + Retrieves a Unicode string that is the user readable name of the controller + that is being managed by a driver. + + This function retrieves the user readable name of the controller specified by + ControllerHandle and ChildHandle in the form of a Unicode string. If the + driver specified by This has a user readable name in the language specified by + Language, then a pointer to the controller name is returned in ControllerName, + and EFI_SUCCESS is returned. If the driver specified by This is not currently + managing the controller specified by ControllerHandle and ChildHandle, + then EFI_UNSUPPORTED is returned. If the driver specified by This does not + support the language specified by Language, then EFI_UNSUPPORTED is returned. + + @param This[in] A pointer to the EFI_COMPONENT_NAME2_PROTOCOL or + EFI_COMPONENT_NAME_PROTOCOL instance. + + @param ControllerHandle[in] The handle of a controller that the driver + specified by This is managing. This handle + specifies the controller whose name is to be + returned. + + @param ChildHandle[in] The handle of the child controller to retrieve + the name of. This is an optional parameter that + may be NULL. It will be NULL for device + drivers. It will also be NULL for a bus drivers + that wish to retrieve the name of the bus + controller. It will not be NULL for a bus + driver that wishes to retrieve the name of a + child controller. + + @param Language[in] A pointer to a Null-terminated ASCII string + array indicating the language. This is the + language of the driver name that the caller is + requesting, and it must match one of the + languages specified in SupportedLanguages. The + number of languages supported by a driver is up + to the driver writer. Language is specified in + RFC 4646 or ISO 639-2 language code format. + + @param ControllerName[out] A pointer to the Unicode string to return. + This Unicode string is the name of the + controller specified by ControllerHandle and + ChildHandle in the language specified by + Language from the point of view of the driver + specified by This. + + @retval EFI_SUCCESS The Unicode string for the user readable name in + the language specified by Language for the + driver specified by This was returned in + DriverName. + + @retval EFI_INVALID_PARAMETER ControllerHandle is NULL. + + @retval EFI_INVALID_PARAMETER ChildHandle is not NULL and it is not a valid + EFI_HANDLE. + + @retval EFI_INVALID_PARAMETER Language is NULL. + + @retval EFI_INVALID_PARAMETER ControllerName is NULL. + + @retval EFI_UNSUPPORTED The driver specified by This is not currently + managing the controller specified by + ControllerHandle and ChildHandle. + + @retval EFI_UNSUPPORTED The driver specified by This does not support + the language specified by Language. + +**/ +EFI_STATUS +EFIAPI +GraphicsOutputComponentNameGetControllerName ( + IN EFI_COMPONENT_NAME_PROTOCOL *This, + IN EFI_HANDLE ControllerHandle, + IN EFI_HANDLE ChildHandle OPTIONAL, + IN CHAR8 *Language, + OUT CHAR16 **ControllerName + ) +{ + return EFI_UNSUPPORTED; +} + +// +// EFI Component Name Protocol +// +GLOBAL_REMOVE_IF_UNREFERENCED EFI_COMPONENT_NAME_PROTOCOL mGraphicsOutputComponentName = { + GraphicsOutputComponentNameGetDriverName, + GraphicsOutputComponentNameGetControllerName, + "eng" +}; + +// +// EFI Component Name 2 Protocol +// +GLOBAL_REMOVE_IF_UNREFERENCED EFI_COMPONENT_NAME2_PROTOCOL mGraphicsOutputComponentName2 = { + (EFI_COMPONENT_NAME2_GET_DRIVER_NAME) GraphicsOutputComponentNameGetDriverName, + (EFI_COMPONENT_NAME2_GET_CONTROLLER_NAME) GraphicsOutputComponentNameGetControllerName, + "en" +}; diff --git a/DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutput.c b/DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutput.c new file mode 100644 index 0000000000..43787d279a --- /dev/null +++ b/DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutput.c @@ -0,0 +1,739 @@ +/** @file + Implementation for a generic GOP driver. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + + +**/ + +#include "GraphicsOutput.h" +CONST ACPI_ADR_DEVICE_PATH mGraphicsOutputAdrNode = { + { + ACPI_DEVICE_PATH, + ACPI_ADR_DP, + { sizeof (ACPI_ADR_DEVICE_PATH), 0 }, + }, + ACPI_DISPLAY_ADR (1, 0, 0, 1, 0, ACPI_ADR_DISPLAY_TYPE_VGA, 0, 0) +}; + +EFI_PEI_GRAPHICS_DEVICE_INFO_HOB mDefaultGraphicsDeviceInfo = { + MAX_UINT16, MAX_UINT16, MAX_UINT16, MAX_UINT16, MAX_UINT8, MAX_UINT8 +}; + +// +// The driver should only start on one graphics controller. +// So a global flag is used to remember that the driver is already started. +// +BOOLEAN mDriverStarted = FALSE; + +/** + Returns information for an available graphics mode that the graphics device + and the set of active video output devices supports. + + @param This The EFI_GRAPHICS_OUTPUT_PROTOCOL instance. + @param ModeNumber The mode number to return information on. + @param SizeOfInfo A pointer to the size, in bytes, of the Info buffer. + @param Info A pointer to callee allocated buffer that returns information about ModeNumber. + + @retval EFI_SUCCESS Valid mode information was returned. + @retval EFI_DEVICE_ERROR A hardware error occurred trying to retrieve the video mode. + @retval EFI_INVALID_PARAMETER ModeNumber is not valid. + +**/ +EFI_STATUS +EFIAPI +GraphicsOutputQueryMode ( + IN EFI_GRAPHICS_OUTPUT_PROTOCOL *This, + IN UINT32 ModeNumber, + OUT UINTN *SizeOfInfo, + OUT EFI_GRAPHICS_OUTPUT_MODE_INFORMATION **Info + ) +{ + if (This == NULL || Info == NULL || SizeOfInfo == NULL || ModeNumber >= This->Mode->MaxMode) { + return EFI_INVALID_PARAMETER; + } + + *SizeOfInfo = This->Mode->SizeOfInfo; + *Info = AllocateCopyPool (*SizeOfInfo, This->Mode->Info); + return EFI_SUCCESS; +} + +/** + Set the video device into the specified mode and clears the visible portions of + the output display to black. + + @param This The EFI_GRAPHICS_OUTPUT_PROTOCOL instance. + @param ModeNumber Abstraction that defines the current video mode. + + @retval EFI_SUCCESS The graphics mode specified by ModeNumber was selected. + @retval EFI_DEVICE_ERROR The device had an error and could not complete the request. + @retval EFI_UNSUPPORTED ModeNumber is not supported by this device. + +**/ +EFI_STATUS +EFIAPI +GraphicsOutputSetMode ( + IN EFI_GRAPHICS_OUTPUT_PROTOCOL *This, + IN UINT32 ModeNumber +) +{ + RETURN_STATUS Status; + EFI_GRAPHICS_OUTPUT_BLT_PIXEL Black; + GRAPHICS_OUTPUT_PRIVATE_DATA *Private; + + if (ModeNumber >= This->Mode->MaxMode) { + return EFI_UNSUPPORTED; + } + + Private = GRAPHICS_OUTPUT_PRIVATE_FROM_THIS (This); + + Black.Blue = 0; + Black.Green = 0; + Black.Red = 0; + Black.Reserved = 0; + + Status = FrameBufferBlt ( + Private->FrameBufferBltLibConfigure, + &Black, + EfiBltVideoFill, + 0, 0, + 0, 0, + This->Mode->Info->HorizontalResolution, + This->Mode->Info->VerticalResolution, + 0 + ); + return RETURN_ERROR (Status) ? EFI_DEVICE_ERROR : EFI_SUCCESS; +} + +/** + Blt a rectangle of pixels on the graphics screen. Blt stands for BLock Transfer. + + @param This Protocol instance pointer. + @param BltBuffer The data to transfer to the graphics screen. + Size is at least Width*Height*sizeof(EFI_GRAPHICS_OUTPUT_BLT_PIXEL). + @param BltOperation The operation to perform when copying BltBuffer on to the graphics screen. + @param SourceX The X coordinate of source for the BltOperation. + @param SourceY The Y coordinate of source for the BltOperation. + @param DestinationX The X coordinate of destination for the BltOperation. + @param DestinationY The Y coordinate of destination for the BltOperation. + @param Width The width of a rectangle in the blt rectangle in pixels. + @param Height The height of a rectangle in the blt rectangle in pixels. + @param Delta Not used for EfiBltVideoFill or the EfiBltVideoToVideo operation. + If a Delta of zero is used, the entire BltBuffer is being operated on. + If a subrectangle of the BltBuffer is being used then Delta + represents the number of bytes in a row of the BltBuffer. + + @retval EFI_SUCCESS BltBuffer was drawn to the graphics screen. + @retval EFI_INVALID_PARAMETER BltOperation is not valid. + @retval EFI_DEVICE_ERROR The device had an error and could not complete the request. + +**/ +EFI_STATUS +EFIAPI +GraphicsOutputBlt ( + IN EFI_GRAPHICS_OUTPUT_PROTOCOL *This, + IN EFI_GRAPHICS_OUTPUT_BLT_PIXEL *BltBuffer, OPTIONAL + IN EFI_GRAPHICS_OUTPUT_BLT_OPERATION BltOperation, + IN UINTN SourceX, + IN UINTN SourceY, + IN UINTN DestinationX, + IN UINTN DestinationY, + IN UINTN Width, + IN UINTN Height, + IN UINTN Delta OPTIONAL + ) +{ + RETURN_STATUS Status; + EFI_TPL Tpl; + GRAPHICS_OUTPUT_PRIVATE_DATA *Private; + + Private = GRAPHICS_OUTPUT_PRIVATE_FROM_THIS (This); + // + // We have to raise to TPL_NOTIFY, so we make an atomic write to the frame buffer. + // We would not want a timer based event (Cursor, ...) to come in while we are + // doing this operation. + // + Tpl = gBS->RaiseTPL (TPL_NOTIFY); + Status = FrameBufferBlt ( + Private->FrameBufferBltLibConfigure, + BltBuffer, + BltOperation, + SourceX, SourceY, + DestinationX, DestinationY, Width, Height, + Delta + ); + gBS->RestoreTPL (Tpl); + + return RETURN_ERROR (Status) ? EFI_INVALID_PARAMETER : EFI_SUCCESS; +} + +CONST GRAPHICS_OUTPUT_PRIVATE_DATA mGraphicsOutputInstanceTemplate = { + GRAPHICS_OUTPUT_PRIVATE_DATA_SIGNATURE, // Signature + NULL, // GraphicsOutputHandle + { + GraphicsOutputQueryMode, + GraphicsOutputSetMode, + GraphicsOutputBlt, + NULL // Mode + }, + { + 1, // MaxMode + 0, // Mode + NULL, // Info + sizeof (EFI_GRAPHICS_OUTPUT_MODE_INFORMATION), // SizeOfInfo + 0, // FrameBufferBase + 0 // FrameBufferSize + }, + NULL, // DevicePath + NULL, // PciIo + 0, // PciAttributes + NULL, // FrameBufferBltLibConfigure + 0 // FrameBufferBltLibConfigureSize +}; + +/** + Test whether the Controller can be managed by the driver. + + @param This Driver Binding protocol instance pointer. + @param Controller The PCI controller. + @param RemainingDevicePath Optional parameter use to pick a specific child + device to start. + + @retval EFI_SUCCESS The driver can manage the video device. + @retval other The driver cannot manage the video device. +**/ +EFI_STATUS +EFIAPI +GraphicsOutputDriverBindingSupported ( + IN EFI_DRIVER_BINDING_PROTOCOL *This, + IN EFI_HANDLE Controller, + IN EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath + ) +{ + EFI_STATUS Status; + EFI_PCI_IO_PROTOCOL *PciIo; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + + // + // Since there is only one GraphicsInfo HOB, the driver only manages one video device. + // + if (mDriverStarted) { + return EFI_ALREADY_STARTED; + } + + // + // Test the PCI I/O Protocol + // + Status = gBS->OpenProtocol ( + Controller, + &gEfiPciIoProtocolGuid, + (VOID **) &PciIo, + This->DriverBindingHandle, + Controller, + EFI_OPEN_PROTOCOL_BY_DRIVER + ); + if (Status == EFI_ALREADY_STARTED) { + Status = EFI_SUCCESS; + } + if (EFI_ERROR (Status)) { + return Status; + } + gBS->CloseProtocol ( + Controller, + &gEfiPciIoProtocolGuid, + This->DriverBindingHandle, + Controller + ); + + // + // Test the DevicePath protocol + // + Status = gBS->OpenProtocol ( + Controller, + &gEfiDevicePathProtocolGuid, + (VOID **) &DevicePath, + This->DriverBindingHandle, + Controller, + EFI_OPEN_PROTOCOL_BY_DRIVER + ); + if (Status == EFI_ALREADY_STARTED) { + Status = EFI_SUCCESS; + } + if (EFI_ERROR (Status)) { + return Status; + } + gBS->CloseProtocol ( + Controller, + &gEfiDevicePathProtocolGuid, + This->DriverBindingHandle, + Controller + ); + + if ((RemainingDevicePath == NULL) || + IsDevicePathEnd (RemainingDevicePath) || + CompareMem (RemainingDevicePath, &mGraphicsOutputAdrNode, sizeof (mGraphicsOutputAdrNode)) == 0) { + return EFI_SUCCESS; + } else { + return EFI_INVALID_PARAMETER; + } +} + +/** + Start the video controller. + + @param This Driver Binding protocol instance pointer. + @param ControllerHandle The PCI controller. + @param RemainingDevicePath Optional parameter use to pick a specific child + device to start. + + @retval EFI_SUCCESS The driver starts to manage the video device. + @retval other The driver cannot manage the video device. +**/ +EFI_STATUS +EFIAPI +GraphicsOutputDriverBindingStart ( + IN EFI_DRIVER_BINDING_PROTOCOL *This, + IN EFI_HANDLE Controller, + IN EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath + ) +{ + EFI_STATUS Status; + RETURN_STATUS ReturnStatus; + GRAPHICS_OUTPUT_PRIVATE_DATA *Private; + EFI_PCI_IO_PROTOCOL *PciIo; + EFI_DEVICE_PATH *PciDevicePath; + PCI_TYPE00 Pci; + UINT8 Index; + EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR *Resources; + VOID *HobStart; + EFI_PEI_GRAPHICS_INFO_HOB *GraphicsInfo; + EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *DeviceInfo; + EFI_PHYSICAL_ADDRESS FrameBufferBase; + + FrameBufferBase = 0; + + HobStart = GetFirstGuidHob (&gEfiGraphicsInfoHobGuid); + ASSERT ((HobStart != NULL) && (GET_GUID_HOB_DATA_SIZE (HobStart) == sizeof (EFI_PEI_GRAPHICS_INFO_HOB))); + GraphicsInfo = (EFI_PEI_GRAPHICS_INFO_HOB *) (GET_GUID_HOB_DATA (HobStart)); + + HobStart = GetFirstGuidHob (&gEfiGraphicsDeviceInfoHobGuid); + if ((HobStart == NULL) || (GET_GUID_HOB_DATA_SIZE (HobStart) < sizeof (*DeviceInfo))) { + // + // Use default device infomation when the device info HOB doesn't exist + // + DeviceInfo = &mDefaultGraphicsDeviceInfo; + DEBUG ((DEBUG_INFO, "[%a]: GraphicsDeviceInfo HOB doesn't exist!\n", gEfiCallerBaseName)); + } else { + DeviceInfo = (EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *) (GET_GUID_HOB_DATA (HobStart)); + DEBUG ((DEBUG_INFO, "[%a]: GraphicsDeviceInfo HOB:\n" + " VendorId = %04x, DeviceId = %04x,\n" + " RevisionId = %02x, BarIndex = %x,\n" + " SubsystemVendorId = %04x, SubsystemId = %04x\n", + gEfiCallerBaseName, + DeviceInfo->VendorId, DeviceInfo->DeviceId, + DeviceInfo->RevisionId, DeviceInfo->BarIndex, + DeviceInfo->SubsystemVendorId, DeviceInfo->SubsystemId)); + } + + // + // Open the PCI I/O Protocol + // + Status = gBS->OpenProtocol ( + Controller, + &gEfiPciIoProtocolGuid, + (VOID **) &PciIo, + This->DriverBindingHandle, + Controller, + EFI_OPEN_PROTOCOL_BY_DRIVER + ); + if (Status == EFI_ALREADY_STARTED) { + Status = EFI_SUCCESS; + } + ASSERT_EFI_ERROR (Status); + + Status = gBS->OpenProtocol ( + Controller, + &gEfiDevicePathProtocolGuid, + (VOID **) &PciDevicePath, + This->DriverBindingHandle, + Controller, + EFI_OPEN_PROTOCOL_BY_DRIVER + ); + if (Status == EFI_ALREADY_STARTED) { + Status = EFI_SUCCESS; + } + ASSERT_EFI_ERROR (Status); + + // + // Read the PCI Class Code from the PCI Device + // + Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint8, 0, sizeof (Pci), &Pci); + if (!EFI_ERROR (Status)) { + if (!IS_PCI_DISPLAY (&Pci) || ( + ((DeviceInfo->VendorId != MAX_UINT16) && (DeviceInfo->VendorId != Pci.Hdr.VendorId)) || + ((DeviceInfo->DeviceId != MAX_UINT16) && (DeviceInfo->DeviceId != Pci.Hdr.DeviceId)) || + ((DeviceInfo->RevisionId != MAX_UINT8) && (DeviceInfo->RevisionId != Pci.Hdr.RevisionID)) || + ((DeviceInfo->SubsystemVendorId != MAX_UINT16) && (DeviceInfo->SubsystemVendorId != Pci.Device.SubsystemVendorID)) || + ((DeviceInfo->SubsystemId != MAX_UINT16) && (DeviceInfo->SubsystemId != Pci.Device.SubsystemID)) + ) + ) { + // + // It's not a video device, or device infomation doesn't match. + // + Status = EFI_UNSUPPORTED; + } else { + // + // If it's a video device and device information matches, use the BarIndex + // from device information, or any BAR if BarIndex is not specified + // whose size >= the frame buffer size from GraphicsInfo HOB. + // Store the new frame buffer base. + // + for (Index = 0; Index < MAX_PCI_BAR; Index++) { + if ((DeviceInfo->BarIndex != MAX_UINT8) && (DeviceInfo->BarIndex != Index)) { + continue; + } + Status = PciIo->GetBarAttributes (PciIo, Index, NULL, (VOID**) &Resources); + if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "[%a]: BAR[%d]: Base = %lx, Length = %lx\n", + gEfiCallerBaseName, Index, Resources->AddrRangeMin, Resources->AddrLen)); + if ((Resources->Desc == ACPI_ADDRESS_SPACE_DESCRIPTOR) && + (Resources->Len == (UINT16) (sizeof (EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR) - 3)) && + (Resources->ResType == ACPI_ADDRESS_SPACE_TYPE_MEM) && + (Resources->AddrLen >= GraphicsInfo->FrameBufferSize) + ) { + if (FrameBufferBase == 0) { + FrameBufferBase = Resources->AddrRangeMin; + } + if (DeviceInfo->BarIndex == MAX_UINT8) { + if (Resources->AddrRangeMin == GraphicsInfo->FrameBufferBase) { + FrameBufferBase = Resources->AddrRangeMin; + break; + } + } else { + break; + } + } + } + } + if (Index == MAX_PCI_BAR) { + Status = EFI_UNSUPPORTED; + } else { + DEBUG ((DEBUG_INFO, "[%a]: ... matched!\n", gEfiCallerBaseName)); + } + } + } + + if (EFI_ERROR (Status)) { + goto CloseProtocols; + } + + if ((RemainingDevicePath != NULL) && IsDevicePathEnd (RemainingDevicePath)) { + return EFI_SUCCESS; + } + + Private = AllocateCopyPool (sizeof (mGraphicsOutputInstanceTemplate), &mGraphicsOutputInstanceTemplate); + if (Private == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto CloseProtocols; + } + + Private->GraphicsOutputMode.FrameBufferBase = FrameBufferBase; + Private->GraphicsOutputMode.FrameBufferSize = GraphicsInfo->FrameBufferSize; + Private->GraphicsOutputMode.Info = &GraphicsInfo->GraphicsMode; + + // + // Fix up Mode pointer in GraphicsOutput + // + Private->GraphicsOutput.Mode = &Private->GraphicsOutputMode; + + // + // Set attributes + // + Status = PciIo->Attributes ( + PciIo, + EfiPciIoAttributeOperationGet, + 0, + &Private->PciAttributes + ); + if (!EFI_ERROR (Status)) { + Status = PciIo->Attributes ( + PciIo, + EfiPciIoAttributeOperationEnable, + EFI_PCI_DEVICE_ENABLE, + NULL + ); + } + + if (EFI_ERROR (Status)) { + goto FreeMemory; + } + + // + // Create the FrameBufferBltLib configuration. + // + ReturnStatus = FrameBufferBltConfigure ( + (VOID *) (UINTN) Private->GraphicsOutput.Mode->FrameBufferBase, + Private->GraphicsOutput.Mode->Info, + Private->FrameBufferBltLibConfigure, + &Private->FrameBufferBltLibConfigureSize + ); + if (ReturnStatus == RETURN_BUFFER_TOO_SMALL) { + Private->FrameBufferBltLibConfigure = AllocatePool (Private->FrameBufferBltLibConfigureSize); + if (Private->FrameBufferBltLibConfigure != NULL) { + ReturnStatus = FrameBufferBltConfigure ( + (VOID *) (UINTN) Private->GraphicsOutput.Mode->FrameBufferBase, + Private->GraphicsOutput.Mode->Info, + Private->FrameBufferBltLibConfigure, + &Private->FrameBufferBltLibConfigureSize + ); + } + } + if (RETURN_ERROR (ReturnStatus)) { + Status = EFI_OUT_OF_RESOURCES; + goto RestorePciAttributes; + } + + Private->DevicePath = AppendDevicePathNode (PciDevicePath, (EFI_DEVICE_PATH_PROTOCOL *) &mGraphicsOutputAdrNode); + if (Private->DevicePath == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto RestorePciAttributes; + } + + Status = gBS->InstallMultipleProtocolInterfaces ( + &Private->GraphicsOutputHandle, + &gEfiGraphicsOutputProtocolGuid, &Private->GraphicsOutput, + &gEfiDevicePathProtocolGuid, Private->DevicePath, + NULL + ); + + if (!EFI_ERROR (Status)) { + Status = gBS->OpenProtocol ( + Controller, + &gEfiPciIoProtocolGuid, + (VOID **) &Private->PciIo, + This->DriverBindingHandle, + Private->GraphicsOutputHandle, + EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER + ); + if (!EFI_ERROR (Status)) { + mDriverStarted = TRUE; + } else { + gBS->UninstallMultipleProtocolInterfaces ( + Private->GraphicsOutputHandle, + &gEfiGraphicsOutputProtocolGuid, &Private->GraphicsOutput, + &gEfiDevicePathProtocolGuid, Private->DevicePath, + NULL + ); + } + } + +RestorePciAttributes: + if (EFI_ERROR (Status)) { + // + // Restore original PCI attributes + // + PciIo->Attributes ( + PciIo, + EfiPciIoAttributeOperationSet, + Private->PciAttributes, + NULL + ); + } + +FreeMemory: + if (EFI_ERROR (Status)) { + if (Private != NULL) { + if (Private->DevicePath != NULL) { + FreePool (Private->DevicePath); + } + if (Private->FrameBufferBltLibConfigure != NULL) { + FreePool (Private->FrameBufferBltLibConfigure); + } + FreePool (Private); + } + } + +CloseProtocols: + if (EFI_ERROR (Status)) { + // + // Close the PCI I/O Protocol + // + gBS->CloseProtocol ( + Controller, + &gEfiDevicePathProtocolGuid, + This->DriverBindingHandle, + Controller + ); + + // + // Close the PCI I/O Protocol + // + gBS->CloseProtocol ( + Controller, + &gEfiPciIoProtocolGuid, + This->DriverBindingHandle, + Controller + ); + } + return Status; +} + +/** + Stop the video controller. + + @param This Driver Binding protocol instance pointer. + @param Controller The PCI controller. + @param NumberOfChildren The number of child device handles in ChildHandleBuffer. + @param ChildHandleBuffer An array of child handles to be freed. May be NULL + if NumberOfChildren is 0. + + @retval EFI_SUCCESS The device was stopped. + @retval EFI_DEVICE_ERROR The device could not be stopped due to a device error. +**/ +EFI_STATUS +EFIAPI +GraphicsOutputDriverBindingStop ( + IN EFI_DRIVER_BINDING_PROTOCOL *This, + IN EFI_HANDLE Controller, + IN UINTN NumberOfChildren, + IN EFI_HANDLE *ChildHandleBuffer + ) +{ + EFI_STATUS Status; + EFI_GRAPHICS_OUTPUT_PROTOCOL *Gop; + GRAPHICS_OUTPUT_PRIVATE_DATA *Private; + + if (NumberOfChildren == 0) { + + // + // Close the PCI I/O Protocol + // + Status = gBS->CloseProtocol ( + Controller, + &gEfiPciIoProtocolGuid, + This->DriverBindingHandle, + Controller + ); + ASSERT_EFI_ERROR (Status); + + Status = gBS->CloseProtocol ( + Controller, + &gEfiDevicePathProtocolGuid, + This->DriverBindingHandle, + Controller + ); + ASSERT_EFI_ERROR (Status); + return EFI_SUCCESS; + } + + ASSERT (NumberOfChildren == 1); + Status = gBS->OpenProtocol ( + ChildHandleBuffer[0], + &gEfiGraphicsOutputProtocolGuid, + (VOID **) &Gop, + This->DriverBindingHandle, + ChildHandleBuffer[0], + EFI_OPEN_PROTOCOL_GET_PROTOCOL + ); + if (EFI_ERROR (Status)) { + return Status; + } + + Private = GRAPHICS_OUTPUT_PRIVATE_FROM_THIS (Gop); + + Status = gBS->CloseProtocol ( + Controller, + &gEfiPciIoProtocolGuid, + This->DriverBindingHandle, + Private->GraphicsOutputHandle + ); + ASSERT_EFI_ERROR (Status); + // + // Remove the GOP protocol interface from the system + // + Status = gBS->UninstallMultipleProtocolInterfaces ( + Private->GraphicsOutputHandle, + &gEfiGraphicsOutputProtocolGuid, &Private->GraphicsOutput, + &gEfiDevicePathProtocolGuid, Private->DevicePath, + NULL + ); + if (!EFI_ERROR (Status)) { + // + // Restore original PCI attributes + // + Status = Private->PciIo->Attributes ( + Private->PciIo, + EfiPciIoAttributeOperationSet, + Private->PciAttributes, + NULL + ); + ASSERT_EFI_ERROR (Status); + + FreePool (Private->DevicePath); + FreePool (Private->FrameBufferBltLibConfigure); + mDriverStarted = FALSE; + } else { + Status = gBS->OpenProtocol ( + Controller, + &gEfiPciIoProtocolGuid, + (VOID **) &Private->PciIo, + This->DriverBindingHandle, + Private->GraphicsOutputHandle, + EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER + ); + ASSERT_EFI_ERROR (Status); + } + return Status; +} + +EFI_DRIVER_BINDING_PROTOCOL mGraphicsOutputDriverBinding = { + GraphicsOutputDriverBindingSupported, + GraphicsOutputDriverBindingStart, + GraphicsOutputDriverBindingStop, + 0x10, + NULL, + NULL +}; + +/** + The Entry Point for GraphicsOutput driver. + + It installs DriverBinding, ComponentName and ComponentName2 protocol if there is + GraphicsInfo HOB passed from Graphics PEIM. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval other Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +InitializeGraphicsOutput ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + VOID *HobStart; + + HobStart = GetFirstGuidHob (&gEfiGraphicsInfoHobGuid); + + if ((HobStart == NULL) || (GET_GUID_HOB_DATA_SIZE (HobStart) < sizeof (EFI_PEI_GRAPHICS_INFO_HOB))) { + return EFI_NOT_FOUND; + } + + Status = EfiLibInstallDriverBindingComponentName2 ( + ImageHandle, + SystemTable, + &mGraphicsOutputDriverBinding, + ImageHandle, + &mGraphicsOutputComponentName, + &mGraphicsOutputComponentName2 + ); + ASSERT_EFI_ERROR (Status); + + return Status; +} diff --git a/DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutput.h b/DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutput.h new file mode 100644 index 0000000000..a40768b1ee --- /dev/null +++ b/DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutput.h @@ -0,0 +1,53 @@ +/** @file + Header file for a generic GOP driver. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + + +**/ +#ifndef _GRAPHICS_OUTPUT_DXE_H_ +#define _GRAPHICS_OUTPUT_DXE_H_ +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define MAX_PCI_BAR 6 + +typedef struct { + UINT32 Signature; + EFI_HANDLE GraphicsOutputHandle; + EFI_GRAPHICS_OUTPUT_PROTOCOL GraphicsOutput; + EFI_GRAPHICS_OUTPUT_PROTOCOL_MODE GraphicsOutputMode; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + EFI_PCI_IO_PROTOCOL *PciIo; + UINT64 PciAttributes; + FRAME_BUFFER_CONFIGURE *FrameBufferBltLibConfigure; + UINTN FrameBufferBltLibConfigureSize; +} GRAPHICS_OUTPUT_PRIVATE_DATA; + +#define GRAPHICS_OUTPUT_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('g', 'g', 'o', 'p') +#define GRAPHICS_OUTPUT_PRIVATE_FROM_THIS(a) \ + CR(a, GRAPHICS_OUTPUT_PRIVATE_DATA, GraphicsOutput, GRAPHICS_OUTPUT_PRIVATE_DATA_SIGNATURE) + +extern EFI_COMPONENT_NAME_PROTOCOL mGraphicsOutputComponentName; +extern EFI_COMPONENT_NAME2_PROTOCOL mGraphicsOutputComponentName2; +#endif diff --git a/DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf b/DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf new file mode 100644 index 0000000000..af21095a66 --- /dev/null +++ b/DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf @@ -0,0 +1,53 @@ +## @file +# This driver produces GraphicsOutput protocol based on the GraphicsInfo HOB information. +# +# Copyright (c) 2016, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = GraphicsOutputDxe + FILE_GUID = 0B04B2ED-861C-42cd-A22F-C3AAFACCB896 + MODULE_TYPE = UEFI_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = InitializeGraphicsOutput + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources.common] + GraphicsOutput.h + GraphicsOutput.c + ComponentName.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + UefiDriverEntryPoint + UefiBootServicesTableLib + DxeServicesTableLib + DebugLib + MemoryAllocationLib + BaseMemoryLib + DevicePathLib + FrameBufferBltLib + UefiLib + HobLib + +[Guids] + gEfiGraphicsInfoHobGuid ## CONSUMES ## HOB + gEfiGraphicsDeviceInfoHobGuid ## CONSUMES ## HOB + +[Protocols] + gEfiGraphicsOutputProtocolGuid ## BY_START + gEfiDevicePathProtocolGuid ## BY_START + gEfiPciIoProtocolGuid ## TO_START diff --git a/DasharoPayloadPkg/Include/Coreboot.h b/DasharoPayloadPkg/Include/Coreboot.h new file mode 100644 index 0000000000..8a6c300cde --- /dev/null +++ b/DasharoPayloadPkg/Include/Coreboot.h @@ -0,0 +1,249 @@ +/** @file + Coreboot PEI module include file. + + Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +/* + * This file is part of the libpayload project. + * + * Copyright (C) 2008 Advanced Micro Devices, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + + +#ifndef _COREBOOT_PEI_H_INCLUDED_ +#define _COREBOOT_PEI_H_INCLUDED_ + +#if defined(_MSC_VER) +#pragma warning( disable : 4200 ) +#endif + +#define DYN_CBMEM_ALIGN_SIZE (4096) + +#define IMD_ENTRY_MAGIC (~0xC0389481) +#define CBMEM_ENTRY_MAGIC (~0xC0389479) + +struct cbmem_entry { + UINT32 magic; + UINT32 start; + UINT32 size; + UINT32 id; +}; + +struct cbmem_root { + UINT32 max_entries; + UINT32 num_entries; + UINT32 locked; + UINT32 size; + struct cbmem_entry entries[0]; +}; + +struct imd_entry { + UINT32 magic; + UINT32 start_offset; + UINT32 size; + UINT32 id; +}; + +struct imd_root { + UINT32 max_entries; + UINT32 num_entries; + UINT32 flags; + UINT32 entry_align; + UINT32 max_offset; + struct imd_entry entries[0]; +}; + +struct cbuint64 { + UINT32 lo; + UINT32 hi; +}; + +#define CB_HEADER_SIGNATURE 0x4F49424C + +struct cb_header { + UINT32 signature; + UINT32 header_bytes; + UINT32 header_checksum; + UINT32 table_bytes; + UINT32 table_checksum; + UINT32 table_entries; +}; + +struct cb_record { + UINT32 tag; + UINT32 size; +}; + +#define CB_TAG_UNUSED 0x0000 +#define CB_TAG_MEMORY 0x0001 + +struct cb_memory_range { + struct cbuint64 start; + struct cbuint64 size; + UINT32 type; +}; + +#define CB_MEM_RAM 1 +#define CB_MEM_RESERVED 2 +#define CB_MEM_ACPI 3 +#define CB_MEM_NVS 4 +#define CB_MEM_UNUSABLE 5 +#define CB_MEM_VENDOR_RSVD 6 +#define CB_MEM_TABLE 16 + +struct cb_memory { + UINT32 tag; + UINT32 size; + struct cb_memory_range map[0]; +}; + +#define CB_TAG_MAINBOARD 0x0003 + +struct cb_mainboard { + UINT32 tag; + UINT32 size; + UINT8 vendor_idx; + UINT8 part_number_idx; + UINT8 strings[0]; +}; +#define CB_TAG_VERSION 0x0004 +#define CB_TAG_EXTRA_VERSION 0x0005 +#define CB_TAG_BUILD 0x0006 +#define CB_TAG_COMPILE_TIME 0x0007 +#define CB_TAG_COMPILE_BY 0x0008 +#define CB_TAG_COMPILE_HOST 0x0009 +#define CB_TAG_COMPILE_DOMAIN 0x000a +#define CB_TAG_COMPILER 0x000b +#define CB_TAG_LINKER 0x000c +#define CB_TAG_ASSEMBLER 0x000d + +struct cb_string { + UINT32 tag; + UINT32 size; + UINT8 string[0]; +}; + +#define CB_TAG_SERIAL 0x000f + +struct cb_serial { + UINT32 tag; + UINT32 size; +#define CB_SERIAL_TYPE_IO_MAPPED 1 +#define CB_SERIAL_TYPE_MEMORY_MAPPED 2 + UINT32 type; + UINT32 baseaddr; + UINT32 baud; + UINT32 regwidth; + + // Crystal or input frequency to the chip containing the UART. + // Provide the board specific details to allow the payload to + // initialize the chip containing the UART and make independent + // decisions as to which dividers to select and their values + // to eventually arrive at the desired console baud-rate. + UINT32 input_hertz; + + // UART PCI address: bus, device, function + // 1 << 31 - Valid bit, PCI UART in use + // Bus << 20 + // Device << 15 + // Function << 12 + UINT32 uart_pci_addr; +}; + +#define CB_TAG_CONSOLE 0x00010 + +struct cb_console { + UINT32 tag; + UINT32 size; + UINT16 type; +}; + +#define CB_TAG_CONSOLE_SERIAL8250 0 +#define CB_TAG_CONSOLE_VGA 1 // OBSOLETE +#define CB_TAG_CONSOLE_BTEXT 2 // OBSOLETE +#define CB_TAG_CONSOLE_LOGBUF 3 +#define CB_TAG_CONSOLE_SROM 4 // OBSOLETE +#define CB_TAG_CONSOLE_EHCI 5 + +#define CB_TAG_FORWARD 0x00011 + +struct cb_forward { + UINT32 tag; + UINT32 size; + UINT64 forward; +}; + +#define CB_TAG_FRAMEBUFFER 0x0012 +struct cb_framebuffer { + UINT32 tag; + UINT32 size; + + UINT64 physical_address; + UINT32 x_resolution; + UINT32 y_resolution; + UINT32 bytes_per_line; + UINT8 bits_per_pixel; + UINT8 red_mask_pos; + UINT8 red_mask_size; + UINT8 green_mask_pos; + UINT8 green_mask_size; + UINT8 blue_mask_pos; + UINT8 blue_mask_size; + UINT8 reserved_mask_pos; + UINT8 reserved_mask_size; +}; + +#define CB_TAG_VDAT 0x0015 +struct cb_vdat { + UINT32 tag; + UINT32 size; /* size of the entire entry */ + UINT64 vdat_addr; + UINT32 vdat_size; +}; + +#define CB_TAG_TIMESTAMPS 0x0016 +#define CB_TAG_CBMEM_CONSOLE 0x0017 +#define CB_TAG_MRC_CACHE 0x0018 +struct cb_cbmem_tab { + UINT32 tag; + UINT32 size; + UINT64 cbmem_tab; +}; + +/* Helpful macros */ + +#define MEM_RANGE_COUNT(_rec) \ + (((_rec)->size - sizeof(*(_rec))) / sizeof((_rec)->map[0])) + +#define MEM_RANGE_PTR(_rec, _idx) \ + (void *)(((UINT8 *) (_rec)) + sizeof(*(_rec)) \ + + (sizeof((_rec)->map[0]) * (_idx))) + + +#endif // _COREBOOT_PEI_H_INCLUDED_ diff --git a/DasharoPayloadPkg/Include/Guid/AcpiBoardInfoGuid.h b/DasharoPayloadPkg/Include/Guid/AcpiBoardInfoGuid.h new file mode 100644 index 0000000000..fe783fe5e1 --- /dev/null +++ b/DasharoPayloadPkg/Include/Guid/AcpiBoardInfoGuid.h @@ -0,0 +1,29 @@ +/** @file + This file defines the hob structure for board related information from acpi table + + Copyright (c) 2014, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __ACPI_BOARD_INFO_GUID_H__ +#define __ACPI_BOARD_INFO_GUID_H__ + +/// +/// Board information GUID +/// +extern EFI_GUID gUefiAcpiBoardInfoGuid; + +typedef struct { + UINT8 Revision; + UINT8 Reserved0[2]; + UINT8 ResetValue; + UINT64 PmEvtBase; + UINT64 PmGpeEnBase; + UINT64 PmCtrlRegBase; + UINT64 PmTimerRegBase; + UINT64 ResetRegAddress; + UINT64 PcieBaseAddress; +} ACPI_BOARD_INFO; + +#endif diff --git a/DasharoPayloadPkg/Include/Guid/MemoryMapInfoGuid.h b/DasharoPayloadPkg/Include/Guid/MemoryMapInfoGuid.h new file mode 100644 index 0000000000..99187e8037 --- /dev/null +++ b/DasharoPayloadPkg/Include/Guid/MemoryMapInfoGuid.h @@ -0,0 +1,36 @@ +/** @file + This file defines the hob structure for memory map information. + + Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __MEMORY_MAP_INFO_GUID_H__ +#define __MEMORY_MAP_INFO_GUID_H__ + +#include + +/// +/// Memory Map Information GUID +/// +extern EFI_GUID gLoaderMemoryMapInfoGuid; + +#pragma pack(1) +typedef struct { + UINT64 Base; + UINT64 Size; + UINT8 Type; + UINT8 Flag; + UINT8 Reserved[6]; +} MEMROY_MAP_ENTRY; + +typedef struct { + UINT8 Revision; + UINT8 Reserved0[3]; + UINT32 Count; + MEMROY_MAP_ENTRY Entry[0]; +} MEMROY_MAP_INFO; +#pragma pack() + +#endif diff --git a/DasharoPayloadPkg/Include/Guid/SerialPortInfoGuid.h b/DasharoPayloadPkg/Include/Guid/SerialPortInfoGuid.h new file mode 100644 index 0000000000..a15d5b8671 --- /dev/null +++ b/DasharoPayloadPkg/Include/Guid/SerialPortInfoGuid.h @@ -0,0 +1,31 @@ +/** @file + This file defines the hob structure for serial port. + + Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SERIAL_PORT_INFO_GUID_H__ +#define __SERIAL_PORT_INFO_GUID_H__ + +/// +/// Serial Port Information GUID +/// +extern EFI_GUID gUefiSerialPortInfoGuid; + +#define PLD_SERIAL_TYPE_IO_MAPPED 1 +#define PLD_SERIAL_TYPE_MEMORY_MAPPED 2 + +typedef struct { + UINT8 Revision; + UINT8 Reserved0[3]; + UINT32 Type; + UINT32 BaseAddr; + UINT32 Baud; + UINT32 RegWidth; + UINT32 InputHertz; + UINT32 UartPciAddr; +} SERIAL_PORT_INFO; + +#endif diff --git a/DasharoPayloadPkg/Include/Guid/SystemTableInfoGuid.h b/DasharoPayloadPkg/Include/Guid/SystemTableInfoGuid.h new file mode 100644 index 0000000000..2446820285 --- /dev/null +++ b/DasharoPayloadPkg/Include/Guid/SystemTableInfoGuid.h @@ -0,0 +1,26 @@ +/** @file + This file defines the hob structure for system tables like ACPI, SMBIOS tables. + + Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SYSTEM_TABLE_INFO_GUID_H__ +#define __SYSTEM_TABLE_INFO_GUID_H__ + +/// +/// System Table Information GUID +/// +extern EFI_GUID gUefiSystemTableInfoGuid; + +typedef struct { + UINT8 Revision; + UINT8 Reserved0[3]; + UINT64 AcpiTableBase; + UINT32 AcpiTableSize; + UINT64 SmbiosTableBase; + UINT32 SmbiosTableSize; +} SYSTEM_TABLE_INFO; + +#endif diff --git a/DasharoPayloadPkg/Include/Library/BlParseLib.h b/DasharoPayloadPkg/Include/Library/BlParseLib.h new file mode 100644 index 0000000000..3f9e591ede --- /dev/null +++ b/DasharoPayloadPkg/Include/Library/BlParseLib.h @@ -0,0 +1,120 @@ +/** @file + This library will parse the coreboot table in memory and extract those required + information. + + Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include +#include +#include +#include +#include +#include + +#ifndef __BOOTLOADER_PARSE_LIB__ +#define __BOOTLOADER_PARSE_LIB__ + +#define GET_BOOTLOADER_PARAMETER() (*(UINT32 *)(UINTN)(PcdGet32(PcdPayloadStackTop) - sizeof(UINT32))) +#define SET_BOOTLOADER_PARAMETER(Value) GET_BOOTLOADER_PARAMETER()=Value + +typedef RETURN_STATUS \ + (*BL_MEM_INFO_CALLBACK) (MEMROY_MAP_ENTRY *MemoryMapEntry, VOID *Param); + +/** + This function retrieves the parameter base address from boot loader. + + This function will get bootloader specific parameter address for UEFI payload. + e.g. HobList pointer for Slim Bootloader, and coreboot table header for Coreboot. + + @retval NULL Failed to find the GUID HOB. + @retval others GUIDed HOB data pointer. + +**/ +VOID * +EFIAPI +GetParameterBase ( + VOID + ); + +/** + Acquire the memory map information. + + @param MemInfoCallback The callback routine + @param Params Pointer to the callback routine parameter + + @retval RETURN_SUCCESS Successfully find out the memory information. + @retval RETURN_NOT_FOUND Failed to find the memory information. + +**/ +RETURN_STATUS +EFIAPI +ParseMemoryInfo ( + IN BL_MEM_INFO_CALLBACK MemInfoCallback, + IN VOID *Params + ); + +/** + Acquire acpi table and smbios table from slim bootloader + + @param SystemTableInfo Pointer to the system table info + + @retval RETURN_SUCCESS Successfully find out the tables. + @retval RETURN_NOT_FOUND Failed to find the tables. + +**/ +RETURN_STATUS +EFIAPI +ParseSystemTable ( + OUT SYSTEM_TABLE_INFO *SystemTableInfo + ); + + +/** + Find the serial port information + + @param SERIAL_PORT_INFO Pointer to serial port info structure + + @retval RETURN_SUCCESS Successfully find the serial port information. + @retval RETURN_NOT_FOUND Failed to find the serial port information . + +**/ +RETURN_STATUS +EFIAPI +ParseSerialInfo ( + OUT SERIAL_PORT_INFO *SerialPortInfo + ); + + +/** + Find the video frame buffer information + + @param GfxInfo Pointer to the EFI_PEI_GRAPHICS_INFO_HOB structure + + @retval RETURN_SUCCESS Successfully find the video frame buffer information. + @retval RETURN_NOT_FOUND Failed to find the video frame buffer information . + +**/ +RETURN_STATUS +EFIAPI +ParseGfxInfo ( + OUT EFI_PEI_GRAPHICS_INFO_HOB *GfxInfo + ); + +/** + Find the video frame buffer device information + + @param GfxDeviceInfo Pointer to the EFI_PEI_GRAPHICS_DEVICE_INFO_HOB structure + + @retval RETURN_SUCCESS Successfully find the video frame buffer information. + @retval RETURN_NOT_FOUND Failed to find the video frame buffer information . + +**/ +RETURN_STATUS +EFIAPI +ParseGfxDeviceInfo ( + OUT EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *GfxDeviceInfo + ); + +#endif diff --git a/DasharoPayloadPkg/Include/Library/PlatformSupportLib.h b/DasharoPayloadPkg/Include/Library/PlatformSupportLib.h new file mode 100644 index 0000000000..d9f0b83075 --- /dev/null +++ b/DasharoPayloadPkg/Include/Library/PlatformSupportLib.h @@ -0,0 +1,28 @@ +/** @file + Bootloader Platform Support library. Platform can provide an implementation of this + library class to provide hooks that may be required for some type of + platform features. + +Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __BOOTLOADER_PLATFORM_SUPPORT_LIB__ +#define __BOOTLOADER_PLATFORM_SUPPORT_LIB__ + +/** + Parse platform specific information from bootloader + + @retval RETURN_SUCCESS The platform specific coreboot support succeeded. + @retval RETURN_DEVICE_ERROR The platform specific coreboot support could not be completed. + +**/ +EFI_STATUS +EFIAPI +ParsePlatformInfo ( + VOID + ); + +#endif // __BOOTLOADER_PLATFORM_SUPPORT_LIB__ + diff --git a/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.c b/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.c new file mode 100644 index 0000000000..b86382d709 --- /dev/null +++ b/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.c @@ -0,0 +1,270 @@ +/** @file + ACPI Timer implements one instance of Timer Library. + + Copyright (c) 2014, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +#include +#include + +#define ACPI_TIMER_COUNT_SIZE BIT24 + +UINTN mPmTimerReg = 0; + +/** + The constructor function enables ACPI IO space. + + If ACPI I/O space not enabled, this function will enable it. + It will always return RETURN_SUCCESS. + + @retval EFI_SUCCESS The constructor always returns RETURN_SUCCESS. + +**/ +RETURN_STATUS +EFIAPI +AcpiTimerLibConstructor ( + VOID + ) +{ + EFI_HOB_GUID_TYPE *GuidHob; + ACPI_BOARD_INFO *pAcpiBoardInfo; + + // + // Find the acpi board information guid hob + // + GuidHob = GetFirstGuidHob (&gUefiAcpiBoardInfoGuid); + ASSERT (GuidHob != NULL); + + pAcpiBoardInfo = (ACPI_BOARD_INFO *)GET_GUID_HOB_DATA (GuidHob); + + mPmTimerReg = (UINTN)pAcpiBoardInfo->PmTimerRegBase; + + return EFI_SUCCESS; +} + +/** + Internal function to read the current tick counter of ACPI. + + Internal function to read the current tick counter of ACPI. + + @return The tick counter read. + +**/ +UINT32 +InternalAcpiGetTimerTick ( + VOID + ) +{ + if (mPmTimerReg == 0) { + AcpiTimerLibConstructor (); + } + return IoRead32 (mPmTimerReg); +} + +/** + Stalls the CPU for at least the given number of ticks. + + Stalls the CPU for at least the given number of ticks. It's invoked by + MicroSecondDelay() and NanoSecondDelay(). + + @param Delay A period of time to delay in ticks. + +**/ +VOID +InternalAcpiDelay ( + IN UINT32 Delay + ) +{ + UINT32 Ticks; + UINT32 Times; + + Times = Delay >> 22; + Delay &= BIT22 - 1; + do { + // + // The target timer count is calculated here + // + Ticks = InternalAcpiGetTimerTick () + Delay; + Delay = BIT22; + // + // Wait until time out + // Delay >= 2^23 could not be handled by this function + // Timer wrap-arounds are handled correctly by this function + // + while (((Ticks - InternalAcpiGetTimerTick ()) & BIT23) == 0) { + CpuPause (); + } + } while (Times-- > 0); +} + +/** + Stalls the CPU for at least the given number of microseconds. + + Stalls the CPU for the number of microseconds specified by MicroSeconds. + + @param MicroSeconds The minimum number of microseconds to delay. + + @return MicroSeconds + +**/ +UINTN +EFIAPI +MicroSecondDelay ( + IN UINTN MicroSeconds + ) +{ + InternalAcpiDelay ( + (UINT32)DivU64x32 ( + MultU64x32 ( + MicroSeconds, + ACPI_TIMER_FREQUENCY + ), + 1000000u + ) + ); + return MicroSeconds; +} + +/** + Stalls the CPU for at least the given number of nanoseconds. + + Stalls the CPU for the number of nanoseconds specified by NanoSeconds. + + @param NanoSeconds The minimum number of nanoseconds to delay. + + @return NanoSeconds + +**/ +UINTN +EFIAPI +NanoSecondDelay ( + IN UINTN NanoSeconds + ) +{ + InternalAcpiDelay ( + (UINT32)DivU64x32 ( + MultU64x32 ( + NanoSeconds, + ACPI_TIMER_FREQUENCY + ), + 1000000000u + ) + ); + return NanoSeconds; +} + +/** + Retrieves the current value of a 64-bit free running performance counter. + + Retrieves the current value of a 64-bit free running performance counter. The + counter can either count up by 1 or count down by 1. If the physical + performance counter counts by a larger increment, then the counter values + must be translated. The properties of the counter can be retrieved from + GetPerformanceCounterProperties(). + + @return The current value of the free running performance counter. + +**/ +UINT64 +EFIAPI +GetPerformanceCounter ( + VOID + ) +{ + return (UINT64)InternalAcpiGetTimerTick (); +} + +/** + Retrieves the 64-bit frequency in Hz and the range of performance counter + values. + + If StartValue is not NULL, then the value that the performance counter starts + with immediately after is it rolls over is returned in StartValue. If + EndValue is not NULL, then the value that the performance counter end with + immediately before it rolls over is returned in EndValue. The 64-bit + frequency of the performance counter in Hz is always returned. If StartValue + is less than EndValue, then the performance counter counts up. If StartValue + is greater than EndValue, then the performance counter counts down. For + example, a 64-bit free running counter that counts up would have a StartValue + of 0 and an EndValue of 0xFFFFFFFFFFFFFFFF. A 24-bit free running counter + that counts down would have a StartValue of 0xFFFFFF and an EndValue of 0. + + @param StartValue The value the performance counter starts with when it + rolls over. + @param EndValue The value that the performance counter ends with before + it rolls over. + + @return The frequency in Hz. + +**/ +UINT64 +EFIAPI +GetPerformanceCounterProperties ( + OUT UINT64 *StartValue, OPTIONAL + OUT UINT64 *EndValue OPTIONAL + ) +{ + if (StartValue != NULL) { + *StartValue = 0; + } + + if (EndValue != NULL) { + *EndValue = ACPI_TIMER_COUNT_SIZE - 1; + } + + return ACPI_TIMER_FREQUENCY; +} + +/** + Converts elapsed ticks of performance counter to time in nanoseconds. + + This function converts the elapsed ticks of running performance counter to + time value in unit of nanoseconds. + + @param Ticks The number of elapsed ticks of running performance counter. + + @return The elapsed time in nanoseconds. + +**/ +UINT64 +EFIAPI +GetTimeInNanoSecond ( + IN UINT64 Ticks + ) +{ + UINT64 Frequency; + UINT64 NanoSeconds; + UINT64 Remainder; + INTN Shift; + + Frequency = GetPerformanceCounterProperties (NULL, NULL); + + // + // Ticks + // Time = --------- x 1,000,000,000 + // Frequency + // + NanoSeconds = MultU64x32 (DivU64x64Remainder (Ticks, Frequency, &Remainder), 1000000000u); + + // + // Ensure (Remainder * 1,000,000,000) will not overflow 64-bit. + // Since 2^29 < 1,000,000,000 = 0x3B9ACA00 < 2^30, Remainder should < 2^(64-30) = 2^34, + // i.e. highest bit set in Remainder should <= 33. + // + Shift = MAX (0, HighBitSet64 (Remainder) - 33); + Remainder = RShiftU64 (Remainder, (UINTN) Shift); + Frequency = RShiftU64 (Frequency, (UINTN) Shift); + NanoSeconds += DivU64x64Remainder (MultU64x32 (Remainder, 1000000000u), Frequency, NULL); + + return NanoSeconds; +} + diff --git a/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf b/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf new file mode 100644 index 0000000000..3e177cadc0 --- /dev/null +++ b/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf @@ -0,0 +1,40 @@ +## @file +# ACPI Timer Library Instance. +# +# Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = AcpiTimerLib + FILE_GUID = A41BF616-EF77-4658-9992-D813071C34CF + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = TimerLib + + CONSTRUCTOR = AcpiTimerLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + AcpiTimerLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UefiPayloadPkg/UefiPayloadPkg.dec + +[LibraryClasses] + BaseLib + IoLib + HobLib + DebugLib + +[Guids] + gUefiAcpiBoardInfoGuid diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c new file mode 100644 index 0000000000..4e23cff50e --- /dev/null +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c @@ -0,0 +1,560 @@ +/** @file + This library will parse the coreboot table in memory and extract those required + information. + + Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +/** + Convert a packed value from cbuint64 to a UINT64 value. + + @param val The pointer to packed data. + + @return the UNIT64 value after conversion. + +**/ +UINT64 +cb_unpack64 ( + IN struct cbuint64 val + ) +{ + return LShiftU64 (val.hi, 32) | val.lo; +} + + +/** + Returns the sum of all elements in a buffer of 16-bit values. During + calculation, the carry bits are also been added. + + @param Buffer The pointer to the buffer to carry out the sum operation. + @param Length The size, in bytes, of Buffer. + + @return Sum The sum of Buffer with carry bits included during additions. + +**/ +UINT16 +CbCheckSum16 ( + IN UINT16 *Buffer, + IN UINTN Length + ) +{ + UINT32 Sum; + UINT32 TmpValue; + UINTN Idx; + UINT8 *TmpPtr; + + Sum = 0; + TmpPtr = (UINT8 *)Buffer; + for(Idx = 0; Idx < Length; Idx++) { + TmpValue = TmpPtr[Idx]; + if (Idx % 2 == 1) { + TmpValue <<= 8; + } + + Sum += TmpValue; + + // Wrap + if (Sum >= 0x10000) { + Sum = (Sum + (Sum >> 16)) & 0xFFFF; + } + } + + return (UINT16)((~Sum) & 0xFFFF); +} + + +/** + Check the coreboot table if it is valid. + + @param Header Pointer to coreboot table + + @retval TRUE The coreboot table is valid. + @retval Others The coreboot table is not valid. + +**/ +BOOLEAN +IsValidCbTable ( + IN struct cb_header *Header + ) +{ + UINT16 CheckSum; + + if ((Header == NULL) || (Header->table_bytes == 0)) { + return FALSE; + } + + if (Header->signature != CB_HEADER_SIGNATURE) { + return FALSE; + } + + // + // Check the checksum of the coreboot table header + // + CheckSum = CbCheckSum16 ((UINT16 *)Header, sizeof (*Header)); + if (CheckSum != 0) { + DEBUG ((DEBUG_ERROR, "Invalid coreboot table header checksum\n")); + return FALSE; + } + + CheckSum = CbCheckSum16 ((UINT16 *)((UINT8 *)Header + sizeof (*Header)), Header->table_bytes); + if (CheckSum != Header->table_checksum) { + DEBUG ((DEBUG_ERROR, "Incorrect checksum of all the coreboot table entries\n")); + return FALSE; + } + + return TRUE; +} + + +/** + This function retrieves the parameter base address from boot loader. + + This function will get bootloader specific parameter address for UEFI payload. + e.g. HobList pointer for Slim Bootloader, and coreboot table header for Coreboot. + + @retval NULL Failed to find the GUID HOB. + @retval others GUIDed HOB data pointer. + +**/ +VOID * +EFIAPI +GetParameterBase ( + VOID + ) +{ + struct cb_header *Header; + struct cb_record *Record; + UINT8 *TmpPtr; + UINT8 *CbTablePtr; + UINTN Idx; + + // + // coreboot could pass coreboot table to UEFI payload + // + Header = (struct cb_header *)(UINTN)GET_BOOTLOADER_PARAMETER (); + if (IsValidCbTable (Header)) { + return Header; + } + + // + // Find simplified coreboot table in memory range 0 ~ 4KB. + // Some GCC version does not allow directly access to NULL pointer, + // so start the search from 0x10 instead. + // + for (Idx = 16; Idx < 4096; Idx += 16) { + Header = (struct cb_header *)Idx; + if (Header->signature == CB_HEADER_SIGNATURE) { + break; + } + } + + if (Idx >= 4096) { + return NULL; + } + + // + // Check the coreboot header + // + if (!IsValidCbTable (Header)) { + return NULL; + } + + // + // Find full coreboot table in high memory + // + CbTablePtr = NULL; + TmpPtr = (UINT8 *)Header + Header->header_bytes; + for (Idx = 0; Idx < Header->table_entries; Idx++) { + Record = (struct cb_record *)TmpPtr; + if (Record->tag == CB_TAG_FORWARD) { + CbTablePtr = (VOID *)(UINTN)((struct cb_forward *)(UINTN)Record)->forward; + break; + } + TmpPtr += Record->size; + } + + // + // Check the coreboot header in high memory + // + if (!IsValidCbTable ((struct cb_header *)CbTablePtr)) { + return NULL; + } + + SET_BOOTLOADER_PARAMETER ((UINT32)(UINTN)CbTablePtr); + + return CbTablePtr; +} + + +/** + Find coreboot record with given Tag. + + @param Tag The tag id to be found + + @retval NULL The Tag is not found. + @retval Others The pointer to the record found. + +**/ +VOID * +FindCbTag ( + IN UINT32 Tag + ) +{ + struct cb_header *Header; + struct cb_record *Record; + UINT8 *TmpPtr; + UINT8 *TagPtr; + UINTN Idx; + + Header = (struct cb_header *) GetParameterBase (); + + TagPtr = NULL; + TmpPtr = (UINT8 *)Header + Header->header_bytes; + for (Idx = 0; Idx < Header->table_entries; Idx++) { + Record = (struct cb_record *)TmpPtr; + if (Record->tag == Tag) { + TagPtr = TmpPtr; + break; + } + TmpPtr += Record->size; + } + + return TagPtr; +} + + +/** + Find the given table with TableId from the given coreboot memory Root. + + @param Root The coreboot memory table to be searched in + @param TableId Table id to be found + @param MemTable To save the base address of the memory table found + @param MemTableSize To save the size of memory table found + + @retval RETURN_SUCCESS Successfully find out the memory table. + @retval RETURN_INVALID_PARAMETER Invalid input parameters. + @retval RETURN_NOT_FOUND Failed to find the memory table. + +**/ +RETURN_STATUS +FindCbMemTable ( + IN struct cbmem_root *Root, + IN UINT32 TableId, + OUT VOID **MemTable, + OUT UINT32 *MemTableSize + ) +{ + UINTN Idx; + BOOLEAN IsImdEntry; + struct cbmem_entry *Entries; + + if ((Root == NULL) || (MemTable == NULL)) { + return RETURN_INVALID_PARAMETER; + } + // + // Check if the entry is CBMEM or IMD + // and handle them separately + // + Entries = Root->entries; + if (Entries[0].magic == CBMEM_ENTRY_MAGIC) { + IsImdEntry = FALSE; + } else { + Entries = (struct cbmem_entry *)((struct imd_root *)Root)->entries; + if (Entries[0].magic == IMD_ENTRY_MAGIC) { + IsImdEntry = TRUE; + } else { + return RETURN_NOT_FOUND; + } + } + + for (Idx = 0; Idx < Root->num_entries; Idx++) { + if (Entries[Idx].id == TableId) { + if (IsImdEntry) { + *MemTable = (VOID *) ((UINTN)Entries[Idx].start + (UINTN)Root); + } else { + *MemTable = (VOID *) (UINTN)Entries[Idx].start; + } + if (MemTableSize != NULL) { + *MemTableSize = Entries[Idx].size; + } + + DEBUG ((DEBUG_INFO, "Find CbMemTable Id 0x%x, base %p, size 0x%x\n", + TableId, *MemTable, Entries[Idx].size)); + return RETURN_SUCCESS; + } + } + + return RETURN_NOT_FOUND; +} + +/** + Acquire the coreboot memory table with the given table id + + @param TableId Table id to be searched + @param MemTable Pointer to the base address of the memory table + @param MemTableSize Pointer to the size of the memory table + + @retval RETURN_SUCCESS Successfully find out the memory table. + @retval RETURN_INVALID_PARAMETER Invalid input parameters. + @retval RETURN_NOT_FOUND Failed to find the memory table. + +**/ +RETURN_STATUS +ParseCbMemTable ( + IN UINT32 TableId, + OUT VOID **MemTable, + OUT UINT32 *MemTableSize + ) +{ + EFI_STATUS Status; + struct cb_memory *rec; + struct cb_memory_range *Range; + UINT64 Start; + UINT64 Size; + UINTN Index; + struct cbmem_root *CbMemRoot; + + if (MemTable == NULL) { + return RETURN_INVALID_PARAMETER; + } + + *MemTable = NULL; + Status = RETURN_NOT_FOUND; + + // + // Get the coreboot memory table + // + rec = (struct cb_memory *)FindCbTag (CB_TAG_MEMORY); + if (rec == NULL) { + return Status; + } + + for (Index = 0; Index < MEM_RANGE_COUNT(rec); Index++) { + Range = MEM_RANGE_PTR(rec, Index); + Start = cb_unpack64(Range->start); + Size = cb_unpack64(Range->size); + + if ((Range->type == CB_MEM_TABLE) && (Start > 0x1000)) { + CbMemRoot = (struct cbmem_root *)(UINTN)(Start + Size - DYN_CBMEM_ALIGN_SIZE); + Status = FindCbMemTable (CbMemRoot, TableId, MemTable, MemTableSize); + if (!EFI_ERROR (Status)) { + break; + } + } + } + + return Status; +} + + + +/** + Acquire the memory information from the coreboot table in memory. + + @param MemInfoCallback The callback routine + @param Params Pointer to the callback routine parameter + + @retval RETURN_SUCCESS Successfully find out the memory information. + @retval RETURN_NOT_FOUND Failed to find the memory information. + +**/ +RETURN_STATUS +EFIAPI +ParseMemoryInfo ( + IN BL_MEM_INFO_CALLBACK MemInfoCallback, + IN VOID *Params + ) +{ + struct cb_memory *rec; + struct cb_memory_range *Range; + UINTN Index; + MEMROY_MAP_ENTRY MemoryMap; + + // + // Get the coreboot memory table + // + rec = (struct cb_memory *)FindCbTag (CB_TAG_MEMORY); + if (rec == NULL) { + return RETURN_NOT_FOUND; + } + + for (Index = 0; Index < MEM_RANGE_COUNT(rec); Index++) { + Range = MEM_RANGE_PTR(rec, Index); + MemoryMap.Base = cb_unpack64(Range->start); + MemoryMap.Size = cb_unpack64(Range->size); + MemoryMap.Type = (UINT8)Range->type; + MemoryMap.Flag = 0; + DEBUG ((DEBUG_INFO, "%d. %016lx - %016lx [%02x]\n", + Index, MemoryMap.Base, MemoryMap.Base + MemoryMap.Size - 1, MemoryMap.Type)); + + MemInfoCallback (&MemoryMap, Params); + } + + return RETURN_SUCCESS; +} + + +/** + Acquire acpi table and smbios table from coreboot + + @param SystemTableInfo Pointer to the system table info + + @retval RETURN_SUCCESS Successfully find out the tables. + @retval RETURN_NOT_FOUND Failed to find the tables. + +**/ +RETURN_STATUS +EFIAPI +ParseSystemTable ( + OUT SYSTEM_TABLE_INFO *SystemTableInfo + ) +{ + EFI_STATUS Status; + VOID *MemTable; + UINT32 MemTableSize; + + Status = ParseCbMemTable (SIGNATURE_32 ('T', 'B', 'M', 'S'), &MemTable, &MemTableSize); + if (EFI_ERROR (Status)) { + return EFI_NOT_FOUND; + } + SystemTableInfo->SmbiosTableBase = (UINT64) (UINTN)MemTable; + SystemTableInfo->SmbiosTableSize = MemTableSize; + + Status = ParseCbMemTable (SIGNATURE_32 ('I', 'P', 'C', 'A'), &MemTable, &MemTableSize); + if (EFI_ERROR (Status)) { + return EFI_NOT_FOUND; + } + SystemTableInfo->AcpiTableBase = (UINT64) (UINTN)MemTable; + SystemTableInfo->AcpiTableSize = MemTableSize; + + return Status; +} + + +/** + Find the serial port information + + @param SERIAL_PORT_INFO Pointer to serial port info structure + + @retval RETURN_SUCCESS Successfully find the serial port information. + @retval RETURN_NOT_FOUND Failed to find the serial port information . + +**/ +RETURN_STATUS +EFIAPI +ParseSerialInfo ( + OUT SERIAL_PORT_INFO *SerialPortInfo + ) +{ + struct cb_serial *CbSerial; + + CbSerial = FindCbTag (CB_TAG_SERIAL); + if (CbSerial == NULL) { + return RETURN_NOT_FOUND; + } + + SerialPortInfo->BaseAddr = CbSerial->baseaddr; + SerialPortInfo->RegWidth = CbSerial->regwidth; + SerialPortInfo->Type = CbSerial->type; + SerialPortInfo->Baud = CbSerial->baud; + SerialPortInfo->InputHertz = CbSerial->input_hertz; + SerialPortInfo->UartPciAddr = CbSerial->uart_pci_addr; + + return RETURN_SUCCESS; +} + +/** + Find the video frame buffer information + + @param GfxInfo Pointer to the EFI_PEI_GRAPHICS_INFO_HOB structure + + @retval RETURN_SUCCESS Successfully find the video frame buffer information. + @retval RETURN_NOT_FOUND Failed to find the video frame buffer information . + +**/ +RETURN_STATUS +EFIAPI +ParseGfxInfo ( + OUT EFI_PEI_GRAPHICS_INFO_HOB *GfxInfo + ) +{ + struct cb_framebuffer *CbFbRec; + EFI_GRAPHICS_OUTPUT_MODE_INFORMATION *GfxMode; + + if (GfxInfo == NULL) { + return RETURN_INVALID_PARAMETER; + } + + CbFbRec = FindCbTag (CB_TAG_FRAMEBUFFER); + if (CbFbRec == NULL) { + return RETURN_NOT_FOUND; + } + + DEBUG ((DEBUG_INFO, "Found coreboot video frame buffer information\n")); + DEBUG ((DEBUG_INFO, "physical_address: 0x%lx\n", CbFbRec->physical_address)); + DEBUG ((DEBUG_INFO, "x_resolution: 0x%x\n", CbFbRec->x_resolution)); + DEBUG ((DEBUG_INFO, "y_resolution: 0x%x\n", CbFbRec->y_resolution)); + DEBUG ((DEBUG_INFO, "bits_per_pixel: 0x%x\n", CbFbRec->bits_per_pixel)); + DEBUG ((DEBUG_INFO, "bytes_per_line: 0x%x\n", CbFbRec->bytes_per_line)); + + DEBUG ((DEBUG_INFO, "red_mask_size: 0x%x\n", CbFbRec->red_mask_size)); + DEBUG ((DEBUG_INFO, "red_mask_pos: 0x%x\n", CbFbRec->red_mask_pos)); + DEBUG ((DEBUG_INFO, "green_mask_size: 0x%x\n", CbFbRec->green_mask_size)); + DEBUG ((DEBUG_INFO, "green_mask_pos: 0x%x\n", CbFbRec->green_mask_pos)); + DEBUG ((DEBUG_INFO, "blue_mask_size: 0x%x\n", CbFbRec->blue_mask_size)); + DEBUG ((DEBUG_INFO, "blue_mask_pos: 0x%x\n", CbFbRec->blue_mask_pos)); + DEBUG ((DEBUG_INFO, "reserved_mask_size: 0x%x\n", CbFbRec->reserved_mask_size)); + DEBUG ((DEBUG_INFO, "reserved_mask_pos: 0x%x\n", CbFbRec->reserved_mask_pos)); + + GfxMode = &GfxInfo->GraphicsMode; + GfxMode->Version = 0; + GfxMode->HorizontalResolution = CbFbRec->x_resolution; + GfxMode->VerticalResolution = CbFbRec->y_resolution; + GfxMode->PixelsPerScanLine = (CbFbRec->bytes_per_line << 3) / CbFbRec->bits_per_pixel; + if ((CbFbRec->red_mask_pos == 0) && (CbFbRec->green_mask_pos == 8) && (CbFbRec->blue_mask_pos == 16)) { + GfxMode->PixelFormat = PixelRedGreenBlueReserved8BitPerColor; + } else if ((CbFbRec->blue_mask_pos == 0) && (CbFbRec->green_mask_pos == 8) && (CbFbRec->red_mask_pos == 16)) { + GfxMode->PixelFormat = PixelBlueGreenRedReserved8BitPerColor; + } + GfxMode->PixelInformation.RedMask = ((1 << CbFbRec->red_mask_size) - 1) << CbFbRec->red_mask_pos; + GfxMode->PixelInformation.GreenMask = ((1 << CbFbRec->green_mask_size) - 1) << CbFbRec->green_mask_pos; + GfxMode->PixelInformation.BlueMask = ((1 << CbFbRec->blue_mask_size) - 1) << CbFbRec->blue_mask_pos; + GfxMode->PixelInformation.ReservedMask = ((1 << CbFbRec->reserved_mask_size) - 1) << CbFbRec->reserved_mask_pos; + + GfxInfo->FrameBufferBase = CbFbRec->physical_address; + GfxInfo->FrameBufferSize = CbFbRec->bytes_per_line * CbFbRec->y_resolution; + + return RETURN_SUCCESS; +} + +/** + Find the video frame buffer device information + + @param GfxDeviceInfo Pointer to the EFI_PEI_GRAPHICS_DEVICE_INFO_HOB structure + + @retval RETURN_SUCCESS Successfully find the video frame buffer information. + @retval RETURN_NOT_FOUND Failed to find the video frame buffer information. + +**/ +RETURN_STATUS +EFIAPI +ParseGfxDeviceInfo ( + OUT EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *GfxDeviceInfo + ) +{ + return RETURN_NOT_FOUND; +} + diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf new file mode 100644 index 0000000000..52e3ad2054 --- /dev/null +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf @@ -0,0 +1,39 @@ +## @file +# Coreboot Table Parse Library. +# +# Copyright (c) 2014, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = CbParseLib + FILE_GUID = 49EDFC9E-5945-4386-9C0B-C9B60CD45BB1 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = BlParseLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + CbParseLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UefiPayloadPkg/UefiPayloadPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + IoLib + DebugLib + PcdLib + +[Pcd] + gUefiPayloadPkgTokenSpaceGuid.PcdPayloadStackTop diff --git a/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridge.h b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridge.h new file mode 100644 index 0000000000..c2961b3bee --- /dev/null +++ b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridge.h @@ -0,0 +1,80 @@ +/** @file + Header file of PciHostBridgeLib. + + Copyright (C) 2016, Red Hat, Inc. + Copyright (c) 2016, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _PCI_HOST_BRIDGE_H +#define _PCI_HOST_BRIDGE_H + +typedef struct { + ACPI_HID_DEVICE_PATH AcpiDevicePath; + EFI_DEVICE_PATH_PROTOCOL EndDevicePath; +} CB_PCI_ROOT_BRIDGE_DEVICE_PATH; + +PCI_ROOT_BRIDGE * +ScanForRootBridges ( + UINTN *NumberOfRootBridges +); + +/** + Initialize a PCI_ROOT_BRIDGE structure. + + @param[in] Supports Supported attributes. + + @param[in] Attributes Initial attributes. + + @param[in] AllocAttributes Allocation attributes. + + @param[in] RootBusNumber The bus number to store in RootBus. + + @param[in] MaxSubBusNumber The inclusive maximum bus number that can be + assigned to any subordinate bus found behind any + PCI bridge hanging off this root bus. + + The caller is responsible for ensuring that + RootBusNumber <= MaxSubBusNumber. If + RootBusNumber equals MaxSubBusNumber, then the + root bus has no room for subordinate buses. + + @param[in] Io IO aperture. + + @param[in] Mem MMIO aperture. + + @param[in] MemAbove4G MMIO aperture above 4G. + + @param[in] PMem Prefetchable MMIO aperture. + + @param[in] PMemAbove4G Prefetchable MMIO aperture above 4G. + + @param[out] RootBus The PCI_ROOT_BRIDGE structure (allocated by the + caller) that should be filled in by this + function. + + @retval EFI_SUCCESS Initialization successful. A device path + consisting of an ACPI device path node, with + UID = RootBusNumber, has been allocated and + linked into RootBus. + + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. +**/ +EFI_STATUS +InitRootBridge ( + IN UINT64 Supports, + IN UINT64 Attributes, + IN UINT64 AllocAttributes, + IN UINT8 RootBusNumber, + IN UINT8 MaxSubBusNumber, + IN PCI_ROOT_BRIDGE_APERTURE *Io, + IN PCI_ROOT_BRIDGE_APERTURE *Mem, + IN PCI_ROOT_BRIDGE_APERTURE *MemAbove4G, + IN PCI_ROOT_BRIDGE_APERTURE *PMem, + IN PCI_ROOT_BRIDGE_APERTURE *PMemAbove4G, + OUT PCI_ROOT_BRIDGE *RootBus +); + +#endif diff --git a/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.c b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.c new file mode 100644 index 0000000000..512c3127cc --- /dev/null +++ b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.c @@ -0,0 +1,222 @@ +/** @file + Library instance of PciHostBridgeLib library class for coreboot. + + Copyright (C) 2016, Red Hat, Inc. + Copyright (c) 2016, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "PciHostBridge.h" + +STATIC +CONST +CB_PCI_ROOT_BRIDGE_DEVICE_PATH mRootBridgeDevicePathTemplate = { + { + { + ACPI_DEVICE_PATH, + ACPI_DP, + { + (UINT8) (sizeof(ACPI_HID_DEVICE_PATH)), + (UINT8) ((sizeof(ACPI_HID_DEVICE_PATH)) >> 8) + } + }, + EISA_PNP_ID(0x0A03), // HID + 0 // UID + }, + + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + END_DEVICE_PATH_LENGTH, + 0 + } + } +}; + + +/** + Initialize a PCI_ROOT_BRIDGE structure. + + @param[in] Supports Supported attributes. + + @param[in] Attributes Initial attributes. + + @param[in] AllocAttributes Allocation attributes. + + @param[in] RootBusNumber The bus number to store in RootBus. + + @param[in] MaxSubBusNumber The inclusive maximum bus number that can be + assigned to any subordinate bus found behind any + PCI bridge hanging off this root bus. + + The caller is responsible for ensuring that + RootBusNumber <= MaxSubBusNumber. If + RootBusNumber equals MaxSubBusNumber, then the + root bus has no room for subordinate buses. + + @param[in] Io IO aperture. + + @param[in] Mem MMIO aperture. + + @param[in] MemAbove4G MMIO aperture above 4G. + + @param[in] PMem Prefetchable MMIO aperture. + + @param[in] PMemAbove4G Prefetchable MMIO aperture above 4G. + + @param[out] RootBus The PCI_ROOT_BRIDGE structure (allocated by the + caller) that should be filled in by this + function. + + @retval EFI_SUCCESS Initialization successful. A device path + consisting of an ACPI device path node, with + UID = RootBusNumber, has been allocated and + linked into RootBus. + + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. +**/ +EFI_STATUS +InitRootBridge ( + IN UINT64 Supports, + IN UINT64 Attributes, + IN UINT64 AllocAttributes, + IN UINT8 RootBusNumber, + IN UINT8 MaxSubBusNumber, + IN PCI_ROOT_BRIDGE_APERTURE *Io, + IN PCI_ROOT_BRIDGE_APERTURE *Mem, + IN PCI_ROOT_BRIDGE_APERTURE *MemAbove4G, + IN PCI_ROOT_BRIDGE_APERTURE *PMem, + IN PCI_ROOT_BRIDGE_APERTURE *PMemAbove4G, + OUT PCI_ROOT_BRIDGE *RootBus +) +{ + CB_PCI_ROOT_BRIDGE_DEVICE_PATH *DevicePath; + + // + // Be safe if other fields are added to PCI_ROOT_BRIDGE later. + // + ZeroMem (RootBus, sizeof *RootBus); + + RootBus->Segment = 0; + + RootBus->Supports = Supports; + RootBus->Attributes = Attributes; + + RootBus->DmaAbove4G = FALSE; + + RootBus->AllocationAttributes = AllocAttributes; + RootBus->Bus.Base = RootBusNumber; + RootBus->Bus.Limit = MaxSubBusNumber; + CopyMem (&RootBus->Io, Io, sizeof (*Io)); + CopyMem (&RootBus->Mem, Mem, sizeof (*Mem)); + CopyMem (&RootBus->MemAbove4G, MemAbove4G, sizeof (*MemAbove4G)); + CopyMem (&RootBus->PMem, PMem, sizeof (*PMem)); + CopyMem (&RootBus->PMemAbove4G, PMemAbove4G, sizeof (*PMemAbove4G)); + + RootBus->NoExtendedConfigSpace = FALSE; + + DevicePath = AllocateCopyPool (sizeof (mRootBridgeDevicePathTemplate), + &mRootBridgeDevicePathTemplate); + if (DevicePath == NULL) { + DEBUG ((DEBUG_ERROR, "%a: %r\n", __FUNCTION__, EFI_OUT_OF_RESOURCES)); + return EFI_OUT_OF_RESOURCES; + } + DevicePath->AcpiDevicePath.UID = RootBusNumber; + RootBus->DevicePath = (EFI_DEVICE_PATH_PROTOCOL *)DevicePath; + + DEBUG ((DEBUG_INFO, + "%a: populated root bus %d, with room for %d subordinate bus(es)\n", + __FUNCTION__, RootBusNumber, MaxSubBusNumber - RootBusNumber)); + return EFI_SUCCESS; +} + + +/** + Return all the root bridge instances in an array. + + @param Count Return the count of root bridge instances. + + @return All the root bridge instances in an array. + The array should be passed into PciHostBridgeFreeRootBridges() + when it's not used. +**/ +PCI_ROOT_BRIDGE * +EFIAPI +PciHostBridgeGetRootBridges ( + UINTN *Count +) +{ + return ScanForRootBridges (Count); +} + + +/** + Free the root bridge instances array returned from + PciHostBridgeGetRootBridges(). + + @param The root bridge instances array. + @param The count of the array. +**/ +VOID +EFIAPI +PciHostBridgeFreeRootBridges ( + PCI_ROOT_BRIDGE *Bridges, + UINTN Count +) +{ + if (Bridges == NULL && Count == 0) { + return; + } + ASSERT (Bridges != NULL && Count > 0); + + do { + --Count; + FreePool (Bridges[Count].DevicePath); + } while (Count > 0); + + FreePool (Bridges); +} + + +/** + Inform the platform that the resource conflict happens. + + @param HostBridgeHandle Handle of the Host Bridge. + @param Configuration Pointer to PCI I/O and PCI memory resource + descriptors. The Configuration contains the resources + for all the root bridges. The resource for each root + bridge is terminated with END descriptor and an + additional END is appended indicating the end of the + entire resources. The resource descriptor field + values follow the description in + EFI_PCI_HOST_BRIDGE_RESOURCE_ALLOCATION_PROTOCOL + .SubmitResources(). +**/ +VOID +EFIAPI +PciHostBridgeResourceConflict ( + EFI_HANDLE HostBridgeHandle, + VOID *Configuration +) +{ + // + // coreboot UEFI Payload does not do PCI enumeration and should not call this + // library interface. + // + ASSERT (FALSE); +} diff --git a/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf new file mode 100644 index 0000000000..7896df2416 --- /dev/null +++ b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf @@ -0,0 +1,41 @@ +## @file +# Library instance of PciHostBridgeLib library class for coreboot. +# +# Copyright (C) 2016, Red Hat, Inc. +# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PciHostBridgeLib + FILE_GUID = 62EE5269-CFFD-43a3-BE3F-622FC79F467E + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = PciHostBridgeLib + +# +# The following information is for reference only and not required by the build +# tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + PciHostBridge.h + PciHostBridgeLib.c + PciHostBridgeSupport.c + +[Packages] + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + BaseMemoryLib + DebugLib + DevicePathLib + MemoryAllocationLib + PciLib diff --git a/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeSupport.c b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeSupport.c new file mode 100644 index 0000000000..fffbf04cad --- /dev/null +++ b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeSupport.c @@ -0,0 +1,584 @@ +/** @file + Scan the entire PCI bus for root bridges to support coreboot UEFI payload. + + Copyright (c) 2016, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "PciHostBridge.h" + +/** + Adjust the collected PCI resource. + + @param[in] Io IO aperture. + + @param[in] Mem MMIO aperture. + + @param[in] MemAbove4G MMIO aperture above 4G. + + @param[in] PMem Prefetchable MMIO aperture. + + @param[in] PMemAbove4G Prefetchable MMIO aperture above 4G. +**/ +VOID +AdjustRootBridgeResource ( + IN PCI_ROOT_BRIDGE_APERTURE *Io, + IN PCI_ROOT_BRIDGE_APERTURE *Mem, + IN PCI_ROOT_BRIDGE_APERTURE *MemAbove4G, + IN PCI_ROOT_BRIDGE_APERTURE *PMem, + IN PCI_ROOT_BRIDGE_APERTURE *PMemAbove4G +) +{ + UINT64 Mask; + + // + // For now try to downgrade everything into MEM32 since + // - coreboot does not assign resource above 4GB + // - coreboot might allocate interleaved MEM32 and PMEM32 resource + // in some cases + // + if (PMem->Base < Mem->Base) { + Mem->Base = PMem->Base; + } + + if (PMem->Limit > Mem->Limit) { + Mem->Limit = PMem->Limit; + } + + PMem->Base = MAX_UINT64; + PMem->Limit = 0; + + if (MemAbove4G->Base < 0x100000000ULL) { + if (MemAbove4G->Base < Mem->Base) { + Mem->Base = MemAbove4G->Base; + } + if (MemAbove4G->Limit > Mem->Limit) { + Mem->Limit = MemAbove4G->Limit; + } + MemAbove4G->Base = MAX_UINT64; + MemAbove4G->Limit = 0; + } + + if (PMemAbove4G->Base < 0x100000000ULL) { + if (PMemAbove4G->Base < Mem->Base) { + Mem->Base = PMemAbove4G->Base; + } + if (PMemAbove4G->Limit > Mem->Limit) { + Mem->Limit = PMemAbove4G->Limit; + } + PMemAbove4G->Base = MAX_UINT64; + PMemAbove4G->Limit = 0; + } + + // + // Align IO resource at 4K boundary + // + Mask = 0xFFFULL; + Io->Limit = ((Io->Limit + Mask) & ~Mask) - 1; + if (Io->Base != MAX_UINT64) { + Io->Base &= ~Mask; + } + + // + // Align MEM resource at 1MB boundary + // + Mask = 0xFFFFFULL; + Mem->Limit = ((Mem->Limit + Mask) & ~Mask) - 1; + if (Mem->Base != MAX_UINT64) { + Mem->Base &= ~Mask; + } +} + +/** + Probe a bar is existed or not. + + @param[in] Address PCI address for the BAR. + @param[out] OriginalValue The original bar value returned. + @param[out] Value The probed bar value returned. +**/ +STATIC +VOID +PcatPciRootBridgeBarExisted ( + IN UINT64 Address, + OUT UINT32 *OriginalValue, + OUT UINT32 *Value +) +{ + UINTN PciAddress; + + PciAddress = (UINTN)Address; + + // + // Preserve the original value + // + *OriginalValue = PciRead32 (PciAddress); + + // + // Disable timer interrupt while the BAR is probed + // + DisableInterrupts (); + + PciWrite32 (PciAddress, 0xFFFFFFFF); + *Value = PciRead32 (PciAddress); + PciWrite32 (PciAddress, *OriginalValue); + + // + // Enable interrupt + // + EnableInterrupts (); +} + +/** + Parse PCI bar and collect the assigned PCI resource information. + + @param[in] Command Supported attributes. + + @param[in] Bus PCI bus number. + + @param[in] Device PCI device number. + + @param[in] Function PCI function number. + + @param[in] BarOffsetBase PCI bar start offset. + + @param[in] BarOffsetEnd PCI bar end offset. + + @param[in] Io IO aperture. + + @param[in] Mem MMIO aperture. + + @param[in] MemAbove4G MMIO aperture above 4G. + + @param[in] PMem Prefetchable MMIO aperture. + + @param[in] PMemAbove4G Prefetchable MMIO aperture above 4G. +**/ +STATIC +VOID +PcatPciRootBridgeParseBars ( + IN UINT16 Command, + IN UINTN Bus, + IN UINTN Device, + IN UINTN Function, + IN UINTN BarOffsetBase, + IN UINTN BarOffsetEnd, + IN PCI_ROOT_BRIDGE_APERTURE *Io, + IN PCI_ROOT_BRIDGE_APERTURE *Mem, + IN PCI_ROOT_BRIDGE_APERTURE *MemAbove4G, + IN PCI_ROOT_BRIDGE_APERTURE *PMem, + IN PCI_ROOT_BRIDGE_APERTURE *PMemAbove4G + +) +{ + UINT32 OriginalValue; + UINT32 Value; + UINT32 OriginalUpperValue; + UINT32 UpperValue; + UINT64 Mask; + UINTN Offset; + UINTN LowBit; + UINT64 Base; + UINT64 Length; + UINT64 Limit; + PCI_ROOT_BRIDGE_APERTURE *MemAperture; + + for (Offset = BarOffsetBase; Offset < BarOffsetEnd; Offset += sizeof (UINT32)) { + PcatPciRootBridgeBarExisted ( + PCI_LIB_ADDRESS (Bus, Device, Function, Offset), + &OriginalValue, &Value + ); + if (Value == 0) { + continue; + } + if ((Value & BIT0) == BIT0) { + // + // IO Bar + // + if (Command & EFI_PCI_COMMAND_IO_SPACE) { + Mask = 0xfffffffc; + Base = OriginalValue & Mask; + Length = ((~(Value & Mask)) & Mask) + 0x04; + if (!(Value & 0xFFFF0000)) { + Length &= 0x0000FFFF; + } + Limit = Base + Length - 1; + + if ((Base > 0) && (Base < Limit)) { + if (Io->Base > Base) { + Io->Base = Base; + } + if (Io->Limit < Limit) { + Io->Limit = Limit; + } + } + } + } else { + // + // Mem Bar + // + if (Command & EFI_PCI_COMMAND_MEMORY_SPACE) { + + Mask = 0xfffffff0; + Base = OriginalValue & Mask; + Length = Value & Mask; + + if ((Value & (BIT1 | BIT2)) == 0) { + // + // 32bit + // + Length = ((~Length) + 1) & 0xffffffff; + + if ((Value & BIT3) == BIT3) { + MemAperture = PMem; + } else { + MemAperture = Mem; + } + } else { + // + // 64bit + // + Offset += 4; + PcatPciRootBridgeBarExisted ( + PCI_LIB_ADDRESS (Bus, Device, Function, Offset), + &OriginalUpperValue, + &UpperValue + ); + + Base = Base | LShiftU64 ((UINT64) OriginalUpperValue, 32); + Length = Length | LShiftU64 ((UINT64) UpperValue, 32); + if (Length != 0) { + LowBit = LowBitSet64 (Length); + Length = LShiftU64 (1ULL, LowBit); + } + + if ((Value & BIT3) == BIT3) { + MemAperture = PMemAbove4G; + } else { + MemAperture = MemAbove4G; + } + } + + Limit = Base + Length - 1; + if ((Base > 0) && (Base < Limit)) { + if (MemAperture->Base > Base) { + MemAperture->Base = Base; + } + if (MemAperture->Limit < Limit) { + MemAperture->Limit = Limit; + } + } + } + } + } +} + +/** + Scan for all root bridges in platform. + + @param[out] NumberOfRootBridges Number of root bridges detected + + @retval Pointer to the allocated PCI_ROOT_BRIDGE structure array. +**/ +PCI_ROOT_BRIDGE * +ScanForRootBridges ( + OUT UINTN *NumberOfRootBridges +) +{ + UINTN PrimaryBus; + UINTN SubBus; + UINT8 Device; + UINT8 Function; + UINTN NumberOfDevices; + UINTN Address; + PCI_TYPE01 Pci; + UINT64 Attributes; + UINT64 Base; + UINT64 Limit; + UINT64 Value; + PCI_ROOT_BRIDGE_APERTURE Io, Mem, MemAbove4G, PMem, PMemAbove4G, *MemAperture; + PCI_ROOT_BRIDGE *RootBridges; + UINTN BarOffsetEnd; + + + *NumberOfRootBridges = 0; + RootBridges = NULL; + + // + // After scanning all the PCI devices on the PCI root bridge's primary bus, + // update the Primary Bus Number for the next PCI root bridge to be this PCI + // root bridge's subordinate bus number + 1. + // + for (PrimaryBus = 0; PrimaryBus <= PCI_MAX_BUS; PrimaryBus = SubBus + 1) { + SubBus = PrimaryBus; + Attributes = 0; + + ZeroMem (&Io, sizeof (Io)); + ZeroMem (&Mem, sizeof (Mem)); + ZeroMem (&MemAbove4G, sizeof (MemAbove4G)); + ZeroMem (&PMem, sizeof (PMem)); + ZeroMem (&PMemAbove4G, sizeof (PMemAbove4G)); + Io.Base = Mem.Base = MemAbove4G.Base = PMem.Base = PMemAbove4G.Base = MAX_UINT64; + // + // Scan all the PCI devices on the primary bus of the PCI root bridge + // + for (Device = 0, NumberOfDevices = 0; Device <= PCI_MAX_DEVICE; Device++) { + + for (Function = 0; Function <= PCI_MAX_FUNC; Function++) { + + // + // Compute the PCI configuration address of the PCI device to probe + // + Address = PCI_LIB_ADDRESS (PrimaryBus, Device, Function, 0); + + // + // Read the Vendor ID from the PCI Configuration Header + // + if (PciRead16 (Address) == MAX_UINT16) { + if (Function == 0) { + // + // If the PCI Configuration Read fails, or a PCI device does not + // exist, then skip this entire PCI device + // + break; + } else { + // + // If PCI function != 0, VendorId == 0xFFFF, we continue to search + // PCI function. + // + continue; + } + } + + // + // Read the entire PCI Configuration Header + // + PciReadBuffer (Address, sizeof (Pci), &Pci); + + // + // Increment the number of PCI device found on the primary bus of the + // PCI root bridge + // + NumberOfDevices++; + + // + // Look for devices with the VGA Palette Snoop enabled in the COMMAND + // register of the PCI Config Header + // + if ((Pci.Hdr.Command & EFI_PCI_COMMAND_VGA_PALETTE_SNOOP) != 0) { + Attributes |= EFI_PCI_ATTRIBUTE_VGA_PALETTE_IO; + Attributes |= EFI_PCI_ATTRIBUTE_VGA_PALETTE_IO_16; + } + + BarOffsetEnd = 0; + + // + // PCI-PCI Bridge + // + if (IS_PCI_BRIDGE (&Pci)) { + // + // Get the Bus range that the PPB is decoding + // + if (Pci.Bridge.SubordinateBus > SubBus) { + // + // If the subordinate bus number of the PCI-PCI bridge is greater + // than the PCI root bridge's current subordinate bus number, + // then update the PCI root bridge's subordinate bus number + // + SubBus = Pci.Bridge.SubordinateBus; + } + + // + // Get the I/O range that the PPB is decoding + // + Value = Pci.Bridge.IoBase & 0x0f; + Base = ((UINT32) Pci.Bridge.IoBase & 0xf0) << 8; + Limit = (((UINT32) Pci.Bridge.IoLimit & 0xf0) << 8) | 0x0fff; + if (Value == BIT0) { + Base |= ((UINT32) Pci.Bridge.IoBaseUpper16 << 16); + Limit |= ((UINT32) Pci.Bridge.IoLimitUpper16 << 16); + } + if ((Base > 0) && (Base < Limit)) { + if (Io.Base > Base) { + Io.Base = Base; + } + if (Io.Limit < Limit) { + Io.Limit = Limit; + } + } + + // + // Get the Memory range that the PPB is decoding + // + Base = ((UINT32) Pci.Bridge.MemoryBase & 0xfff0) << 16; + Limit = (((UINT32) Pci.Bridge.MemoryLimit & 0xfff0) << 16) | 0xfffff; + if ((Base > 0) && (Base < Limit)) { + if (Mem.Base > Base) { + Mem.Base = Base; + } + if (Mem.Limit < Limit) { + Mem.Limit = Limit; + } + } + + // + // Get the Prefetchable Memory range that the PPB is decoding + // + Value = Pci.Bridge.PrefetchableMemoryBase & 0x0f; + Base = ((UINT32) Pci.Bridge.PrefetchableMemoryBase & 0xfff0) << 16; + Limit = (((UINT32) Pci.Bridge.PrefetchableMemoryLimit & 0xfff0) + << 16) | 0xfffff; + MemAperture = &PMem; + if (Value == BIT0) { + Base |= LShiftU64 (Pci.Bridge.PrefetchableBaseUpper32, 32); + Limit |= LShiftU64 (Pci.Bridge.PrefetchableLimitUpper32, 32); + MemAperture = &PMemAbove4G; + } + if ((Base > 0) && (Base < Limit)) { + if (MemAperture->Base > Base) { + MemAperture->Base = Base; + } + if (MemAperture->Limit < Limit) { + MemAperture->Limit = Limit; + } + } + + // + // Look at the PPB Configuration for legacy decoding attributes + // + if ((Pci.Bridge.BridgeControl & EFI_PCI_BRIDGE_CONTROL_ISA) + == EFI_PCI_BRIDGE_CONTROL_ISA) { + Attributes |= EFI_PCI_ATTRIBUTE_ISA_IO; + Attributes |= EFI_PCI_ATTRIBUTE_ISA_IO_16; + Attributes |= EFI_PCI_ATTRIBUTE_ISA_MOTHERBOARD_IO; + } + if ((Pci.Bridge.BridgeControl & EFI_PCI_BRIDGE_CONTROL_VGA) + == EFI_PCI_BRIDGE_CONTROL_VGA) { + Attributes |= EFI_PCI_ATTRIBUTE_VGA_PALETTE_IO; + Attributes |= EFI_PCI_ATTRIBUTE_VGA_MEMORY; + Attributes |= EFI_PCI_ATTRIBUTE_VGA_IO; + if ((Pci.Bridge.BridgeControl & EFI_PCI_BRIDGE_CONTROL_VGA_16) + != 0) { + Attributes |= EFI_PCI_ATTRIBUTE_VGA_PALETTE_IO_16; + Attributes |= EFI_PCI_ATTRIBUTE_VGA_IO_16; + } + } + + BarOffsetEnd = OFFSET_OF (PCI_TYPE01, Bridge.Bar[2]); + } else { + // + // Parse the BARs of the PCI device to get what I/O Ranges, Memory + // Ranges, and Prefetchable Memory Ranges the device is decoding + // + if ((Pci.Hdr.HeaderType & HEADER_LAYOUT_CODE) == HEADER_TYPE_DEVICE) { + BarOffsetEnd = OFFSET_OF (PCI_TYPE00, Device.Bar[6]); + } + } + + PcatPciRootBridgeParseBars ( + Pci.Hdr.Command, + PrimaryBus, + Device, + Function, + OFFSET_OF (PCI_TYPE00, Device.Bar), + BarOffsetEnd, + &Io, + &Mem, &MemAbove4G, + &PMem, &PMemAbove4G + ); + + // + // See if the PCI device is an IDE controller + // + if (IS_CLASS2 (&Pci, PCI_CLASS_MASS_STORAGE, + PCI_CLASS_MASS_STORAGE_IDE)) { + if (Pci.Hdr.ClassCode[0] & 0x80) { + Attributes |= EFI_PCI_ATTRIBUTE_IDE_PRIMARY_IO; + Attributes |= EFI_PCI_ATTRIBUTE_IDE_SECONDARY_IO; + } + if (Pci.Hdr.ClassCode[0] & 0x01) { + Attributes |= EFI_PCI_ATTRIBUTE_IDE_PRIMARY_IO; + } + if (Pci.Hdr.ClassCode[0] & 0x04) { + Attributes |= EFI_PCI_ATTRIBUTE_IDE_SECONDARY_IO; + } + } + + // + // See if the PCI device is a legacy VGA controller or + // a standard VGA controller + // + if (IS_CLASS2 (&Pci, PCI_CLASS_OLD, PCI_CLASS_OLD_VGA) || + IS_CLASS2 (&Pci, PCI_CLASS_DISPLAY, PCI_CLASS_DISPLAY_VGA) + ) { + Attributes |= EFI_PCI_ATTRIBUTE_VGA_PALETTE_IO; + Attributes |= EFI_PCI_ATTRIBUTE_VGA_PALETTE_IO_16; + Attributes |= EFI_PCI_ATTRIBUTE_VGA_MEMORY; + Attributes |= EFI_PCI_ATTRIBUTE_VGA_IO; + Attributes |= EFI_PCI_ATTRIBUTE_VGA_IO_16; + } + + // + // See if the PCI Device is a PCI - ISA or PCI - EISA + // or ISA_POSITIVE_DECODE Bridge device + // + if (Pci.Hdr.ClassCode[2] == PCI_CLASS_BRIDGE) { + if (Pci.Hdr.ClassCode[1] == PCI_CLASS_BRIDGE_ISA || + Pci.Hdr.ClassCode[1] == PCI_CLASS_BRIDGE_EISA || + Pci.Hdr.ClassCode[1] == PCI_CLASS_BRIDGE_ISA_PDECODE) { + Attributes |= EFI_PCI_ATTRIBUTE_ISA_IO; + Attributes |= EFI_PCI_ATTRIBUTE_ISA_IO_16; + Attributes |= EFI_PCI_ATTRIBUTE_ISA_MOTHERBOARD_IO; + } + } + + // + // If this device is not a multi function device, then skip the rest + // of this PCI device + // + if (Function == 0 && !IS_PCI_MULTI_FUNC (&Pci)) { + break; + } + } + } + + // + // If at least one PCI device was found on the primary bus of this PCI + // root bridge, then the PCI root bridge exists. + // + if (NumberOfDevices > 0) { + RootBridges = ReallocatePool ( + (*NumberOfRootBridges) * sizeof (PCI_ROOT_BRIDGE), + (*NumberOfRootBridges + 1) * sizeof (PCI_ROOT_BRIDGE), + RootBridges + ); + ASSERT (RootBridges != NULL); + + AdjustRootBridgeResource (&Io, &Mem, &MemAbove4G, &PMem, &PMemAbove4G); + + InitRootBridge ( + Attributes, Attributes, 0, + (UINT8) PrimaryBus, (UINT8) SubBus, + &Io, &Mem, &MemAbove4G, &PMem, &PMemAbove4G, + &RootBridges[*NumberOfRootBridges] + ); + RootBridges[*NumberOfRootBridges].ResourceAssigned = TRUE; + // + // Increment the index for the next PCI Root Bridge + // + (*NumberOfRootBridges)++; + } + } + + return RootBridges; +} diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c new file mode 100644 index 0000000000..c5c6af0abc --- /dev/null +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -0,0 +1,265 @@ +/** @file + This file include all platform action which can be customized + by IBV/OEM. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "PlatformBootManager.h" +#include "PlatformConsole.h" + +VOID +InstallReadyToLock ( + VOID + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + EFI_SMM_ACCESS2_PROTOCOL *SmmAccess; + + DEBUG((DEBUG_INFO,"InstallReadyToLock entering......\n")); + // + // Inform the SMM infrastructure that we're entering BDS and may run 3rd party code hereafter + // Since PI1.2.1, we need signal EndOfDxe as ExitPmAuth + // + EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid); + DEBUG((DEBUG_INFO,"All EndOfDxe callbacks have returned successfully\n")); + + // + // Install DxeSmmReadyToLock protocol in order to lock SMM + // + Status = gBS->LocateProtocol (&gEfiSmmAccess2ProtocolGuid, NULL, (VOID **) &SmmAccess); + if (!EFI_ERROR (Status)) { + Handle = NULL; + Status = gBS->InstallProtocolInterface ( + &Handle, + &gEfiDxeSmmReadyToLockProtocolGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); + } + + DEBUG((DEBUG_INFO,"InstallReadyToLock end\n")); + return; +} + +/** + Return the index of the load option in the load option array. + + The function consider two load options are equal when the + OptionType, Attributes, Description, FilePath and OptionalData are equal. + + @param Key Pointer to the load option to be found. + @param Array Pointer to the array of load options to be found. + @param Count Number of entries in the Array. + + @retval -1 Key wasn't found in the Array. + @retval 0 ~ Count-1 The index of the Key in the Array. +**/ +INTN +PlatformFindLoadOption ( + IN CONST EFI_BOOT_MANAGER_LOAD_OPTION *Key, + IN CONST EFI_BOOT_MANAGER_LOAD_OPTION *Array, + IN UINTN Count +) +{ + UINTN Index; + + for (Index = 0; Index < Count; Index++) { + if ((Key->OptionType == Array[Index].OptionType) && + (Key->Attributes == Array[Index].Attributes) && + (StrCmp (Key->Description, Array[Index].Description) == 0) && + (CompareMem (Key->FilePath, Array[Index].FilePath, GetDevicePathSize (Key->FilePath)) == 0) && + (Key->OptionalDataSize == Array[Index].OptionalDataSize) && + (CompareMem (Key->OptionalData, Array[Index].OptionalData, Key->OptionalDataSize) == 0)) { + return (INTN) Index; + } + } + + return -1; +} + +/** + Register a boot option using a file GUID in the FV. + + @param FileGuid The file GUID name in FV. + @param Description The boot option description. + @param Attributes The attributes used for the boot option loading. +**/ +VOID +PlatformRegisterFvBootOption ( + EFI_GUID *FileGuid, + CHAR16 *Description, + UINT32 Attributes +) +{ + EFI_STATUS Status; + UINTN OptionIndex; + EFI_BOOT_MANAGER_LOAD_OPTION NewOption; + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; + UINTN BootOptionCount; + MEDIA_FW_VOL_FILEPATH_DEVICE_PATH FileNode; + EFI_LOADED_IMAGE_PROTOCOL *LoadedImage; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + + Status = gBS->HandleProtocol (gImageHandle, &gEfiLoadedImageProtocolGuid, (VOID **) &LoadedImage); + ASSERT_EFI_ERROR (Status); + + EfiInitializeFwVolDevicepathNode (&FileNode, FileGuid); + DevicePath = AppendDevicePathNode ( + DevicePathFromHandle (LoadedImage->DeviceHandle), + (EFI_DEVICE_PATH_PROTOCOL *) &FileNode + ); + + Status = EfiBootManagerInitializeLoadOption ( + &NewOption, + LoadOptionNumberUnassigned, + LoadOptionTypeBoot, + Attributes, + Description, + DevicePath, + NULL, + 0 + ); + if (!EFI_ERROR (Status)) { + BootOptions = EfiBootManagerGetLoadOptions (&BootOptionCount, LoadOptionTypeBoot); + + OptionIndex = PlatformFindLoadOption (&NewOption, BootOptions, BootOptionCount); + + if (OptionIndex == -1) { + Status = EfiBootManagerAddLoadOptionVariable (&NewOption, (UINTN) -1); + ASSERT_EFI_ERROR (Status); + } + EfiBootManagerFreeLoadOption (&NewOption); + EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); + } +} + +/** + Do the platform specific action before the console is connected. + + Such as: + Update console variable; + Register new Driver#### or Boot####; + Signal ReadyToLock event. +**/ +VOID +EFIAPI +PlatformBootManagerBeforeConsole ( + VOID +) +{ + EFI_INPUT_KEY Enter; + EFI_INPUT_KEY F2; + EFI_INPUT_KEY Down; + EFI_BOOT_MANAGER_LOAD_OPTION BootOption; + + PlatformConsoleInit (); + + // + // Register ENTER as CONTINUE key + // + Enter.ScanCode = SCAN_NULL; + Enter.UnicodeChar = CHAR_CARRIAGE_RETURN; + EfiBootManagerRegisterContinueKeyOption (0, &Enter, NULL); + + // + // Map F2 to Boot Manager Menu + // + F2.ScanCode = SCAN_F2; + F2.UnicodeChar = CHAR_NULL; + EfiBootManagerGetBootManagerMenu (&BootOption); + EfiBootManagerAddKeyOptionVariable (NULL, (UINT16) BootOption.OptionNumber, 0, &F2, NULL); + + // + // Also add Down key to Boot Manager Menu since some serial terminals don't support F2 key. + // + Down.ScanCode = SCAN_DOWN; + Down.UnicodeChar = CHAR_NULL; + EfiBootManagerGetBootManagerMenu (&BootOption); + EfiBootManagerAddKeyOptionVariable (NULL, (UINT16) BootOption.OptionNumber, 0, &Down, NULL); + + // + // Install ready to lock. + // This needs to be done before option rom dispatched. + // + InstallReadyToLock (); + + // + // Dispatch deferred images after EndOfDxe event and ReadyToLock installation. + // + EfiBootManagerDispatchDeferredImages (); +} + +/** + Do the platform specific action after the console is connected. + + Such as: + Dynamically switch output mode; + Signal console ready platform customized event; + Run diagnostics like memory testing; + Connect certain devices; + Dispatch additional option roms. +**/ +VOID +EFIAPI +PlatformBootManagerAfterConsole ( + VOID +) +{ + EFI_GRAPHICS_OUTPUT_BLT_PIXEL Black; + EFI_GRAPHICS_OUTPUT_BLT_PIXEL White; + + Black.Blue = Black.Green = Black.Red = Black.Reserved = 0; + White.Blue = White.Green = White.Red = White.Reserved = 0xFF; + + EfiBootManagerConnectAll (); + EfiBootManagerRefreshAllBootOption (); + + // + // Register UEFI Shell + // + PlatformRegisterFvBootOption (PcdGetPtr (PcdShellFile), L"UEFI Shell", LOAD_OPTION_ACTIVE); + + Print ( + L"\n" + L"F2 or Down to enter Boot Manager Menu.\n" + L"ENTER to boot directly.\n" + L"\n" + ); + +} + +/** + This function is called each second during the boot manager waits the timeout. + + @param TimeoutRemain The remaining timeout. +**/ +VOID +EFIAPI +PlatformBootManagerWaitCallback ( + UINT16 TimeoutRemain +) +{ + return; +} + +/** + The function is called when no boot option could be launched, + including platform recovery options and options pointing to applications + built into firmware volumes. + + If this function returns, BDS attempts to enter an infinite loop. +**/ +VOID +EFIAPI +PlatformBootManagerUnableToBoot ( + VOID + ) +{ + return; +} + diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h new file mode 100644 index 0000000000..2f600c796f --- /dev/null +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h @@ -0,0 +1,132 @@ +/**@file + Head file for BDS Platform specific code + +Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef _PLATFORM_BOOT_MANAGER_H +#define _PLATFORM_BOOT_MANAGER_H + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +typedef struct { + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + UINTN ConnectType; +} PLATFORM_CONSOLE_CONNECT_ENTRY; + +extern PLATFORM_CONSOLE_CONNECT_ENTRY gPlatformConsole[]; + +#define gEndEntire \ + { \ + END_DEVICE_PATH_TYPE,\ + END_ENTIRE_DEVICE_PATH_SUBTYPE,\ + { END_DEVICE_PATH_LENGTH, 0 },\ + } + +#define CONSOLE_OUT BIT0 +#define CONSOLE_IN BIT1 +#define STD_ERROR BIT2 + +#define CLASS_HID 3 +#define SUBCLASS_BOOT 1 +#define PROTOCOL_KEYBOARD 1 + +typedef struct { + USB_CLASS_DEVICE_PATH UsbClass; + EFI_DEVICE_PATH_PROTOCOL End; +} USB_CLASS_FORMAT_DEVICE_PATH; + +typedef struct { + VENDOR_DEVICE_PATH VendorDevicePath; + UINT32 Instance; +} WIN_NT_VENDOR_DEVICE_PATH_NODE; + +// +// Below is the platform console device path +// +typedef struct { + VENDOR_DEVICE_PATH NtBus; + WIN_NT_VENDOR_DEVICE_PATH_NODE SerialDevice; + UART_DEVICE_PATH Uart; + VENDOR_DEVICE_PATH TerminalType; + EFI_DEVICE_PATH_PROTOCOL End; +} NT_ISA_SERIAL_DEVICE_PATH; + +typedef struct { + VENDOR_DEVICE_PATH NtBus; + WIN_NT_VENDOR_DEVICE_PATH_NODE NtGopDevice; + EFI_DEVICE_PATH_PROTOCOL End; +} NT_PLATFORM_GOP_DEVICE_PATH; + +extern USB_CLASS_FORMAT_DEVICE_PATH gUsbClassKeyboardDevicePath; + +/** + Use SystemTable Conout to stop video based Simple Text Out consoles from going + to the video device. Put up LogoFile on every video device that is a console. + + @param[in] LogoFile File name of logo to display on the center of the screen. + + @retval EFI_SUCCESS ConsoleControl has been flipped to graphics and logo displayed. + @retval EFI_UNSUPPORTED Logo not found + +**/ +EFI_STATUS +PlatformBootManagerEnableQuietBoot ( + IN EFI_GUID *LogoFile +); + +/** + Use SystemTable Conout to turn on video based Simple Text Out consoles. The + Simple Text Out screens will now be synced up with all non video output devices + + @retval EFI_SUCCESS UGA devices are back in text mode and synced up. + +**/ +EFI_STATUS +PlatformBootManagerDisableQuietBoot ( + VOID +); + +/** + Show progress bar with title above it. It only works in Graphics mode. + + @param TitleForeground Foreground color for Title. + @param TitleBackground Background color for Title. + @param Title Title above progress bar. + @param ProgressColor Progress bar color. + @param Progress Progress (0-100) + @param PreviousValue The previous value of the progress. + + @retval EFI_STATUS Success update the progress bar + +**/ +EFI_STATUS +PlatformBootManagerShowProgress ( + IN EFI_GRAPHICS_OUTPUT_BLT_PIXEL TitleForeground, + IN EFI_GRAPHICS_OUTPUT_BLT_PIXEL TitleBackground, + IN CHAR16 *Title, + IN EFI_GRAPHICS_OUTPUT_BLT_PIXEL ProgressColor, + IN UINTN Progress, + IN UINTN PreviousValue +); + +#endif // _PLATFORM_BOOT_MANAGER_H diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf new file mode 100644 index 0000000000..1f5a0bcad0 --- /dev/null +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -0,0 +1,71 @@ +## @file +# Include all platform action which can be customized by IBV/OEM. +# +# Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PlatformBootManagerLib + FILE_GUID = F0D9063A-DADB-4185-85E2-D7ACDA93F7A6 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = PlatformBootManagerLib|DXE_DRIVER + + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + PlatformData.c + PlatformConsole.c + PlatformConsole.h + PlatformBootManager.c + PlatformBootManager.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UefiPayloadPkg/UefiPayloadPkg.dec + +[LibraryClasses] + BaseLib + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + UefiLib + UefiBootManagerLib + PcdLib + DxeServicesLib + MemoryAllocationLib + DevicePathLib + HiiLib + PrintLib + PlatformHookLib + +[Guids] + gEfiEndOfDxeEventGroupGuid + +[Protocols] + gEfiGenericMemTestProtocolGuid ## CONSUMES + gEfiGraphicsOutputProtocolGuid ## CONSUMES + gEfiUgaDrawProtocolGuid ## CONSUMES + gEfiBootLogoProtocolGuid ## CONSUMES + gEfiDxeSmmReadyToLockProtocolGuid + gEfiSmmAccess2ProtocolGuid + +[Pcd] + gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut + gEfiMdePkgTokenSpaceGuid.PcdUgaConsumeSupport + gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow + gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn + gEfiMdeModulePkgTokenSpaceGuid.PcdConInConnectOnDemand + gUefiPayloadPkgTokenSpaceGuid.PcdShellFile + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultStopBits diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c new file mode 100644 index 0000000000..a27cc552ab --- /dev/null +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c @@ -0,0 +1,615 @@ +/** @file +This file include all platform action which can be customized by IBV/OEM. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "PlatformBootManager.h" +#include "PlatformConsole.h" +#include + +#define PCI_DEVICE_PATH_NODE(Func, Dev) \ + { \ + { \ + HARDWARE_DEVICE_PATH, \ + HW_PCI_DP, \ + { \ + (UINT8) (sizeof (PCI_DEVICE_PATH)), \ + (UINT8) ((sizeof (PCI_DEVICE_PATH)) >> 8) \ + } \ + }, \ + (Func), \ + (Dev) \ + } + +#define PNPID_DEVICE_PATH_NODE(PnpId) \ + { \ + { \ + ACPI_DEVICE_PATH, \ + ACPI_DP, \ + { \ + (UINT8) (sizeof (ACPI_HID_DEVICE_PATH)), \ + (UINT8) ((sizeof (ACPI_HID_DEVICE_PATH)) >> 8) \ + }, \ + }, \ + EISA_PNP_ID((PnpId)), \ + 0 \ + } + +#define gPciRootBridge \ + PNPID_DEVICE_PATH_NODE(0x0A03) + +#define gPnp16550ComPort \ + PNPID_DEVICE_PATH_NODE(0x0501) + +#define gPnpPs2Keyboard \ + PNPID_DEVICE_PATH_NODE(0x0303) + +#define gUartVendor \ + { \ + { \ + HARDWARE_DEVICE_PATH, \ + HW_VENDOR_DP, \ + { \ + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), \ + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) \ + } \ + }, \ + EDKII_SERIAL_PORT_LIB_VENDOR_GUID \ + } + +#define gUart \ + { \ + { \ + MESSAGING_DEVICE_PATH, \ + MSG_UART_DP, \ + { \ + (UINT8) (sizeof (UART_DEVICE_PATH)), \ + (UINT8) ((sizeof (UART_DEVICE_PATH)) >> 8) \ + } \ + }, \ + 0, \ + 115200, \ + 8, \ + 1, \ + 1 \ + } + +#define gPcAnsiTerminal \ + { \ + { \ + MESSAGING_DEVICE_PATH, \ + MSG_VENDOR_DP, \ + { \ + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), \ + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) \ + } \ + }, \ + DEVICE_PATH_MESSAGING_PC_ANSI \ + } + +ACPI_HID_DEVICE_PATH gPnpPs2KeyboardDeviceNode = gPnpPs2Keyboard; +ACPI_HID_DEVICE_PATH gPnp16550ComPortDeviceNode = gPnp16550ComPort; +UART_DEVICE_PATH gUartDeviceNode = gUart; +VENDOR_DEVICE_PATH gTerminalTypeDeviceNode = gPcAnsiTerminal; +VENDOR_DEVICE_PATH gUartDeviceVendorNode = gUartVendor; + +// +// Predefined platform root bridge +// +PLATFORM_ROOT_BRIDGE_DEVICE_PATH gPlatformRootBridge0 = { + gPciRootBridge, + gEndEntire +}; + +EFI_DEVICE_PATH_PROTOCOL *gPlatformRootBridges[] = { + (EFI_DEVICE_PATH_PROTOCOL *) &gPlatformRootBridge0, + NULL +}; + +BOOLEAN mDetectVgaOnly; + +/** + Add IsaKeyboard to ConIn; add IsaSerial to ConOut, ConIn, ErrOut. + + @param[in] DeviceHandle Handle of the LPC Bridge device. + + @retval EFI_SUCCESS Console devices on the LPC bridge have been added to + ConOut, ConIn, and ErrOut. + + @return Error codes, due to EFI_DEVICE_PATH_PROTOCOL missing + from DeviceHandle. +**/ +EFI_STATUS +PrepareLpcBridgeDevicePath ( + IN EFI_HANDLE DeviceHandle +) +{ + EFI_STATUS Status; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; + + DevicePath = NULL; + Status = gBS->HandleProtocol ( + DeviceHandle, + &gEfiDevicePathProtocolGuid, + (VOID*)&DevicePath + ); + if (EFI_ERROR (Status)) { + return Status; + } + TempDevicePath = DevicePath; + + // + // Register Keyboard + // + DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gPnpPs2KeyboardDeviceNode); + EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + + // + // Register COM1 + // + DevicePath = TempDevicePath; + DevicePath = AppendDevicePathNode ((EFI_DEVICE_PATH_PROTOCOL *)NULL, (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceVendorNode); + DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode); + DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode); + + EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL); + + return EFI_SUCCESS; +} + +/** + Return the GOP device path in the platform. + + @param[in] PciDevicePath - Device path for the PCI graphics device. + @param[out] GopDevicePath - Return the device path with GOP installed. + + @retval EFI_SUCCESS - PCI VGA is added to ConOut. + @retval EFI_INVALID_PARAMETER - The device path parameter is invalid. + @retval EFI_STATUS - No GOP device found. +**/ +EFI_STATUS +GetGopDevicePath ( + IN EFI_DEVICE_PATH_PROTOCOL *PciDevicePath, + OUT EFI_DEVICE_PATH_PROTOCOL **GopDevicePath +) +{ + UINTN Index; + EFI_STATUS Status; + EFI_HANDLE PciDeviceHandle; + EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; + EFI_DEVICE_PATH_PROTOCOL *TempPciDevicePath; + UINTN GopHandleCount; + EFI_HANDLE *GopHandleBuffer; + + if (PciDevicePath == NULL || GopDevicePath == NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // Initialize the GopDevicePath to be PciDevicePath + // + *GopDevicePath = PciDevicePath; + TempPciDevicePath = PciDevicePath; + + Status = gBS->LocateDevicePath ( + &gEfiDevicePathProtocolGuid, + &TempPciDevicePath, + &PciDeviceHandle + ); + if (EFI_ERROR (Status)) { + return Status; + } + + gBS->ConnectController (PciDeviceHandle, NULL, NULL, FALSE); + + Status = gBS->LocateHandleBuffer ( + ByProtocol, + &gEfiGraphicsOutputProtocolGuid, + NULL, + &GopHandleCount, + &GopHandleBuffer + ); + if (!EFI_ERROR (Status)) { + // + // Add all the child handles as possible Console Device + // + for (Index = 0; Index < GopHandleCount; Index++) { + Status = gBS->HandleProtocol (GopHandleBuffer[Index], &gEfiDevicePathProtocolGuid, (VOID*)&TempDevicePath); + if (EFI_ERROR (Status)) { + continue; + } + if (CompareMem ( + PciDevicePath, + TempDevicePath, + GetDevicePathSize (PciDevicePath) - END_DEVICE_PATH_LENGTH + ) == 0) { + // + // In current implementation, we only enable one of the child handles + // as console device, i.e. sotre one of the child handle's device + // path to variable "ConOut" + // In future, we could select all child handles to be console device + // + *GopDevicePath = TempDevicePath; + + // + // Delete the PCI device's path that added by GetPlugInPciVgaDevicePath() + // Add the integrity GOP device path. + // + EfiBootManagerUpdateConsoleVariable (ConOut, NULL, PciDevicePath); + EfiBootManagerUpdateConsoleVariable (ConOut, TempDevicePath, NULL); + } + } + gBS->FreePool (GopHandleBuffer); + } + + return EFI_SUCCESS; +} + +/** + Add PCI VGA to ConOut, ConIn, ErrOut. + + @param[in] DeviceHandle - Handle of PciIo protocol. + + @retval EFI_SUCCESS - PCI VGA is added to ConOut. + @retval EFI_STATUS - No PCI VGA device is added. + +**/ +EFI_STATUS +PreparePciVgaDevicePath ( + IN EFI_HANDLE DeviceHandle +) +{ + EFI_STATUS Status; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + EFI_DEVICE_PATH_PROTOCOL *GopDevicePath; + + DevicePath = NULL; + Status = gBS->HandleProtocol ( + DeviceHandle, + &gEfiDevicePathProtocolGuid, + (VOID*)&DevicePath + ); + if (EFI_ERROR (Status)) { + return Status; + } + + GetGopDevicePath (DevicePath, &GopDevicePath); + DevicePath = GopDevicePath; + + EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); + + return EFI_SUCCESS; +} + +/** + Add PCI Serial to ConOut, ConIn, ErrOut. + + @param[in] DeviceHandle - Handle of PciIo protocol. + + @retval EFI_SUCCESS - PCI Serial is added to ConOut, ConIn, and ErrOut. + @retval EFI_STATUS - No PCI Serial device is added. + +**/ +EFI_STATUS +PreparePciSerialDevicePath ( + IN EFI_HANDLE DeviceHandle +) +{ + EFI_STATUS Status; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + + DevicePath = NULL; + Status = gBS->HandleProtocol ( + DeviceHandle, + &gEfiDevicePathProtocolGuid, + (VOID*)&DevicePath + ); + if (EFI_ERROR (Status)) { + return Status; + } + + DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode); + DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode); + + EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL); + + return EFI_SUCCESS; +} + + +/** + For every PCI instance execute a callback function. + + @param[in] Id - The protocol GUID for callback + @param[in] CallBackFunction - The callback function + @param[in] Context - The context of the callback + + @retval EFI_STATUS - Callback function failed. + +**/ +EFI_STATUS +EFIAPI +VisitAllInstancesOfProtocol ( + IN EFI_GUID *Id, + IN PROTOCOL_INSTANCE_CALLBACK CallBackFunction, + IN VOID *Context +) +{ + EFI_STATUS Status; + UINTN HandleCount; + EFI_HANDLE *HandleBuffer; + UINTN Index; + VOID *Instance; + + // + // Start to check all the PciIo to find all possible device + // + HandleCount = 0; + HandleBuffer = NULL; + Status = gBS->LocateHandleBuffer ( + ByProtocol, + Id, + NULL, + &HandleCount, + &HandleBuffer + ); + if (EFI_ERROR (Status)) { + return Status; + } + + for (Index = 0; Index < HandleCount; Index++) { + Status = gBS->HandleProtocol (HandleBuffer[Index], Id, &Instance); + if (EFI_ERROR (Status)) { + continue; + } + + Status = (*CallBackFunction) ( + HandleBuffer[Index], + Instance, + Context + ); + } + + gBS->FreePool (HandleBuffer); + + return EFI_SUCCESS; +} + + +/** + For every PCI instance execute a callback function. + + @param[in] Handle - The PCI device handle + @param[in] Instance - The instance of the PciIo protocol + @param[in] Context - The context of the callback + + @retval EFI_STATUS - Callback function failed. + +**/ +EFI_STATUS +EFIAPI +VisitingAPciInstance ( + IN EFI_HANDLE Handle, + IN VOID *Instance, + IN VOID *Context +) +{ + EFI_STATUS Status; + EFI_PCI_IO_PROTOCOL *PciIo; + PCI_TYPE00 Pci; + + PciIo = (EFI_PCI_IO_PROTOCOL*) Instance; + + // + // Check for all PCI device + // + Status = PciIo->Pci.Read ( + PciIo, + EfiPciIoWidthUint32, + 0, + sizeof (Pci) / sizeof (UINT32), + &Pci + ); + if (EFI_ERROR (Status)) { + return Status; + } + + return (*(VISIT_PCI_INSTANCE_CALLBACK)(UINTN) Context) ( + Handle, + PciIo, + &Pci + ); + +} + + +/** + For every PCI instance execute a callback function. + + @param[in] CallBackFunction - Callback function pointer + + @retval EFI_STATUS - Callback function failed. + +**/ +EFI_STATUS +EFIAPI +VisitAllPciInstances ( + IN VISIT_PCI_INSTANCE_CALLBACK CallBackFunction +) +{ + return VisitAllInstancesOfProtocol ( + &gEfiPciIoProtocolGuid, + VisitingAPciInstance, + (VOID*)(UINTN) CallBackFunction + ); +} + + +/** + Do platform specific PCI Device check and add them to + ConOut, ConIn, ErrOut. + + @param[in] Handle - Handle of PCI device instance + @param[in] PciIo - PCI IO protocol instance + @param[in] Pci - PCI Header register block + + @retval EFI_SUCCESS - PCI Device check and Console variable update successfully. + @retval EFI_STATUS - PCI Device check or Console variable update fail. + +**/ +EFI_STATUS +EFIAPI +DetectAndPreparePlatformPciDevicePath ( + IN EFI_HANDLE Handle, + IN EFI_PCI_IO_PROTOCOL *PciIo, + IN PCI_TYPE00 *Pci +) +{ + EFI_STATUS Status; + + Status = PciIo->Attributes ( + PciIo, + EfiPciIoAttributeOperationEnable, + EFI_PCI_DEVICE_ENABLE, + NULL + ); + ASSERT_EFI_ERROR (Status); + + if (!mDetectVgaOnly) { + // + // Here we decide whether it is LPC Bridge + // + if ((IS_PCI_LPC (Pci)) || + ((IS_PCI_ISA_PDECODE (Pci)) && + (Pci->Hdr.VendorId == 0x8086) + ) + ) { + // + // Add IsaKeyboard to ConIn, + // add IsaSerial to ConOut, ConIn, ErrOut + // + DEBUG ((DEBUG_INFO, "Found LPC Bridge device\n")); + PrepareLpcBridgeDevicePath (Handle); + return EFI_SUCCESS; + } + // + // Here we decide which Serial device to enable in PCI bus + // + if (IS_PCI_16550SERIAL (Pci)) { + // + // Add them to ConOut, ConIn, ErrOut. + // + DEBUG ((DEBUG_INFO, "Found PCI 16550 SERIAL device\n")); + PreparePciSerialDevicePath (Handle); + return EFI_SUCCESS; + } + } + + // + // Here we decide which VGA device to enable in PCI bus + // + if (IS_PCI_VGA (Pci)) { + // + // Add them to ConOut. + // + DEBUG ((DEBUG_INFO, "Found PCI VGA device\n")); + PreparePciVgaDevicePath (Handle); + return EFI_SUCCESS; + } + + return Status; +} + + +/** + Do platform specific PCI Device check and add them to ConOut, ConIn, ErrOut + + @param[in] DetectVgaOnly - Only detect VGA device if it's TRUE. + + @retval EFI_SUCCESS - PCI Device check and Console variable update successfully. + @retval EFI_STATUS - PCI Device check or Console variable update fail. + +**/ +EFI_STATUS +DetectAndPreparePlatformPciDevicePaths ( + BOOLEAN DetectVgaOnly +) +{ + mDetectVgaOnly = DetectVgaOnly; + + EfiBootManagerUpdateConsoleVariable ( + ConIn, + (EFI_DEVICE_PATH_PROTOCOL *) &gUsbClassKeyboardDevicePath, + NULL + ); + + return VisitAllPciInstances (DetectAndPreparePlatformPciDevicePath); +} + + +/** + The function will connect root bridge + + @return EFI_SUCCESS Connect RootBridge successfully. + +**/ +EFI_STATUS +ConnectRootBridge ( + VOID +) +{ + EFI_STATUS Status; + EFI_HANDLE RootHandle; + + // + // Make all the PCI_IO protocols on PCI Seg 0 show up + // + Status = gBS->LocateDevicePath ( + &gEfiDevicePathProtocolGuid, + &gPlatformRootBridges[0], + &RootHandle + ); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = gBS->ConnectController (RootHandle, NULL, NULL, FALSE); + if (EFI_ERROR (Status)) { + return Status; + } + + return EFI_SUCCESS; +} + +/** + Platform console init. Include the platform firmware vendor, revision + and so crc check. + +**/ +VOID +EFIAPI +PlatformConsoleInit ( + VOID +) +{ + gUartDeviceNode.BaudRate = PcdGet64 (PcdUartDefaultBaudRate); + gUartDeviceNode.DataBits = PcdGet8 (PcdUartDefaultDataBits); + gUartDeviceNode.Parity = PcdGet8 (PcdUartDefaultParity); + gUartDeviceNode.StopBits = PcdGet8 (PcdUartDefaultStopBits); + + ConnectRootBridge (); + + // + // Do platform specific PCI Device check and add them to ConOut, ConIn, ErrOut + // + DetectAndPreparePlatformPciDevicePaths (FALSE); + +} diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.h b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.h new file mode 100644 index 0000000000..68bdf5e555 --- /dev/null +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.h @@ -0,0 +1,70 @@ +/** @file +Head file for BDS Platform specific code + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef _PLATFORM_CONSOLE_H +#define _PLATFORM_CONSOLE_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define IS_PCI_ISA_PDECODE(_p) IS_CLASS3 (_p, PCI_CLASS_BRIDGE, PCI_CLASS_BRIDGE_ISA_PDECODE, 0) +#define IS_PCI_16550SERIAL(_p) IS_CLASS3 (_p, PCI_CLASS_SCC, PCI_SUBCLASS_SERIAL, PCI_IF_16550) + +// +// Type definitions +// + +// +// Platform Root Bridge +// +typedef struct { + ACPI_HID_DEVICE_PATH PciRootBridge; + EFI_DEVICE_PATH_PROTOCOL End; +} PLATFORM_ROOT_BRIDGE_DEVICE_PATH; + +typedef +EFI_STATUS +(EFIAPI *PROTOCOL_INSTANCE_CALLBACK)( + IN EFI_HANDLE Handle, + IN VOID *Instance, + IN VOID *Context +); + +/** + @param[in] Handle - Handle of PCI device instance + @param[in] PciIo - PCI IO protocol instance + @param[in] Pci - PCI Header register block +**/ +typedef +EFI_STATUS +(EFIAPI *VISIT_PCI_INSTANCE_CALLBACK)( + IN EFI_HANDLE Handle, + IN EFI_PCI_IO_PROTOCOL *PciIo, + IN PCI_TYPE00 *Pci +); + +/** + Platform console init. Include the platform firmware vendor, revision + and so crc check. + +**/ +VOID +EFIAPI +PlatformConsoleInit ( + VOID +); + +#endif diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformData.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformData.c new file mode 100644 index 0000000000..d17e660e0f --- /dev/null +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformData.c @@ -0,0 +1,39 @@ +/**@file + Defined the platform specific device path which will be filled to + ConIn/ConOut variables. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include "PlatformBootManager.h" + +/// +/// Predefined platform default console device path +/// +GLOBAL_REMOVE_IF_UNREFERENCED PLATFORM_CONSOLE_CONNECT_ENTRY gPlatformConsole[] = { + { + NULL, + 0 + } +}; + + +GLOBAL_REMOVE_IF_UNREFERENCED USB_CLASS_FORMAT_DEVICE_PATH gUsbClassKeyboardDevicePath = { + { + { + MESSAGING_DEVICE_PATH, + MSG_USB_CLASS_DP, + { + (UINT8) (sizeof (USB_CLASS_DEVICE_PATH)), + (UINT8) ((sizeof (USB_CLASS_DEVICE_PATH)) >> 8) + } + }, + 0xffff, // VendorId + 0xffff, // ProductId + CLASS_HID, // DeviceClass + SUBCLASS_BOOT, // DeviceSubClass + PROTOCOL_KEYBOARD // DeviceProtocol + }, + gEndEntire +}; diff --git a/DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.c b/DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.c new file mode 100644 index 0000000000..72a17dc8a7 --- /dev/null +++ b/DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.c @@ -0,0 +1,98 @@ +/** @file + Platform Hook Library instance for UART device. + + Copyright (c) 2015, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +typedef struct { + UINT16 VendorId; ///< Vendor ID to match the PCI device. The value 0xFFFF terminates the list of entries. + UINT16 DeviceId; ///< Device ID to match the PCI device + UINT32 ClockRate; ///< UART clock rate. Set to 0 for default clock rate of 1843200 Hz + UINT64 Offset; ///< The byte offset into to the BAR + UINT8 BarIndex; ///< Which BAR to get the UART base address + UINT8 RegisterStride; ///< UART register stride in bytes. Set to 0 for default register stride of 1 byte. + UINT16 ReceiveFifoDepth; ///< UART receive FIFO depth in bytes. Set to 0 for a default FIFO depth of 16 bytes. + UINT16 TransmitFifoDepth; ///< UART transmit FIFO depth in bytes. Set to 0 for a default FIFO depth of 16 bytes. + UINT8 Reserved[2]; +} PCI_SERIAL_PARAMETER; + +/** + Performs platform specific initialization required for the CPU to access + the hardware associated with a SerialPortLib instance. This function does + not initialize the serial port hardware itself. Instead, it initializes + hardware devices that are required for the CPU to access the serial port + hardware. This function may be called more than once. + + @retval RETURN_SUCCESS The platform specific initialization succeeded. + @retval RETURN_DEVICE_ERROR The platform specific initialization could not be completed. + +**/ +RETURN_STATUS +EFIAPI +PlatformHookSerialPortInitialize ( + VOID + ) +{ + RETURN_STATUS Status; + UINT32 DeviceVendor; + PCI_SERIAL_PARAMETER *SerialParam; + SERIAL_PORT_INFO SerialPortInfo; + + Status = ParseSerialInfo (&SerialPortInfo); + if (RETURN_ERROR (Status)) { + return Status; + } + + if (SerialPortInfo.Type == PLD_SERIAL_TYPE_MEMORY_MAPPED) { + Status = PcdSetBoolS (PcdSerialUseMmio, TRUE); + } else { //IO + Status = PcdSetBoolS (PcdSerialUseMmio, FALSE); + } + if (RETURN_ERROR (Status)) { + return Status; + } + Status = PcdSet64S (PcdSerialRegisterBase, SerialPortInfo.BaseAddr); + if (RETURN_ERROR (Status)) { + return Status; + } + + Status = PcdSet32S (PcdSerialRegisterStride, SerialPortInfo.RegWidth); + if (RETURN_ERROR (Status)) { + return Status; + } + + Status = PcdSet32S (PcdSerialBaudRate, SerialPortInfo.Baud); + if (RETURN_ERROR (Status)) { + return Status; + } + + Status = PcdSet64S (PcdUartDefaultBaudRate, SerialPortInfo.Baud); + if (RETURN_ERROR (Status)) { + return Status; + } + + Status = PcdSet32S (PcdSerialClockRate, SerialPortInfo.InputHertz); + if (RETURN_ERROR (Status)) { + return Status; + } + + if (SerialPortInfo.UartPciAddr >= 0x80000000) { + DeviceVendor = PciRead32 (SerialPortInfo.UartPciAddr & 0x0ffff000); + SerialParam = PcdGetPtr(PcdPciSerialParameters); + SerialParam->VendorId = (UINT16)DeviceVendor; + SerialParam->DeviceId = DeviceVendor >> 16; + SerialParam->ClockRate = SerialPortInfo.InputHertz; + SerialParam->RegisterStride = (UINT8)SerialPortInfo.RegWidth; + } + + return RETURN_SUCCESS; +} diff --git a/DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf b/DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf new file mode 100644 index 0000000000..2415d99c64 --- /dev/null +++ b/DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf @@ -0,0 +1,39 @@ +## @file +# Platform Hook Library instance for UART device. +# +# Copyright (c) 2015, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PlatformHookLib + FILE_GUID = 40A2CBC6-CFB8-447b-A90E-198E88FD345E + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = PlatformHookLib + CONSTRUCTOR = PlatformHookSerialPortInitialize + +[Sources] + PlatformHookLib.c + +[LibraryClasses] + BlParseLib + PcdLib + PciLib + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UefiPayloadPkg/UefiPayloadPkg.dec + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialUseMmio ## PRODUCES + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase ## PRODUCES + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialBaudRate ## PRODUCES + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterStride ## PRODUCES + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialClockRate ## PRODUCES + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate ## PRODUCES + gEfiMdeModulePkgTokenSpaceGuid.PcdPciSerialParameters ## PRODUCES diff --git a/DasharoPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.c b/DasharoPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.c new file mode 100644 index 0000000000..a1b129814e --- /dev/null +++ b/DasharoPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.c @@ -0,0 +1,29 @@ +/** @file + Include all platform specific features which can be customized by IBV/OEM. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include + +/** + Parse platform specific information from coreboot. + + @retval RETURN_SUCCESS The platform specific coreboot support succeeded. + @retval RETURN_DEVICE_ERROR The platform specific coreboot support could not be completed. + +**/ +EFI_STATUS +EFIAPI +ParsePlatformInfo ( + VOID + ) +{ + return EFI_SUCCESS; +} + diff --git a/DasharoPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.inf b/DasharoPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.inf new file mode 100644 index 0000000000..1f4a5a35f4 --- /dev/null +++ b/DasharoPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.inf @@ -0,0 +1,28 @@ +## @file +# Include all platform specific features which can be customized by IBV/OEM. +# +# Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PlatformSupportLib + FILE_GUID = B42AA265-00CA-4d4b-AC14-DBD5268E1BC7 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = PlatformSupportLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + PlatformSupportLibNull.c + +[Packages] + MdePkg/MdePkg.dec + UefiPayloadPkg/UefiPayloadPkg.dec diff --git a/DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.c b/DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.c new file mode 100644 index 0000000000..2e4b7fe592 --- /dev/null +++ b/DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.c @@ -0,0 +1,153 @@ +/** @file + Reset System Library functions for bootloader + + Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include + +ACPI_BOARD_INFO mAcpiBoardInfo; + +/** + The constructor function to initialize mAcpiBoardInfo. + + @retval EFI_SUCCESS The constructor always returns RETURN_SUCCESS. + +**/ +RETURN_STATUS +EFIAPI +ResetSystemLibConstructor ( + VOID + ) +{ + EFI_HOB_GUID_TYPE *GuidHob; + ACPI_BOARD_INFO *AcpiBoardInfoPtr; + + // + // Find the acpi board information guid hob + // + GuidHob = GetFirstGuidHob (&gUefiAcpiBoardInfoGuid); + ASSERT (GuidHob != NULL); + + AcpiBoardInfoPtr = (ACPI_BOARD_INFO *)GET_GUID_HOB_DATA (GuidHob); + CopyMem (&mAcpiBoardInfo, AcpiBoardInfoPtr, sizeof (ACPI_BOARD_INFO)); + + return EFI_SUCCESS; +} + + +VOID +AcpiPmControl ( + UINTN SuspendType + ) +{ + UINTN PmCtrlReg; + + ASSERT (SuspendType <= 7); + + PmCtrlReg = (UINTN)mAcpiBoardInfo.PmCtrlRegBase; + IoAndThenOr16 (PmCtrlReg, (UINT16) ~0x3c00, (UINT16) (SuspendType << 10)); + IoOr16 (PmCtrlReg, BIT13); + CpuDeadLoop (); +} + +/** + Calling this function causes a system-wide reset. This sets + all circuitry within the system to its initial state. This type of reset + is asynchronous to system operation and operates without regard to + cycle boundaries. + + System reset should not return, if it returns, it means the system does + not support cold reset. +**/ +VOID +EFIAPI +ResetCold ( + VOID + ) +{ + IoWrite8 ((UINTN)mAcpiBoardInfo.ResetRegAddress, mAcpiBoardInfo.ResetValue); + CpuDeadLoop (); +} + +/** + Calling this function causes a system-wide initialization. The processors + are set to their initial state, and pending cycles are not corrupted. + + System reset should not return, if it returns, it means the system does + not support warm reset. +**/ +VOID +EFIAPI +ResetWarm ( + VOID + ) +{ + IoWrite8 ((UINTN)mAcpiBoardInfo.ResetRegAddress, mAcpiBoardInfo.ResetValue); + CpuDeadLoop (); +} + +/** + Calling this function causes the system to enter a power state equivalent + to the ACPI G2/S5 or G3 states. + + System shutdown should not return, if it returns, it means the system does + not support shut down reset. +**/ +VOID +EFIAPI +ResetShutdown ( + VOID + ) +{ + UINTN PmCtrlReg; + + // + // GPE0_EN should be disabled to avoid any GPI waking up the system from S5 + // + IoWrite16 ((UINTN)mAcpiBoardInfo.PmGpeEnBase, 0); + + // + // Clear Power Button Status + // + IoWrite16((UINTN) mAcpiBoardInfo.PmEvtBase, BIT8); + + // + // Transform system into S5 sleep state + // + PmCtrlReg = (UINTN)mAcpiBoardInfo.PmCtrlRegBase; + IoAndThenOr16 (PmCtrlReg, (UINT16) ~0x3c00, (UINT16) (7 << 10)); + IoOr16 (PmCtrlReg, BIT13); + CpuDeadLoop (); + + ASSERT (FALSE); +} + +/** + This function causes a systemwide reset. The exact type of the reset is + defined by the EFI_GUID that follows the Null-terminated Unicode string passed + into ResetData. If the platform does not recognize the EFI_GUID in ResetData + the platform must pick a supported reset type to perform.The platform may + optionally log the parameters from any non-normal reset that occurs. + + @param[in] DataSize The size, in bytes, of ResetData. + @param[in] ResetData The data buffer starts with a Null-terminated string, + followed by the EFI_GUID. +**/ +VOID +EFIAPI +ResetPlatformSpecific ( + IN UINTN DataSize, + IN VOID *ResetData + ) +{ + ResetCold (); +} diff --git a/DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf b/DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf new file mode 100644 index 0000000000..e7341c341a --- /dev/null +++ b/DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf @@ -0,0 +1,40 @@ +## @file +# Library instance for ResetSystem library class for bootloader +# +# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = ResetSystemLib + FILE_GUID = C5CD4EEE-527F-47df-9C92-B41414AF7479 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = ResetSystemLib + + CONSTRUCTOR = ResetSystemLibConstructor +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + ResetSystemLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UefiPayloadPkg/UefiPayloadPkg.dec + +[LibraryClasses] + DebugLib + IoLib + HobLib + BaseMemoryLib + +[Guids] + gUefiAcpiBoardInfoGuid + diff --git a/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c b/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c new file mode 100644 index 0000000000..7214fd87d2 --- /dev/null +++ b/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c @@ -0,0 +1,223 @@ +/** @file + This library will parse the Slim Bootloader to get required information. + + Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +/** + This function retrieves the parameter base address from boot loader. + + This function will get bootloader specific parameter address for UEFI payload. + e.g. HobList pointer for Slim Bootloader, and coreboot table header for Coreboot. + + @retval NULL Failed to find the GUID HOB. + @retval others GUIDed HOB data pointer. + +**/ +VOID * +EFIAPI +GetParameterBase ( + VOID + ) +{ + EFI_HOB_HANDOFF_INFO_TABLE *HandoffTable; + + HandoffTable = (EFI_HOB_HANDOFF_INFO_TABLE *)(UINTN) GET_BOOTLOADER_PARAMETER (); + if ((HandoffTable->Header.HobType == EFI_HOB_TYPE_HANDOFF) && + (HandoffTable->Header.HobLength == sizeof (EFI_HOB_HANDOFF_INFO_TABLE)) && + (HandoffTable->Header.Reserved == 0)) { + return (VOID *)HandoffTable; + } + + return NULL; +} + + +/** + This function retrieves a GUIDed HOB data from Slim Bootloader. + + This function will search SBL HOB list to find the first GUIDed HOB that + its GUID matches Guid. + + @param[in] Guid A pointer to HOB GUID to search. + + @retval NULL Failed to find the GUID HOB. + @retval others GUIDed HOB data pointer. + +**/ +VOID * +GetGuidHobDataFromSbl ( + IN EFI_GUID *Guid + ) +{ + UINT8 *GuidHob; + CONST VOID *HobList; + + HobList = GetParameterBase (); + ASSERT (HobList != NULL); + GuidHob = GetNextGuidHob (Guid, HobList); + if (GuidHob != NULL) { + return GET_GUID_HOB_DATA (GuidHob); + } + + return NULL; +} + +/** + Acquire the memory map information. + + @param MemInfoCallback The callback routine + @param Params Pointer to the callback routine parameter + + @retval RETURN_SUCCESS Successfully find out the memory information. + @retval RETURN_NOT_FOUND Failed to find the memory information. + +**/ +RETURN_STATUS +EFIAPI +ParseMemoryInfo ( + IN BL_MEM_INFO_CALLBACK MemInfoCallback, + IN VOID *Params + ) +{ + MEMROY_MAP_INFO *MemoryMapInfo; + UINTN Idx; + + MemoryMapInfo = (MEMROY_MAP_INFO *) GetGuidHobDataFromSbl (&gLoaderMemoryMapInfoGuid); + if (MemoryMapInfo == NULL) { + ASSERT (FALSE); + return RETURN_NOT_FOUND; + } + + for (Idx = 0; Idx < MemoryMapInfo->Count; Idx++) { + MemInfoCallback (&MemoryMapInfo->Entry[Idx], Params); + } + + return RETURN_SUCCESS; +} + +/** + Acquire acpi table and smbios table from slim bootloader + + @param SystemTableInfo Pointer to the system table info + + @retval RETURN_SUCCESS Successfully find out the tables. + @retval RETURN_NOT_FOUND Failed to find the tables. + +**/ +RETURN_STATUS +EFIAPI +ParseSystemTable ( + OUT SYSTEM_TABLE_INFO *SystemTableInfo + ) +{ + SYSTEM_TABLE_INFO *TableInfo; + + TableInfo = (SYSTEM_TABLE_INFO *)GetGuidHobDataFromSbl (&gUefiSystemTableInfoGuid); + if (TableInfo == NULL) { + ASSERT (FALSE); + return RETURN_NOT_FOUND; + } + + CopyMem (SystemTableInfo, TableInfo, sizeof (SYSTEM_TABLE_INFO)); + + return RETURN_SUCCESS; +} + + +/** + Find the serial port information + + @param SERIAL_PORT_INFO Pointer to serial port info structure + + @retval RETURN_SUCCESS Successfully find the serial port information. + @retval RETURN_NOT_FOUND Failed to find the serial port information . + +**/ +RETURN_STATUS +EFIAPI +ParseSerialInfo ( + OUT SERIAL_PORT_INFO *SerialPortInfo + ) +{ + SERIAL_PORT_INFO *BlSerialInfo; + + BlSerialInfo = (SERIAL_PORT_INFO *) GetGuidHobDataFromSbl (&gUefiSerialPortInfoGuid); + if (BlSerialInfo == NULL) { + ASSERT (FALSE); + return RETURN_NOT_FOUND; + } + + CopyMem (SerialPortInfo, BlSerialInfo, sizeof (SERIAL_PORT_INFO)); + + return RETURN_SUCCESS; +} + + +/** + Find the video frame buffer information + + @param GfxInfo Pointer to the EFI_PEI_GRAPHICS_INFO_HOB structure + + @retval RETURN_SUCCESS Successfully find the video frame buffer information. + @retval RETURN_NOT_FOUND Failed to find the video frame buffer information . + +**/ +RETURN_STATUS +EFIAPI +ParseGfxInfo ( + OUT EFI_PEI_GRAPHICS_INFO_HOB *GfxInfo + ) +{ + EFI_PEI_GRAPHICS_INFO_HOB *BlGfxInfo; + + BlGfxInfo = (EFI_PEI_GRAPHICS_INFO_HOB *) GetGuidHobDataFromSbl (&gEfiGraphicsInfoHobGuid); + if (BlGfxInfo == NULL) { + return RETURN_NOT_FOUND; + } + + CopyMem (GfxInfo, BlGfxInfo, sizeof (EFI_PEI_GRAPHICS_INFO_HOB)); + + return RETURN_SUCCESS; +} + +/** + Find the video frame buffer device information + + @param GfxDeviceInfo Pointer to the EFI_PEI_GRAPHICS_DEVICE_INFO_HOB structure + + @retval RETURN_SUCCESS Successfully find the video frame buffer information. + @retval RETURN_NOT_FOUND Failed to find the video frame buffer information. + +**/ +RETURN_STATUS +EFIAPI +ParseGfxDeviceInfo ( + OUT EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *GfxDeviceInfo + ) +{ + EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *BlGfxDeviceInfo; + + BlGfxDeviceInfo = (EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *) GetGuidHobDataFromSbl (&gEfiGraphicsDeviceInfoHobGuid); + if (BlGfxDeviceInfo == NULL) { + return RETURN_NOT_FOUND; + } + + CopyMem (GfxDeviceInfo, BlGfxDeviceInfo, sizeof (EFI_PEI_GRAPHICS_DEVICE_INFO_HOB)); + + return RETURN_SUCCESS; +} + diff --git a/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.inf b/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.inf new file mode 100644 index 0000000000..9ce2864f9f --- /dev/null +++ b/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.inf @@ -0,0 +1,46 @@ +## @file +# Slim Bootloader parse library. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SblParseLib + FILE_GUID = DE6FB32C-52CF-4A17-A84C-B323653CB5E0 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = BlParseLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SblParseLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UefiPayloadPkg/UefiPayloadPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + PcdLib + HobLib + +[Guids] + gUefiSystemTableInfoGuid + gUefiSerialPortInfoGuid + gLoaderMemoryMapInfoGuid + gEfiGraphicsInfoHobGuid + gEfiGraphicsDeviceInfoHobGuid + +[Pcd] + gUefiPayloadPkgTokenSpaceGuid.PcdPayloadStackTop diff --git a/DasharoPayloadPkg/SecCore/FindPeiCore.c b/DasharoPayloadPkg/SecCore/FindPeiCore.c new file mode 100644 index 0000000000..f67d1afb96 --- /dev/null +++ b/DasharoPayloadPkg/SecCore/FindPeiCore.c @@ -0,0 +1,193 @@ +/** @file + Locate the entry point for the PEI Core + +Copyright (c) 2013, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +#include "SecMain.h" + +/** + Find core image base. + + @param BootFirmwareVolumePtr Point to the boot firmware volume. + @param SecCoreImageBase The base address of the SEC core image. + @param PeiCoreImageBase The base address of the PEI core image. + +**/ +EFI_STATUS +EFIAPI +FindImageBase ( + IN EFI_FIRMWARE_VOLUME_HEADER *BootFirmwareVolumePtr, + OUT EFI_PHYSICAL_ADDRESS *SecCoreImageBase, + OUT EFI_PHYSICAL_ADDRESS *PeiCoreImageBase + ) +{ + EFI_PHYSICAL_ADDRESS CurrentAddress; + EFI_PHYSICAL_ADDRESS EndOfFirmwareVolume; + EFI_FFS_FILE_HEADER *File; + UINT32 Size; + EFI_PHYSICAL_ADDRESS EndOfFile; + EFI_COMMON_SECTION_HEADER *Section; + EFI_PHYSICAL_ADDRESS EndOfSection; + + *SecCoreImageBase = 0; + *PeiCoreImageBase = 0; + + CurrentAddress = (EFI_PHYSICAL_ADDRESS)(UINTN) BootFirmwareVolumePtr; + EndOfFirmwareVolume = CurrentAddress + BootFirmwareVolumePtr->FvLength; + + // + // Loop through the FFS files in the Boot Firmware Volume + // + for (EndOfFile = CurrentAddress + BootFirmwareVolumePtr->HeaderLength; ; ) { + + CurrentAddress = (EndOfFile + 7) & 0xfffffffffffffff8ULL; + if (CurrentAddress > EndOfFirmwareVolume) { + return EFI_NOT_FOUND; + } + + File = (EFI_FFS_FILE_HEADER*)(UINTN) CurrentAddress; + if (IS_FFS_FILE2 (File)) { + Size = FFS_FILE2_SIZE (File); + if (Size <= 0x00FFFFFF) { + return EFI_NOT_FOUND; + } + } else { + Size = FFS_FILE_SIZE (File); + if (Size < sizeof (EFI_FFS_FILE_HEADER)) { + return EFI_NOT_FOUND; + } + } + + EndOfFile = CurrentAddress + Size; + if (EndOfFile > EndOfFirmwareVolume) { + return EFI_NOT_FOUND; + } + + // + // Look for SEC Core / PEI Core files + // + if (File->Type != EFI_FV_FILETYPE_SECURITY_CORE && + File->Type != EFI_FV_FILETYPE_PEI_CORE) { + continue; + } + + // + // Loop through the FFS file sections within the FFS file + // + if (IS_FFS_FILE2 (File)) { + EndOfSection = (EFI_PHYSICAL_ADDRESS) (UINTN) ((UINT8 *) File + sizeof (EFI_FFS_FILE_HEADER2)); + } else { + EndOfSection = (EFI_PHYSICAL_ADDRESS) (UINTN) ((UINT8 *) File + sizeof (EFI_FFS_FILE_HEADER)); + } + for (;;) { + CurrentAddress = (EndOfSection + 3) & 0xfffffffffffffffcULL; + Section = (EFI_COMMON_SECTION_HEADER*)(UINTN) CurrentAddress; + + if (IS_SECTION2 (Section)) { + Size = SECTION2_SIZE (Section); + if (Size <= 0x00FFFFFF) { + return EFI_NOT_FOUND; + } + } else { + Size = SECTION_SIZE (Section); + if (Size < sizeof (EFI_COMMON_SECTION_HEADER)) { + return EFI_NOT_FOUND; + } + } + + EndOfSection = CurrentAddress + Size; + if (EndOfSection > EndOfFile) { + return EFI_NOT_FOUND; + } + + // + // Look for executable sections + // + if (Section->Type == EFI_SECTION_PE32 || Section->Type == EFI_SECTION_TE) { + if (File->Type == EFI_FV_FILETYPE_SECURITY_CORE) { + if (IS_SECTION2 (Section)) { + *SecCoreImageBase = (PHYSICAL_ADDRESS) (UINTN) ((UINT8 *) Section + sizeof (EFI_COMMON_SECTION_HEADER2)); + } else { + *SecCoreImageBase = (PHYSICAL_ADDRESS) (UINTN) ((UINT8 *) Section + sizeof (EFI_COMMON_SECTION_HEADER)); + } + } else { + if (IS_SECTION2 (Section)) { + *PeiCoreImageBase = (PHYSICAL_ADDRESS) (UINTN) ((UINT8 *) Section + sizeof (EFI_COMMON_SECTION_HEADER2)); + } else { + *PeiCoreImageBase = (PHYSICAL_ADDRESS) (UINTN) ((UINT8 *) Section + sizeof (EFI_COMMON_SECTION_HEADER)); + } + } + break; + } + } + + // + // Both SEC Core and PEI Core images found + // + if (*SecCoreImageBase != 0 && *PeiCoreImageBase != 0) { + return EFI_SUCCESS; + } + } +} + +/** + Find and return Pei Core entry point. + + It also find SEC and PEI Core file debug information. It will report them if + remote debug is enabled. + + @param BootFirmwareVolumePtr Point to the boot firmware volume. + @param PeiCoreEntryPoint The entry point of the PEI core. + +**/ +VOID +EFIAPI +FindAndReportEntryPoints ( + IN EFI_FIRMWARE_VOLUME_HEADER *BootFirmwareVolumePtr, + OUT EFI_PEI_CORE_ENTRY_POINT *PeiCoreEntryPoint + ) +{ + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS SecCoreImageBase; + EFI_PHYSICAL_ADDRESS PeiCoreImageBase; + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; + + // + // Find SEC Core and PEI Core image base + // + Status = FindImageBase (BootFirmwareVolumePtr, &SecCoreImageBase, &PeiCoreImageBase); + ASSERT_EFI_ERROR (Status); + + ZeroMem ((VOID *) &ImageContext, sizeof (PE_COFF_LOADER_IMAGE_CONTEXT)); + // + // Report SEC Core debug information when remote debug is enabled + // + ImageContext.ImageAddress = SecCoreImageBase; + ImageContext.PdbPointer = PeCoffLoaderGetPdbPointer ((VOID*) (UINTN) ImageContext.ImageAddress); + PeCoffLoaderRelocateImageExtraAction (&ImageContext); + + // + // Report PEI Core debug information when remote debug is enabled + // + ImageContext.ImageAddress = PeiCoreImageBase; + ImageContext.PdbPointer = PeCoffLoaderGetPdbPointer ((VOID*) (UINTN) ImageContext.ImageAddress); + PeCoffLoaderRelocateImageExtraAction (&ImageContext); + + // + // Find PEI Core entry point + // + Status = PeCoffLoaderGetEntryPoint ((VOID *) (UINTN) PeiCoreImageBase, (VOID**) PeiCoreEntryPoint); + if (EFI_ERROR (Status)) { + *PeiCoreEntryPoint = 0; + } + + return; +} + diff --git a/DasharoPayloadPkg/SecCore/Ia32/SecEntry.nasm b/DasharoPayloadPkg/SecCore/Ia32/SecEntry.nasm new file mode 100644 index 0000000000..877fc61ef0 --- /dev/null +++ b/DasharoPayloadPkg/SecCore/Ia32/SecEntry.nasm @@ -0,0 +1,78 @@ +;------------------------------------------------------------------------------ +; +; Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +; Abstract: +; +; Entry point for the coreboot UEFI payload. +; +;------------------------------------------------------------------------------ + +SECTION .text + +; C Functions +extern ASM_PFX(SecStartup) + +; Pcds +extern ASM_PFX(PcdGet32 (PcdPayloadFdMemBase)) +extern ASM_PFX(PcdGet32 (PcdPayloadStackTop)) + +; +; SecCore Entry Point +; +; Processor is in flat protected mode +; +; @param[in] EAX Initial value of the EAX register (BIST: Built-in Self Test) +; @param[in] DI 'BP': boot-strap processor, or 'AP': application processor +; @param[in] EBP Pointer to the start of the Boot Firmware Volume +; +; @return None This routine does not return +; +global ASM_PFX(_ModuleEntryPoint) +ASM_PFX(_ModuleEntryPoint): + ; + ; Disable all the interrupts + ; + cli + + ; + ; Save the Payload HOB base address before switching the stack + ; + mov eax, [esp + 4] + + ; + ; Construct the temporary memory at 0x80000, length 0x10000 + ; + mov esp, DWORD [ASM_PFX(PcdGet32 (PcdPayloadStackTop))] + + ; + ; Push the Payload HOB base address onto new stack + ; + push eax + + ; + ; Pass BFV into the PEI Core + ; + push DWORD [ASM_PFX(PcdGet32 (PcdPayloadFdMemBase))] + + ; + ; Pass stack base into the PEI Core + ; + push BASE_512KB + + ; + ; Pass stack size into the PEI Core + ; + push SIZE_64KB + + ; + ; Pass Control into the PEI Core + ; + call ASM_PFX(SecStartup) + + ; + ; Should never return + ; + jmp $ + diff --git a/DasharoPayloadPkg/SecCore/Ia32/Stack.nasm b/DasharoPayloadPkg/SecCore/Ia32/Stack.nasm new file mode 100644 index 0000000000..55fd2243c8 --- /dev/null +++ b/DasharoPayloadPkg/SecCore/Ia32/Stack.nasm @@ -0,0 +1,72 @@ +;------------------------------------------------------------------------------ +; +; Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +; Abstract: +; +; Switch the stack from temporary memory to permanent memory. +; +;------------------------------------------------------------------------------ + +SECTION .text + +;------------------------------------------------------------------------------ +; VOID +; EFIAPI +; SecSwitchStack ( +; UINT32 TemporaryMemoryBase, +; UINT32 PermenentMemoryBase +; ); +;------------------------------------------------------------------------------ +global ASM_PFX(SecSwitchStack) +ASM_PFX(SecSwitchStack): + ; + ; Save three register: eax, ebx, ecx + ; + push eax + push ebx + push ecx + push edx + + ; + ; !!CAUTION!! this function address's is pushed into stack after + ; migration of whole temporary memory, so need save it to permanent + ; memory at first! + ; + + mov ebx, [esp + 20] ; Save the first parameter + mov ecx, [esp + 24] ; Save the second parameter + + ; + ; Save this function's return address into permanent memory at first. + ; Then, Fixup the esp point to permanent memory + ; + mov eax, esp + sub eax, ebx + add eax, ecx + mov edx, [esp] ; copy pushed register's value to permanent memory + mov [eax], edx + mov edx, [esp + 4] + mov [eax + 4], edx + mov edx, [esp + 8] + mov [eax + 8], edx + mov edx, [esp + 12] + mov [eax + 12], edx + mov edx, [esp + 16] ; Update return address into permanent memory + mov [eax + 16], edx + mov esp, eax ; From now, esp is pointed to permanent memory + + ; + ; Fixup the ebp point to permanent memory + ; + mov eax, ebp + sub eax, ebx + add eax, ecx + mov ebp, eax ; From now, ebp is pointed to permanent memory + + pop edx + pop ecx + pop ebx + pop eax + ret diff --git a/DasharoPayloadPkg/SecCore/SecCore.inf b/DasharoPayloadPkg/SecCore/SecCore.inf new file mode 100644 index 0000000000..82ca7f567f --- /dev/null +++ b/DasharoPayloadPkg/SecCore/SecCore.inf @@ -0,0 +1,58 @@ +## @file +# This is the first module taking control from the coreboot. +# +# Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SecCore + FILE_GUID = BA7BE337-6CFB-4dbb-B26C-21EC2FC16073 + MODULE_TYPE = SEC + VERSION_STRING = 1.0 + + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + SecMain.c + SecMain.h + FindPeiCore.c + +[Sources.IA32] + Ia32/Stack.nasm + Ia32/SecEntry.nasm + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UefiCpuPkg/UefiCpuPkg.dec + UefiPayloadPkg/UefiPayloadPkg.dec + +[LibraryClasses] + BaseMemoryLib + DebugLib + BaseLib + PcdLib + DebugAgentLib + UefiCpuLib + PeCoffGetEntryPointLib + PeCoffExtraActionLib + +[Ppis] + gEfiSecPlatformInformationPpiGuid # PPI ALWAYS_PRODUCED + gEfiTemporaryRamSupportPpiGuid # PPI ALWAYS_PRODUCED + gEfiPayLoadHobBasePpiGuid # PPI ALWAYS_PRODUCED + +[Pcd] + gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase + gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize + gUefiPayloadPkgTokenSpaceGuid.PcdPayloadStackTop diff --git a/DasharoPayloadPkg/SecCore/SecMain.c b/DasharoPayloadPkg/SecCore/SecMain.c new file mode 100644 index 0000000000..c0ca0e7d40 --- /dev/null +++ b/DasharoPayloadPkg/SecCore/SecMain.c @@ -0,0 +1,288 @@ +/** @file + C functions in SEC + +Copyright (c) 2013, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#include "SecMain.h" + +EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI gSecTemporaryRamSupportPpi = { + SecTemporaryRamSupport +}; + +EFI_PEI_PPI_DESCRIPTOR mPeiSecPlatformInformationPpi[] = { + { + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEfiTemporaryRamSupportPpiGuid, + &gSecTemporaryRamSupportPpi + } +}; + +// +// These are IDT entries pointing to 10:FFFFFFE4h. +// +UINT64 mIdtEntryTemplate = 0xffff8e000010ffe4ULL; + +/** + Caller provided function to be invoked at the end of InitializeDebugAgent(). + + Entry point to the C language phase of SEC. After the SEC assembly + code has initialized some temporary memory and set up the stack, + the control is transferred to this function. + + @param[in] Context The first input parameter of InitializeDebugAgent(). + +**/ +VOID +EFIAPI +SecStartupPhase2( + IN VOID *Context + ); + + +/** + + Entry point to the C language phase of SEC. After the SEC assembly + code has initialized some temporary memory and set up the stack, + the control is transferred to this function. + + + @param SizeOfRam Size of the temporary memory available for use. + @param TempRamBase Base address of temporary ram + @param BootFirmwareVolume Base address of the Boot Firmware Volume. + @param BootloaderParameter A parameter from bootloader, e.g. HobList from SlimBootloader + +**/ +VOID +EFIAPI +SecStartup ( + IN UINT32 SizeOfRam, + IN UINT32 TempRamBase, + IN VOID *BootFirmwareVolume, + IN UINT32 BootloaderParameter + ) +{ + EFI_SEC_PEI_HAND_OFF SecCoreData; + IA32_DESCRIPTOR IdtDescriptor; + SEC_IDT_TABLE IdtTableInStack; + UINT32 Index; + UINT32 PeiStackSize; + + PeiStackSize = (SizeOfRam >> 1); + + ASSERT (PeiStackSize < SizeOfRam); + + // + // Process all libraries constructor function linked to SecCore. + // + ProcessLibraryConstructorList (); + + // + // Initialize floating point operating environment + // to be compliant with UEFI spec. + // + InitializeFloatingPointUnits (); + + + // |-------------------|----> + // |Idt Table | + // |-------------------| + // |PeiService Pointer | PeiStackSize + // |-------------------| + // | | + // | Stack | + // |-------------------|----> + // | | + // | | + // | Heap | PeiTemporaryRamSize + // | | + // | | + // |-------------------|----> TempRamBase + + IdtTableInStack.PeiService = 0; + for (Index = 0; Index < SEC_IDT_ENTRY_COUNT; Index ++) { + CopyMem ((VOID*)&IdtTableInStack.IdtTable[Index], (VOID*)&mIdtEntryTemplate, sizeof (UINT64)); + } + + IdtDescriptor.Base = (UINTN) &IdtTableInStack.IdtTable; + IdtDescriptor.Limit = (UINT16)(sizeof (IdtTableInStack.IdtTable) - 1); + + AsmWriteIdtr (&IdtDescriptor); + + // + // Update the base address and length of Pei temporary memory + // + SecCoreData.DataSize = (UINT16) sizeof (EFI_SEC_PEI_HAND_OFF); + SecCoreData.BootFirmwareVolumeBase = BootFirmwareVolume; + SecCoreData.BootFirmwareVolumeSize = (UINTN)(0x100000000ULL - (UINTN) BootFirmwareVolume); + SecCoreData.TemporaryRamBase = (VOID*)(UINTN) TempRamBase; + SecCoreData.TemporaryRamSize = SizeOfRam; + SecCoreData.PeiTemporaryRamBase = SecCoreData.TemporaryRamBase; + SecCoreData.PeiTemporaryRamSize = SizeOfRam - PeiStackSize; + SecCoreData.StackBase = (VOID*)(UINTN)(TempRamBase + SecCoreData.PeiTemporaryRamSize); + SecCoreData.StackSize = PeiStackSize; + + // + // Initialize Debug Agent to support source level debug in SEC/PEI phases before memory ready. + // + InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, &SecCoreData, SecStartupPhase2); + +} + +/** + Caller provided function to be invoked at the end of InitializeDebugAgent(). + + Entry point to the C language phase of SEC. After the SEC assembly + code has initialized some temporary memory and set up the stack, + the control is transferred to this function. + + @param[in] Context The first input parameter of InitializeDebugAgent(). + +**/ +VOID +EFIAPI +SecStartupPhase2( + IN VOID *Context + ) +{ + EFI_SEC_PEI_HAND_OFF *SecCoreData; + EFI_PEI_CORE_ENTRY_POINT PeiCoreEntryPoint; + + SecCoreData = (EFI_SEC_PEI_HAND_OFF *) Context; + // + // Find Pei Core entry point. It will report SEC and Pei Core debug information if remote debug + // is enabled. + // + FindAndReportEntryPoints ((EFI_FIRMWARE_VOLUME_HEADER *) SecCoreData->BootFirmwareVolumeBase, &PeiCoreEntryPoint); + if (PeiCoreEntryPoint == NULL) + { + CpuDeadLoop (); + } + + // + // Transfer the control to the PEI core + // + ASSERT (PeiCoreEntryPoint != NULL); + (*PeiCoreEntryPoint) (SecCoreData, (EFI_PEI_PPI_DESCRIPTOR *)&mPeiSecPlatformInformationPpi); + + // + // Should not come here. + // + return ; +} + +/** + This service of the TEMPORARY_RAM_SUPPORT_PPI that migrates temporary RAM into + permanent memory. + + @param PeiServices Pointer to the PEI Services Table. + @param TemporaryMemoryBase Source Address in temporary memory from which the SEC or PEIM will copy the + Temporary RAM contents. + @param PermanentMemoryBase Destination Address in permanent memory into which the SEC or PEIM will copy the + Temporary RAM contents. + @param CopySize Amount of memory to migrate from temporary to permanent memory. + + @retval EFI_SUCCESS The data was successfully returned. + @retval EFI_INVALID_PARAMETER PermanentMemoryBase + CopySize > TemporaryMemoryBase when + TemporaryMemoryBase > PermanentMemoryBase. + +**/ +EFI_STATUS +EFIAPI +SecTemporaryRamSupport ( + IN CONST EFI_PEI_SERVICES **PeiServices, + IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase, + IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase, + IN UINTN CopySize + ) +{ + IA32_DESCRIPTOR IdtDescriptor; + VOID* OldHeap; + VOID* NewHeap; + VOID* OldStack; + VOID* NewStack; + DEBUG_AGENT_CONTEXT_POSTMEM_SEC DebugAgentContext; + BOOLEAN OldStatus; + UINTN PeiStackSize; + + PeiStackSize = (CopySize >> 1); + + ASSERT (PeiStackSize < CopySize); + + // + // |-------------------|----> + // | Stack | PeiStackSize + // |-------------------|----> + // | Heap | PeiTemporaryRamSize + // |-------------------|----> TempRamBase + // + // |-------------------|----> + // | Heap | PeiTemporaryRamSize + // |-------------------|----> + // | Stack | PeiStackSize + // |-------------------|----> PermanentMemoryBase + // + + OldHeap = (VOID*)(UINTN)TemporaryMemoryBase; + NewHeap = (VOID*)((UINTN)PermanentMemoryBase + PeiStackSize); + + OldStack = (VOID*)((UINTN)TemporaryMemoryBase + CopySize - PeiStackSize); + NewStack = (VOID*)(UINTN)PermanentMemoryBase; + + DebugAgentContext.HeapMigrateOffset = (UINTN)NewHeap - (UINTN)OldHeap; + DebugAgentContext.StackMigrateOffset = (UINTN)NewStack - (UINTN)OldStack; + + OldStatus = SaveAndSetDebugTimerInterrupt (FALSE); + // + // Initialize Debug Agent to support source level debug in PEI phase after memory ready. + // It will build HOB and fix up the pointer in IDT table. + // + InitializeDebugAgent (DEBUG_AGENT_INIT_POSTMEM_SEC, (VOID *) &DebugAgentContext, NULL); + + // + // Migrate Heap + // + CopyMem (NewHeap, OldHeap, CopySize - PeiStackSize); + + // + // Migrate Stack + // + CopyMem (NewStack, OldStack, PeiStackSize); + + + // + // We need *not* fix the return address because currently, + // The PeiCore is executed in flash. + // + + // + // Rebase IDT table in permanent memory + // + AsmReadIdtr (&IdtDescriptor); + IdtDescriptor.Base = IdtDescriptor.Base - (UINTN)OldStack + (UINTN)NewStack; + + AsmWriteIdtr (&IdtDescriptor); + + + // + // Program MTRR + // + + // + // SecSwitchStack function must be invoked after the memory migration + // immediately, also we need fixup the stack change caused by new call into + // permanent memory. + // + SecSwitchStack ( + (UINT32) (UINTN) OldStack, + (UINT32) (UINTN) NewStack + ); + + SaveAndSetDebugTimerInterrupt (OldStatus); + + return EFI_SUCCESS; +} + diff --git a/DasharoPayloadPkg/SecCore/SecMain.h b/DasharoPayloadPkg/SecCore/SecMain.h new file mode 100644 index 0000000000..ca0a95d03e --- /dev/null +++ b/DasharoPayloadPkg/SecCore/SecMain.h @@ -0,0 +1,131 @@ +/** @file + Master header file for SecCore. + +Copyright (c) 2013, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _SEC_CORE_H_ +#define _SEC_CORE_H_ + + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + + +#define SEC_IDT_ENTRY_COUNT 34 + +typedef struct _SEC_IDT_TABLE { + // + // Reserved 8 bytes preceding IDT to store EFI_PEI_SERVICES**, since IDT base + // address should be 8-byte alignment. + // Note: For IA32, only the 4 bytes immediately preceding IDT is used to store + // EFI_PEI_SERVICES** + // + UINT64 PeiService; + UINT64 IdtTable[SEC_IDT_ENTRY_COUNT]; +} SEC_IDT_TABLE; + +/** + Switch the stack in the temporary memory to the one in the permanent memory. + + This function must be invoked after the memory migration immediately. The relative + position of the stack in the temporary and permanent memory is same. + + @param TemporaryMemoryBase Base address of the temporary memory. + @param PermenentMemoryBase Base address of the permanent memory. +**/ +VOID +EFIAPI +SecSwitchStack ( + UINT32 TemporaryMemoryBase, + UINT32 PermenentMemoryBase + ); + +/** + This service of the TEMPORARY_RAM_SUPPORT_PPI that migrates temporary RAM into + permanent memory. + + @param PeiServices Pointer to the PEI Services Table. + @param TemporaryMemoryBase Source Address in temporary memory from which the SEC or PEIM will copy the + Temporary RAM contents. + @param PermanentMemoryBase Destination Address in permanent memory into which the SEC or PEIM will copy the + Temporary RAM contents. + @param CopySize Amount of memory to migrate from temporary to permanent memory. + + @retval EFI_SUCCESS The data was successfully returned. + @retval EFI_INVALID_PARAMETER PermanentMemoryBase + CopySize > TemporaryMemoryBase when + TemporaryMemoryBase > PermanentMemoryBase. + +**/ +EFI_STATUS +EFIAPI +SecTemporaryRamSupport ( + IN CONST EFI_PEI_SERVICES **PeiServices, + IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase, + IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase, + IN UINTN CopySize + ); + +/** + Entry point to the C language phase of SEC. After the SEC assembly + code has initialized some temporary memory and set up the stack, + the control is transferred to this function. + + @param SizeOfRam Size of the temporary memory available for use. + @param TempRamBase Base address of temporary ram + @param BootFirmwareVolume Base address of the Boot Firmware Volume. + @param BootloaderParameter A parameter from bootloader, e.g. HobList from SlimBootloader + +**/ +VOID +EFIAPI +SecStartup ( + IN UINT32 SizeOfRam, + IN UINT32 TempRamBase, + IN VOID *BootFirmwareVolume, + IN UINT32 BootloaderParameter + ); + +/** + Find and return Pei Core entry point. + + It also find SEC and PEI Core file debug information. It will report them if + remote debug is enabled. + + @param BootFirmwareVolumePtr Point to the boot firmware volume. + @param PeiCoreEntryPoint Point to the PEI core entry point. + +**/ +VOID +EFIAPI +FindAndReportEntryPoints ( + IN EFI_FIRMWARE_VOLUME_HEADER *BootFirmwareVolumePtr, + OUT EFI_PEI_CORE_ENTRY_POINT *PeiCoreEntryPoint + ); + +/** + Autogenerated function that calls the library constructors for all of the module's + dependent libraries. This function must be called by the SEC Core once a stack has + been established. + +**/ +VOID +EFIAPI +ProcessLibraryConstructorList ( + VOID + ); + +#endif diff --git a/DasharoPayloadPkg/UefiPayloadPkg.dec b/DasharoPayloadPkg/UefiPayloadPkg.dec new file mode 100644 index 0000000000..1559735db2 --- /dev/null +++ b/DasharoPayloadPkg/UefiPayloadPkg.dec @@ -0,0 +1,71 @@ +## @file +# UEFI Payload Package +# +# Provides drivers and definitions to create uefi payload for bootloaders. +# +# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + DEC_SPECIFICATION = 0x00010005 + PACKAGE_NAME = UefiPayloadPkg + PACKAGE_GUID = E0FC9D50-415E-4946-B686-9A130D5859E7 + PACKAGE_VERSION = 0.1 + +[Includes] + Include + + +[Guids] + # + ## Defines the token space for the UEFI Payload Package PCDs. + # + gUefiPayloadPkgTokenSpaceGuid = {0x1d127ea, 0xf6f1, 0x4ef6, {0x94, 0x15, 0x8a, 0x0, 0x0, 0x93, 0xf8, 0x9d}} + + # + # Gop Temp + # + gBmpImageGuid = { 0x878AC2CC, 0x5343, 0x46F2, { 0xB5, 0x63, 0x51, 0xF8, 0x9D, 0xAF, 0x56, 0xBA } } + + gUefiSystemTableInfoGuid = {0x16c8a6d0, 0xfe8a, 0x4082, {0xa2, 0x8, 0xcf, 0x89, 0xc4, 0x29, 0x4, 0x33}} + gUefiAcpiBoardInfoGuid = {0xad3d31b, 0xb3d8, 0x4506, {0xae, 0x71, 0x2e, 0xf1, 0x10, 0x6, 0xd9, 0xf}} + gUefiSerialPortInfoGuid = { 0x6c6872fe, 0x56a9, 0x4403, { 0xbb, 0x98, 0x95, 0x8d, 0x62, 0xde, 0x87, 0xf1 } } + gLoaderMemoryMapInfoGuid = { 0xa1ff7424, 0x7a1a, 0x478e, { 0xa9, 0xe4, 0x92, 0xf3, 0x57, 0xd1, 0x28, 0x32 } } + +[Ppis] + gEfiPayLoadHobBasePpiGuid = { 0xdbe23aa1, 0xa342, 0x4b97, {0x85, 0xb6, 0xb2, 0x26, 0xf1, 0x61, 0x73, 0x89} } + +[Protocols] + # + # Gop Temp + # + gPlatformGOPPolicyGuid = { 0xec2e931b, 0x3281, 0x48a5, { 0x81, 0x07, 0xdf, 0x8a, 0x8b, 0xed, 0x3c, 0x5d } } + +################################################################################ +# +# PCD Declarations section - list of all PCDs Declared by this Package +# Only this package should be providing the +# declaration, other packages should not. +# +################################################################################ +[PcdsFixedAtBuild, PcdsPatchableInModule] +## Indicates the base address of the payload binary in memory +gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase|0|UINT32|0x10000001 +## Provides the size of the payload binary in memory +gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize|0|UINT32|0x10000002 +## Payload stack top +gUefiPayloadPkgTokenSpaceGuid.PcdPayloadStackTop|0x90000|UINT32|0x10000004 + +## FFS filename to find the shell application. +gUefiPayloadPkgTokenSpaceGuid.PcdShellFile|{ 0x83, 0xA5, 0x04, 0x7C, 0x3E, 0x9E, 0x1c, 0x4f, 0xAD, 0x65, 0xE0, 0x52, 0x68, 0xD0, 0xB4, 0xD1 }|VOID*|0x10000005 + +## Used to help reduce fragmentation in the EFI memory map +gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0x08|UINT32|0x10000012 +gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0x04|UINT32|0x10000013 +gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0x04|UINT32|0x00000014 +gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0xC0|UINT32|0x00000015 +gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x80|UINT32|0x00000016 + + diff --git a/DasharoPayloadPkg/UefiPayloadPkg.fdf b/DasharoPayloadPkg/UefiPayloadPkg.fdf new file mode 100644 index 0000000000..dfbcde5668 --- /dev/null +++ b/DasharoPayloadPkg/UefiPayloadPkg.fdf @@ -0,0 +1,291 @@ +## @file +# Bootloader Payload Package +# +# Provides drivers and definitions to create uefi payload for bootloaders. +# +# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +################################################################################ +[FD.UefiPayload] +BaseAddress = 0x800000|gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase +Size = 0x410000|gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize +ErasePolarity = 1 +BlockSize = 0x1000 +NumBlocks = 0x410 + +0x00000000|0x030000 +FV = PEIFV + +0x00030000|0x3E0000 +FV = DXEFV + +################################################################################ +[FV.PEIFV] +BlockSize = 0x1000 +FvAlignment = 16 +ERASE_POLARITY = 1 +MEMORY_MAPPED = TRUE +STICKY_WRITE = TRUE +LOCK_CAP = TRUE +LOCK_STATUS = TRUE +WRITE_DISABLED_CAP = TRUE +WRITE_ENABLED_CAP = TRUE +WRITE_STATUS = TRUE +WRITE_LOCK_CAP = TRUE +WRITE_LOCK_STATUS = TRUE +READ_DISABLED_CAP = TRUE +READ_ENABLED_CAP = TRUE +READ_STATUS = TRUE +READ_LOCK_CAP = TRUE +READ_LOCK_STATUS = TRUE + +INF UefiPayloadPkg/SecCore/SecCore.inf + +INF MdeModulePkg/Core/Pei/PeiMain.inf +INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf +INF MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei.inf +INF MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf +INF UefiPayloadPkg/BlSupportPei/BlSupportPei.inf +INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf + +################################################################################ + +[FV.DXEFV] +BlockSize = 0x1000 +FvForceRebase = FALSE +FvAlignment = 16 +ERASE_POLARITY = 1 +MEMORY_MAPPED = TRUE +STICKY_WRITE = TRUE +LOCK_CAP = TRUE +LOCK_STATUS = TRUE +WRITE_DISABLED_CAP = TRUE +WRITE_ENABLED_CAP = TRUE +WRITE_STATUS = TRUE +WRITE_LOCK_CAP = TRUE +WRITE_LOCK_STATUS = TRUE +READ_DISABLED_CAP = TRUE +READ_ENABLED_CAP = TRUE +READ_STATUS = TRUE +READ_LOCK_CAP = TRUE +READ_LOCK_STATUS = TRUE + +APRIORI DXE { + INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf + INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf + INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf +} + +# +# DXE Phase modules +# +INF MdeModulePkg/Core/Dxe/DxeMain.inf +INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf +INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf +INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf + +INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf +INF UefiCpuPkg/CpuDxe/CpuDxe.inf +INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf +INF MdeModulePkg/Application/UiApp/UiApp.inf +INF PcAtChipsetPkg/HpetTimerDxe/HpetTimerDxe.inf +INF MdeModulePkg/Universal/Metronome/Metronome.inf +INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf +INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf +INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf +INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf +INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf +INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf + +INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf +INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf +INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf +INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf +INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf +INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +INF UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf + +INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf +# +# PCI Support +# +INF MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf +INF MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf + +# +# ISA Support +# +INF MdeModulePkg/Universal/SerialDxe/SerialDxe.inf +!if $(PS2_KEYBOARD_ENABLE) == TRUE +INF OvmfPkg/SioBusDxe/SioBusDxe.inf +INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf +!endif + +# +# Console Support +# +INF MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf +INF MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf +INF MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf +INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf +INF UefiPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf + +# +# SCSI/ATA/IDE/DISK Support +# +INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf +INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf +INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf +INF MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf +INF MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +INF MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf +INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf +INF MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf + +INF FatPkg/EnhancedFatDxe/Fat.inf + +# +# SD/eMMC Support +# +INF MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf +INF MdeModulePkg/Bus/Sd/EmmcDxe/EmmcDxe.inf +INF MdeModulePkg/Bus/Sd/SdDxe/SdDxe.inf + +# +# Usb Support +# +INF MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf +INF MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf +INF MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf +INF MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf +INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf +INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf + + +# +# Shell +# +!if $(SHELL_TYPE) == BUILD_SHELL +INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf +INF ShellPkg/DynamicCommand/DpDynamicCommand/DpDynamicCommand.inf +INF ShellPkg/Application/Shell/Shell.inf +!endif + +!if $(SHELL_TYPE) == MIN_BIN +!if $(ARCH) == IA32 +INF RuleOverride = BINARY USE = IA32 ShellBinPkg/MinUefiShell/MinUefiShell.inf +!else +INF RuleOverride = BINARY USE = X64 ShellBinPkg/MinUefiShell/MinUefiShell.inf +!endif +!endif + +!if $(SHELL_TYPE) == UEFI_BIN +!if $(ARCH) == IA32 +INF RuleOverride = BINARY USE = IA32 ShellBinPkg/UefiShell/UefiShell.inf +!else +INF RuleOverride = BINARY USE = X64 ShellBinPkg/UefiShell/UefiShell.inf +!endif +!endif + + +################################################################################ +# +# Rules are use with the [FV] section's module INF type to define +# how an FFS file is created for a given INF file. The following Rule are the default +# rules for the different module type. User can add the customized rules to define the +# content of the FFS file. +# +################################################################################ + +[Rule.Common.SEC] + FILE SEC = $(NAMED_GUID) { + PE32 PE32 Align=32 $(INF_OUTPUT)/$(MODULE_NAME).efi + } + +[Rule.Common.PEI_CORE] + FILE PEI_CORE = $(NAMED_GUID) { + PE32 PE32 Align=Auto $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING ="$(MODULE_NAME)" Optional + VERSION STRING ="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) + } + +[Rule.Common.PEIM] + FILE PEIM = $(NAMED_GUID) { + PEI_DEPEX PEI_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 Align=Auto $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING="$(MODULE_NAME)" Optional + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) + } + +[Rule.Common.DXE_CORE] + FILE DXE_CORE = $(NAMED_GUID) { + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING="$(MODULE_NAME)" Optional + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) + } + +[Rule.Common.DXE_DRIVER] + FILE DRIVER = $(NAMED_GUID) { + DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING="$(MODULE_NAME)" Optional + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) + } + +[Rule.Common.DXE_RUNTIME_DRIVER] + FILE DRIVER = $(NAMED_GUID) { + DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING="$(MODULE_NAME)" Optional + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) + } + +[Rule.Common.UEFI_DRIVER] + FILE DRIVER = $(NAMED_GUID) { + DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING="$(MODULE_NAME)" Optional + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) + } + +[Rule.Common.UEFI_DRIVER.BINARY] + FILE DRIVER = $(NAMED_GUID) { + DXE_DEPEX DXE_DEPEX Optional |.depex + PE32 PE32 |.efi + UI STRING="$(MODULE_NAME)" Optional + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) + } + +[Rule.Common.UEFI_APPLICATION] + FILE APPLICATION = $(NAMED_GUID) { + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING="$(MODULE_NAME)" Optional + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) + } + +[Rule.Common.UEFI_APPLICATION.BINARY] + FILE APPLICATION = $(NAMED_GUID) { + PE32 PE32 |.efi + UI STRING="$(MODULE_NAME)" Optional + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) + } + +[Rule.Common.USER_DEFINED.ACPITABLE] + FILE FREEFORM = $(NAMED_GUID) { + RAW ACPI |.acpi + RAW ASL |.aml + } + +[Rule.Common.USER_DEFINED.CSM] + FILE FREEFORM = $(NAMED_GUID) { + RAW BIN |.bin + } + +[Rule.Common.SEC.RESET_VECTOR] + FILE RAW = $(NAMED_GUID) { + RAW RAW |.raw + } diff --git a/DasharoPayloadPkg/UefiPayloadPkgIa32X64.dsc b/DasharoPayloadPkg/UefiPayloadPkgIa32X64.dsc new file mode 100644 index 0000000000..0736cd9954 --- /dev/null +++ b/DasharoPayloadPkg/UefiPayloadPkgIa32X64.dsc @@ -0,0 +1,578 @@ +## @file +# Bootloader Payload Package +# +# Provides drivers and definitions to create uefi payload for bootloaders. +# +# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +################################################################################ +# +# Defines Section - statements that will be processed to create a Makefile. +# +################################################################################ +[Defines] + PLATFORM_NAME = UefiPayloadPkg + PLATFORM_GUID = F71608AB-D63D-4491-B744-A99998C8CD96 + PLATFORM_VERSION = 0.1 + DSC_SPECIFICATION = 0x00010005 + SUPPORTED_ARCHITECTURES = IA32|X64 + BUILD_TARGETS = DEBUG|RELEASE|NOOPT + SKUID_IDENTIFIER = DEFAULT + OUTPUT_DIRECTORY = Build/UefiPayloadPkgX64 + FLASH_DEFINITION = UefiPayloadPkg/UefiPayloadPkg.fdf + + DEFINE SOURCE_DEBUG_ENABLE = FALSE + DEFINE PS2_KEYBOARD_ENABLE = FALSE + + # + # SBL: UEFI payload for Slim Bootloader + # COREBOOT: UEFI payload for coreboot + # + DEFINE BOOTLOADER = SBL + + # + # CPU options + # + DEFINE MAX_LOGICAL_PROCESSORS = 64 + + # + # PCI options + # + DEFINE PCIE_BASE = 0xE0000000 + + # + # Serial port set up + # + DEFINE BAUD_RATE = 115200 + DEFINE SERIAL_CLOCK_RATE = 1843200 + DEFINE SERIAL_LINE_CONTROL = 3 # 8-bits, no parity + DEFINE SERIAL_HARDWARE_FLOW_CONTROL = FALSE + DEFINE SERIAL_DETECT_CABLE = FALSE + DEFINE SERIAL_FIFO_CONTROL = 7 # Enable FIFO + DEFINE SERIAL_EXTENDED_TX_FIFO_SIZE = 16 + DEFINE UART_DEFAULT_BAUD_RATE = $(BAUD_RATE) + DEFINE UART_DEFAULT_DATA_BITS = 8 + DEFINE UART_DEFAULT_PARITY = 1 + DEFINE UART_DEFAULT_STOP_BITS = 1 + DEFINE DEFAULT_TERMINAL_TYPE = 0 + + # + # typedef struct { + # UINT16 VendorId; ///< Vendor ID to match the PCI device. The value 0xFFFF terminates the list of entries. + # UINT16 DeviceId; ///< Device ID to match the PCI device + # UINT32 ClockRate; ///< UART clock rate. Set to 0 for default clock rate of 1843200 Hz + # UINT64 Offset; ///< The byte offset into to the BAR + # UINT8 BarIndex; ///< Which BAR to get the UART base address + # UINT8 RegisterStride; ///< UART register stride in bytes. Set to 0 for default register stride of 1 byte. + # UINT16 ReceiveFifoDepth; ///< UART receive FIFO depth in bytes. Set to 0 for a default FIFO depth of 16 bytes. + # UINT16 TransmitFifoDepth; ///< UART transmit FIFO depth in bytes. Set to 0 for a default FIFO depth of 16 bytes. + # UINT8 Reserved[2]; + # } PCI_SERIAL_PARAMETER; + # + # Vendor FFFF Device 0000 Prog Interface 1, BAR #0, Offset 0, Stride = 1, Clock 1843200 (0x1c2000) + # + # [Vendor] [Device] [----ClockRate---] [------------Offset-----------] [Bar] [Stride] [RxFifo] [TxFifo] [Rsvd] [Vendor] + DEFINE PCI_SERIAL_PARAMETERS = {0xff,0xff, 0x00,0x00, 0x0,0x20,0x1c,0x00, 0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0, 0x00, 0x01, 0x0,0x0, 0x0,0x0, 0x0,0x0, 0xff,0xff} + + # + # Shell options: [BUILD_SHELL, MIN_BIN, NONE, UEFI_BIN] + # + DEFINE SHELL_TYPE = BUILD_SHELL + +[BuildOptions] + *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES + GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG + GCC:RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG + INTEL:RELEASE_*_*_CC_FLAGS = /D MDEPKG_NDEBUG + MSFT:RELEASE_*_*_CC_FLAGS = /D MDEPKG_NDEBUG + + +################################################################################ +# +# SKU Identification section - list of all SKU IDs supported by this Platform. +# +################################################################################ +[SkuIds] + 0|DEFAULT + +################################################################################ +# +# Library Class section - list of all Library Classes needed by this Platform. +# +################################################################################ +[LibraryClasses] + # + # Entry point + # + PeiCoreEntryPoint|MdePkg/Library/PeiCoreEntryPoint/PeiCoreEntryPoint.inf + PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf + DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf + UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf + UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf + + # + # Basic + # + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf + BaseMemoryLib|MdePkg/Library/BaseMemoryLibRepStr/BaseMemoryLibRepStr.inf + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf + CpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf +!if $(PCIE_BASE) == 0 + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + PciCf8Lib|MdePkg/Library/BasePciCf8Lib/BasePciCf8Lib.inf +!else + PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf + PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf +!endif + PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf + CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMaintenanceLib.inf + + # + # UEFI & PI + # + UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf + UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf + UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf + UefiLib|MdePkg/Library/UefiLib/UefiLib.inf + UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf + HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + UefiDecompressLib|MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.inf + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf + PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf + DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf + DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf + UefiCpuLib|UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf + SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf + + # + # Generic Modules + # + UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf + UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf + OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf + SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf + UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf + CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf + FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf + + # + # CPU + # + MtrrLib|UefiCpuPkg/Library/MtrrLib/MtrrLib.inf + LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf + + # + # Platform + # + TimerLib|UefiPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf + ResetSystemLib|UefiPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf + SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf + PlatformHookLib|UefiPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf + PlatformBootManagerLib|UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf + IoApicLib|PcAtChipsetPkg/Library/BaseIoApicLib/BaseIoApicLib.inf + + # + # Misc + # + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf + PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf +!if $(SOURCE_DEBUG_ENABLE) == TRUE + PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDebug/PeCoffExtraActionLibDebug.inf + DebugCommunicationLib|SourceLevelDebugPkg/Library/DebugCommunicationLibSerialPort/DebugCommunicationLibSerialPort.inf +!else + PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf + DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf +!endif + PlatformSupportLib|UefiPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.inf +!if $(BOOTLOADER) == "COREBOOT" + BlParseLib|UefiPayloadPkg/Library/CbParseLib/CbParseLib.inf +!else + BlParseLib|UefiPayloadPkg/Library/SblParseLib/SblParseLib.inf +!endif + + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf + LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + +[LibraryClasses.IA32.SEC] + DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf + DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf + ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf + +[LibraryClasses.IA32.PEI_CORE, LibraryClasses.IA32.PEIM] + PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf + HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf + ExtractGuidedSectionLib|MdePkg/Library/PeiExtractGuidedSectionLib/PeiExtractGuidedSectionLib.inf +!if $(SOURCE_DEBUG_ENABLE) + DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SecPeiDebugAgentLib.inf +!endif + +[LibraryClasses.common.DXE_CORE] + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf + MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLib/DxeCoreMemoryAllocationLib.inf + ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf +!if $(SOURCE_DEBUG_ENABLE) + DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf +!endif + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf + +[LibraryClasses.common.DXE_DRIVER] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf + ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf +!if $(SOURCE_DEBUG_ENABLE) + DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf +!endif + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf + MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf + +[LibraryClasses.common.DXE_RUNTIME_DRIVER] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf + +[LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + +################################################################################ +# +# Pcd Section - list of all EDK II PCD Entries defined by this Platform. +# +################################################################################ +[PcdsFeatureFlag] +!if $(TARGET) == DEBUG + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|TRUE +!else + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|FALSE +!endif + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE + +[PcdsFixedAtBuild] + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x10000 + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize|0x8000 + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x10000 + # + # Make VariableRuntimeDxe work at emulated non-volatile variable mode. + # + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable|TRUE + + gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0 + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } + + gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|$(PCIE_BASE) + +!if $(SOURCE_DEBUG_ENABLE) + gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 +!endif + +[PcdsPatchableInModule.common] + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F +!if $(SOURCE_DEBUG_ENABLE) + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 +!else + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F +!endif + + # + # The following parameters are set by Library/PlatformHookLib + # + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialUseMmio|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x3f8 + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialBaudRate|$(BAUD_RATE) + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterStride|1 + + # + # Enable these parameters to be set on the command line + # + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialClockRate|$(SERIAL_CLOCK_RATE) + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialLineControl|$(SERIAL_LINE_CONTROL) + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialUseHardwareFlowControl|$(SERIAL_HARDWARE_FLOW_CONTROL) + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialDetectCable|$(SERIAL_DETECT_CABLE) + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialFifoControl|$(SERIAL_FIFO_CONTROL) + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialExtendedTxFifoSize|$(SERIAL_EXTENDED_TX_FIFO_SIZE) + + gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration|TRUE + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate|$(UART_DEFAULT_BAUD_RATE) + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits|$(UART_DEFAULT_DATA_BITS) + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity|$(UART_DEFAULT_PARITY) + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultStopBits|$(UART_DEFAULT_STOP_BITS) + gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType|$(DEFAULT_TERMINAL_TYPE) + gEfiMdeModulePkgTokenSpaceGuid.PcdPciSerialParameters|$(PCI_SERIAL_PARAMETERS) + + gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|$(MAX_LOGICAL_PROCESSORS) + + +################################################################################ +# +# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform +# +################################################################################ + +[PcdsDynamicDefault] + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 + gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|3 + + ## This PCD defines the video horizontal resolution. + # This PCD could be set to 0 then video resolution could be at highest resolution. + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|0 + ## This PCD defines the video vertical resolution. + # This PCD could be set to 0 then video resolution could be at highest resolution. + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|0 + + ## The PCD is used to specify the video horizontal resolution of text setup. + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution|0 + ## The PCD is used to specify the video vertical resolution of text setup. + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution|0 + + gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow|31 + gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn|100 + +################################################################################ +# +# Components Section - list of all EDK II Modules needed by this Platform. +# +################################################################################ +[Components.IA32] + # + # SEC Core + # + UefiPayloadPkg/SecCore/SecCore.inf + + # + # PEI Core + # + MdeModulePkg/Core/Pei/PeiMain.inf + + # + # PEIM + # + MdeModulePkg/Universal/PCD/Pei/Pcd.inf { + + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + } + MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei.inf + MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf + + UefiPayloadPkg/BlSupportPei/BlSupportPei.inf + MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf + +[Components.X64] + # + # DXE Core + # + MdeModulePkg/Core/Dxe/DxeMain.inf { + + NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf + } + + # + # Components that produce the architectural protocols + # + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf + UefiCpuPkg/CpuDxe/CpuDxe.inf + MdeModulePkg/Universal/BdsDxe/BdsDxe.inf + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf + NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf + NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerUiLib.inf + } + + PcAtChipsetPkg/HpetTimerDxe/HpetTimerDxe.inf + MdeModulePkg/Universal/Metronome/Metronome.inf + MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf + MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf + MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf + MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf + MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf + PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf + + # + # Following are the DXE drivers + # + MdeModulePkg/Universal/PCD/Dxe/Pcd.inf { + + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + } + + MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf + MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf + UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf + MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf + + UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf + + # + # SMBIOS Support + # + MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf + + # + # ACPI Support + # + MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf + + # + # PCI Support + # + MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf + MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf { + + PciHostBridgeLib|UefiPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf + } + + # + # SCSI/ATA/IDE/DISK Support + # + MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf + MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf + MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf + FatPkg/EnhancedFatDxe/Fat.inf + MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf + MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf + + # + # SD/eMMC Support + # + MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf + MdeModulePkg/Bus/Sd/EmmcDxe/EmmcDxe.inf + MdeModulePkg/Bus/Sd/SdDxe/SdDxe.inf + + # + # Usb Support + # + MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf + MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf + MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf + MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf + MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf + MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf + + # + # ISA Support + # + MdeModulePkg/Universal/SerialDxe/SerialDxe.inf +!if $(PS2_KEYBOARD_ENABLE) == TRUE + OvmfPkg/SioBusDxe/SioBusDxe.inf + MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf +!endif + + # + # Console Support + # + MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf + MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf + MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf + MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf + UefiPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf + + #------------------------------ + # Build the shell + #------------------------------ + +!if $(SHELL_TYPE) == BUILD_SHELL + + # + # Shell Lib + # +[LibraryClasses] + BcfgCommandLib|ShellPkg/Library/UefiShellBcfgCommandLib/UefiShellBcfgCommandLib.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf + ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf + !include NetworkPkg/NetworkLibs.dsc.inc + +[Components.X64] + ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf { + + ## This flag is used to control initialization of the shell library + # This should be FALSE for compiling the dynamic command. + gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE + } + ShellPkg/DynamicCommand/DpDynamicCommand/DpDynamicCommand.inf { + + ## This flag is used to control initialization of the shell library + # This should be FALSE for compiling the dynamic command. + gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE + } + ShellPkg/Application/Shell/Shell.inf { + + ## This flag is used to control initialization of the shell library + # This should be FALSE for compiling the shell application itself only. + gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE + + #------------------------------ + # Basic commands + #------------------------------ + + + NULL|ShellPkg/Library/UefiShellLevel1CommandsLib/UefiShellLevel1CommandsLib.inf + NULL|ShellPkg/Library/UefiShellLevel2CommandsLib/UefiShellLevel2CommandsLib.inf + NULL|ShellPkg/Library/UefiShellLevel3CommandsLib/UefiShellLevel3CommandsLib.inf + NULL|ShellPkg/Library/UefiShellDriver1CommandsLib/UefiShellDriver1CommandsLib.inf + NULL|ShellPkg/Library/UefiShellInstall1CommandsLib/UefiShellInstall1CommandsLib.inf + NULL|ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsLib.inf + + #------------------------------ + # Networking commands + #------------------------------ + + + NULL|ShellPkg/Library/UefiShellNetwork1CommandsLib/UefiShellNetwork1CommandsLib.inf + + #------------------------------ + # Support libraries + #------------------------------ + + + DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + HandleParsingLib|ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf + ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf + SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf + } + +!endif From c002522f1a6642eb68776350cb7001d7f662c96e Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Thu, 11 Apr 2024 16:15:44 +0300 Subject: [PATCH 002/357] DasharoPayloadPkg: Update after copying * Replace "UefiPayloadPkg" with "DasharoPayloadPkg" in files. * Drop UefiPayloadPkgIa32.dsc which won't be used. * Rename UefiPayloadPkgIa32X64.dsc to DasharoPayloadPkg.dsc as was done in UefiPayloadPkg at some point. * Replace "UefiPayloadPkg" with "DasharoPayloadPkg" in the rest of file names. * Update 2 GUIDs to be different from those in UefiPayloadPkg. Signed-off-by: Sergii Dmytruk --- .../BlSupportDxe/BlSupportDxe.inf | 2 +- .../BlSupportPei/BlSupportPei.inf | 16 +++++----- .../BuildAndIntegrationInstructions.txt | 10 +++--- ...fiPayloadPkg.dec => DasharoPayloadPkg.dec} | 24 +++++++------- ...adPkgIa32X64.dsc => DasharoPayloadPkg.dsc} | 32 +++++++++---------- ...fiPayloadPkg.fdf => DasharoPayloadPkg.fdf} | 12 +++---- .../Library/AcpiTimerLib/AcpiTimerLib.inf | 2 +- .../Library/CbParseLib/CbParseLib.inf | 4 +-- .../PlatformBootManagerLib.inf | 4 +-- .../PlatformHookLib/PlatformHookLib.inf | 2 +- .../PlatformSupportLibNull.inf | 2 +- .../Library/ResetSystemLib/ResetSystemLib.inf | 2 +- .../Library/SblParseLib/SblParseLib.inf | 4 +-- DasharoPayloadPkg/SecCore/SecCore.inf | 8 ++--- 14 files changed, 61 insertions(+), 63 deletions(-) rename DasharoPayloadPkg/{UefiPayloadPkg.dec => DasharoPayloadPkg.dec} (65%) rename DasharoPayloadPkg/{UefiPayloadPkgIa32X64.dsc => DasharoPayloadPkg.dsc} (93%) rename DasharoPayloadPkg/{UefiPayloadPkg.fdf => DasharoPayloadPkg.fdf} (93%) diff --git a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf index 4c2b4670af..80b17fa58f 100644 --- a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf +++ b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf @@ -30,7 +30,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec - UefiPayloadPkg/UefiPayloadPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec [LibraryClasses] UefiDriverEntryPoint diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf index 711fe63fe6..e5d14d58a9 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf @@ -33,7 +33,7 @@ MdeModulePkg/MdeModulePkg.dec IntelFsp2Pkg/IntelFsp2Pkg.dec IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec - UefiPayloadPkg/UefiPayloadPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec UefiCpuPkg/UefiCpuPkg.dec [LibraryClasses] @@ -61,13 +61,13 @@ gEfiPeiMasterBootModePpiGuid [Pcd] - gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase - gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize - gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory - gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS - gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType - gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData - gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode + gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase + gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize + gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory + gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS + gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType + gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData + gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode [Depex] TRUE diff --git a/DasharoPayloadPkg/BuildAndIntegrationInstructions.txt b/DasharoPayloadPkg/BuildAndIntegrationInstructions.txt index 2cacd48904..b06c699d54 100644 --- a/DasharoPayloadPkg/BuildAndIntegrationInstructions.txt +++ b/DasharoPayloadPkg/BuildAndIntegrationInstructions.txt @@ -38,16 +38,16 @@ B. HOW TO BUILD edksetup.bat For debug ia32 build: - build -a IA32 -p UefiPayloadPkg\UefiPayloadPkgIa32.dsc -b DEBUG -t -D BOOTLOADER= + build -a IA32 -p DasharoPayloadPkg\DasharoPayloadPkgIa32.dsc -b DEBUG -t -D BOOTLOADER= For release ia32 build: - build -a IA32 -p UefiPayloadPkg\UefiPayloadPkgIa32.dsc -b RELEASE -t -D BOOTLOADER= + build -a IA32 -p DasharoPayloadPkg\DasharoPayloadPkgIa32.dsc -b RELEASE -t -D BOOTLOADER= For debug X64 build: - build -a IA32 -a X64 -p UefiPayloadPkg\UefiPayloadPkgIa32X64.dsc -b DEBUG -t -D BOOTLOADER= + build -a IA32 -a X64 -p DasharoPayloadPkg\DasharoPayloadPkgIa32X64.dsc -b DEBUG -t -D BOOTLOADER= For release X64 build: - build -a IA32 -a X64 -p UefiPayloadPkg\UefiPayloadPkgIa32X64.dsc -b RELEASE -t -D BOOTLOADER= + build -a IA32 -a X64 -p DasharoPayloadPkg\DasharoPayloadPkgIa32X64.dsc -b RELEASE -t -D BOOTLOADER= is the EDK II build environment on your host. Currently it was tested with VS2015x86 toolchain. @@ -57,7 +57,7 @@ B. HOW TO BUILD details about EDK II build steps. 2. If build is successfully, the payload image (UEFIPAYLOAD.fd) will be generated inside the - folder of Build\UefiPayloadPkg. + folder of Build\DasharoPayloadPkg. ================================================================================ C. HOW TO INTEGRATE INTO COREBOOT diff --git a/DasharoPayloadPkg/UefiPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec similarity index 65% rename from DasharoPayloadPkg/UefiPayloadPkg.dec rename to DasharoPayloadPkg/DasharoPayloadPkg.dec index 1559735db2..7aa7ac26f8 100644 --- a/DasharoPayloadPkg/UefiPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -10,7 +10,7 @@ [Defines] DEC_SPECIFICATION = 0x00010005 - PACKAGE_NAME = UefiPayloadPkg + PACKAGE_NAME = DasharoPayloadPkg PACKAGE_GUID = E0FC9D50-415E-4946-B686-9A130D5859E7 PACKAGE_VERSION = 0.1 @@ -22,7 +22,7 @@ # ## Defines the token space for the UEFI Payload Package PCDs. # - gUefiPayloadPkgTokenSpaceGuid = {0x1d127ea, 0xf6f1, 0x4ef6, {0x94, 0x15, 0x8a, 0x0, 0x0, 0x93, 0xf8, 0x9d}} + gDasharoPayloadPkgTokenSpaceGuid = {0x66d719f9, 0xfa16, 0x4729, {0xa9, 0xb5, 0x23, 0xad, 0xd4, 0xc6, 0x8e, 0x93}} # # Gop Temp @@ -52,20 +52,18 @@ ################################################################################ [PcdsFixedAtBuild, PcdsPatchableInModule] ## Indicates the base address of the payload binary in memory -gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase|0|UINT32|0x10000001 +gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase|0|UINT32|0x10000001 ## Provides the size of the payload binary in memory -gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize|0|UINT32|0x10000002 +gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize|0|UINT32|0x10000002 ## Payload stack top -gUefiPayloadPkgTokenSpaceGuid.PcdPayloadStackTop|0x90000|UINT32|0x10000004 +gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadStackTop|0x90000|UINT32|0x10000004 ## FFS filename to find the shell application. -gUefiPayloadPkgTokenSpaceGuid.PcdShellFile|{ 0x83, 0xA5, 0x04, 0x7C, 0x3E, 0x9E, 0x1c, 0x4f, 0xAD, 0x65, 0xE0, 0x52, 0x68, 0xD0, 0xB4, 0xD1 }|VOID*|0x10000005 +gDasharoPayloadPkgTokenSpaceGuid.PcdShellFile|{ 0x83, 0xA5, 0x04, 0x7C, 0x3E, 0x9E, 0x1c, 0x4f, 0xAD, 0x65, 0xE0, 0x52, 0x68, 0xD0, 0xB4, 0xD1 }|VOID*|0x10000005 ## Used to help reduce fragmentation in the EFI memory map -gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0x08|UINT32|0x10000012 -gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0x04|UINT32|0x10000013 -gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0x04|UINT32|0x00000014 -gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0xC0|UINT32|0x00000015 -gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x80|UINT32|0x00000016 - - +gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0x08|UINT32|0x10000012 +gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0x04|UINT32|0x10000013 +gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0x04|UINT32|0x00000014 +gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0xC0|UINT32|0x00000015 +gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x80|UINT32|0x00000016 diff --git a/DasharoPayloadPkg/UefiPayloadPkgIa32X64.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc similarity index 93% rename from DasharoPayloadPkg/UefiPayloadPkgIa32X64.dsc rename to DasharoPayloadPkg/DasharoPayloadPkg.dsc index 0736cd9954..4c10682195 100644 --- a/DasharoPayloadPkg/UefiPayloadPkgIa32X64.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -14,15 +14,15 @@ # ################################################################################ [Defines] - PLATFORM_NAME = UefiPayloadPkg - PLATFORM_GUID = F71608AB-D63D-4491-B744-A99998C8CD96 + PLATFORM_NAME = DasharoPayloadPkg + PLATFORM_GUID = 9EE9C760-A126-41E6-8D35-42FFF29C8DC8 PLATFORM_VERSION = 0.1 DSC_SPECIFICATION = 0x00010005 SUPPORTED_ARCHITECTURES = IA32|X64 BUILD_TARGETS = DEBUG|RELEASE|NOOPT SKUID_IDENTIFIER = DEFAULT - OUTPUT_DIRECTORY = Build/UefiPayloadPkgX64 - FLASH_DEFINITION = UefiPayloadPkg/UefiPayloadPkg.fdf + OUTPUT_DIRECTORY = Build/DasharoPayloadPkgX64 + FLASH_DEFINITION = DasharoPayloadPkg/DasharoPayloadPkg.fdf DEFINE SOURCE_DEBUG_ENABLE = FALSE DEFINE PS2_KEYBOARD_ENABLE = FALSE @@ -173,11 +173,11 @@ # # Platform # - TimerLib|UefiPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf - ResetSystemLib|UefiPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf + TimerLib|DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf + ResetSystemLib|DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf - PlatformHookLib|UefiPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf - PlatformBootManagerLib|UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf + PlatformHookLib|DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf + PlatformBootManagerLib|DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf IoApicLib|PcAtChipsetPkg/Library/BaseIoApicLib/BaseIoApicLib.inf # @@ -192,11 +192,11 @@ PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf !endif - PlatformSupportLib|UefiPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.inf + PlatformSupportLib|DasharoPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.inf !if $(BOOTLOADER) == "COREBOOT" - BlParseLib|UefiPayloadPkg/Library/CbParseLib/CbParseLib.inf + BlParseLib|DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf !else - BlParseLib|UefiPayloadPkg/Library/SblParseLib/SblParseLib.inf + BlParseLib|DasharoPayloadPkg/Library/SblParseLib/SblParseLib.inf !endif DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf @@ -369,7 +369,7 @@ # # SEC Core # - UefiPayloadPkg/SecCore/SecCore.inf + DasharoPayloadPkg/SecCore/SecCore.inf # # PEI Core @@ -386,7 +386,7 @@ MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei.inf MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf - UefiPayloadPkg/BlSupportPei/BlSupportPei.inf + DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf [Components.X64] @@ -438,7 +438,7 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf - UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf + DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf # # SMBIOS Support @@ -456,7 +456,7 @@ MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf { - PciHostBridgeLib|UefiPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf + PciHostBridgeLib|DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf } # @@ -505,7 +505,7 @@ MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf - UefiPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf + DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf #------------------------------ # Build the shell diff --git a/DasharoPayloadPkg/UefiPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf similarity index 93% rename from DasharoPayloadPkg/UefiPayloadPkg.fdf rename to DasharoPayloadPkg/DasharoPayloadPkg.fdf index dfbcde5668..839df98c1b 100644 --- a/DasharoPayloadPkg/UefiPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -10,8 +10,8 @@ ################################################################################ [FD.UefiPayload] -BaseAddress = 0x800000|gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase -Size = 0x410000|gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize +BaseAddress = 0x800000|gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase +Size = 0x410000|gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize ErasePolarity = 1 BlockSize = 0x1000 NumBlocks = 0x410 @@ -42,13 +42,13 @@ READ_STATUS = TRUE READ_LOCK_CAP = TRUE READ_LOCK_STATUS = TRUE -INF UefiPayloadPkg/SecCore/SecCore.inf +INF DasharoPayloadPkg/SecCore/SecCore.inf INF MdeModulePkg/Core/Pei/PeiMain.inf INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf INF MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei.inf INF MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf -INF UefiPayloadPkg/BlSupportPei/BlSupportPei.inf +INF DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf ################################################################################ @@ -107,7 +107,7 @@ INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf -INF UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf +INF DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf # @@ -132,7 +132,7 @@ INF MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf INF MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf INF MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf -INF UefiPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf +INF DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf # # SCSI/ATA/IDE/DISK Support diff --git a/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf b/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf index 3e177cadc0..758dbbeca0 100644 --- a/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf +++ b/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf @@ -28,7 +28,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec - UefiPayloadPkg/UefiPayloadPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec [LibraryClasses] BaseLib diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf index 52e3ad2054..a77d1672ee 100644 --- a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf @@ -26,7 +26,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec - UefiPayloadPkg/UefiPayloadPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec [LibraryClasses] BaseLib @@ -36,4 +36,4 @@ PcdLib [Pcd] - gUefiPayloadPkgTokenSpaceGuid.PcdPayloadStackTop + gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadStackTop diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 1f5a0bcad0..264f314d64 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -31,7 +31,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec - UefiPayloadPkg/UefiPayloadPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec [LibraryClasses] BaseLib @@ -64,7 +64,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn gEfiMdeModulePkgTokenSpaceGuid.PcdConInConnectOnDemand - gUefiPayloadPkgTokenSpaceGuid.PcdShellFile + gDasharoPayloadPkgTokenSpaceGuid.PcdShellFile gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity diff --git a/DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf b/DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf index 2415d99c64..0025130714 100644 --- a/DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf +++ b/DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf @@ -27,7 +27,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec - UefiPayloadPkg/UefiPayloadPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdSerialUseMmio ## PRODUCES diff --git a/DasharoPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.inf b/DasharoPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.inf index 1f4a5a35f4..1fe2429829 100644 --- a/DasharoPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.inf +++ b/DasharoPayloadPkg/Library/PlatformSupportLibNull/PlatformSupportLibNull.inf @@ -25,4 +25,4 @@ [Packages] MdePkg/MdePkg.dec - UefiPayloadPkg/UefiPayloadPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec diff --git a/DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf b/DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf index e7341c341a..cc4b0bc81d 100644 --- a/DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf +++ b/DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf @@ -27,7 +27,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec - UefiPayloadPkg/UefiPayloadPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec [LibraryClasses] DebugLib diff --git a/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.inf b/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.inf index 9ce2864f9f..f68a4371bc 100644 --- a/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.inf +++ b/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.inf @@ -26,7 +26,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec - UefiPayloadPkg/UefiPayloadPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec [LibraryClasses] BaseLib @@ -43,4 +43,4 @@ gEfiGraphicsDeviceInfoHobGuid [Pcd] - gUefiPayloadPkgTokenSpaceGuid.PcdPayloadStackTop + gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadStackTop diff --git a/DasharoPayloadPkg/SecCore/SecCore.inf b/DasharoPayloadPkg/SecCore/SecCore.inf index 82ca7f567f..ebf0b1ddeb 100644 --- a/DasharoPayloadPkg/SecCore/SecCore.inf +++ b/DasharoPayloadPkg/SecCore/SecCore.inf @@ -35,7 +35,7 @@ MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec UefiCpuPkg/UefiCpuPkg.dec - UefiPayloadPkg/UefiPayloadPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec [LibraryClasses] BaseMemoryLib @@ -53,6 +53,6 @@ gEfiPayLoadHobBasePpiGuid # PPI ALWAYS_PRODUCED [Pcd] - gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase - gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize - gUefiPayloadPkgTokenSpaceGuid.PcdPayloadStackTop + gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase + gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize + gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadStackTop From e689209c20d0b3b7709260467581d4894a77a82c Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Tue, 16 Apr 2024 20:07:02 +0300 Subject: [PATCH 003/357] DasharoPayloadPkg: Make it build Things have somewhat changed since 2019: * new dependencies appeared * UefiCpuLib got merged into BaseCpuLib * some PCDs changed their type Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 26 ++++++++++++++++++------- DasharoPayloadPkg/SecCore/SecCore.inf | 2 +- DasharoPayloadPkg/SecCore/SecMain.h | 2 +- 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 4c10682195..373e0a1b63 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -133,6 +133,7 @@ PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMaintenanceLib.inf + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf # # UEFI & PI @@ -149,7 +150,6 @@ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf - UefiCpuLib|UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf # @@ -169,6 +169,10 @@ # MtrrLib|UefiCpuPkg/Library/MtrrLib/MtrrLib.inf LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf + MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf + CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf + CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf + BaseCpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf # # Platform @@ -185,6 +189,7 @@ # DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf + ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf !if $(SOURCE_DEBUG_ENABLE) == TRUE PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDebug/PeCoffExtraActionLibDebug.inf DebugCommunicationLib|SourceLevelDebugPkg/Library/DebugCommunicationLibSerialPort/DebugCommunicationLibSerialPort.inf @@ -205,6 +210,10 @@ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf + VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf [LibraryClasses.IA32.SEC] DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf @@ -252,6 +261,7 @@ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf [LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -265,12 +275,6 @@ # ################################################################################ [PcdsFeatureFlag] -!if $(TARGET) == DEBUG - gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|TRUE -!else - gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|FALSE -!endif - gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|FALSE gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE @@ -295,6 +299,13 @@ !endif [PcdsPatchableInModule.common] +!if $(TARGET) == DEBUG + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|TRUE +!else + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|FALSE +!endif + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|FALSE + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F !if $(SOURCE_DEBUG_ENABLE) @@ -569,6 +580,7 @@ DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf HandleParsingLib|ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf + OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf diff --git a/DasharoPayloadPkg/SecCore/SecCore.inf b/DasharoPayloadPkg/SecCore/SecCore.inf index ebf0b1ddeb..d8197a300d 100644 --- a/DasharoPayloadPkg/SecCore/SecCore.inf +++ b/DasharoPayloadPkg/SecCore/SecCore.inf @@ -43,7 +43,7 @@ BaseLib PcdLib DebugAgentLib - UefiCpuLib + BaseCpuLib PeCoffGetEntryPointLib PeCoffExtraActionLib diff --git a/DasharoPayloadPkg/SecCore/SecMain.h b/DasharoPayloadPkg/SecCore/SecMain.h index ca0a95d03e..42e4c8517e 100644 --- a/DasharoPayloadPkg/SecCore/SecMain.h +++ b/DasharoPayloadPkg/SecCore/SecMain.h @@ -19,7 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include -#include +#include #include #include #include From 29b96e611eaa3ef646353bc0415cde9ec5667553 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Mon, 11 May 2020 14:43:47 +0200 Subject: [PATCH 004/357] DasharoPayloadPkg: Increase FV size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The following commits need additional space. Signed-off-by: Patrick Rudolph Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 839df98c1b..7a5cf02432 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -11,15 +11,15 @@ ################################################################################ [FD.UefiPayload] BaseAddress = 0x800000|gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase -Size = 0x410000|gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize +Size = 0xE00000|gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize ErasePolarity = 1 BlockSize = 0x1000 -NumBlocks = 0x410 +NumBlocks = 0xE00 -0x00000000|0x030000 +0x00000000|0x060000 FV = PEIFV -0x00030000|0x3E0000 +0x00060000|0xDA0000 FV = DXEFV ################################################################################ From befac712e1f4f4941e7c5f9237ea4200e7968bab Mon Sep 17 00:00:00 2001 From: Jeremy Soller Date: Wed, 26 Jun 2019 14:20:11 -0600 Subject: [PATCH 005/357] UefiCpuPkg: Ignore DEBUG interrupt (happens on gaze14) --- .../Library/CpuExceptionHandlerLib/PeiDxeSmmCpuException.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeSmmCpuException.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeSmmCpuException.c index 748cf8d3bf..4ecfa86f56 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeSmmCpuException.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeSmmCpuException.c @@ -157,7 +157,7 @@ CommonExceptionHandlerWorker ( // // Enter a dead loop if needn't to execute old IDT handler further // - if (ReservedVectors[ExceptionType].Attribute != EFI_VECTOR_HANDOFF_HOOK_BEFORE) { + if (ReservedVectors[ExceptionType].Attribute != EFI_VECTOR_HANDOFF_HOOK_BEFORE && ExceptionType != EXCEPT_IA32_DEBUG) { CpuDeadLoop (); } } From e74bc723ab24e25b037a17880a230224cc7f046c Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Fri, 31 Jan 2020 10:23:00 -0700 Subject: [PATCH 006/357] DasharoPayloadPkg: Map ESC to boot manager --- .../PlatformBootManager.c | 35 ++++--------------- 1 file changed, 6 insertions(+), 29 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index c5c6af0abc..48fe7e41ea 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -152,35 +152,18 @@ PlatformBootManagerBeforeConsole ( VOID ) { - EFI_INPUT_KEY Enter; - EFI_INPUT_KEY F2; - EFI_INPUT_KEY Down; + EFI_INPUT_KEY Escape; EFI_BOOT_MANAGER_LOAD_OPTION BootOption; PlatformConsoleInit (); // - // Register ENTER as CONTINUE key + // Map Escape to Boot Manager Menu // - Enter.ScanCode = SCAN_NULL; - Enter.UnicodeChar = CHAR_CARRIAGE_RETURN; - EfiBootManagerRegisterContinueKeyOption (0, &Enter, NULL); - - // - // Map F2 to Boot Manager Menu - // - F2.ScanCode = SCAN_F2; - F2.UnicodeChar = CHAR_NULL; - EfiBootManagerGetBootManagerMenu (&BootOption); - EfiBootManagerAddKeyOptionVariable (NULL, (UINT16) BootOption.OptionNumber, 0, &F2, NULL); - - // - // Also add Down key to Boot Manager Menu since some serial terminals don't support F2 key. - // - Down.ScanCode = SCAN_DOWN; - Down.UnicodeChar = CHAR_NULL; + Escape.ScanCode = SCAN_ESC; + Escape.UnicodeChar = CHAR_NULL; EfiBootManagerGetBootManagerMenu (&BootOption); - EfiBootManagerAddKeyOptionVariable (NULL, (UINT16) BootOption.OptionNumber, 0, &Down, NULL); + EfiBootManagerAddKeyOptionVariable (NULL, (UINT16) BootOption.OptionNumber, 0, &Escape, NULL); // // Install ready to lock. @@ -224,13 +207,7 @@ PlatformBootManagerAfterConsole ( // PlatformRegisterFvBootOption (PcdGetPtr (PcdShellFile), L"UEFI Shell", LOAD_OPTION_ACTIVE); - Print ( - L"\n" - L"F2 or Down to enter Boot Manager Menu.\n" - L"ENTER to boot directly.\n" - L"\n" - ); - + Print (L"Press ESC to enter Boot Manager Menu.\n"); } /** From 4587b4584fc2832acc5b7a798dd172c72566ba02 Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Mon, 3 Feb 2020 10:14:07 -0700 Subject: [PATCH 007/357] DasharoPayloadPkg: Enable boot logo --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 ++ DasharoPayloadPkg/DasharoPayloadPkg.fdf | 2 ++ .../Library/PlatformBootManagerLib/PlatformBootManager.c | 3 +++ .../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + 4 files changed, 8 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 373e0a1b63..cd8b077168 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -161,6 +161,7 @@ CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf + BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf @@ -415,6 +416,7 @@ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf UefiCpuPkg/CpuDxe/CpuDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf + MdeModulePkg/Logo/LogoDxe.inf MdeModulePkg/Application/UiApp/UiApp.inf { NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 7a5cf02432..fe7264083a 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -110,6 +110,8 @@ INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf INF DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf +INF MdeModulePkg/Logo/LogoDxe.inf + # # PCI Support # diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 48fe7e41ea..e2ee784059 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -199,6 +199,9 @@ PlatformBootManagerAfterConsole ( Black.Blue = Black.Green = Black.Red = Black.Reserved = 0; White.Blue = White.Green = White.Red = White.Reserved = 0xFF; + gST->ConOut->ClearScreen (gST->ConOut); + BootLogoEnableLogo (); + EfiBootManagerConnectAll (); EfiBootManagerRefreshAllBootOption (); diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 264f314d64..ec1119f6f6 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -39,6 +39,7 @@ UefiRuntimeServicesTableLib UefiLib UefiBootManagerLib + BootLogoLib PcdLib DxeServicesLib MemoryAllocationLib From f33c1c3cff5159d75431bbf93c01ab00bca6900b Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Mon, 3 Feb 2020 12:09:56 -0700 Subject: [PATCH 008/357] MdeModulePkg/BootLogoLib: Center logo 38.2% from top of screen Use Microsoft's recommended positioning [1] for the boot logo. > We recommend that the logo is placed with its center at 38.2% from the > screen's top edge. This positioning is based on the golden ratio's > visual aesthetics and matches the Windows 10 design proportions. [1]: https://docs.microsoft.com/en-us/windows-hardware/drivers/bringup/boot-screen-components#position-the-logo-during-post --- MdeModulePkg/Library/BootLogoLib/BootLogoLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c b/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c index 478ec2d40e..8721b31465 100644 --- a/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c +++ b/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c @@ -176,7 +176,7 @@ BootLogoEnableLogo ( break; case EdkiiPlatformLogoDisplayAttributeCenter: DestX = (SizeOfX - Image.Width) / 2; - DestY = (SizeOfY - Image.Height) / 2; + DestY = (SizeOfY * 382) / 1000 - Image.Height / 2; break; case EdkiiPlatformLogoDisplayAttributeCenterRight: DestX = SizeOfX - Image.Width; From 7ac3d17c90cc2dfcf96c376e7c610a5ace31fca0 Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Mon, 3 Feb 2020 14:29:03 -0700 Subject: [PATCH 009/357] MdeModulePkg/BootManagerUiLib: Make it look like current BootMngr --- .../Library/BootManagerUiLib/BootManager.h | 2 +- .../BootManagerUiLib/BootManagerStrings.uni | 18 +++------------ .../BootManagerUiLib/BootManagerVfr.Vfr | 23 +++++++------------ 3 files changed, 12 insertions(+), 31 deletions(-) diff --git a/MdeModulePkg/Library/BootManagerUiLib/BootManager.h b/MdeModulePkg/Library/BootManagerUiLib/BootManager.h index 0076a9dfce..4405a663a5 100644 --- a/MdeModulePkg/Library/BootManagerUiLib/BootManager.h +++ b/MdeModulePkg/Library/BootManagerUiLib/BootManager.h @@ -46,7 +46,7 @@ typedef struct { 0x847bc3fe, 0xb974, 0x446d, {0x94, 0x49, 0x5a, 0xd5, 0x41, 0x2e, 0x99, 0x3b} \ } -#define BOOT_MANAGER_FORM_ID 0x1000 +#define BOOT_MANAGER_FORM_ID 0x1030 #define LABEL_BOOT_OPTION 0x00 #define LABEL_BOOT_OPTION_END 0x01 diff --git a/MdeModulePkg/Library/BootManagerUiLib/BootManagerStrings.uni b/MdeModulePkg/Library/BootManagerUiLib/BootManagerStrings.uni index 2fcb9a29c5..f6aad5fb44 100644 --- a/MdeModulePkg/Library/BootManagerUiLib/BootManagerStrings.uni +++ b/MdeModulePkg/Library/BootManagerUiLib/BootManagerStrings.uni @@ -17,20 +17,8 @@ /=# #langdef en-US "English" -#langdef fr-FR "Français" -#string STR_BM_BANNER #language en-US "Boot Manager" - #language fr-FR "Boot Manager" -#string STR_BOOT_MANAGER_HELP #language en-US "This selection will take you to the Boot Manager" - #language fr-FR "This selection will take you to the Boot Manager" -#string STR_HELP_FOOTER #language en-US "Use the <↑> and <↓> keys to choose a boot option, the key to select a boot option, and the key to exit the Boot Manager Menu." - #language fr-FR "<↑> pour <↓> changer l'option, choisir une option, pour sortir" -#string STR_AND #language en-US " and " - #language fr-FR " et " -#string STR_BOOT_OPTION_BANNER #language en-US "Boot Manager Menu" - #language fr-FR "le Menu d'Option de Botte" +#string STR_BM_BANNER #language en-US "One Time Boot" +#string STR_BOOT_MANAGER_HELP #language en-US "Boot an entry one time" #string STR_ANY_KEY_CONTINUE #language en-US "Press any key to continue..." - #language fr-FR "Appuie n'importe quelle pour continuer..." -#string STR_LAST_STRING #language en-US "" - #language fr-FR "" - +#string STR_EMPTY_STRING #language en-US "" diff --git a/MdeModulePkg/Library/BootManagerUiLib/BootManagerVfr.Vfr b/MdeModulePkg/Library/BootManagerUiLib/BootManagerVfr.Vfr index 4049fe6774..c49b6f50b1 100644 --- a/MdeModulePkg/Library/BootManagerUiLib/BootManagerVfr.Vfr +++ b/MdeModulePkg/Library/BootManagerUiLib/BootManagerVfr.Vfr @@ -8,7 +8,7 @@ //**/ #define FORMSET_GUID { 0x847bc3fe, 0xb974, 0x446d, 0x94, 0x49, 0x5a, 0xd5, 0x41, 0x2e, 0x99, 0x3b } -#define BOOT_MANAGER_FORM_ID 0x1000 +#define BOOT_MANAGER_FORM_ID 0x1030 #define LABEL_BOOT_OPTION 0x00 #define LABEL_BOOT_OPTION_END 0x01 @@ -20,22 +20,18 @@ formset classguid = gEfiIfrFrontPageGuid, form formid = BOOT_MANAGER_FORM_ID, - title = STRING_TOKEN(STR_BM_BANNER); - - subtitle text = STRING_TOKEN(STR_LAST_STRING); - subtitle text = STRING_TOKEN(STR_BOOT_OPTION_BANNER); - subtitle text = STRING_TOKEN(STR_LAST_STRING); + title = STRING_TOKEN(STR_BM_BANNER); // //Add this invisable text in order to indicate enter Boot Manager form. // suppressif TRUE; - text - help = STRING_TOKEN(STR_LAST_STRING ), - text = STRING_TOKEN(STR_LAST_STRING ), - flags = INTERACTIVE, - key = 0x1212; - endif; + text + help = STRING_TOKEN(STR_EMPTY_STRING), + text = STRING_TOKEN(STR_EMPTY_STRING), + flags = INTERACTIVE, + key = 0x1212; + endif; // // This is where we will dynamically add choices for the Boot Manager @@ -43,9 +39,6 @@ formset label LABEL_BOOT_OPTION; label LABEL_BOOT_OPTION_END; - subtitle text = STRING_TOKEN(STR_LAST_STRING); - subtitle text = STRING_TOKEN(STR_HELP_FOOTER); - endform; endformset; From 4b49a5a390d7348595812a8125a28091eec2d0e1 Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Tue, 4 Feb 2020 12:27:58 -0700 Subject: [PATCH 010/357] DasharoPayloadPkg: Copy PlatformBootManagerUnableToBoot() from OvmfPkg --- .../PlatformBootManager.c | 46 ++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index e2ee784059..720265bb89 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -240,6 +240,50 @@ PlatformBootManagerUnableToBoot ( VOID ) { - return; + EFI_STATUS Status; + EFI_INPUT_KEY Key; + EFI_BOOT_MANAGER_LOAD_OPTION BootManagerMenu; + UINTN Index; + + // + // BootManagerMenu doesn't contain the correct information when return status + // is EFI_NOT_FOUND. + // + Status = EfiBootManagerGetBootManagerMenu (&BootManagerMenu); + if (EFI_ERROR (Status)) { + return; + } + // + // Normally BdsDxe does not print anything to the system console, but this is + // a last resort -- the end-user will likely not see any DEBUG messages + // logged in this situation. + // + // AsciiPrint() will NULL-check gST->ConOut internally. We check gST->ConIn + // here to see if it makes sense to request and wait for a keypress. + // + if (gST->ConIn != NULL) { + AsciiPrint ( + "%a: No bootable option or device was found.\n" + "%a: Press any key to enter the Boot Manager Menu.\n", + gEfiCallerBaseName, + gEfiCallerBaseName + ); + Status = gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index); + ASSERT_EFI_ERROR (Status); + ASSERT (Index == 0); + + // + // Drain any queued keys. + // + while (!EFI_ERROR (gST->ConIn->ReadKeyStroke (gST->ConIn, &Key))) { + // + // just throw away Key + // + } + } + + for (;;) { + EfiBootManagerBoot (&BootManagerMenu); + } } From 46b5bea4bf7b8ec8c5ddf18faed0afa89f9a79e6 Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Tue, 4 Feb 2020 13:37:10 -0700 Subject: [PATCH 011/357] DasharoPayloadPkg: Clear screen on boot error --- .../Library/PlatformBootManagerLib/PlatformBootManager.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 720265bb89..ad918b10be 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -261,7 +261,8 @@ PlatformBootManagerUnableToBoot ( // AsciiPrint() will NULL-check gST->ConOut internally. We check gST->ConIn // here to see if it makes sense to request and wait for a keypress. // - if (gST->ConIn != NULL) { + if (gST->ConOut != NULL && gST->ConIn != NULL) { + gST->ConOut->ClearScreen (gST->ConOut); AsciiPrint ( "%a: No bootable option or device was found.\n" "%a: Press any key to enter the Boot Manager Menu.\n", From cc173befef2eb6e0faeacdc363e15bc1350131e6 Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Tue, 4 Feb 2020 13:40:13 -0700 Subject: [PATCH 012/357] MdeModulePkg: Wait for input on each boot failure --- .../Library/BootManagerUiLib/BootManager.c | 16 ++++++++-------- MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c | 15 +++++++++++++++ 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/MdeModulePkg/Library/BootManagerUiLib/BootManager.c b/MdeModulePkg/Library/BootManagerUiLib/BootManager.c index b7526796d6..98349fcbd5 100644 --- a/MdeModulePkg/Library/BootManagerUiLib/BootManager.c +++ b/MdeModulePkg/Library/BootManagerUiLib/BootManager.c @@ -797,7 +797,7 @@ BootManagerCallback ( { EFI_BOOT_MANAGER_LOAD_OPTION *BootOption; UINTN BootOptionCount; - EFI_INPUT_KEY Key; + //EFI_INPUT_KEY Key; if (Action == EFI_BROWSER_ACTION_FORM_OPEN) { // @@ -842,13 +842,13 @@ BootManagerCallback ( EfiBootManagerBoot (&BootOption[QuestionId - 1]); BmSetConsoleMode (TRUE); - if (EFI_ERROR (BootOption[QuestionId - 1].Status)) { - gST->ConOut->OutputString ( - gST->ConOut, - HiiGetString (gBootManagerPrivate.HiiHandle, STRING_TOKEN (STR_ANY_KEY_CONTINUE), NULL) - ); - gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); - } + //if (EFI_ERROR (BootOption[QuestionId - 1].Status)) { + // gST->ConOut->OutputString ( + // gST->ConOut, + // HiiGetString (gBootManagerPrivate.HiiHandle, STRING_TOKEN (STR_ANY_KEY_CONTINUE), NULL) + // ); + // gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); + //} EfiBootManagerFreeLoadOptions (BootOption, BootOptionCount); diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c index 7a97f7cdcc..2c3bf047aa 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c @@ -1853,6 +1853,8 @@ EfiBootManagerBoot ( UINTN FileSize; EFI_BOOT_LOGO_PROTOCOL *BootLogo; EFI_EVENT LegacyBootEvent; + EFI_INPUT_KEY Key; + UINTN Index; if (BootOption == NULL) { return; @@ -1993,6 +1995,19 @@ EfiBootManagerBoot ( // BmReportLoadFailure (EFI_SW_DXE_BS_EC_BOOT_OPTION_LOAD_ERROR, Status); BootOption->Status = Status; + + if (gST->ConIn != NULL) { + gST->ConOut->ClearScreen (gST->ConOut); + AsciiPrint ( + "Boot Failed. %s\n" + "Press any key to continue...\n", + BootOption->Description); + Status = gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index); + ASSERT_EFI_ERROR (Status); + ASSERT (Index == 0); + while (!EFI_ERROR (gST->ConIn->ReadKeyStroke (gST->ConIn, &Key))) {} + } + return; } } From a2ccf2704571f468ea1ffc3b5fb37b132b3517c6 Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Tue, 16 Apr 2024 20:09:58 +0300 Subject: [PATCH 013/357] MdeModulePkg/BM: Add warning if no bootable options found --- MdeModulePkg/Library/BootManagerUiLib/BootManager.c | 13 +++++++++++-- .../Library/BootManagerUiLib/BootManagerStrings.uni | 1 + 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Library/BootManagerUiLib/BootManager.c b/MdeModulePkg/Library/BootManagerUiLib/BootManager.c index 98349fcbd5..5ceb54164d 100644 --- a/MdeModulePkg/Library/BootManagerUiLib/BootManager.c +++ b/MdeModulePkg/Library/BootManagerUiLib/BootManager.c @@ -493,8 +493,10 @@ UpdateBootManager ( BOOLEAN IsLegacyOption; BOOLEAN NeedEndOp; UINTN MaxLen; + UINTN OptionCount; DeviceType = (UINT16)-1; + OptionCount = 0; // // for better user experience @@ -535,8 +537,9 @@ UpdateBootManager ( EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; EndLabel->Number = LABEL_BOOT_OPTION_END; - mKeyInput = 0; - NeedEndOp = FALSE; + + mKeyInput = 0; + NeedEndOp = FALSE; for (Index = 0; Index < BootOptionCount; Index++) { // // At this stage we are creating a menu entry, thus the Keys are reproduceable @@ -550,6 +553,8 @@ UpdateBootManager ( continue; } + OptionCount++; + // // Group the legacy boot option in the sub title created dynamically // @@ -605,6 +610,10 @@ UpdateBootManager ( ); } + if (OptionCount == 0) { + HiiCreateSubTitleOpCode (StartOpCodeHandle, STRING_TOKEN (STR_NO_BOOTABLE_MEDIA), 0, 0, 0); + } + if (NeedEndOp) { HiiCreateEndOpCode (StartOpCodeHandle); } diff --git a/MdeModulePkg/Library/BootManagerUiLib/BootManagerStrings.uni b/MdeModulePkg/Library/BootManagerUiLib/BootManagerStrings.uni index f6aad5fb44..c280fd9f87 100644 --- a/MdeModulePkg/Library/BootManagerUiLib/BootManagerStrings.uni +++ b/MdeModulePkg/Library/BootManagerUiLib/BootManagerStrings.uni @@ -21,4 +21,5 @@ #string STR_BM_BANNER #language en-US "One Time Boot" #string STR_BOOT_MANAGER_HELP #language en-US "Boot an entry one time" #string STR_ANY_KEY_CONTINUE #language en-US "Press any key to continue..." +#string STR_NO_BOOTABLE_MEDIA #language en-US "No bootable media found" #string STR_EMPTY_STRING #language en-US "" From 71cb79938a4203396a8bdcaee62099511b9bcb6a Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Tue, 11 Feb 2020 14:12:41 -0700 Subject: [PATCH 014/357] WIP: MdeModulePkg/UefiBootManager: Skip non-EFI devices --- .../Library/UefiBootManagerLib/BmBoot.c | 323 ++++++++++++++++++ 1 file changed, 323 insertions(+) diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c index 2c3bf047aa..d14fac06c2 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c @@ -2183,6 +2183,322 @@ BmMatchPartitionDevicePathNode ( return FALSE; } +/** + Get the headers (dos, image, optional header) from an image + + @param Device SimpleFileSystem device handle + @param FileName File name for the image + @param DosHeader Pointer to dos header + @param Hdr The buffer in which to return the PE32, PE32+, or TE header. + + @retval EFI_SUCCESS Successfully get the machine type. + @retval EFI_NOT_FOUND The file is not found. + @retval EFI_LOAD_ERROR File is not a valid image file. + +**/ +STATIC +EFI_STATUS +EFIAPI +BdsLibGetImageHeader ( + IN EFI_HANDLE Device, + IN CHAR16 *FileName, + OUT EFI_IMAGE_DOS_HEADER *DosHeader, + OUT EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr + ) +{ + EFI_STATUS Status; + EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *Volume; + EFI_FILE_HANDLE Root; + EFI_FILE_HANDLE ThisFile; + UINTN BufferSize; + UINT64 FileSize; + EFI_FILE_INFO *Info; + + Root = NULL; + ThisFile = NULL; + // + // Handle the file system interface to the device + // + Status = gBS->HandleProtocol ( + Device, + &gEfiSimpleFileSystemProtocolGuid, + (VOID *) &Volume + ); + if (EFI_ERROR (Status)) { + goto Done; + } + + Status = Volume->OpenVolume ( + Volume, + &Root + ); + if (EFI_ERROR (Status)) { + Root = NULL; + goto Done; + } + ASSERT (Root != NULL); + Status = Root->Open (Root, &ThisFile, FileName, EFI_FILE_MODE_READ, 0); + if (EFI_ERROR (Status)) { + goto Done; + } + ASSERT (ThisFile != NULL); + + // + // Get file size + // + BufferSize = SIZE_OF_EFI_FILE_INFO + 200; + do { + Info = NULL; + Status = gBS->AllocatePool (EfiBootServicesData, BufferSize, (VOID **) &Info); + if (EFI_ERROR (Status)) { + goto Done; + } + Status = ThisFile->GetInfo ( + ThisFile, + &gEfiFileInfoGuid, + &BufferSize, + Info + ); + if (!EFI_ERROR (Status)) { + break; + } + if (Status != EFI_BUFFER_TOO_SMALL) { + FreePool (Info); + goto Done; + } + FreePool (Info); + } while (TRUE); + + FileSize = Info->FileSize; + FreePool (Info); + + // + // Read dos header + // + BufferSize = sizeof (EFI_IMAGE_DOS_HEADER); + Status = ThisFile->Read (ThisFile, &BufferSize, DosHeader); + if (EFI_ERROR (Status) || + BufferSize < sizeof (EFI_IMAGE_DOS_HEADER) || + FileSize <= DosHeader->e_lfanew || + DosHeader->e_magic != EFI_IMAGE_DOS_SIGNATURE) { + Status = EFI_LOAD_ERROR; + goto Done; + } + + // + // Move to PE signature + // + Status = ThisFile->SetPosition (ThisFile, DosHeader->e_lfanew); + if (EFI_ERROR (Status)) { + Status = EFI_LOAD_ERROR; + goto Done; + } + + // + // Read and check PE signature + // + BufferSize = sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION); + Status = ThisFile->Read (ThisFile, &BufferSize, Hdr.Pe32); + if (EFI_ERROR (Status) || + BufferSize < sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION) || + Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) { + Status = EFI_LOAD_ERROR; + goto Done; + } + + // + // Check PE32 or PE32+ magic + // + if (Hdr.Pe32->OptionalHeader.Magic != EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC && + Hdr.Pe32->OptionalHeader.Magic != EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { + Status = EFI_LOAD_ERROR; + goto Done; + } + + Done: + if (ThisFile != NULL) { + ThisFile->Close (ThisFile); + } + if (Root != NULL) { + Root->Close (Root); + } + return Status; +} + +/** + Return the bootable media handle. + First, check the device is connected + Second, check whether the device path point to a device which support SimpleFileSystemProtocol, + Third, detect the the default boot file in the Media, and return the removable Media handle. + + @param DevicePath Device Path to a bootable device + + @return The bootable media handle. If the media on the DevicePath is not bootable, NULL will return. + +**/ +EFI_HANDLE +EFIAPI +BdsLibGetBootableHandle ( + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath + ) +{ + EFI_STATUS Status; + EFI_TPL OldTpl; + EFI_DEVICE_PATH_PROTOCOL *UpdatedDevicePath; + EFI_DEVICE_PATH_PROTOCOL *DupDevicePath; + EFI_HANDLE Handle; + EFI_BLOCK_IO_PROTOCOL *BlockIo; + VOID *Buffer; + EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; + UINTN Size; + UINTN TempSize; + EFI_HANDLE ReturnHandle; + EFI_HANDLE *SimpleFileSystemHandles; + + UINTN NumberSimpleFileSystemHandles; + UINTN Index; + EFI_IMAGE_DOS_HEADER DosHeader; + EFI_IMAGE_OPTIONAL_HEADER_UNION HdrData; + EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr; + + UpdatedDevicePath = DevicePath; + + // + // Enter to critical section to protect the acquired BlockIo instance + // from getting released due to the USB mass storage hotplug event + // + OldTpl = gBS->RaiseTPL (TPL_CALLBACK); + + // + // Check whether the device is connected + // + Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &UpdatedDevicePath, &Handle); + if (EFI_ERROR (Status)) { + // + // Skip the case that the boot option point to a simple file protocol which does not consume block Io protocol, + // + Status = gBS->LocateDevicePath (&gEfiSimpleFileSystemProtocolGuid, &UpdatedDevicePath, &Handle); + if (EFI_ERROR (Status)) { + // + // Fail to find the proper BlockIo and simple file protocol, maybe because device not present, we need to connect it firstly + // + UpdatedDevicePath = DevicePath; + Status = gBS->LocateDevicePath (&gEfiDevicePathProtocolGuid, &UpdatedDevicePath, &Handle); + gBS->ConnectController (Handle, NULL, NULL, TRUE); + } + } else { + // + // For removable device boot option, its contained device path only point to the removable device handle, + // should make sure all its children handles (its child partion or media handles) are created and connected. + // + gBS->ConnectController (Handle, NULL, NULL, TRUE); + // + // Get BlockIo protocol and check removable attribute + // + Status = gBS->HandleProtocol (Handle, &gEfiBlockIoProtocolGuid, (VOID **)&BlockIo); + ASSERT_EFI_ERROR (Status); + + // + // Issue a dummy read to the device to check for media change. + // When the removable media is changed, any Block IO read/write will + // cause the BlockIo protocol be reinstalled and EFI_MEDIA_CHANGED is + // returned. After the Block IO protocol is reinstalled, subsequent + // Block IO read/write will success. + // + Buffer = AllocatePool (BlockIo->Media->BlockSize); + if (Buffer != NULL) { + BlockIo->ReadBlocks ( + BlockIo, + BlockIo->Media->MediaId, + 0, + BlockIo->Media->BlockSize, + Buffer + ); + FreePool(Buffer); + } + } + + // + // Detect the the default boot file from removable Media + // + + // + // If fail to get bootable handle specified by a USB boot option, the BDS should try to find other bootable device in the same USB bus + // Try to locate the USB node device path first, if fail then use its previous PCI node to search + // + DupDevicePath = DuplicateDevicePath (DevicePath); + ASSERT (DupDevicePath != NULL); + + UpdatedDevicePath = DupDevicePath; + Status = gBS->LocateDevicePath (&gEfiDevicePathProtocolGuid, &UpdatedDevicePath, &Handle); + // + // if the resulting device path point to a usb node, and the usb node is a dummy node, should only let device path only point to the previous Pci node + // Acpi()/Pci()/Usb() --> Acpi()/Pci() + // + if ((DevicePathType (UpdatedDevicePath) == MESSAGING_DEVICE_PATH) && + (DevicePathSubType (UpdatedDevicePath) == MSG_USB_DP)) { + // + // Remove the usb node, let the device path only point to PCI node + // + SetDevicePathEndNode (UpdatedDevicePath); + UpdatedDevicePath = DupDevicePath; + } else { + UpdatedDevicePath = DevicePath; + } + + // + // Get the device path size of boot option + // + Size = GetDevicePathSize(UpdatedDevicePath) - sizeof (EFI_DEVICE_PATH_PROTOCOL); // minus the end node + ReturnHandle = NULL; + gBS->LocateHandleBuffer ( + ByProtocol, + &gEfiSimpleFileSystemProtocolGuid, + NULL, + &NumberSimpleFileSystemHandles, + &SimpleFileSystemHandles + ); + for (Index = 0; Index < NumberSimpleFileSystemHandles; Index++) { + // + // Get the device path size of SimpleFileSystem handle + // + TempDevicePath = DevicePathFromHandle (SimpleFileSystemHandles[Index]); + TempSize = GetDevicePathSize (TempDevicePath)- sizeof (EFI_DEVICE_PATH_PROTOCOL); // minus the end node + // + // Check whether the device path of boot option is part of the SimpleFileSystem handle's device path + // + if (Size <= TempSize && CompareMem (TempDevicePath, UpdatedDevicePath, Size)==0) { + // + // Load the default boot file \EFI\BOOT\boot{machinename}.EFI from removable Media + // machinename is ia32, ia64, x64, ... + // + Hdr.Union = &HdrData; + Status = BdsLibGetImageHeader ( + SimpleFileSystemHandles[Index], + EFI_REMOVABLE_MEDIA_FILE_NAME, + &DosHeader, + Hdr + ); + if (!EFI_ERROR (Status) && + EFI_IMAGE_MACHINE_TYPE_SUPPORTED (Hdr.Pe32->FileHeader.Machine) && + Hdr.Pe32->OptionalHeader.Subsystem == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION) { + ReturnHandle = SimpleFileSystemHandles[Index]; + break; + } + } + } + + FreePool(DupDevicePath); + + if (SimpleFileSystemHandles != NULL) { + FreePool(SimpleFileSystemHandles); + } + + gBS->RestoreTPL (OldTpl); + + return ReturnHandle; +} + /** Emuerate all possible bootable medias in the following order: 1. Removable BlockIo - The boot option only points to the removable media @@ -2213,6 +2529,7 @@ BmEnumerateBootOptions ( UINTN Removable; UINTN Index; CHAR16 *Description; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; ASSERT (BootOptionCount != NULL); @@ -2248,6 +2565,12 @@ BmEnumerateBootOptions ( continue; } + // Skip devices that do not have an EFI volume + DevicePath = DevicePathFromHandle (Handles[Index]); + if (BdsLibGetBootableHandle (DevicePath) == NULL) { + continue; + } + // // Skip the fixed block io then the removable block io // From b9da5e4ace3e60e14c1651d234abb58129038b4e Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Wed, 12 Feb 2020 10:03:31 -0700 Subject: [PATCH 015/357] MdeModulePkg/UefiBootManager: Remove 'UEFI' description prefix --- .../Library/UefiBootManagerLib/BmBootDescription.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBootDescription.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBootDescription.c index 030b2ee3ec..6b615c2437 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBootDescription.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBootDescription.c @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define PRODUCT_IDENTIFICATION_LENGTH 16 CONST UINT16 mBmUsbLangId = 0x0409; // English -CHAR16 mBmUefiPrefix[] = L"UEFI "; +//CHAR16 mBmUefiPrefix[] = L"UEFI "; LIST_ENTRY mPlatformBootDescriptionHandlers = INITIALIZE_LIST_HEAD_VARIABLE (mPlatformBootDescriptionHandlers); @@ -817,10 +817,12 @@ BmGetBootDescription ( // Avoid description confusion between UEFI & Legacy boot option by adding "UEFI " prefix // ONLY for core provided boot description handler. // - Temp = AllocatePool (StrSize (DefaultDescription) + sizeof (mBmUefiPrefix)); + //Temp = AllocatePool (StrSize (DefaultDescription) + sizeof (mBmUefiPrefix)); + Temp = AllocatePool (StrSize (DefaultDescription)); ASSERT (Temp != NULL); - StrCpyS (Temp, (StrSize (DefaultDescription) + sizeof (mBmUefiPrefix)) / sizeof (CHAR16), mBmUefiPrefix); - StrCatS (Temp, (StrSize (DefaultDescription) + sizeof (mBmUefiPrefix)) / sizeof (CHAR16), DefaultDescription); + //StrCpyS (Temp, (StrSize (DefaultDescription) + sizeof (mBmUefiPrefix)) / sizeof (CHAR16), mBmUefiPrefix); + //StrCatS (Temp, (StrSize (DefaultDescription) + sizeof (mBmUefiPrefix)) / sizeof (CHAR16), DefaultDescription); + StrCpyS (Temp, StrSize (DefaultDescription) / sizeof (CHAR16), DefaultDescription); FreePool (DefaultDescription); DefaultDescription = Temp; break; From 208dc6049c564e357743785cfa3bb32eba5f324e Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Wed, 12 Feb 2020 10:11:41 -0700 Subject: [PATCH 016/357] MdeModulePkg/UefiBootManager: Remove serial number from description --- .../UefiBootManagerLib/BmBootDescription.c | 59 ++++++++++--------- 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBootDescription.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBootDescription.c index 6b615c2437..403a3768ce 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBootDescription.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBootDescription.c @@ -182,16 +182,16 @@ BmGetDescriptionFromDiskInfo ( } Length = Index; - Description[Length++] = L' '; + //Description[Length++] = L' '; - for (Index = 0; Index + 1 < SerialNumberLength; Index += 2) { - Description[Length + Index] = (CHAR16)IdentifyData.SerialNo[Index + 1]; - Description[Length + Index + 1] = (CHAR16)IdentifyData.SerialNo[Index]; - } + //for (Index = 0; Index + 1 < SerialNumberLength; Index += 2) { + // Description[Length + Index] = (CHAR16)IdentifyData.SerialNo[Index + 1]; + // Description[Length + Index + 1] = (CHAR16)IdentifyData.SerialNo[Index]; + //} - Length += Index; + //Length += Index; Description[Length++] = L'\0'; - ASSERT (Length == ModelNameLength + SerialNumberLength + 2); + //ASSERT (Length == ModelNameLength + SerialNumberLength + 2); BmEliminateExtraSpaces (Description); } @@ -316,15 +316,16 @@ BmGetUsbDescription ( Product = &NullChar; } - Status = UsbIo->UsbGetStringDescriptor ( - UsbIo, - mBmUsbLangId, - DevDesc.StrSerialNumber, - &SerialNumber - ); - if (EFI_ERROR (Status)) { - SerialNumber = &NullChar; - } + //Status = UsbIo->UsbGetStringDescriptor ( + // UsbIo, + // mBmUsbLangId, + // DevDesc.StrSerialNumber, + // &SerialNumber + // ); + //if (EFI_ERROR (Status)) { + // SerialNumber = &NullChar; + //} + SerialNumber = &NullChar; if ((Manufacturer == &NullChar) && (Product == &NullChar) && @@ -655,19 +656,19 @@ BmGetNvmeDescription ( *(Char++) = (CHAR16)ControllerData.Mn[Index]; } - *(Char++) = L' '; - for (Index = 0; Index < ARRAY_SIZE (ControllerData.Sn); Index++) { - *(Char++) = (CHAR16)ControllerData.Sn[Index]; - } - - *(Char++) = L' '; - UnicodeValueToStringS ( - Char, - sizeof (CHAR16) * (MAXIMUM_VALUE_CHARACTERS + 1), - 0, - DevicePath.NvmeNamespace->NamespaceId, - 0 - ); + //*(Char++) = L' '; + //for (Index = 0; Index < ARRAY_SIZE (ControllerData.Sn); Index++) { + // *(Char++) = (CHAR16)ControllerData.Sn[Index]; + //} + + //*(Char++) = L' '; + //UnicodeValueToStringS ( + // Char, + // sizeof (CHAR16) * (MAXIMUM_VALUE_CHARACTERS + 1), + // 0, + // DevicePath.NvmeNamespace->NamespaceId, + // 0 + // ); BmEliminateExtraSpaces (Description); } From 22e257ef3319b8057d3fe412eef3e412a887bc37 Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Mon, 17 Feb 2020 08:21:10 -0700 Subject: [PATCH 017/357] DasharoPayloadPkg: Stall before connecting devices USB devices are not being detected when booting. Pause a bit for them to be initialized and detected by EfiBootManagerConnectAll(). --- .../Library/PlatformBootManagerLib/PlatformBootManager.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index ad918b10be..eb2ada759f 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -202,6 +202,9 @@ PlatformBootManagerAfterConsole ( gST->ConOut->ClearScreen (gST->ConOut); BootLogoEnableLogo (); + // FIXME: USB devices are not being detected unless we wait a bit. + gBS->Stall (100 * 1000); + EfiBootManagerConnectAll (); EfiBootManagerRefreshAllBootOption (); From 8bbbca076adef820d1bd3f666bcc3f6031f7b33f Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Wed, 1 Apr 2020 15:05:54 +0200 Subject: [PATCH 018/357] DasharoPayloadPkg: Add Secureboot support Must use RuntimeVariableDxe instead of EmuVariableDxe. Currently doesn't boot on qemu. Signed-off-by: Patrick Rudolph --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 49 +- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 47 ++ .../SecureBootSetup.c | 644 ++++++++++++++++++ .../SecureBootSetup.inf | 54 ++ .../SecureBootSetup.uni | 21 + .../SecureBootSetupExtra.uni | 17 + .../SecureBootEnrollDefaultKeys/keys/README | 8 + .../SecureBootEnrollDefaultKeys/keys/crl.bin | Bin 0 -> 7085 bytes .../SecureBootEnrollDefaultKeys/keys/db-1.crt | Bin 0 -> 1499 bytes .../SecureBootEnrollDefaultKeys/keys/db-2.crt | Bin 0 -> 1556 bytes .../SecureBootEnrollDefaultKeys/keys/kek.crt | Bin 0 -> 1516 bytes .../SecureBootEnrollDefaultKeys/keys/pk.crt | Bin 0 -> 1053 bytes 12 files changed, 837 insertions(+), 3 deletions(-) create mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.c create mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf create mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.uni create mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetupExtra.uni create mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/README create mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/crl.bin create mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-1.crt create mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-2.crt create mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek.crt create mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/pk.crt diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index cd8b077168..bc361bd55f 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -82,6 +82,11 @@ # DEFINE SHELL_TYPE = BUILD_SHELL + # + # Security options: + # + DEFINE SECURE_BOOT_ENABLE = FALSE + [BuildOptions] *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG @@ -208,7 +213,6 @@ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf @@ -216,6 +220,22 @@ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf + +!if $(NETWORK_TLS_ENABLE) == TRUE + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf +!else + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +!endif + +!if $(SECURE_BOOT_ENABLE) == TRUE + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf +!else + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf +!endif + [LibraryClasses.IA32.SEC] DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf @@ -244,6 +264,7 @@ DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf !endif CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf [LibraryClasses.common.DXE_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -256,6 +277,7 @@ !endif CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf [LibraryClasses.common.DXE_RUNTIME_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -263,6 +285,7 @@ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf [LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -413,7 +436,23 @@ # # Components that produce the architectural protocols # - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { + +!if $(SECURE_BOOT_ENABLE) == TRUE + NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf +!endif +!if $(TPM_ENABLE) == TRUE + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf +!endif + } + +!if $(SECURE_BOOT_ENABLE) == TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf + OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf + DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf +!endif + UefiCpuPkg/CpuDxe/CpuDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf MdeModulePkg/Logo/LogoDxe.inf @@ -432,7 +471,11 @@ MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { + + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + } # # Following are the DXE drivers diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index fe7264083a..9c7db7388c 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -99,6 +99,7 @@ INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf +INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf @@ -167,6 +168,39 @@ INF MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +# +# Security +# +!if $(SECURE_BOOT_ENABLE) == TRUE + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf + INF DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf + + FILE FREEFORM = A23665E3-ACA6-4F6D-80CC-341E7D7B8CC6 { + SECTION RAW = DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek.crt + SECTION UI = "SecureBootKekCert" + } + + FILE FREEFORM = F8104268-A364-45F5-8E00-ABA3FDEA12BE { + SECTION RAW = DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/pk.crt + SECTION UI = "SecureBootPkCert" + } + + FILE FREEFORM = 26A517B0-E3FD-46C2-8932-E926BF98941F { + SECTION RAW = DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-1.crt + SECTION UI = "SecureBootDb1Cert" + } + + FILE FREEFORM = 91D2E32B-0134-4306-BA90-54EDCBF349CA { + SECTION RAW = DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-2.crt + SECTION UI = "SecureBootDb2Cert" + } + + FILE FREEFORM = 74BB6E72-2A56-4D0E-A5B3-5D39FC2EE346 { + SECTION RAW = DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/crl.bin + SECTION UI = "SecureBootDbxCert" + } + +!endif # # Shell @@ -291,3 +325,16 @@ INF RuleOverride = BINARY USE = X64 ShellBinPkg/UefiShell/UefiShell.inf FILE RAW = $(NAMED_GUID) { RAW RAW |.raw } + +[RULE.COMMON.USER_DEFINED] + FILE FREEFORM = $(NAMED_GUID) { + RAW BIN |.crt + RAW BIN |.bin + } + +[RULE.COMMON.USER_DEFINED.BINARY] + FILE FREEFORM = $(NAMED_GUID) { + RAW BIN |.crt + RAW BIN |.bin + UI STRING="$(MODULE_NAME)" Optional + } diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.c b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.c new file mode 100644 index 0000000000..8741780899 --- /dev/null +++ b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.c @@ -0,0 +1,644 @@ +/** @file + Enroll default PK, KEK, DB and DBX + + Copyright (C) 2014, Red Hat, Inc. + + This program and the accompanying materials are licensed and made available + under the terms and conditions of the BSD License which accompanies this + distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license. + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT + WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + **/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define EFI_MICROSOFT_KEK_CERT_GUID \ + { 0xA23665E3, 0xACA6, 0x4F6D, {0x80, 0xCC, 0x34, 0x1E, 0x7D, 0x7B, 0x8C, 0xC6} } + +#define EFI_SECUREBOOT_PK_CERT_GUID \ + { 0xF8104268, 0xA364, 0x45F5, {0x8E, 0x00, 0xAB, 0xA3, 0xFD, 0xEA, 0x12, 0xBE} } + +#define EFI_MICROSOFT_DB1_CERT_GUID \ + { 0x26A517B0, 0xE3FD, 0x46C2, {0x89, 0x32, 0xE9, 0x26, 0xBF, 0x98, 0x94, 0x1F} } + +#define EFI_MICROSOFT_DB2_CERT_GUID \ + { 0x91D2E32B, 0x0134, 0x4306, {0xBA, 0x90, 0x54, 0xED, 0xCB, 0xF3, 0x49, 0xCA} } + +#define EFI_MICROSOFT_DBX_GUID \ + { 0x74BB6E72, 0x2A56, 0x4D0E, {0xA5, 0xB3, 0x5D, 0x39, 0xFC, 0x2E, 0xE3, 0x46} } + +#define EFI_MICROSOFT_OWNER_GUID \ + { 0x77FA9ABD, 0x0359, 0x4D32, {0xBD, 0x60, 0x28, 0xF4, 0xE7, 0x8F, 0x78, 0x4B} } + +EFI_GUID gEfiSecureBootDb1CertGuid = EFI_MICROSOFT_DB1_CERT_GUID; +EFI_GUID gEfiSecureBootDb2CertGuid = EFI_MICROSOFT_DB2_CERT_GUID; +EFI_GUID gEfiSecureBootDbxCrlGuid = EFI_MICROSOFT_DBX_GUID; +EFI_GUID gEfiSecureBootKekCertGuid = EFI_MICROSOFT_KEK_CERT_GUID; +EFI_GUID gEfiSecureBootPkCertGuid = EFI_SECUREBOOT_PK_CERT_GUID; +EFI_GUID gEfiMicrosoftOwnerGuid = EFI_MICROSOFT_OWNER_GUID; + +// +// The most important thing about the variable payload is that it is a list of +// lists, where the element size of any given *inner* list is constant. +// +// Since X509 certificates vary in size, each of our *inner* lists will contain +// one element only (one X.509 certificate). This is explicitly mentioned in +// the UEFI specification, in "28.4.1 Signature Database", in a Note. +// +// The list structure looks as follows: +// +// struct EFI_VARIABLE_AUTHENTICATION_2 { | +// struct EFI_TIME { | +// UINT16 Year; | +// UINT8 Month; | +// UINT8 Day; | +// UINT8 Hour; | +// UINT8 Minute; | +// UINT8 Second; | +// UINT8 Pad1; | +// UINT32 Nanosecond; | +// INT16 TimeZone; | +// UINT8 Daylight; | +// UINT8 Pad2; | +// } TimeStamp; | +// | +// struct WIN_CERTIFICATE_UEFI_GUID { | | +// struct WIN_CERTIFICATE { | | +// UINT32 dwLength; ----------------------------------------+ | +// UINT16 wRevision; | | +// UINT16 wCertificateType; | | +// } Hdr; | +- DataSize +// | | +// EFI_GUID CertType; | | +// UINT8 CertData[1] = { <--- "struct hack" | | +// struct EFI_SIGNATURE_LIST { | | | +// EFI_GUID SignatureType; | | | +// UINT32 SignatureListSize; -------------------------+ | | +// UINT32 SignatureHeaderSize; | | | +// UINT32 SignatureSize; ---------------------------+ | | | +// UINT8 SignatureHeader[SignatureHeaderSize]; | | | | +// v | | | +// struct EFI_SIGNATURE_DATA { | | | | +// EFI_GUID SignatureOwner; | | | | +// UINT8 SignatureData[1] = { <--- "struct hack" | | | | +// X.509 payload | | | | +// } | | | | +// } Signatures[]; | | | +// } SigLists[]; | | +// }; | | +// } AuthInfo; | | +// }; | +// +// Given that the "struct hack" invokes undefined behavior (which is why C99 +// introduced the flexible array member), and because subtracting those pesky +// sizes of 1 is annoying, and because the format is fully specified in the +// UEFI specification, we'll introduce two matching convenience structures that +// are customized for our X.509 purposes. +// + +#pragma pack(1) +typedef struct { + EFI_TIME TimeStamp; + + // + // dwLength covers data below + // + UINT32 dwLength; + UINT16 wRevision; + UINT16 wCertificateType; + EFI_GUID CertType; +} SINGLE_HEADER; + +typedef struct { + // + // SignatureListSize covers data below + // + EFI_GUID SignatureType; + UINT32 SignatureListSize; + UINT32 SignatureHeaderSize; // constant 0 + UINT32 SignatureSize; + + // + // SignatureSize covers data below + // + EFI_GUID SignatureOwner; + + // + // X.509 certificate follows + // +} REPEATING_HEADER; +#pragma pack() + +/** + Enroll a set of certificates in a global variable, overwriting it. + + The variable will be rewritten with NV+BS+RT+AT attributes. + + @param[in] VariableName The name of the variable to overwrite. + + @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to + overwrite. + + @param[in] CertType The GUID determining the type of all the + certificates in the set that is passed in. For + example, gEfiCertX509Guid stands for DER-encoded + X.509 certificates, while gEfiCertSha256Guid stands + for SHA256 image hashes. + + @param[in] ... A list of + + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST EFI_GUID *OwnerGuid + + triplets. If the first component of a triplet is + NULL, then the other two components are not + accessed, and processing is terminated. The list of + certificates is enrolled in the variable specified, + overwriting it. The OwnerGuid component identifies + the agent installing the certificate. + + @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert + value is NULL), or one of the CertSize values + is 0, or one of the CertSize values would + overflow the accumulated UINT32 data size. + + @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable + payload. + + @retval EFI_SUCCESS Enrollment successful; the variable has been + overwritten (or created). + + @return Error codes from gRT->GetTime() and + gRT->SetVariable(). + **/ +STATIC +EFI_STATUS +EFIAPI +EnrollListOfCerts ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN EFI_GUID *CertType, + ... + ) +{ + UINTN DataSize; + SINGLE_HEADER *SingleHeader; + REPEATING_HEADER *RepeatingHeader; + VA_LIST Marker; + CONST UINT8 *Cert; + EFI_STATUS Status; + UINT8 *Data; + UINT8 *Position; + + Status = EFI_SUCCESS; + + // + // compute total size first, for UINT32 range check, and allocation + // + DataSize = sizeof *SingleHeader; + VA_START (Marker, CertType); + for (Cert = VA_ARG (Marker, CONST UINT8 *); + Cert != NULL; + Cert = VA_ARG (Marker, CONST UINT8 *)) { + UINTN CertSize; + + CertSize = VA_ARG (Marker, UINTN); + (VOID)VA_ARG (Marker, CONST EFI_GUID *); + + if (CertSize == 0 || + CertSize > MAX_UINT32 - sizeof *RepeatingHeader || + DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) { + Status = EFI_INVALID_PARAMETER; + break; + } + DataSize += sizeof *RepeatingHeader + CertSize; + } + VA_END (Marker); + + if (DataSize == sizeof *SingleHeader) { + Status = EFI_INVALID_PARAMETER; + } + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: Invalid certificate parameters\n")); + goto Out; + } + + Data = AllocatePool (DataSize); + if (Data == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto Out; + } + + Position = Data; + + SingleHeader = (SINGLE_HEADER *)Position; + Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_INFO, "SecureBootSetup: GetTime failed\n")); + // Fill in dummy values + SingleHeader->TimeStamp.Year = 2018; + SingleHeader->TimeStamp.Month = 1; + SingleHeader->TimeStamp.Day = 1; + SingleHeader->TimeStamp.Hour = 0; + SingleHeader->TimeStamp.Minute = 0; + SingleHeader->TimeStamp.Second = 0; + Status = EFI_SUCCESS; + } + SingleHeader->TimeStamp.Pad1 = 0; + SingleHeader->TimeStamp.Nanosecond = 0; + SingleHeader->TimeStamp.TimeZone = 0; + SingleHeader->TimeStamp.Daylight = 0; + SingleHeader->TimeStamp.Pad2 = 0; + + // + // This looks like a bug in edk2. According to the UEFI specification, + // dwLength is "The length of the entire certificate, including the length of + // the header, in bytes". That shouldn't stop right after CertType -- it + // should include everything below it. + // + SingleHeader->dwLength = sizeof *SingleHeader - sizeof SingleHeader->TimeStamp; + SingleHeader->wRevision = 0x0200; + SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID; + CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid); + Position += sizeof *SingleHeader; + + VA_START (Marker, CertType); + for (Cert = VA_ARG (Marker, CONST UINT8 *); + Cert != NULL; + Cert = VA_ARG (Marker, CONST UINT8 *)) { + UINTN CertSize; + CONST EFI_GUID *OwnerGuid; + + CertSize = VA_ARG (Marker, UINTN); + OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *); + + RepeatingHeader = (REPEATING_HEADER *)Position; + CopyGuid (&RepeatingHeader->SignatureType, CertType); + RepeatingHeader->SignatureListSize = + (UINT32)(sizeof *RepeatingHeader + CertSize); + RepeatingHeader->SignatureHeaderSize = 0; + RepeatingHeader->SignatureSize = + (UINT32)(sizeof RepeatingHeader->SignatureOwner + CertSize); + CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid); + Position += sizeof *RepeatingHeader; + + CopyMem (Position, Cert, CertSize); + Position += CertSize; + } + VA_END (Marker); + + ASSERT (Data + DataSize == Position); + + Status = gRT->SetVariable (VariableName, VendorGuid, + (EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_RUNTIME_ACCESS | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS), + DataSize, Data); + + FreePool (Data); + +Out: + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName, + VendorGuid, Status)); + } + return Status; +} + + +STATIC +EFI_STATUS +EFIAPI +GetExact ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT VOID *Data, + IN UINTN DataSize, + IN BOOLEAN AllowMissing + ) +{ + UINTN Size; + EFI_STATUS Status; + + Size = DataSize; + Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data); + if (EFI_ERROR (Status)) { + if (Status == EFI_NOT_FOUND && AllowMissing) { + ZeroMem (Data, DataSize); + return EFI_SUCCESS; + } + + DEBUG ((EFI_D_ERROR, "SecureBootSetup: GetVariable(\"%s\", %g): %r\n", VariableName, + VendorGuid, Status)); + return Status; + } + + if (Size != DataSize) { + DEBUG ((EFI_D_INFO, "SecureBootSetup: GetVariable(\"%s\", %g): expected size 0x%Lx, " + "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size)); + return EFI_PROTOCOL_ERROR; + } + + return EFI_SUCCESS; +} + +typedef struct { + UINT8 SetupMode; + UINT8 SecureBoot; + UINT8 SecureBootEnable; + UINT8 CustomMode; + UINT8 VendorKeys; +} SETTINGS; + +STATIC +EFI_STATUS +EFIAPI +GetSettings ( + OUT SETTINGS *Settings, + BOOLEAN AllowMissing + ) +{ + EFI_STATUS Status; + + ZeroMem (Settings, sizeof(SETTINGS)); + + Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, + &Settings->SetupMode, sizeof Settings->SetupMode, AllowMissing); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, + &Settings->SecureBoot, sizeof Settings->SecureBoot, AllowMissing); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME, + &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable, + sizeof Settings->SecureBootEnable, AllowMissing); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, + &Settings->CustomMode, sizeof Settings->CustomMode, AllowMissing); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid, + &Settings->VendorKeys, sizeof Settings->VendorKeys, AllowMissing); + return Status; +} + +STATIC +VOID +EFIAPI +PrintSettings ( + IN CONST SETTINGS *Settings + ) +{ + DEBUG ((EFI_D_INFO, "SecureBootSetup: SetupMode=%d SecureBoot=%d SecureBootEnable=%d " + "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot, + Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys)); +} + +/** + Install SecureBoot certificates once the VariableDriver is running. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context +**/ +VOID +EFIAPI +InstallSecureBootHook ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + VOID *Protocol; + SETTINGS Settings; + + UINT8 *MicrosoftPCA = 0; + UINTN MicrosoftPCASize; + UINT8 *MicrosoftUefiCA = 0; + UINTN MicrosoftUefiCASize; + UINT8 *MicrosoftKEK = 0; + UINTN MicrosoftKEKSize; + UINT8 *SecureBootPk = 0; + UINTN SecureBootPkSize; + UINT8 *MicrosoftDbx = 0; + UINTN MicrosoftDbxSize; + + Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, (VOID **)&Protocol); + if (EFI_ERROR (Status)) { + return; + } + + Status = GetSettings (&Settings, TRUE); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: Failed to get current settings\n")); + return; + } + + if (Settings.SetupMode != SETUP_MODE) { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: already in User Mode\n")); + return; + } + PrintSettings (&Settings); + + if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) { + Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE; + Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, + (EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS), + sizeof Settings.CustomMode, &Settings.CustomMode); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, + &gEfiCustomModeEnableGuid, Status)); + ASSERT_EFI_ERROR (Status); + } + } + + Status = GetSectionFromAnyFv(&gEfiSecureBootDb1CertGuid, EFI_SECTION_RAW, 0, (void **)&MicrosoftPCA, &MicrosoftPCASize); + ASSERT_EFI_ERROR (Status); + + Status = GetSectionFromAnyFv(&gEfiSecureBootDb2CertGuid, EFI_SECTION_RAW, 0, (void **)&MicrosoftUefiCA, &MicrosoftUefiCASize); + ASSERT_EFI_ERROR (Status); + + Status = GetSectionFromAnyFv(&gEfiSecureBootKekCertGuid, EFI_SECTION_RAW, 0, (void **)&MicrosoftKEK, &MicrosoftKEKSize); + ASSERT_EFI_ERROR (Status); + + Status = GetSectionFromAnyFv(&gEfiSecureBootPkCertGuid, EFI_SECTION_RAW, 0, (void **)&SecureBootPk, &SecureBootPkSize); + ASSERT_EFI_ERROR (Status); + + Status = GetSectionFromAnyFv(&gEfiSecureBootDbxCrlGuid, EFI_SECTION_RAW, 0, (void **)&MicrosoftDbx, &MicrosoftDbxSize); + ASSERT_EFI_ERROR (Status); + + Status = gRT->SetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, + (EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS), + MicrosoftDbxSize, MicrosoftDbx); + ASSERT_EFI_ERROR (Status); + + Status = EnrollListOfCerts ( + EFI_IMAGE_SECURITY_DATABASE, + &gEfiImageSecurityDatabaseGuid, + &gEfiCertX509Guid, + MicrosoftPCA, MicrosoftPCASize, &gEfiMicrosoftOwnerGuid, + MicrosoftUefiCA, MicrosoftUefiCASize, &gEfiMicrosoftOwnerGuid, + NULL); + ASSERT_EFI_ERROR (Status); + + Status = EnrollListOfCerts ( + EFI_KEY_EXCHANGE_KEY_NAME, + &gEfiGlobalVariableGuid, + &gEfiCertX509Guid, + SecureBootPk, SecureBootPkSize, &gEfiCallerIdGuid, + MicrosoftKEK, MicrosoftKEKSize, &gEfiMicrosoftOwnerGuid, + NULL); + ASSERT_EFI_ERROR (Status); + + Status = EnrollListOfCerts ( + EFI_PLATFORM_KEY_NAME, + &gEfiGlobalVariableGuid, + &gEfiCertX509Guid, + SecureBootPk, SecureBootPkSize, &gEfiGlobalVariableGuid, + NULL); + ASSERT_EFI_ERROR (Status); + + FreePool (MicrosoftPCA); + FreePool (MicrosoftUefiCA); + FreePool (MicrosoftKEK); + FreePool (SecureBootPk); + FreePool (MicrosoftDbx); + + Settings.CustomMode = STANDARD_SECURE_BOOT_MODE; + Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof Settings.CustomMode, &Settings.CustomMode); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, + &gEfiCustomModeEnableGuid, Status)); + ASSERT_EFI_ERROR (Status); + } + + // FIXME: Force SecureBoot to ON. The AuthService will do this if authenticated variables + // are supported, which aren't as the SMM handler isn't able to verify them. + + Settings.SecureBootEnable = SECURE_BOOT_ENABLE; + Status = gRT->SetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof Settings.SecureBootEnable, &Settings.SecureBootEnable); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: SetVariable(\"%s\", %g): %r\n", EFI_SECURE_BOOT_ENABLE_NAME, + &gEfiSecureBootEnableDisableGuid, Status)); + ASSERT_EFI_ERROR (Status); + } + + Settings.SecureBoot = SECURE_BOOT_ENABLE; + Status = gRT->SetVariable (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof Settings.SecureBoot, &Settings.SecureBoot); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: SetVariable(\"%s\", %g): %r\n", EFI_SECURE_BOOT_MODE_NAME, + &gEfiGlobalVariableGuid, Status)); + ASSERT_EFI_ERROR (Status); + } + + Status = GetSettings (&Settings, FALSE); + ASSERT_EFI_ERROR (Status); + + // + // Final sanity check: + // + // [SetupMode] + // (read-only, standardized by UEFI) + // / \_ + // 0 1, default + // / \_ + // PK enrolled no PK enrolled yet, + // (this is called "User Mode") PK enrollment possible + // | + // | + // [SecureBootEnable] + // (read-write, edk2-specific, boot service only) + // / \_ + // 0 1, default + // / \_ + // [SecureBoot]=0 [SecureBoot]=1 + // (read-only, standardized by UEFI) (read-only, standardized by UEFI) + // images are not verified images are verified, platform is + // operating in Secure Boot mode + // | + // | + // [CustomMode] + // (read-write, edk2-specific, boot service only) + // / \_ + // 0, default 1 + // / \_ + // PK, KEK, db, dbx PK, KEK, db, dbx + // updates are verified updates are not verified + // + + PrintSettings (&Settings); + + if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 || + Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 || + Settings.VendorKeys != 0) { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: disabled\n")); + return; + } + + DEBUG ((EFI_D_INFO, "SecureBootSetup: SecureBoot enabled\n")); +} + +EFI_STATUS +EFIAPI +DriverEntry ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + VOID *TcgProtocol; + VOID *Registration; + + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol); + if (!EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: Started too late." + "TPM is already running!\n")); + return EFI_DEVICE_ERROR; + } + + // + // Create event callback, because we need access variable on SecureBootPolicyVariable + // We should use VariableWriteArch instead of VariableArch, because Variable driver + // may update SecureBoot value based on last setting. + // + EfiCreateProtocolNotifyEvent ( + &gEfiVariableWriteArchProtocolGuid, + TPL_CALLBACK, + InstallSecureBootHook, + NULL, + &Registration); + + return EFI_SUCCESS; +} diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf new file mode 100644 index 0000000000..153830f743 --- /dev/null +++ b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf @@ -0,0 +1,54 @@ +## @file +# This file handels SecureBoot setup. +# +# Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SecureBootSetup + MODULE_UNI_FILE = SecureBootSetup.uni + FILE_GUID = 14693BD4-D114-4177-979E-37F279BAD620 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 0.1 + ENTRY_POINT = DriverEntry + +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SecureBootSetup.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[Guids] + gEfiCertPkcs7Guid + gEfiCertX509Guid + gEfiCustomModeEnableGuid + gEfiGlobalVariableGuid + gEfiImageSecurityDatabaseGuid + gEfiSecureBootEnableDisableGuid + +[LibraryClasses] + BaseMemoryLib + DebugLib + MemoryAllocationLib + UefiRuntimeServicesTableLib + UefiDriverEntryPoint + DxeServicesLib + UefiBootServicesTableLib + +[Protocols] + gEfiTcgProtocolGuid ##CONSUMES + gEfiVariableWriteArchProtocolGuid ## NOTIFY + +[Depex] + TRUE diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.uni b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.uni new file mode 100644 index 0000000000..0ea5d32872 --- /dev/null +++ b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.uni @@ -0,0 +1,21 @@ +// /** @file +// Provides authenticated variable service for IPF platform +// +// This module installs variable arch protocol and variable write arch protocol to provide +// four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo. +// +// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the BSD License +// which accompanies this distribution. The full text of the license may be found at +// http://opensource.org/licenses/bsd-license.php +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Provides authenticated variable service for IPF platform" + +#string STR_MODULE_DESCRIPTION #language en-US "This module installs variable arch protocol and variable write arch protocol to provide four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo." diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetupExtra.uni b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetupExtra.uni new file mode 100644 index 0000000000..9811340573 --- /dev/null +++ b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetupExtra.uni @@ -0,0 +1,17 @@ +// /** @file +// EsalVariableDxeSal Localized Strings and Content +// +// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the BSD License +// which accompanies this distribution. The full text of the license may be found at +// http://opensource.org/licenses/bsd-license.php +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +// +// **/ + +#string STR_PROPERTIES_MODULE_NAME +#language en-US +"9elements Secure Boot DXE" diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/README b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/README new file mode 100644 index 0000000000..5182454b97 --- /dev/null +++ b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/README @@ -0,0 +1,8 @@ +# PK certificate generation + +* Do not save private key for re-usage. +* Generate a RSA 2048 / SHA256 x509 certificate +* Exponent should be 65537 +* Microsoft certificates can be found here: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance + +openssl req -outform DER -newkey rsa:2048 -keyout /dev/null -passout file:<(head -c 40 /dev/urandom) -x509 -days 365 -out pk.crt diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/crl.bin b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/crl.bin new file mode 100644 index 0000000000000000000000000000000000000000..728316fd8d68052e0252ffc1c58c6b81fa10387f GIT binary patch literal 7085 zcmd7Vc|27A{s(ZgFpPcIVlCM@V_%D`kub;>4Mt-h2BGZxlFCpLA!Lh45h7Vq$X?cb zmA&kH2zPwH_xruw)4jj@$M10;kL%%Ke9n2E_xbpo_j#RT7y+YTW@IJ%^NW#|^c!@A z?m=&&0WLsdbJ=&%vKZ z)6d?~)*a_?H~_*Rd_S)y>3YDzAoOIU?MP@C1VZ*`9I1tIt6_d{5vOM!%wIj_X(hHr zttrxEn4oBb_{8_b$v1jtExvt?D8{SPtv)C(ziAZls*@{R7)Vv3erYm8uC@`pGQK=~ zbYV5c>|x+Io^s|O(; zBO2|fL*#1f?FNRhs*~S7Z(2L1_S2-T z^z2K9=b1sB#VsvIOBV9>TWL;5?6H5VE*Z5Bg~A|Ykeo0GfwUs-01Ih#Ir-s-t4<|C z0f9rpmXMid_hmMl7zGoUYv&Fgo1L2-gL4ar6zGyk z0jR@EM$RlOg_4y*iAdT@%gEZ>*^2=((vo7*a##g11qBBgF|3q=ojgj$UPeyJ0pLC? zc>>M>u!XSL{ZQ}7I-T2&W9qdUGA+LTzB2AIV0;L;;pYL;S+lgVG@{NrdV6~)N=W$n z`ii^#+3n)?csB_T7bm=jmxMjRRf5zsr2Z$hwYu72Q(r#(AqL2bNlJ^8b^{m+O41)q zPL6;;;3fbXF#K~2K%+GNV|@pLx7YuD25*4oaN5ie$N?M*kp0}3q`REdmk_e31eD&b zW5_hVW}UQ*aE(f2ChdGv(O?L5xrhZfVz9~aedH~x&2w?J(da^p;eO{Mb3a;jChPfc zMkiiz`P$ujy?0`XBjLGE1s3EpOAPHS!9k6#|mJqXAW zViXg((g=_OGa!fh0&*DP%gba|djL{;k@flp5eN)}0&xww8uIr?1oCU&Q z-G5{w(iYkCMakpn4Ky+)%0y< z*X)`G)EYrMtUKi`JY7aV?>09dTs>iFFB!ndZa_CdoiERtbhBmSbHvm8X`(Y5FB1Ey zzKp+y7Zd}>$8^>x4DVy}je_4r8rfD$3l6esJdf{tF=en`8og%e*^*I0DKKb^C zW|qf{<0oPhJYM8->d!x!O5b5?9B63&FxxCKmAZH`9yXt_8vm_HcUPT}i8`o4o9Oy! z8Xh~hAqAgffCzg|ZHF@}AMjI2I9}B{s4;l;sl-#*yl9uM*I#8a%|YqCkZ|S?f<^Y+ z6XMdQ40A{ebbj*k`v+G$mh6cQrT(fB{?Wk`=z`e?*AY&)SpSSe15zC70SteoAS(n; zdRmkH6ovmXmX7>&01FgO!-XU>Ci5Y)BU2|+`~5k_Ne@3P69v%!l>_7ej1&j|6nL6f z(CS};%o*$ZFJzoBrBqVnb1ncb{SkPkfH7c{Wss#GrT6zhA_dp4f%kjbc@XeeAN#*T ziPXBJz9ls+saFq^4-g}L12X@=(iyHdvB5pl!m+yTZid zGy_>ZE3@b;1&i4gKG$xO6^Z3uwfyG)qFT<`=sE*-^9yzrihH$HaLli+rZdJIOVe-m z?nusM^8S&QZl_KiJ;@hy*1f>S>y4@!KSYkme%gri#fbT^wkK-*9_cP$_ixh=+~uB{ zN#-sWrb*B{5ENp#zBLf=sOM@m`8)pw`rE|x#{DsTkSqQ54-J~5(nfa`=%;Kh4swv+ zT}R}deU|0BM|ot`^Wyu=s1v!-?Rk6VK_8rOtcgLPtHI1uwDEDu(GhbKoptI{C1Mdt zH=RW+12lHfMWOG+j=%hj9wTG?eqW^lQ}#uwA}6ND;Ry2ROmRSNLs;|$`KJ=JZ&;%7 zdkNyT3Y9a{O`j(_1R|D_&n^kY-_}x73O$A!+*Y@6Xs4~+BO@BD`zYlXp8R2`rt1G$ z%mC>uaMc~XaM$U2Dg9P7dADX`i7`tk_bvc0l9RO^)^$22J?Oa55AAYIrs?Z)bM~jH zakEC5c$EJ}D?=YpCQYbG!6+^J&t;b%x6Wp(ihlF;*k(lvKVCj_B5^0q|6Y?5-HV*# zJme|g+gP5E4K%O4W?}Ggks*xara8vp3K z#jX60mJ*)(IpSPuSDj4orf6QG)D7M(WGP-RTv`aDc+05kCo#Ki>+1=bZq9GV46X;;H>_AiFv1#fRU#kxYIR%e<&%jbk-c2LA`wm2H&PH3yw zsP*$aDAuG^W?aU#% zbyQnSKvHbXv&0O_gLJzhRI~W8UMxH?nO`F!cWDInM=fw9qFGxSs zSQ;`Hxb*VbLgR6+*i&rH4d)Gss>OwB+pepce*Jp0| z>4iKWazfS9LiZB$xQ_G~aOR??-O5#O6kzn#xQPy#NU-0K2+!F`-|Z*T69i9=Ou{s! zd#xf7CtZ~81Qxp=>%0c`Z-xdRMvcD{qbe;D#s`agMbnfwpZI>sw8m3)P%V}lrt;NySP;K~eg7%eAWmn` z_=b~@6S4zdIv_-|6tBDR2iCRMVK!~ndceNheqL}hsK$5&D^?$PAk~s1JQ|gWVcusG z7nNLTpK=3xp_V!Hb7jSc@uGtZ?gf~DCFPwjHT#SXK9^RfSt4{b!2b5`44qTIlxo6h zb{a>?k@8-u&jS1cW0flBdhZbO*3W}I!sZ(Vd8|o%7N&fEfnivg=k0zPdk54dc{VS+ ziV-dUi=S>OFvsGbF17f>_647^LAX!g_KDN4L}XJl4ivgGz@BRC@&zL%%6Y$PH>U1T z{=G_ARKi3io4V*DxV4?rTx32A`-sRP4Y73W@^hr4V;YR{B8KT+>HI2R{++p>2RI z-@4}aE&xj2>mgYo_r|+JM3V3~-+FiQuCYZqrh`5E1x0Er^_D!u%RW^Da%nD=E(JSW zXY%(7I`I>Q!$cae=a7;XIv}@O$V`EqX4Lt#I3@N<{G6K!Lq%8rJ8W;yFY^~k?K*W< zoVYK0xn8e{R)Eqqp^EzDT`je$~nlx4#3D)Rp1bsiRY2z~= z+nd0e1g9JJnze5x$DntC@{n> z?Ton_lO0Sm-GukgC4R|U*BBG+gpU^ENk&ztUb|M+FNq|V$jHk?6MB-qi}$oKg6rd1 z1P?r0N9aD5a*JQDZ-0ypXml9eC{OCBJhg#T^s@nb&(+)bUcPfdCOKMmk58ujc*nrw zOTWSF_;q5azJ1T$2kZ$hrz=h1&cNDtm9)E^uuYGz1r$9VaWKzmvE~P&CmMe7pX)eq zUDgjSK4y&@QyQ%etCuVoEaJRjBjL81EZ9E?_I?7Tsj{Lw%btNHlTYhEtHb$V}-j=IZ{s!zr3#uJnM)XCyBnuUqgucIH%+XcE!Zb+vE=Ork>R@>i?88QsI-hS+ zs&_s}Y3hmYNV8DuP?=?*GslYzUz9Vuj05{v%aq7X_BPI-4+aenwW&SVR`}%Yh7KOQ zR~#QBvZ<7UeO$ke#mb$EjfB#oWNK$yTyg)k824LRNmzCQ?;8uvYOs%Amwui>_I`^M zn%!}m(xDwPucVTtEc43n^4Rr{_8YulpKvofwrd7?9P!x8p$7i8e8pDhUBghVPfR3ZWAws*%2Us|f~}=TS)K*^3|%L7l&zz<>E7)A z24*g1o_qgODV&V^%Imf*MEMJ8u+OVt<(4(=%PytW7O?Plnat&(Gr5yL=;U)=M<>#o zG9T>o*CY%RE|l$;+@}oMzR**HoVT9dTEZ{qi6p%mv(`)i`x3`fUy|KU^?h4&yc9DO z82Ou$e!B|Y_><7L&sfGV(xJgUc3u_w4D2fmxTa<8xl0_$6O^drU`HFO zY1-K-gcXjrIhKx0(wc&O)w17Ec(!h{6t8_!j0{UhlBiTE$IPfl%=s{xbpbP3u&=&G z8B3lHyS(yI&#gj4*1wsmu2|crWN?I7#8>fxWA{e#LoHG6ueog1)^SoXjlVp9Ti6>4 zo-PW99v7@AICegKpf%o#MnI6$7K)ggCN|y;2G6IJUg`>a)y#HyiV1UT$_lmD+^OKf zhcwj_b@eT{$0PAz-|i9_uiBS&@2WX#1+l?M_Z-Hcw4d_GaLhoydy3!w7T9+x?Yy$+ z511`Z*wba(YCgT)c+%)ht%HTxfXt52hH59+54O*x$ZX(5WP=RucDz03WNXci(EaL4 z&_CM=W&6Ii1NL7<`R0@^p6$QH)!4SG-D{yOzxXovS;SF|J9vxnvYuc3-l)5Z(6@-U z-YO-!$41_gRqQuBOWc-Jy&YBjma~84mwel|FEH>EZSDK9`hNQd<8HScCOX=@*Di8_ z=}OuscQ*)lKKotel0D+7dTu(_qMkTH+#|F_M9HN*E*~~NZp3|-U;3wwozqq~A&BXC zQu2-Nebc_w(Cwb1h3+s-q#9bFvBe5p-?Tc7c1opoU&pfWtz6fcO134H#GQ)NqJYOo z7V_;YYQWxi^ay8F-zh&;;44Ypz<6u< zjLN-F{#0Vg-JYi{u_(>xIixTf0rpDJXyel~P2KZH3r@5z7pfHv5?K9vno~o>dYbZN zs|vwB>HgyS#*WdrlxoxJH>J7J zr7quTwl&E7EPTE$Ul79%Xo9`w+jmcVkXBvrw&v?L?HD6^ze z!N|bSz(7u%*U-?=z|hjr!o<+TC`z2y$PB_Y1#t};TWI1`Jp&zxQ&ka84bRL=$uBQf z2q?-=DNP3XNFl)45#&rmgC<5L{yk8AUeRmzWhZyaSqGceJiYuzeP_GO zznv$QIrCSzO+1)4&BpQa>BaW3Oj*8fGUZh@V$A;kbr$8C@<4LS`TK{29vzBSf2Uqy z&>gMCnXS|roFJxiAVW5I*Bj5za}#@7GdPP~Vrv(LXy2{;E_&WHHb+J~=G>k+%H8>S zTh(rw2_N>qroL{ck+tI_orlNImcLjP;`cpmjt1Nyo%}2yW7-V(K^$R5#{Vp=2FyUpKprHZ z%pzeR)*y2ATiEIT7mH$&GA`OqnGk*b+$@PB24Nrt@+|%az6Rb4JQujPxn`7<6jrfX!Z2UKJb#l`{j zA}cF9BO{BSfscU~jBmiyW(T#Ryu2Kn6~N4Z&+HQ9ga*v5%uT=m6!}wA7`U|ZP~N8Z zmUeq=g81{a?FEF3|EFLizEK78Zu;`nWUQnsi*c*pB~ z$qyde8m4Y&eEMn4S+OPaZC7lZeaPv;gqHXa+5erdcFDR=$lp-x=Q!VCe*DvgTAKtX z7I!IXd^mTn*fQR3bxgvW`^*9>E_1&8@@-n{w)()1Ge@>ec3(c~3GG&F?i{ z{8lQ-ntpk5c$}uR<%xH?56?bvEsnl$>0H%nG07&khzoIZ8#kw~&oTY9=c&EQBhy7( zrEK3M!e(Bn(7DJe{rW-&EB)G3mq&^vrrU323H zMVl`&2aoQYFqyBzb#mLwjS4gO%{YB@>XO)`YYUP&6!w-1l-JsRcHKFD`ux-34f)0^ NSd87gG}>Bg0aT9G~N^oLSyHOAfTxvz78VGlrx*5UXc@ zJE@j?Q}KQtu47)Vi3^U3=}x=+ReQm2U(eZ&4HIm3hWvfD=i=NWOC-AL9lK&8n=_1d z_qd;YSGY&fe^yt`e;51Sexprl9_vcCzB}n7=OtP9q-mCHMY%7}hP~hTFNkO^jv05GgVcV&l|i zV`O1$G8biJVFk+>C?mv}Sj1RFejLo+USA&U^;y+i)^DL&HNQeZgMlnCMr8Rw(!y)^ zJ9F-BDwxxA)!#7hs?v-u=_>}3a5F@hSa{^P7=jr}8Il;B85|9`K|1+aSb!Oz&43@o z5oTok&%$cJ45SR?K?2Gw5(Z)oBCcsc&JXJ%1ovO_o2MMgVQr<9wZb3jRSyFfRa;I52$! z6E`qT#{<)hfi4gknCbzQ8YHlB0KUE;q>3&%(?GnJZl9qB1|>ijLOt&-U~UZJ4t)3%5Ajph!hU}{4&C1 znHYD|s@Sznw;Gxq+4{H0eq!GFSt?fgW59%;n?qZiG-MR^Zdw;8a`eEO=~ESDCfw%# zQ$BBM@x+c(d-n$IWDVfGA3kqE;#=OQxvDoE_{AMgoLlU5$anoLAz6-){=LWd?9{gP z)Rs5;lckvHKl?QI|H^}7P`p3e|O3K zJ97OESKmr}(H9ZR*1wn5vqAak@s=BJUmY}VS{vpqq5CmoD*M^8kH{0YRa-%tSY$V?b_=s>rUTrh+NQeajH+!L?x*b*&bVWK9^-r zHq16L-S}%;@Cu#AH%nLxPt4u1>xHyS+7tH>zP_;f&GW@(Y-+oZVK+f}tA1R6Kx^-@ z-lllRgN1MfA-&c}SF>PgInqRZZ2P+zbh(mdgZ#grWnDhht= h@@Z?I^6kMoCf9eVhqf)Q%M>eRpEUdHvOST_5de>mHUaQxhX2!;u$TyY{aQSKFX=_|@~@;Z-h7vFyCJyq=b5 zJ=?(lCinH5`kjxXl8tHv#r^pnb1%0Lo!ocq>w}h!vu5i&|GItRHO_~R4zR3PV<2R91&S9_(-|4 zw_y7cS>HG7p3eCtcIf)S(^p;`(SJJgok}H`B=nQM3VkEpIuxws!gliCC zV&ReFVhCm^Wk_OhW^gp%2I=Hy0U6U~zz^aGGcx{XVKra|QU>xM0c92m1F;4X*R&w# zhjkHx`>*-UQx4^@wo=MkVGsjSAkPwN5Nr^*z<+^nn|DS@Nr9EVesWQcUM?&x>m}#s z>K9~Zf<*NTitQ<3X)E3>+FDvQfnk;IlCr2*mD_ikX9ZRZqL6?=D`>xf9< zxfXsxa&bKCwcE!oWS;ZzHroC=_L9NZ17COSs$gHN{crYdldzUIO{dm5sus-2e)(?# z|Mh9|PoGbb-=xLU>-}FtQ=t0$^_ry@%XYG!sC>&mVbYvK|L*74oX7zgh@9nG?To0`c7HO3KZNRe1+$`~ySEjVd zjf}U~n9k=+;kkT1N2zk{#t(a#7r7;@Ji>lRvFYRAPcJHs687I%vs6jM`_#c3-mh!z z!%a6m^Do`9A%R&bc-_QG*=w^Mx%*4pVBqAV^xtN4hM|pMPM$%f_kI=F#?@mywa1 zmBFBKwjs9xCmVAp3!5;Li>o1z0T+nF!Ncqq6mG~5R1V~^^RPMPCufxA8p;{SfCRXB zL@iTuQgc)DN{SU6(^K=3D;3;xlRON?3`9Wk+&sL_l}V{Z!KulmMVTd)h9U++AaQ0M z?$FenV^Cn-P*Ck9``uch4 zzsw_Pi_;$)ud!PF-TB=Y2}hF{?t@#`3og;x&20bGBb+J9k;Bk`ZB&Z)c`0+xn@zi> z`m(AvMU?r51-?$YaBiNS`h-0vFZ_vmwNz-%cjK?`Oy(}Re6C^F)=w9-Wvdo$DVDmP zeC7Rw3Ey8T`CglL$xOjv!LP|j1>PpuE?J@d{)9x<=DdkKfnA@n=bPQW`KH)I*!A&@ z4}D8@?+0>hUdOg{$=+Du<`c2GehFrm)xR|^v%aYid_wq1hqmTkyy9`CW8RwBcqV2>2FAs~ z27$n2z#J;e$0Eie($q5Va`d?;jqMA0=M{gAovk6Z=YWAcNLrai!a%G6y8?cY0%1nR z|17Kq%s>h`*nz1W80?G;Gd$PZUu!7fiM3gJ@Lp7ScxH?02G{LM5ob*r6gV%|s$R0q zTVA2%e`dzIqpq)0Rqk91Ja?k6^zzafTp3NCzNf`kx9j+>pY`iDkQN3XYa9Xr8%$*C(#)!rNCn zKjr;$y*bHJRE>GhA_nVdm1Ri>!#~ez@w;hbYawHx%Ix;GkWGE*-0xq^H6p~CUYLdV z%(;;w9=7j3pTOP!)pchc_na(gz4vPOo+)0tf;PYI`R#OZ`Wue8^IsJw=_#LIYg#H; e|M$d7pNB%re;RY_75|!39JRH!<;Tx2S9$?qFp2U2 literal 0 HcmV?d00001 From 70ea67b2df8a64ccf3940c06bc78994f3a83953d Mon Sep 17 00:00:00 2001 From: CoolStar Date: Sun, 4 Dec 2016 12:16:22 -0800 Subject: [PATCH 019/357] FSDrivers: Add filesystem drivers Add EXT2/EXT4, exFAT, NTFS and ISO9660 filesystem drivers. --- FSDrivers/IA32/LICENSE.txt | 47 +++++ FSDrivers/IA32/LICENSE_GPL.txt | 340 ++++++++++++++++++++++++++++++++ FSDrivers/IA32/exfat_ia32.efi | Bin 0 -> 43008 bytes FSDrivers/IA32/ext2_ia32.efi | Bin 0 -> 19008 bytes FSDrivers/IA32/ext4_ia32.efi | Bin 0 -> 19520 bytes FSDrivers/IA32/iso9660_ia32.efi | Bin 0 -> 18560 bytes FSDrivers/IA32/ntfs_ia32.efi | Bin 0 -> 49152 bytes FSDrivers/X64/LICENSE.txt | 47 +++++ FSDrivers/X64/LICENSE_GPL.txt | 340 ++++++++++++++++++++++++++++++++ FSDrivers/X64/exfat_ia32.efi | Bin 0 -> 43008 bytes FSDrivers/X64/exfat_x64.efi | Bin 0 -> 40640 bytes FSDrivers/X64/ext2_x64.efi | Bin 0 -> 22280 bytes FSDrivers/X64/ext4_x64.efi | Bin 0 -> 22792 bytes FSDrivers/X64/iso9660_x64.efi | Bin 0 -> 21832 bytes FSDrivers/X64/ntfs_x64.efi | Bin 0 -> 47168 bytes FSDrivers/exfat.inf | 27 +++ FSDrivers/ext2.inf | 25 +++ FSDrivers/ext4.inf | 25 +++ FSDrivers/iso9660.inf | 25 +++ FSDrivers/ntfs.inf | 27 +++ 20 files changed, 903 insertions(+) create mode 100644 FSDrivers/IA32/LICENSE.txt create mode 100644 FSDrivers/IA32/LICENSE_GPL.txt create mode 100644 FSDrivers/IA32/exfat_ia32.efi create mode 100644 FSDrivers/IA32/ext2_ia32.efi create mode 100644 FSDrivers/IA32/ext4_ia32.efi create mode 100644 FSDrivers/IA32/iso9660_ia32.efi create mode 100644 FSDrivers/IA32/ntfs_ia32.efi create mode 100644 FSDrivers/X64/LICENSE.txt create mode 100644 FSDrivers/X64/LICENSE_GPL.txt create mode 100644 FSDrivers/X64/exfat_ia32.efi create mode 100644 FSDrivers/X64/exfat_x64.efi create mode 100644 FSDrivers/X64/ext2_x64.efi create mode 100644 FSDrivers/X64/ext4_x64.efi create mode 100644 FSDrivers/X64/iso9660_x64.efi create mode 100644 FSDrivers/X64/ntfs_x64.efi create mode 100644 FSDrivers/exfat.inf create mode 100644 FSDrivers/ext2.inf create mode 100644 FSDrivers/ext4.inf create mode 100644 FSDrivers/iso9660.inf create mode 100644 FSDrivers/ntfs.inf diff --git a/FSDrivers/IA32/LICENSE.txt b/FSDrivers/IA32/LICENSE.txt new file mode 100644 index 0000000000..cdeae2b89e --- /dev/null +++ b/FSDrivers/IA32/LICENSE.txt @@ -0,0 +1,47 @@ +Licensing for the filesystem drivers is complex. Three different licenses +apply to various parts of the code: + +* Christoph Pfisterer's original file system wrapper (FSW) code is covered + by a BSD-style license. Many of the source files with names that take the + form fsw_*.[ch] are so licensed, but this is NOT generally true of + filesystem-specific files (e.g., fsw_ext2.c or fsw_btrfs.c). + +* Certain filesystem drivers are licensed under the GPLv2, either because + they borrow code from the Linux kernel or because a developer (typically + Oracle) applied the GPLv2 license to them. This is true of the ext2fs, + ext4fs, ReiserFS, HFS+, and ISO-9660 drivers. + +* At least one filesystem driver (Btrfs) uses code taken from GRUB, and so + uses the GPLv3 (or later) license. + +Note that the GPLv2 and GPLv3 are, ironically, not compatible licenses. +Thus, code from GPLv2 and GPLv3 projects should not be mixed. The BSD +license used by Pfisterer's original code is compatible with both versions +of the GPL, so the fact that both GPLv2 and GPLv3 drivers is built upon it +is OK. If you intend to contribute to this project's drivers or use the +code yourself, please keep this fact in mind. + +The below was written by Christoph Pfisterer with respect to his original +code: + + File System Wrapper License +============================= + +The various parts of the File System Wrapper source code come from +different sources and may carry different licenses. Here's a quick +account of the situation: + + * The core code was written from scratch and is covered by a + BSD-style license. + + * The EFI host driver was written from scratch, possibly using code + from the TianoCore project and Intel's EFI Application Toolkit. It + is covered by a BSD-style license. + + * The ext2 and reiserfs file system drivers use definitions from the + Linux kernel source. The actual code was written from scratch, + using multiple sources for reference. These drivers are covered by + the GNU GPL. + +For more details, see each file's boilerplate comment. The full text +of the GNU GPL is in the file LICENSE_GPL.txt. diff --git a/FSDrivers/IA32/LICENSE_GPL.txt b/FSDrivers/IA32/LICENSE_GPL.txt new file mode 100644 index 0000000000..d60c31a97a --- /dev/null +++ b/FSDrivers/IA32/LICENSE_GPL.txt @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/FSDrivers/IA32/exfat_ia32.efi b/FSDrivers/IA32/exfat_ia32.efi new file mode 100644 index 0000000000000000000000000000000000000000..d293a24ccdf14e8b7e4d82aab3499bfadeefc25d GIT binary patch literal 43008 zcmeIb3w)GSmgu{`s)SUf5+D!WNGc#&383;$Y1^srG67#Cv87)p2@tK~odlF<)2T>1 zT>6-nm$*)se(Y0G?5k-7eek zacUFAbIhudr1Gm&P?Nv%Y?FsUKV9S#j561ts>@{!u$QUbr&MA5ILDRxF-=GAR%+s9 zy8I=@*KMxcx>?|EkU#ux;@6x9Px_BrDgSk=D>he$0zNoE7xsYWz1bc1HIkP;u`TN?Jh03 zlKX#}0vASP^?4k=wyb(z)k>vG+cmW!S*grIrS@q@6Jnkle6b>)J+CIja;E!YOL;Cj zkr3NpQ%_t-D(Gvsm;G~=+y1+82BJZaQfD06Rbl$a5U@_Em#QvT!G3u@SMonvFSu0f zoLxmSZ0bPyjlNhZFoQ}R2>oVJ%rVs$Q(FE%m(TLW2A4^Fmpvn5wYlK(#m<$y)MCK> zW$Q=Z)LK7&(AL_&P@T97m@Tybka5o0waE6-zSul)>v+f(c0B5fCE9|;ZvyL-U4;dv zj2X52V)JPuZKXa-sk73i=Y>$C!0NH9*r_Qh+-=kJJ_1Mj?XmU!LguZSlfpTqp685m z>GKBt9|E3?tK%O2V%-2dvrg#79Ks(zxPUnow4N(@S)ZfO@m$G&H|Dv@)*5@zuFv&6 zbJWK#a14z95px#Yv=PD1^<&f%LWcvIItX8OIi6n}b7<;--lxM6ZlYd)&Yl#`)`Fe8 z$p=TN6;C4v+L&PHwg%S?~j(-}%uF{e_;J=y8u zyWvF-vVIck9RLhp0X8rg`I#En&xrdC8pSYx@uH8Peh*y&}g zC~%u@R578u@J54n?hY;NXg27qfD=vf#cV2AOkJ_ggG8e)NWT#B2Q3EZaxzt|2&GtK zrG#JU?;j&$2>k4N6@D3BE(Xq<;Qi2ErOT2v2cPPDv1zo54YV(?U)uhmOWVsDcwFmy z(c;MwhdFM2YWPOxSn+`GF^ezr$bZ$GZ=TR_yG@5}$T7G~X3ogtCAeH;-~ye_WZSh% z+atsA?FE-};BVpLPcU)m7#{v3H0ZKtMqXge4{qnNo9(ob;ghuMhAz@}qQhugW9xfS z@)zhUba{jNm!P5GFSt5PnUAj%T;uDc{|6WPpA_E7x`;ivu=V3r*4p?-eQh9X@)Jxm z)A)6AVS7&Ub+~bK7umMzvNfSSP?p zz&)I%&emhQ9!XUvwg;}x!|loZeqeH*T~D*~WQ?N;Dtx{FlhmkM4=OAI^QDx8cS%X0cY=mvfiT;#c)XQ{&mg!45=Zwuqa=l3Q_TXac+ zirvV#QkRwJ`=Hrw!r-}p=lDK3z)YrHFEES1(ZAStC?`>!C|s-#wf6TP1ScJiHReMJ zw5Q!WQ&iaHQ{km)v<<8~RFtj4g@I{@8t5}&P@f{ka7rJ>a50uAur6;YV|W77@)#?; zgFeFt^;ux{5jwn+MZd3nq2CGVCu`BN@A2!+vP;&Q>PMf;+7lkX0q&0fs_WxU(bdRR zvBewd*H9-qDe*_nlKe zF)VWwTm{e212ugu&{oDM0>{bOGms5*M(bkny>=BeW4jqc^n^t>RX-{$^On4|PKVNw zvQE#H#Q8}ts}l}*+&@LNGR8j73DeFsCx*pekon5Id=-$cuikQHXWyHX2g$$XDb*KA>tVgJLvzA{bgZJ7CJ zBk~w78>P-VH5FUfZ?46TNrsMo-k6v0EAzR;*xTr$uYv0k=!1Oi>e`zaJGC9UWAAl& z0ykZLu<0IfR|TUDIF=qwD%f8Re%SaGA`d}iy#-tymOoTKCj8Aoa&WgU2N{uK`pLK! zU%K}$HuQPHjIi*-@w9=fjDHeaDsT%g^c#Lw{n+qn?4$ID4rkC^x_wEYpXg+UEVR$~XV2lg@9vCt&Cu>Du34fL#hjW(OTG`T_sT3Im4=G=STuRw0WKi-2$fO~Q z&WO8N>FXnYoM@jpPRIE0VaDkZeFlvk+1a{`dS<9tGH?pJ-G=NIOw?h-%dIX)1=GTg zY}G1wI-WDugS&o$-d2~-m%r%SqJ!ioDE0CC1gG1F53fZ$qkJ(x>o8dp*~iCB^Tm?! z<2=adf~zxk7HGaU;bE8E5pg(uvA66A=o@=vN`a=2ON1cPlP&%c_4Ko7JRAR{Q09nF z?6G7(b7O-tBfm$cWey6zSZw+4%)C~R9d6fx#Xn3_Pl&98b8-A$L?$BpoR1#VbpKq| zlIXzS;!}le?Os{$j$vw!(9OT*!#uHzk0+`FZ^3_&2a%{CqZNUrK(_oVh z)Pl#J?EoEFN}$=CpMQ5zY#ey*A>9KFneRTws~7c|HUF$c zb+#3|rq8)KTOWT;s(M0rBD(&g2W2l}?6(RiyBj>PD-nU0vMnL@>(Bdj*qQMEahoqT zj4@?@*KJRUEXZIF!PqsF*V!_A3s~pY9<7UdOSej05PPiIgPr-ncO&}_e0>M|$xQ6m zflvDnXvx?D>I9y{Y1Ap|f;JUvM<=zgE`pQMZODf3`8cwi;a2cIGx8gr6+f09ypUn| zhO!QXN1MSn6JCUDzS`5Y7u#8wsOA*n!-%~UUg1j|n9K9tPwGy_^Gx_9vQT33OZ1fR zD-~SZANnG{q`%c?NgTi0A6gW{kIj^H&k+3TN>D3=9~UxwvH1OAHn@HOorNE&K0)96 zM!_kB4w5n_d=L;spJ&j@qMv`BFBXNafyusB z_JAuqv=8L^TJbGn|E|+B*!gdyS#JC9oI+fPV6A6s9SD6l14rye12TY|9S}abvoG># zFyCZ6k-hlw;$=_9?`)U_xs0H$CU6>%!TsfmR@TjFLMxG76g_qTXC@!naI*xeKD76_pa5{ zoF2O?H$^2ME7aP(y>@3V{_xsnXeD;MA#gfR%5qpIQt#Is%h1dC{k}HrdwNlq=FR1K zjdINMB>372L#mCj^|{G7U-Tm#Cq#dSzM;J< zkv%mm`^zSqvv+|OYSiagFjaiY9X|JNOiWhm0pROB=$Z6qr;=a(0~!V zN*(B9pYwXPR#icNu?56EGV7NDmuC+&4xzI}*LVWmx^0-u^GnD}bV@=v3!kZ+eqB7* z0WUh`A9Z`uLZ2SW44cxU_d99!@!K3boo8Rq%m1aS3es2LY+d8YleP{wzBGB8mT|1Y z=G-a!y$6vW@z-A*N`4A*!x?e%(}7(aL0){@SDA<4Bl8e^P6OAN$7vlOo=@a!8NJh> zz0`S-m8>eQssNnw0=cpu(d(CD8@j3Qo1(m3*Q)UKBh?dcU)%0|TbCo`7CmOs+u}zL z>u(3VVO<_~H|K;4;ZatBiglxF2uEkuQ`g1%_z?f`vTLJzTKM0fsRtO=+IWq;tjizi zb8C;Ao4RCfZg{kvw&(1=Sou;TRwn%vdR2$lG2M_e(+?$3v7#QBr>7V&F&uMxr&ut1 z2l#$U=OKGZg|7;ox@jYF6yNXkKtF@d)1c!rt?w5-l=}lcd08gk*HXT-zyC$?pQ6;& z1w46v9&^yg z*6auurut%T)2Et*?8th}w4-~H)ruz5#|ECRhfE)fH8TVMVpJp;NAG%M={w{LEjt8m zmVOjkKBvckG9$CW-+!vW>$j=74)77YD`+da)sbeb!_S-s9;L`|G||Ar_qnmR5PcXm zeCp#$yFM&7%wH_)KO^E~zJX%m)5udM<5=<~>m7a>I-}czzppaIpZFVa>Sn$|FO{8h zQ7(0O_z%Eq0N#gUccl%oY00kW-2R1*A>&yNbRjP3y(uv*I8?xA8&`SD>PLnq6HdQLL0Phn*ha#IgD6|$GE_})A zNNy84i~aLp{~Y5C80FA^53(w4;(bfuTR!;7T+cn|6MtBb8N}niES`qVH(at#r2ns2 zL%u=%FY({D69+jTEbbqn+M*e%)`1S4C+)El=cg&}hGhIC?8W)(mABueVp(mfsvBN9 z6572EmzpE_3duXry~%1$0KW*IS7g0e25d6#{7 zWITI<_2?Y2#T5%AmNq=nQlXs?yZkXRQGIQ&=WsX-nZ%}uOkHZD3ucD@0XUTFdPvsA zi{z2F+!@GS0Jt7vY_g9QoFu*`wpV=9!sk`k8LK-feqO}pYukaH-80PBCVFEhYodH5 zJ_65{KC$6jOWix@*z&zY*S#fmr-rWkck1pV&fLOSxxnhd4rFPnx-hMw(N8&iFYe#| zMPJoCvBf_ce4dejz1MVKydFA=KPP<5FL$2ZD?D1poS9quNcQjg8qA1N&sL)pE)+)LYTWaalD7GA( z=9P9*-$K2gvk!cZGdbv{7S;-T=3NWACx-=}6|#n2PHt1^OVPC+bf>;YK{mu67rX0M zeZOd89!r?tkT$q^R(MvNe25LcPM43-5s5weuVF1;VE;YLJ-^wsd-Fc;e^OwdCoX|p z>GCG~0-len`q|-k(1GW%UAk<5pUA`!?3jl+w8!bypMmGc!1+a-Z_vU%)POTbmw8tl zZr$LPL_P()jsQpI?#%YZ0`TV*@`XGLy@XaWj>ps|;!n&3XFq%uez(F?u|<&ux=f)r z6Nc2A7v;)`bIJZr)|{LHir;txFhl4w@e^{I=Z04SU-Tt1TP1T4AM)xn(|7EiJD?{m z-%R;D?73pMAl-p50YWy;kX zK#oODPuX3O5OEF5_F88rA`g4uQ~OIx+v;dn1kGhH9Re0U^v(v((aI?oojQ0AI61`^ z%l4sT;injo3!Lws`z+2zHP5?5zoNTV#Gm6jq!WNGIA=^a7x!5PE&m;u@pQZ_4eRF* z&`{)kFdf;W9dNUsy^8rY!CTp@g`lI*briBuXB*YqfR22L@x-?uu(cg|1M@fqT%nnq zF}vuWk*Z=Z(q763+IM@6_Qa#4tO`GKE~b!`8%!= z^OE&bIfA$Y_DjlC^H+?v&l~d(0XM7SQk}YIl3MXTbI@GIp7$pDi(Z`$t=6H-yBDgk z$nBmTzP7$3)0R+ni7g@jb^7VHWQe+AsS{f=MBOs#o@4IM2|dwaPVGDU1B{ylPNGLG zy%FKr(i?t*KH)vL`(k2mo!HtQZ0$tw6WWf#)<(yu6^HRdOPr#fy9zs|VO zXrK7}&FHH?ke7WBcUm%|=tN-Zagzp^QqpY}evo=g(MA7Jc6s9!KBF$}6;OMPEy-GsL=ZXpEieYm@UVPa4nIj2!ZT$x8Op z?5W`^ab$fw_OBw>!~u%^)LU?(CY&{s*?%LK>ViUw}d9E_Xnqt!UcZMy9r|WUmjo&+nt`C#1TZ(^{80;L)_!15+29n zBXBJHB=|^wky&)Ve$S{Vjkw!9WJKZLj3kcI-+#u|JS;4}*IeYJdHjQCe z5+o;FB z?(#Q}2z#a)^?F`Q3m4|Z_2=wP&WZ-`E0|9_Ca%5$_;cg?r-xhNL7~?uD=Jd4wam?5 zBs!1%_-#hHhrL8$whxy654}aE zbbToNsGn@eof)Um*A=!Z-d7NL*4g9u z6(Q`nA6;BCS%qs{oJCGiVLRs~az_9toSS4ue$dCgEvK5Bi@vyFKU52UfzHWmDC1 z{H3<&zuJo_(}&%`nv#Nub>yfG6oH&XZ{`zEsb>zBZ3MU&A;~RTYpsJ!|o&5`x8n z$+jHklkT5HJ9|oQ^iRIpBTCH^IGm?e1(;KVmg)+C2m8RavX_y2Fx#Pl&?$SH@1)Ra z5p>$4)ZFMsUz^x}f39j{J&T<=qo2veoo7;ZTx(7ayE%jYkeH6>FZdLWw~6OU{@cZS zqHFD~pFWt-ihpoIZ2o)fHP#Vpc%S`-|2kjWdxuqPA3S}RGxHDaiIJFnSY#A1;q4qh zzTw_%-(wBqd~I*q$3^6>Lb6jW4`ut>hUeQ`mt`LvzmD}*KlQeq8O%Y)w_|Br7I*HV z!_{1w+g9cgqW^@cDh(ap>B#;=BYOP=K7QLTrv9PvMlE$mzs<2$d}JA~Zf`;kO6Y*p z&ttAq2a!wHfOAoruMIz-Ex$ljb6FzOT zXH41VdtB(gQm6OWNc3YvE(K;GFtcVF@HjKjV}WnkCBCLIN!y&HGG++A_K^2%OVG!N z@|-wBrE>C3y{?^hpJkb zh<=!Al%3*!m&|!3yoWw%?0wq$ZO*m+zW&np4*Ob#XTk%)<&=Fqv4^n{;mcrtUJYgGs?Dw{DJAY>zwe#a)Ds4P` znuEV0r?Ueeu3`)E<0Hb!_iM zwqtqtn?c!|v~SnX_7&&%*OMSfyu^s>QH?z2Qwa);^)iOoy5&#ZQBx9`|J_mW9*)X zR5+2m_06`zA8p+pK{v8&B@p%6J9HC3j1_ zs}u6(y_s;sye4I@lCy!P1iQZOR=u1Op1eINT)%?*dr!H-2NKj1V}%zRCYHFg%w@@p z{fAg@p@Kbv&ED zY2dj7JpUZJ?=$Jp^`W`%L~a_0^-7#jr8SKIGMO(Qwy0I;V1o|#5pU#t7nTK!&#{iI z_>cac!gfu!t>WM7=M(7VkI~7q;dxiGn#=wL-#;_5mOM5$_at^SIsqNh-#_QwDZbcy zti2XnySETM-NISBgESfc<=2|eTbQUV7n@jA53TDP#_u36cW6W8L)@XwGVSe=tJ?D< zcI~*(KQ}_ZKc}zw7&)Kz&s9mm&L!-Jg0hbB4IE0zIt(Kxa%a+rJ3+Urg~!N}!>7Ej zAlEWq;dc>xlw;)Kb(=q1wMm@|TiTQ5Yb%PQf=_2f9U0AD%&Tks;)N)*9TU1pKesX{{By^Ph zQQcMcsunq$pKa_(lc2#n;KR5}omy6Uu9mVCAG{x&*qm>!{zuW$A}Yk-6HmH zY^0mHblD`njeMK)eS!J5_w~;addPXI*cG8i6q?l$`&m8S_X)H(PM^{ibb5K5FLVIe zld|~xULM+tp6}m|Pjs34>X)oTyLLiig~I0++>hk zPpeE`bG{(FzGi^ei8(Syk%2Dsw;Nt}iC@QjgpMufDTxoaV9#W)rq7f1|Ci=z|DrrQ z5=7T)+zYft5;zmEJ+in}^GJ-s7pwhT^pIiqGANq^y#ma;bqJd&HZ-2z7Hz+1_b#5} z>FeiZ?Zjx-kI<|CdL?Ib>CuInSM*%Zz4$frjkR!|HSrcPZ|-@-+LNGfrmyYo?cC`{ zhlriB?n8=ggywDC%vE?YhWss}Td`Hy*s4S5qMq$O?@@gBB75Gv{8U?&hM&I25$wFm zybmR34O@X*!+u5XYt?YC{KN12yiH$KXGP9GWN#v}Co=WW16d{AI}JI1mOYOV+mn1o zL<3*Z=^tae--O44Z@f*laLh9C^L^T1+HKDfnuoRJ{(7~XJ#L2B zf&g~GnW^%)qoV6-!7F|p2`%LO$-*z5=alVAE*K{Fi}(4PXM_vU%>iO=(D6X7`AnOA zS$|B_b@iHqi7|;0NIxh2a)~4F5PBewh3In0>(7)W(?5TkYL)hKht-jx<`C=X#5Q!U z~l-p|{LJ@t%J>7l@syd2sI4*!LIeiPqp{HYek zAx4v)ui?L?Ft&42x^tVYL}0K7@J6U_0Z!2C1d|~RO^yI5-C3>6yKVg~X%-z8_#QnX}ww3-4#&M2w<~EpP1Q>6ojAPPG zWA7b5PCfgW_;EDJr(PVlUiLSm5{MzWa;FhD@u%8KoD+h@PR5R(V__=ernzzjRxW$E zW#H#XoS5#sDxqYJ;0Zp)IFr(InL`K|%QS}$!<7oH8B^~I{zcG9U<+TJPUUT24jygz z&iA?{i_`%s8 zWN9h<6Im5LhGZ=I`bnjHxR$!J3_Pv+RPqby^Lm{8mD65iZv?*&5qs%H_SV3^)8N*F zEVi;fMD~uDvUeNp{}(hV1K(5Nc0}T7v`enKYIY&?c0upltA>^MwdC9=x=rec5vNPM zuZLKl$lX_fA#^X)9Qqu)@xP^AVdA8ccNyO`t|&KvZ=Z|&781{tXMyz!aloQ2lV*E} zPw8VamIqmMz{etZ7^Sa_;e>}#;JptG&>`s#ew}Go%@V#YbvkpGfu|E3*U^6mGI5&t zqtxj#D|n_DycWA!h}=lrvWM}7F1mb?7x__6G%+*R3(U#iek`0ocC=G~zdeDfUil_$`p-zCYxmv{p` zPMe4ucyD1>V>-jQ1ka>51uFs}ch~Dx8GmAaE6W(=k2iqxg1V=ymxhYwlU4>tk zuT(AatILw2O}xHFHsvRXZq!rcO;4@!8$AVg_8BoBxM%b0Aa+aKG~xv25%4dJy8~Y& zcRs+?nuCoyM}TJ@ViPkWkHyUaJEYG+d?1-m7I#2Zu&GhzPzUbVjM5GMRh3gN>t53MIsW@+U2neqS@fOHPQP>NvuHH>&O7g%{*0gZ z-aP-=ndk@S<@vJ@^}nC>ee%gCS;XBfzCu%-uNIvcU(Z|o246i79(p>#Oqr*i2Y)@) z&(nCH-jS)sI=-@a@Vy=nZ(h_sJ=d}A z?{@3$@Im~n|0isYWhpaLCp2lPYmY(yP+a|HEz`B``P2!VO^pq0^Xx9+4xceb3S+o3 zoQ&akslNEWk!tMp=N%IYNn6vESK3}|m#DWB-NO5>=v(Kq9Zu)6$av+QWAB^KS$0O? zfkGELDPvu7^0MjN8TEg6o{3{(hJV{KS3^p$*zu}!f`d5N#kwTD&N<7d^P^Xf5bqa$ zwU9OulU$3fJK_TO?|ODeC^K-%1b2sl(~0B>#FdxlY%5&m08T;bk@0RV!{tg)%Vo@! zsYl08ZDC&9w2V7`?wn9m%Y13Kns!sbSK8d}v@csiyYK(pF~Lu}S6iGD0<>e@FB2J` zPPu_{=vho`5vl#CfiCiZwzV0PClaTaRFYFCxJ>0vzAruNdAA95l z5!9@Ah-n~K=*1PDsqKwC&(AueRVj2)0p)H|T}NM|RKZB)xG-X3AAWu78;@(PZ|%0V z{wYhvWWQFb=BVvaf6ICs{^j2idz zc0mAevxVi}#wjDFyG!d%4|maj1@qqnALV|Qi;FWApI@oRs_dkTBlvps9xtB`%%7VKUPWhK0mag?}R!v}U^KtF?PYhdfK%t&8_)?u4FuxLf)x`_^}$jg%1^ zeeyIZ^q(7|eI4h7&5ReJkG!|uYfsL7g?JtNr#W3b=L-y;gS2hOPTxd6$XZ?l|D>(J zoM*yhesg7PfzLQ|1s8!UaApV`%A`+3;(M$e>u#W|qtB5UnFr@bxxMz`xiX(WfwTCa ziPW!isudA%D8xU@s^>fooExUT(ip(EmKbA<{$(AiO4Ii}?cS_zt*V1Iuh&kf?!d1Z zPORWLd@dI_-Ok({1?G9|RR*l#=n}D;?+NbA<96~g-Yd|qgL96-G0#8;Iwwah&-#g~ zTE}w_F@XpZLS|XVt4N6 z{c|0REpn_?r0a35QFi_8?J>dkY3P3oa`Ue47mkRCo!8rDXM}y=nQXM}wCJhON1D30 zPUN1d+|Ly~@)0uHG)tYG0&a(g`92U?BOc-;{q1odX7Mxsp-z1iS zeA{GHBt*O^>dH8FFgasqrk1($05}o5$hGQ&5|0A@;CrJzb-w*s%GsOZ09WYX;CCC6WC2E%gIS9fw9vb+HJg*xq$Bcg)`$7AIVkm%B;zfv(jF>i^-_Od1&oPS)$ zy~V%J!UiH^SwBR+R-gvj`R$xdQITw~P=_6(N zJTDuyqp_(&t9k_5hEg?&$&}XF6xd|4Y9E>|OO({SR#k z;XUY5bj?BJRo9p^4LldHR*=G~R6tbV!llQu&4mUI1c1xJZz9AW?F zBKE*I<8r1stW#>W{u+PoBF7I%rU3a_gJnrX6N16 zoL@Xt)+hTJy*%-f@ zZxB-#J@Db(TC3b)ka+zB<|wiH#k_NQl(9ZVkIJ`Z-b>;=A9&r)JjG_CUrPOJ=IZY} zdTD#!J|Xg8679$Eo)`BxK1KhH8OAvd>1=fT5#)|D@M4i+Szp(gFmI&n73$*U$|HR4 zP*ozk;!DaqKR-!-a{OFmI7?0F?V*3gO2cM^@H@s53x6+(Z;U}Z?pe=arPV zFb|8?pW@g3k$Ilx9H#JLU+i_xa~4b>URLjm9cJCA+WYz*A@145T0Cs7ox`l1F5--b zSv%#xJIvZ4B^I68Ya@174j+F2uD#$aci#fgzwYy_st|2ofsW3x!D88uNBf&N6LhSV z@*VKTIZn^xB2yWC$X~JigB~nnC%{+O-g_NyuUT^7P>f)FQJR*HHqa&nUgzl&cNKf z4CpGbQ^~i8j<3*`pC;CpuO+W30(S>^dN|vBU(P>xH$-UCO#fDVU+x%syX@-N`$<~( zPxcWJxx!U(!ZQkr~ljirR$l)b9$@+K zPx>W>2rf}%#xHRg{3!0-&dufCkH~!wa#r}!>v_?$S$RdopZm4sUWs8vncr#UIOeGH zopfr++*@(4+`z1E^6=KopbJQ0msQZ&C*ur z>WS4_`9k@E=4pvnL?>VTmqEk~wh8lCYM|2cB8VdC0 zAzyRE$Ef2ypY6=Sz}X5z8Wwf(!4)NZZ;G6^Oe9hG> z_Gt?61@9Y~<9`HG*1i8<`sZ5k>VRbv{;rvWzn_sS=irySw{tNrn82Meo4#i{#rZe! z%J5I%w+9`mv}=j~$=;3kY}mVn(L>gLDuex7KJ)K__ChCVKlt3Mj{RK^ep~r0?o+UD zijRSvD`^|}o@4h;JNxwn_UnnQf8yMbwkJ+aN#y-u&c(%NX6()2#9nyUswK z+PbqZ-Z_#zKzuu~JFU!na69AvfPBX;exLZi2EOmu&sns**L!M&M%=+h+`%sI_~r`z zGT7U`u~6vE`5!)*@KC22vi^m*g?t~rs!E`o3uHs zsjA!1H7)q^?-CDpun$|$Jsx6FyRQpuIpkpv(vQv`{&I5LWNbt(`CB!eyO^(J#t-5KFWz>71= zw#&(}>{sR9Bm6k1_o>eezrlC(6yF8Ol(l_>&+Gb%&zqdbSt2tB2P;CirpSOp*4fYgYt4g)VoLI8(RU+Ui^v^iZdN6q<7_(i-${gN2|?gt7*mhe^k} zXeTj6hjQ}lj11>&W+^!8w4&W>$ci4n=KD)>M*cYOO>$xL00E6%{%d@#A>N-14P$S_ zdcJzx#aK@KdY1SPdgO$}-6Yl~FlJ*P2fqhko%>{P$HI@V?O+^73TNTKpTl?#?qS4_ z6B?v9Bp*Lc{F#jikTnl#*)!-Vh;k~+48`c^rGde zmAHBvB3QhJ`3k)};3M~9;^%N_oKA5cEg>R$be`aj4E5tD;%B#s-Ed57*WY_?M+W^V zYL3J}MJ7dVS|%AXyo2%e`?Tyanv>CiHl@pCJ#7S@@ZF7XA#zcGKCsHVrQVbaX)Ak9 z*8P*fz@CXes5p$p;gZ9y<&2 zj9+uy#`{ikekb=hW&bMnMerB>AJ1QTrO&$+ zQdTiGyoYfgz*b2dQ!i^C6An_gg)-rb;#tnghKf60!e8{DerGL7wMzV?AH8hnUJv(4J@9xo_p;HAu_$qj7<7Am zn7L;mWgQ`h&^mjZPS-5zg(t5ktE$z>3mypSvP(U5?}KMTZ*1wndXhb`-oIlkwi(}o z`r*J3doY+M$(*UK!LCaD!KJig9{r5<;y0AI!z*`Eww^Y>p(OP_&2h}K@9fhejNci6 zhQ!%wJ;2K4>?2Dh>w6K-T(&B7yXZ`j4RBu}eSHf?DETQcQ?X0zpCT^qIGiF@zR?}u4k#1711?FQG!?(cyC8S47r2ez zbyIy?Lt2u{c{4FB_8BeE_lTB4OyQpzM-Df#`AGjTbp9oAlIOl%0@MLsE z@-YqDn*Xrs6CeE*XHwB$f=)wo-ePwE5br{Gz> zQoZ=5rOR}@UB_e|$(n7a=X<_B+244W17~jsPqWsiVLSbSK%R^x>n}q2a^_`2XD2J$ z&T0G>0lN#l7D(IA%XELNko743*h{?oR><6(pD#R#+=Ts)mh}WO~!WTDurGOu8IgQ`F@YnxQnclYW zqb$9x#UI`8TnG$PSBd?Sv%w&`!I5qF6j9pO|NooRz1QE=DYkT{S?-|xCMjpX^yz|bc(VeNj*v-a)8-QASyZE07R#NG%x!wdaR!jWO<-*1mC zIcoEHW#5{kIU>2*@YAQKv5ty$pWt{x_cbDm$43zBc>nR#R^h|+6W4^_S5Re6O>=Ke6?o&9S53rFms-^^efJ#E?7tGc^4>L#)wQ zS&lmEo<|IME`8HTf2hs|!SmcgEqu^+-~Kk@)xDgl+-D!X^Us{a4w(aI7-#*Q$;i10 za#gwqy&2*AR%O_AY)xrds}c7vdyaDf#w&ZCGaP)sgSKt^-^3;#wAJmGdjdbyR?I(W zyMI3uJ{Yx+HO~gd?p#4!KXH3mpU`*e_kDeDanJjoX+KoE@wEFV>Taant2*rO?mwod zzWql@%h(qL!LbbA!p*v1?^{~-ma1~{TsV_=S!%~ui!C{5`_BGf(*7?-}vI(Tl$aqYHfmWr?OXYhW9z_B66?*j9%ZOaEwk9@STg}Liy< zQ_UbH#=U18>BCx;Px8dNh39fk6r{W!xI@v=Vba?J9UV9O9*f?~Hx8!Q!}rmCE%Ff< zLPk7^hMebcA2m+ScZl3QKJt-9Nhcv==lBlqe;Nidd!P2B#u4-%3g09X-)q75`^e9q zu4OOYb#*v__ECJBXp-jbNg%dD4EvnD!24lRfj7##*u-zWJ-jR3Lp}HL*#A+^JJEVM z??X%Zo0PvL<-8C5v^ybJubXJpofbIMog%jL2C<#@iR}!_PR@Ogc#p@ea^EG+b80s4 z1{3FbW18%5gPpxs`@Dh4#IRV$e{%c0cD@Dm{uI^ry~)np4))&f5fAFxZVPi4PJiD9 z|GDjN*z25=vZN)gGPk#`_r-|MWXhSK4_~V6D6w-nXC$VMeJ(9Kp;fgDpNXw^vDT28 zD$e9f6EDMWmr1{A&~GjDt5Mg4QOueCQ9keX1=ob{P4jsL_j~Zy1;);z1O^r`7?ocoiOdPKU zN1;UmcaIwSe2;nXk=R3=Eo2Qxn^icYHqa;bpea+GZ4v!eySgt*`#R!-a_`>0@0zgS zF7uJOaHjVJe(9Ja3Bku&(4nLF9+0g0gSOiJTe#oc^2v7}8>Ln6f7bS$53pOM1GwpD zl!ks{y&Mw##CkcDf{sUj4>^Yva}Lv)L(2!-ID43oe%My`fuES!aNhSjY}@w1d+6}D zlbXiAjSl~zjr-N$IUaq`^2q~_wc0|BxmxvOoXd5-!}-iB@apgAD}Cl_b^G73ryNUV z?2m|7vHv?DX^!TeFR9o(dCyC11OF~YvGDm;U_8PZgM2$%Xri!*?~2tZQlQp^33}L9|PH&FXG)<5Wue@@@oD7NbFZTEe^n4N|EP6KDo1v)vu;~nHs<3U^b zJnsA)^Z3xQ_SD{=Aq#g*d9?9ubo3|roGB{D*?R2RUNz#_TQ~V)w`AFN&rR^pAH%-( zP2Oj>BTMowRug9g;_t|vUa=c|BQV^+xBQNBuLby#5q!TqMEp>mTR!Wbb66YSy9zm# z{M^sVc(0?~n{$=#q~yhKNJgHPYR(AnR-bkg%ar)zIxS^qFET55L^BG!Eu6cbc6I1? zqF4uWZm}or9Hsf^e+(}Kw}rr)3@(D-{U&~=wA5p_OdP-aSzFBqf5Nw^M{nHEUdGNl zmZQLZaD6v8ir*7I*VQI0Yiz$cw!q^Y?VyZrjV=9T{JYIQg{DlLPHJMmp4$5o_UqGy zyiYcwz`Ksv&(ERP>%^HKh30;Is6y^v1%~;&A?70Ub7nguQ?$$-II#yUysSBX)g0rb zma&t)XZRZEBj@mSBh=Xr*07Yxm~yWF5P5-T;VXDv4s_FKmSJ9VdNhh zR39FccYpPJJ7?7w7w-D?UE^H*f#Z*H>SJck*9u`9uAMlWC1})vjyvJ8t{C zA50uIy>9v~e_Q%v&$v6*gr1$bXY9fQ<8OPqJ;iy=q^7Fr_dhVQ`**)hYg}Tq&mIKt z$VlVg``njiq_6RD1P$I|uZH}&(`@fI)8Bs2Xg|38HM9Kef603PyJzp_`n2)0YogJ9 zaQcn+A073z^M6yY@7f1uKGt5_Ik?{HKRE5GH{dxI8fo7mBYlm{walZ>ObdD0T=Ffq z7^wxPa_c=6o5?IuCH&)>0kuJ`*8kp1ev8_~e;ZY`+N>%mPrgjM&8k9gBlQbuzeTO1 zwHsI)>FK6+9sg}qt9TMfQX;jL>VDFD7;l|kTEpu}HF}HnlnXABs~}xPz47zs!LMdC zV{8k$*?ma-?ghHwxrp>W#+A|B>P{V7zt!Z~P5OS>d{*f=)X?4yR}9*% zRYmF!@|&Qw%uVRIk-AHNhNe$Eyv@q5&uAyOT zc7oAR@+3HK(xqr<0d;gvOh7nb}~%6-lmSgm0>;%=z2qY?Qi-))i2~kYt&un|2$3yU z8CB>c)Dx+=PjBg_kI>hWeq+Sd>N3!9$f|H#sXI-3vDHk2X39S{q0g(_O!db68H%2ke2H`khgP9QMDh$>zgnlV ztVEH=smvg6Kw5yeam%{Z?hP9^yQ?cJR=Zd7k3O@VjW1udal?I;)tlX`EAI=es&rpF zwdPv)=8f*VN|(%-InS7cg&gTENV{ktp~sy(i=-aDJr<5MGjJW|RvgT#My>w33>ipfLQ&LvzW)q$PZSd^fKr3cU z3zjv4%wF&?>K8*T;hjaBcuE*>{~Z1ZPGaRO{0+X$Kn|^OzKBOWzB1}i<6P7WGFy=z z!<(_>K`{K!^t14cpXE^fE&s$C$5?A(=K@H(p^s&)-2-*SVp@`NIeaW0T$JQX`xyOX zW!J#5i<0`C0mwNzj||R9Ynivmq~-C6bcxg&^s(@{99>s2QvCW74^-q?xxfi!=IvfHcl(Jk)E9M-e41QXF3f{n$Aq5F#t z62Dc(6&W=Ats3&8e`KBB!(WRk1}a}+21Tq8OIOHR5z99e^+j8VMvv#hrS!iaJVoza z)J@iC@v99hMe;v}+Esapzze^UllxkZuq zRUZ#$Fm~cc8y>p>DZbw=f8l&Ax)}Y7pnn4UB$mnE@6yTQAxFT+akspdapH5!)XHgd8? zWfymGcTz%$$hR@0q2?h_M5e_LGxi>Cq)BYBXba%Rtnq=)z+M*kA@Nc`Txu&0);9-6)eXAFID`Mopf{Rj5V@b^WNh{iPhmW%VeRPu)2 z$BG{(I$0=saSw6n90ZTWE0z?Ly4`MhmLKsbE8J3cPheeTO>NEQ%JouCbfc^$@Id9w zQ&&%SZ>Ze5xop+CEmT(DJavoE%ZPp`wfe?yRjyt;>syQO2`s6(bM3v~y0?1EO8w7_ zRU4}-zjaT|w`h7D;eO*Mu;IRnb%E7x6PkPK7NdO2hP4|u-oL?JQ;8qDx}v()y}5Q% zrTd1hQ*W5Hl>x2#P1S+*U#wNig1dg>>cBmLRTY~98#lN&2i8~CY_3?p$$ihpYWGyx zH%`4_&ej?7$Hd1T3twbXR*fawgIB8fV#ZIFx=DQl zKln*5l>AnmQ)$`_+U?qUjc+&LLw}R?_ha><`knevrE4>_JG2edD7BG2!aeIY-tP|7 zuv6GvxoUHzZq!#-uH14j^%d(3jWV_7#;L1sWH+#(8jjq%0a0N4v1R?r%4+4=uw~sk zV|%44tE)Fw-w1856RDtoO%0on8{K-j8{)58>mC@>8ZbMV{avx{=NIdKtL#8TayPRt z*}{|Px>e9t)`g)v@2Ax8O+|a&j;!Cxf5wi)pqa7H*OB0lwSStSKh1$ogP&&Udx#s@ zEn0Q)CDQ-P^2Thf^|Lwvl{Rmzu2q{iZiKFtn^-e7n*$r}b#J`KT~oV$U0}mnJy;^E z%v~;fGg*1}Y}~TJ@Tn~M)$2D@tT!52@T)8D-LkHtT3@5a3`@4GT2)z7qwcP#-XO!= zWv-uF*41v3*qc?psB#@#b}y+2tlLseFwiQ$yE+hGJW#%1%RTp0R=Z1?M#*|h7~T4UX9KO`Bkifk7#%$h~ok72Z$+kJT|ikAiiwudf{_D_CjJs%YVDcgEAVbV=zY zd71gfRU6k?ZHhLm+PHob>Te}%`dVdm4SG;8D5+ev1(w&kzZTfIPS=hGUJHvCT3z*m z#T!-&{RU{kq$;cLW9@rp@!ephF6L+7AbGR>62w~XZ}IW%9I zHGsM(JxYB=bP2PrhEn3g8~J;;1Xdd!{nQ)s41KLDZT`&CEyBQqRbZt$5(99=09bHl zt-hW{@@LL!w_6@>ls~j(j1|%^l|{{60{y4_M@C%7Z>B*r{jr(uGt=W{8a2~CGadP) z(cf*RH<)RmnXWKXznN||(_Ln|$4vK`X}g&oH`6XNJ!7UQ`=AEqBhA!prZY=xth`dkaD!m&y{tvzEqGft_W*rwWl%!kr{ zNk91q+*LdGQ6~}GAuV?+ZqH58+DU&xTAnTAOxE_1Zc%%+U6Yk^CO(sX=vt*ZRI}RZ zAy!Fxh_pldsV$hR)N+cGs&}<(lDK!vxKG=;Z>zWCzODMU_OnFp+ww8y$y(uUCY;-qdR}E~ zM@U}<^4L3-df1krohjx89N>;EA$CZ*qLdh(HZ|FQ7k9SE-|#i1inKi{csF=4-yaj{ zd)I!AZP&NRC$=VzU8z*P%69&k^joyw#Yxp>(&MCQTC1�Aa1#qm@@G^&QGzyGL;% zF-7wc*A+VLA*~?K!K3=4Hr3V@0B`MSoBmQ6bX~Dg=;qdbOnMjipCNq|Jc65)3IT5) z>BHpns*HRW=`JbXrqoYKul!u0z!eJozmNh!rF@{>wI{mg%$||WW1HR0p5_~x^P2B$ zUeR3MytO&lyr;RPd0+FP=Jw_z&BvQZKI4Ao_%p9P)AdaBnKRGuMJXkR678)=T93EB z*4ot?Z9UW4*Qz3p$jHdph&$qm+z`o&_#%aoJ0mM1~mQ)Fu-7zssoMSdLF6KRR; diyVryM~*~}M_!9`MWT^25ddEK`9DH|{|%}m>Ky<8 literal 0 HcmV?d00001 diff --git a/FSDrivers/IA32/ext2_ia32.efi b/FSDrivers/IA32/ext2_ia32.efi new file mode 100644 index 0000000000000000000000000000000000000000..b512afe8289a0618e1d1d159380dbff8a177454f GIT binary patch literal 19008 zcmeHve|%I$mhbI!Cv>3UHWDRh99s!aA`GMvC*3BFA)QX5(AY`a0nz9%k|;kUnWS$L z7^59;8dF@ak6Ce+ndd08t268y-_xCS0UdQZB%20gB?goXFd8uG?P8`ORdwprIj2sYI(4cV-*VwU{TKdEw>;m_?-hi_CiD3Md<_Uw zOp{E45G_GUF{+eX1)+$(%Zz*xUX(8WE4n=ihl)uTS0?lJZz;c2ar8Dp2%{ns@2pD! z{3pxihH6?uXiGd2Ut{kJ(K!U+hjUl12(2KvB=2MI3*m}TJ-4A|ZQcC_tz$IP`@%oK z6RgOS4fGkWX6K0p>mF9Cn`*)nD=PJt^*(DDJT2G4D{v9(iDZ zy;T^MuGqBPB=1h?Je~&Ow;iV;O8;ZxK>`>mq~SSklXqiy{fWc0)tbWn7?VcS>A2wJboF+MZ?44zrq-|eaOe=;^qauA!%}HeCgNt zxNCeoh>Kej2fu_ZXgd4H&OMda2%ib|mp#rGWKBbSd{g1P%6U+t6Qp zE+(#0ZgEBn7FooI139h{k-cL3G-TXoC9hItMRmX`Moa{Jw@qoXMfyVDai0!dscz7n zeURrB;ttz1_t{Wtv8yxm*W5j%QIV*)B`WTS#`l3@Sx*tScn`~GO?bT*Zapl7ri5GH z6GB!cU{gwMiL2$a1o5t{10ou3eOCx&v`0gBrOKvwY}yUyKx`XFWCqwlDVMjNiPp}j za<9$ZDL#1@s>L0J7^nrs?h!HKN4_ZWk$jd~^hw_Zx|xLTZZskI+>78HNqF4?_(L53 z+;Hn5A(UeGpETu6S+A?aP$q_poIahS^7a zXrX+pWSv?8U&%&On`fGzXtO{o^y9lG0$(CaDb7wz=SULvT~nwieHTnwm?k3^1Tjio zbC%gh0c{qc?0Om~m7q=W!NP>*MD~VqI8^xN8fj*DgK3>~b$CO{1Jd;H2D2bdRpl&n z%1oRQ2r_I48M2a3F3=8t9~gT)gb`wEwXU`Y^yUoJJE;Dw8^C^LBdx!cEO;oOZ{7-d z$lZ=ewB`E&qXMu>@K7b{o%d(_2KrnySxHjjgFj7wfE6d8(9-{YYQnq2~|D0E2 zPDzX1EKLCodVQYeHK&wjB zt!%I;#WqYHZ&ZAk-(?PlHq z#T#YbL4cX064vR2p?0c%lUv%(g57F`NfOyP7L3l8y4gM^btfiKt9RTn=`b5*-edSk z%SA~LNCuSF?!;PPGE4Vyth->5eY=27?o466ZhVV7)7`%9QU*JtNZq;bFe%FRp%|5k zDM0K#%)Gl;ue5gzw-qRJceB>0Dauecpjs{i%L%w?uM?Yc>oGyfl3QOCLZIsvrO3*> zhcNf54=LV5@uvX6`n7JDKrDn&F|wbU{3OpTeP0b8Ld^gH@S5KlpaK>br5aU9F=`#- zZ8sZjQ^d&s#FyfIS(WN-?v0y@^siCd_4^Mgj!`$p9i#bX6TIq1`c z#8n^`BtSDOs{*?8itb+kB_UFz*`RAZj3vmxAfhXbB_GoGd?LJCXV(sWRpR8yYh#d`1?sE?vMd#k}1)0MLEip=`AO4aj3L5>6PUB%II$ z8oSKI2KgseL7MOf>L^hQ(1(+t(p_AJOE5nwAp}_QDl+4R!~rl#H$$n3Igj<#d1zb7 zKGWucG8TiNBnXA3gANtw*M5o|_>9*<;r~EnqpTHWL_JKt;Z&0eEGh?s>C9`bj$es- zZo>k8rP``^T*Nw`%7TGg@f1=KW)k4{#{Y~F9Gll@0u#GzRF0M#l$^8$w7md;o+hV$ zK)Z52nZix5BYs8JKoziE!8>>kkTG5aQem&`iY!1nF&Ta~|BK0=C%<~+QTmF>UnUF2 zku2v(s2%+QNldmTGcnng{OXbI^c9mc#;XR&_Tg`gP}-QlHh3KF#_Xmm*Swdhl-RL@ zNy_4Lj1_Q~Cf-NUG*10-6vaG_v0gpd^kvwjxcLH$V`E*IYHw>>QHF+9OZ7&Jexu@< z6VUw@R=^r9u+(GrHfdHd@z77I7Nu@a!cWTsa27^003>7(TS<3d5brVQ8e<~4R{S=P z){5z{akN%=t*cW4dcCn$9J=IM!8$<$Uz;L(TVQJjS7We(ht!tQgNcR+}l5%0BDxo6KHYSz>T}O9f{IE`(K?0bk|DD{m~eq<1NI zS(V#t@N{onZoTn#Tl!mf!*RT}m#a7z50+!d#E$KY+h-Nq-zQ5R72DqtSpUHSrqAH?)&n&3C$-I?@5{o0~0zE zW_7`z$nA0-HJvg`R<-au?tZadLI;~NW_UWLC;lRCe1N)ZJ&9K4Rx7ZW_Q)SkU|+D^ ztW#Q$xL(Z?b5FBsP0gB^ds^{oo384}yiGo%OCRS-C)qnA@0(7kS@}xvWbVP-cjSaM zVPU5d@2i$+N@(h+^6=Cz}MP2Yqnl=}((^=Cu*QfESU)-d57#&rMM7wM33eGnhSA z#4Ss#$ndv|xWAn!VlnqS(n4mXNnC1SWfrB>%F3*MO*f1yE3>@{P2d`soeJZwH(T{4 z_))YDp?Bxr_+%8zXRuDb3pm>5MfSo562c~1OrXZ(%PzA9wBL^7gahK##}U5;(%fG> z@=xN9D>{1FJJ_7_t@#p@+>_FIA`KhwwiA47z7JdT-m$Iu37g!59pAo9Rl0oQ*7SYi zjwR=?k;g8cw&we=H9tNYK7*}!DYoWI%yN&V^TcHw7vGu_{8!lDw;ktO^NX9q#&l%3 z%Hk`@gq$%;<(#uDuyZNS-hq*aG%l3ZFofXT>wZgovLEX>_EbwcGOP;|pUP(}5{4gQ zQojXRyMfHvcOkmp0G<1w_@u&-*{U|iJ8bsi#7X%KFx^Z7$1XZzhV_Klol$3>``{yD zxbO<01#u%Y;!eehzku@C1V9MvJ`6Pm`O0sSed{>c*PItf?K=A`JM6 zTiM&4pQeGFWEXaJ3PxGp8%0+g<>x?s+}7bwk@pUu+m785u#7PpwcW>l)?-JZV@iNJLQQidts#Lup>6wj5#hwU6z#v*?5<@QEoJfh`1H0&rQlFn2w6cyWVa@8i6y7W=@HJ|h2jcbNuoLj zB~2;_7gmA`i@e!AW8N%Z(z9aTK}bSS>az=^!O$&hss}Tb7KiBr_Z>Fr2KQ2{Gz;E| z`wmN^ncZPg{0_JPrXzZaQshudGVQeGj<-Vkx_2<~CJXj6-!T?La1*#@tm(-#mpSAX zn=Vb1Tdca+z85`}CQiTzaER&f70pW>^38&j?k={78~=gV4;IOzY0@zS5-H{)w+@O; zRv10(ySxKyyaSn#g*+^eZ;qM4O`z1b1a78(Ll?#N!# znQ7`T@C`KP(7FYWc6`}^p!Hah&3N%J&q6txnK-DFIh1C?XE^n9qV4yAWEUEOjVlbM(-ByDlBmrT(S5AImA+K#5oR`jzTq zZ1H?6yJxd}prV@8g)0NIX089qJ$Z3GEAdL-&nw>iY-J`8OVmrdfFlv$C1Er#BK)>Vc!!vk{ z`LMgUsS^5soqBTiVJ9U=bC|bR@%B>eAPrFi?7NlfsFJl6p24Kp1fo0s3q0gUEJBML z(T<7Ez3@r2zkICge!uGNb?)`EBPdyI(r%z-zlZz|2)G4hs3JQRiGm)jsq`6uOq7#X47A8{$3oN@@J zIfr$!V6T#f@1}Chn?A@QxyK$s?6O;_Dl}U*RX|9HR#hm$Uccfy#D-RJe}2 z<><91KSFWqenBc#JmpHgCFUulde-PtgxXocQ0*;3SW1t1@(69>dSr`umKN~DbY!=Q zPg9f~ivjcGB~t%DaAbSNchX!<=V%LOQY`5ozKg!Sq?~+n0foR=^(sYBjzRhs#FzR< zY7UVW;iRGZ*e*C_VYxK}!K62VS^fiUNQL#OS`0H(eVjJRh)lp%U?=Jul;6_T_UTmU zF3*sP72iPk;i-0$~SKCAb!u;|63wq z_H$IY=5(g%y`ECLApby+$egj@z=PDCHuE!M(9*D!u6Zky`Sz=pi4@MFFlZG zs;cC`a5D_MqBl7ZNQP-~u%6$Uu*-BRzWoYpG4D)m7pZ3jhPfOYxB=$3I{SJS+D(uR zE6+$+erIwHuQ{5jwqL{HtnlsUQBUPrT=;F zTOiQ4I5@OycSmr5fcj^*UqkT-Q)dO*Ydf%6-2@Mz8%G1uv!to@*=*>734^FJ2&Cm%7qoaIyh?<^gFT^MvJv>X78~BFd`G3MS1HrBO)3&A!0F8a_hv9$bh9x@6UE1@gP@b{@UOz>rVC zkrou{I^lYP_}lS4h3y}!X)kxLK9(b!ctbU1ugxO9_Q@pJ zqsQt{gjN``L=}}anB@bGB-^ru zukaDigprg-SBUM?0U?jxFSg&tKbDD+uTY;r^G31#a|}>(mONTd0&5W4=~{_A`hXbu zBjND!7E&lneC%2N*%F!*r|78s$zJf=b|4Hw*qOFZ=q*iUZ_6Kl)%Lbfgu+va6n2K~ zQCe;CfL)rZOvfsSSl)Y``ZWlbAasvKF(08IE8oymfXYaoZPxa2;q?RIXYzZZs9QG zDU6uBTf(i|gixC9-J*Lt*nuAJRueQ3^bdDB#P(lcRE9gT;r=N;AeVGee%$ziVzuH+ z;rhh99q~Hk&=UHgNC@ZQmWM_84je8~kv6w|qGLa#KD!3)1rA%hbaew$LyXX}H8y3A z;2Z4>9L`}9pSTlRy30TY%8;>P93a(QaoXXbLanzbJXW(1tt%mJafe^5#A6CQCey=4 zk4f~HNRM=SSS!Vy{xo`6D)l_YyIBqY47B-I3#+dWXqWM=cu_pZplH00FQL|GoQkCt zJrN!YP}u3ij7L!lRwrPJoyW9??>qD26w^FU?fNXXyX^#q?NJrCEY3KZuZKP;&pcHK zo)V&r1JBEOft-T^HMko)ugEjNVDxKra{PQJ_w!C1@$~@tc8h@NPV+gkjFYk%Q{Rv= z$(0LrD;-wExBuUfOeQWlv>2HQaG;7`h4+OcH;%RXm3T0T(mrOX%DHvkH}h#)rdaS5 zZsy~dGC0ow?yu98RCuGqI2ml>@nT$1G6S9ZEV03nPBvU8AdSC>W|tyw3^}NL79i-H zNl>xp;OUKXuysAjW%IXIM^K#zpQB5~o^^XWI+(Etuf;MJS)r7NG)i31-pcX58dR)7Tl+V?sa> zlaZ+u`Agge`!MoLYGc48mdkH&3{qJbN6U+qV2Ar@GC7TNl;9RK$1c8k8Lj*8L^uVZ z9K)cAJIZyeQSE!Bw-UdX-yrNl=&i)W7;giefVevhD+e(59)tpXTfh=sy@5fwg_c2S zHn|I8dkMb%eqCx;)Q5pb35I9;VDFw^?a%_B7{0Cd`Ecu2A+&8eT*SQF_`*N#3JZRogE6z{h9{TP@rU6~mEi3#R?4T{=YJ7`3u?{YNPR#ske6x9n* zJ>l##ks(Mrbl>J&#((o~v|T53!7wMx9BilI60}=^4PVZ_+1vpIjU!S!>q=ZrDuOFa z*we=g;0TjLgjEmrYZq|QRiEs1`2PbjTNz-6%EZ*IaDu=ljzO(WS|2ikFKV6~lf zAu<4kcr{#Mf=7hC1BT@kHsh@KRXgH5KOZ^M;jti72+nvW73cmPfwWhD2VT{%hPDV< zAaEy$jAVel-X9)=lQ%p-HS5hfg@gw9p?>+B&+sok(=+HswOuJK$38yhAtr>*fpli35`-f> zRse@Sji^06ii)Jb{(x#EKjQ8!O7D7ptEWE6U>qJdT3cfD)L47IM_4T&Df65BW_O zx)6cTkuD8t>(mr8Vj9^ zBUA%uUFy{vUD_+a%fS(#=+|=kAcX+$1Ky)h+qS_K_^TM%hF0>1#U}CbpW#cIJW~8a zxQ&P|J&x>~giX0UlYPee51wG}Xz#!r0SOyI;lTmSc;+b*Uy3qM$*wSv0+A51h&zjy zF;6*GriW8nu!ks;NA1#Sd3OtLO<_912B`=}2NvLZMDl{J=7ZNuJY0rOl|~nA0OE@U zN}8;tj5Ot_^(NKw&%iJEwR(twghiKb#)WkhRh@rLWv#C}b@#cZA0j9`IwHN!g1bO0 z?)^|xr7}bDb*m+I6C%Gnnv1nQ3L%=bdyU1O2>2;MVr${+?i@%pBU((eqL5|m;;?1f ziC*|Z&v5O+C8iAREG#<|s~QR$O9Al$TW*OJ!)=0E6+4Vqw(+7}0}AIDxjf2It73{z z3l}TT1)3AEUaUH6DRwDnt6?15x{h3iPH`*Fdx%wUr|@z;mPoMvqOz<|DR-gVz0B5- z(QI+Q-GG~BFB;}MUWERUgQRd1Ex2F7c8iM%v0Q3?L~hA58DUlCeTMCs?Tua)?3T|8 z%~K1!dm3%Ir;<@z<|B9o_gX2mzJHQ;kJuiAAg~+hRjRk^^%h;~)}^TSIRg3^GcvP> z*n3J5oThD+iS#toTqs>0Kb(QG`8Ml$*r{)?&>Y~& z)Pv%whiRJ*8S-EcleV$e=T$$BX7^mXPifuHf-l48@Vm0UzMgH7O&#qWx8{Raj zv^U6jsl1r33RWl)YNkH@3;{;?b5#2i<|5=dsy+2CCgrd+Tj4cs4lDi-iIxG6MO6u_ z;$NUdhzzaoPt>Zdn@B%@bC9m`+Oac-kyh#reipTzBYv7aioe{sSKja-Oq;UE(iu;8 z-<~DSly~Q-J`Fd(ajF30Hg*Xdmw==p?ICoM5OIfE>w{3S8j?sbz{%U)d_l+p?FUsH zeE$(ap&_heWJNTqVPHaVVkR`Di#r3BTKovY%Kb7SQH{g%3C$BYx`baY5JHp19iB9` ze1d!5qxQrnbh)Va=cZEY)GAxz@3DTWi>!oQ`$xoGAjqr59f7n0Txobi+_}gi@3!J* z>RX*(Tw_{doq8|sif4_vy=^CRFc9j~L!=X4yH*BaqJ5phOAt@`p|~S5jLJfjlpcO# z6kl@_lM7R%NwsZ8Zf>ZPMKqMN$RM6-gkZ2TMNZ-kdmI_S8*y{YGFyyi_{jGfx(ShC zDKdiT6ifGWYIdOs2j7kl4!#BUnRS7(R)bbGLNMA^Jb3Zl%0Ckek>SwdB*E%0sWFSZ z%%3mfX^_SuuTTk&`|MiFzY@2h7im|K!9Jr?LEN9b$si5;ht%H_aml_eKL`{xqqJo> zf0wOLi()w2dgj1lz+Goj@9${=kT=-qHw+DS^S zCV0z}y#3Pm0FPhM_$v&$9~jn6OIENL^MB#v(8)5fv$oT2lotbz-ZwB38txE z!Esv|X51dOG=t?`Y+2-!g>>8_*>H1DS+rOQl(PfrhjDOp1+MJFp-=*TTy0e!)O!W4IB{V)5)tmrAv0ww_dHs@S8d5S`CB*J3DrosjUIR zw%s2h0?mJ(LBEW`wv(ijp)4z>VQ9%wAG3lZXsb>>r5a4t~8GQXyYfeNe# zkm2?oZVzmHlk>okA(iAk>ZC1?5u?EYZ7-N_>$xc%>a{EfYg68Su9iJ!2+Rl$7sl#>yR zdAJ!+$}B4Gee-i|bi4sS_`ohj+W`Xbd(RBgI5-|!7bu}Y#f_QpY7X)%u#ZjHb^ zc6Hc%==lBaH5 z&p#GmykZ{i@Y229uM3w8ZVp}I50f_g?6QVas0^hAJEcr{#5Ad8u^6FWHeeRN2@1pM zN5qJXyi(+cq2epxyn7E|tAcLkp)z^ywser1zdJjqVDVhjJv|mFm z;Gcei(Bh)o`7G%t^63aSvnLBVkn+A!Qq*a1X(P;wb94!rJPP)GA~{8tCG?}n#j z(|%2h(GjK8ft3Jf|MB-Rx5j?nvOxPSG_|ekDwsv`Gkm!F?Z-`Q6^GgCQ}lZuoN3GS zL!R-U`tV;XbWjk&Xi!Yza7(ixI)P@e+=3ppvwtx|UIXSNq?6VGPxT{sg$~yyoY}vraGv~R+7a(QP7a_{$lce(p~&H5sexsXdMjA zTXQ(WTvft+{rH&}?s5%iuYz2|iXT&a{rJsKv7PaD33FKjYpGRzY60Pu@8r*Ac&h)z zpE8e;<2Pefdc|Uh0TOhmPh|qYP%mg(HZmN*zxd~XxVCr9tye7BT}lR$4Jiw00a9Uh zSMBEW|CGhqHl-vRXZ|Cn{PZz$3Pl+orm(5Y0l1lp2R>GV74i zST8=U;tRVE4s>n4qZ@7{(oIM=BP~qk8w9UVD%>Wl6IKciAy1eqIEDFm<{?)jAm)Ia z0}!i(wa7b!fUsU@L}`ui5OO6#18SO(Yk<(_&J_yRNo&_S8bb}M);;ipWbOfJ)ylE& z(5i=OejrSqC`=Y+<+)nEH!E+!_+x&{ti1V@Gd?bUqrv=@^OBDRD;*B{yqO+^Y8hy3 z6q-SkSE$6lJCJTh?hc_I)U6Zzps)^f*9rF{trc=W`zo|p1K#U|TtGGeE+j~JufrEf zV;1Hhm`8XJYBD;m~;K}T@inss%}>l|fk*VjKdURqMKwkA~L zC|$8?t<+F6Uc9tn)g?-crP|t>2FIOsb&kM8E7qf+tgUgB(Eo_AxNgNthqs}j zu0gnMUDJxSt5!PvD;icjgkBni;JQYszP_#@RI^ej23!(hVAX~iVM$%cQCYKM<$9r{ zrfJpvHAy4}CH{uGP|f|+><%g9sH+8JW1Z9h28F7+wbDa14o_V}gH#_H%a&qjfzsit zS-EP3z@Lu$A6&8S0id9sO6#O`D}{wzM2?c0b*p$ep{=i5*GSYj9$Haf55Wm{LJb^s zQi!)}46WeQFI?L|v_gB5`5zfv-RAN6la$|Cdgs_DkzaRz-P&=%++X)l{ff}4A3edN?n)@Y4eZ8YyYxC^KV>m)A#dT?uEsk5^pI`{P*8~OF(#S!T(N8smmySdaiGq`^nj_E{7}a zM{*Sl!kp#}_T%p!n)-`UVe@xy?ezWDxh>Q4%9XwsqPFzwzw_LWe*?G!w+O;P{1AqA z!k7Ak>IvjiQz`^b@}2!iz4!^Ih%MX|a5ZOP0*qkio16MhtA{pn~U=3?rVPwLGx`$_aQYQJ%RKB(k`Sfq<4{yBW*!Ch4clI)r0>p z2PqfHg;av%L%JKO2B{J0QKU^sPa!>r^b*oeq}@pWigXO=6q2Px5T+nqg_MhwkK{qR z6Y2lgUkW;+wS2*CMp{zr%)7Afc~WD;JpAuFE7s1dS-EEZ_nLwwi{|G!UGs{iRclwy ztE{PAwGJ=uV(-F$_r5ZZ=cakLExd7lvckXSfqAvCqmAnuLp2XI&ZAXzUWvCjSjIo+ zuEYxSAN&=;XGFC6=>To^b e+U(lm+Uk17waxXsYrE@3*UPR~T)SLE)xQHwTK07S literal 0 HcmV?d00001 diff --git a/FSDrivers/IA32/ext4_ia32.efi b/FSDrivers/IA32/ext4_ia32.efi new file mode 100644 index 0000000000000000000000000000000000000000..445b89c9164cb9e9e2f0d9c783a3d9054cb99298 GIT binary patch literal 19520 zcmeHv0dy2qmUeZz2_0ytMxq3bV=K`~1_siY8R-zUNm5A^f}OM-0veT(M1e?{q$>%` zL_1a*^DN6{R+wexcSdHH*>%sbt25(5bPzj`Ne5&l0zw2bcl2%#bk_w=s= z_$$k12dkTdXiGd2U!(WS(YXZSq1h{z2bU9Eg7?w;<#1k9&#teot$Wy{b(ChhU;YQU z{LA0}Pdo?oMxbrobEr@d*hk9gboFmP$7pJ$pO*Pn*^Kg8N|!SnSvNi^eM;S_(x?0O z2G~bSD%?Z<`D-&8(pSHiX03F27CPj~9=}~qQRjz^p!FU$zbO9xeGfcX#i89sh2PHt zgPwz;_A8(fcVx4(;*R6Wss7M~h&)Z)vDVW0VY2e^ovj~6#tVWHNlG~vuVrVIQ-h%k z{qjwnA3BtXRor>*=}JTS@XnNTXmPRg+3FlAMZ(gF92+6?ZJVhylfD z((t?+zg_uoB=i{uCqF*->19@BkFE2At2izi9uEHn#<=xEJ~mf2pI=YrR2>kaoI z$nzR;hhwVeLU3IEyw2dCvwBFQ!Vz&(MBEXH?FYq*ktA-Cjwu%`xE&3(920_*LoG*z zpk4Jl)FMaxdgTH^yrUR^h=f|+5rV00k)TtpaHs_i{aY77Y%51(1=wLZi?^PE*6xV< zfWy-%KD!jv;*LBFR8GEUSPc8{?u~z>T%Z<*=Ep^o)*4T0fjj{~V~#@Unq{h{ zdmnk!v{2pzA!uC?A7+71wSXR#bcj)4rKefxpq}@IVQ`OH;b(hQuZa6OtTBVCG9XFd4+u0I_(gnpCHB04msw&xih7ZM`#8gObQBkK1Tv0-&VNlH|9DHjZRs`8m3PgWQBR9~LzoyQhb z#;t5=B`do>K3y5KqzuZ}q#Ty7iY}<+qFQi2-Q1D*xDL!~p;7Am=tA?2s3nEGc;ek9 zvQw2D>fM#59!!s&zrCGLk0axnW>}wTO@*o%A9PFrzIeKtpAnzN zk;I)Hlc^}B1O72Y7S0EU7^SW`%j_e+?jV$V9|B4>;8089wt}<5`+}JqDwJC-&j_uz ztdXw|txtMHo)%hf733+JG7FtD3ugp^3=wgOG0xF<&jZHp$%GMNYq76#`i-VkO&ZXC zybZuUbpuW6}3aHRRWezO9wYT!sY>Yhhk<+4>azxLxzXh;>j=_-M0 z6D_ssPq`TN+tBT}zsnPZfEuC>z@h5RHu^!Bzntw=<_W>6s@D;Y1Rc;spZ+Gq24#o> zlqmgtO!1A0YJp8&sQSHXgB{{XRu>ksy9-r+q50xvcY8gR>2fk4m@j?IL^3sazGs1z zrDy1m(fu4L+mQUPmu!Pm((JU#lR<;AHd~iWDpV^`5L=J8Q9&-^Ca4E*gEXU&`D7Ze zs7XxPrRLjN%gapaQrFwmdAqtX%LBr0v^7A?J~wCobZwl2Jd4e{AsWG>P! z)^d_beX7*Oq<&S3Flhi_7P*jhy5arZn$O~qUu1zUt;`~e>>>+9X3AY`Ka;!S6RFkP zo~V3`jWFpX9+If}F0j zY!`x{>lM{&XVMYaUeys*Iud&h5UfwHgI~q$8WF<>sL2nqt@3xZz!B8+69BLIjR`7X z#!{sZ^3X4@n&{6FxdN-t}2pSE!wS-_ya?Sf%IrN*OU!y3PxYBx5URm`lK ztQOb-Q3Co5A$}c*1qsm1@(RBpzhd}upd>_!JQH-Sg9io~7({f1vE)M9d}X=lHnYq{^@dHaO~7xYx~Ndkq1@6qUL%0brDN1vAjT9OSVm z2`7Y75>9YDja^!Nz48OQAdi28I*Qi-^qUD#c`29SV%SGHgn+4`g64)i;sBWBTqrd$ zS73j24%(Kpv-)gM#-b3E455%Y7*K&e{YQ8MpRqb9{2N3z%34rH)MFkoBXx3t-V!jF z!X$fD>{`@wKjZhQRd%&t9Q=BGpyr>BRdtc?!`~>OwAz7hC~$ciG8(U4 zeKbuibYf0R$l_Cs6>t~D-$T(!{Th)SDegkv$eAZxtryljU3AYNvLqFs62z7fJ!Cy9j(=nQUAR&j?Lb?Noc)v;4 zC=*;WbM(KROLN7k@0xRkWM7r!H`bbS#VcPsSFlddz~`p$zGnEEfmIl+z!9x^Br&aE zW_Shck*YnMBomVwiV(uCPFEM$ zZoT%_d|S$1b*Wvw%YpFu)@Alv?{=iTc^{(D8+$KJrI?N#s^mmSf}pZh23=ce+j4YiG%zpd-PhZ!bc9(MAkU!3nPqVj&-?N<2(r;4( zr?U=cy{*LUaT_}me^0YbRfAJT)E`dyT=|2YWwU0R9FKhtQbHeE#W1;erRB6$+(7P` zxGFNa$^%!*UK_h3!H%^l#@YEC_ShLu(sF)APU|vu_KI!)h>}a}P}qRR#12KG#Lg#H zcJ2~8le0ccu=ClM*=Zqm-nX3B((f2!#|C!JgPokICM%#!J{!M{C{A?`A^5Qjd*su> zTb@pL7q#CI|5IZ+nvyFDI*qKOTHZBxBZ>@;e>!~%Y6nq)sMU0T>fLtsQH5W$sCQK82T4^6V42REs15m_OR)wwv2^y9nu2(4y!wDG zd_tbioKY`{NQipPAl}P^__&uvJ#Whkn4OHc$i|9oYLT54+kLuWI#*Wgcomw!H85iw zoV(FvHyRN~(L99S-TPvbP^_HCJoygbXzdu@2PZ}d8y!)B8dEG=Y4_{D8pDYI#BGcr zeiNj5K70JP;*M+Dd)eDq@$>cmVvEw9)OjiytNGSbe7(OP>;2x*_5LY`(v4;0{--Mp z<-V~qh!#s|K+T!+9`-1qN zl=C(j!w)fOe*syWiOhZIa&-R$be_ZFvnogCsMru|cR2IorP4EU;?BI8_w1!7l>|% zbg{Ve0&D4qU|GumJEnYcr*be<(|Q3NO(pq4+WRArH3{5^yVL*?-}wiJvcJFG_r+x+ zU_va2|Cq8V;hRlHh&};>N>-@ZuH)l=lS$&2HB16LX;>CWM5gGP8s_jpXx~D9>NE>@#Rf1NIIS?Z26I*Ra&);@E@Sylrw3IFuJaRuB>St?^u92{So2%(=T< zT)}HeR2QM72?gQ8igRI6G}|*8&6@5wDh)sqg1Rwb-RL5k51hpE<~7txEmu zK^H5|SUr>mh-hK9owqE^<`~omU6ymo51c}9vAV>i7SA$*bDf5K(vbU>7(Ps=2m@ta zRobUkon(vV+S&bc9Ryoy$D55}tR=3fZ7!rLQ1QKUooq_{I&f{=rYC`IGT}X}0GSca zyZm>Tg@xt<3qhJ%<%|mCQKMcb$Aq;@gB{D4A@5CCcw~xgzego4Ppgi&42T`M8s*yCKyB1+T|TZ{J&OzuK#B?^^`6Pp}N#v-+k zMk4-wggIK#r|LakPfx>CtXV0dK#~DjZ(d)9a5Sq&eZ0^!(r~T&5CA3tVE7C`Sb)@y zL(R+@0TeZ}081>LH+Hhp4z2>b)V0XlMJ$7;@bopzp@wJN zC#)s*sg(}pGok7F`K28VX-Idd_doTyw$S2nJcUgv$yvnKI^(-85&2CJ>5hCw&uG!% zfHajKln7$@JW=!bJhdRR1fprmWSuO~t0v>Qu>?-xkSg^K537&oA)DhqWVIcfdhbCS zlX{VNLoTjN4fK|&rAK^ha8;6Cm6-l{I^Y+;3+-1Im%t0K(nuMTdi3*WO+zRsiAo1Z zxUkdf)zV0LnfOv^m$kH~%%>Ng<1hd~J<^H2z>k&xGK`?oazK!a)PfT1UPKG>sGcpH zrwTPU3xhSc3n4irT98d>z(vpf?*=}G~-k|li zux^~L{~0UTrzj7A#0y*@7TTo)%A1DPHjN5BC8=`0TG}7_;S{GuMmifxVV@s3+4QaY zar33VrWtTBShS>AOZ%o)orLuy3CbbNt4$N?ZJy318#{-P=S_nh4-bhyk97Xw2I^gC z>y>}(K7_2Y80O1ZP7NG-^eG~XAb!W$|2raK<_lD~`dpgjXm^oQQ0@?9^42WS|0s2* z7h=6i-YXfA!s<8ESm^=HHi5Erl;y3!=&IiIii&a$j3~-0J1JzgpFc91sS(-9YIU zOJ^C{>&GxXJdFUT3)?C3&q-6)X0XA_Oa@7H5J=gHR5;v9Ba}Bq2#)t0ZXA~%KgW8_ zl=UT`t2t1Ol2dTWb|R`iQ$F+tr@2qGUi9XRg80-r6h@^s!WW-9TDZb2 zq~T_tVKWjB!8wmEKm$Xz>vsbA()-*eZZ|R9M!?}_6dDHMdWPegIR+j_48N4aE)$=c za0wX50Ze^>ydkme&)7$ZN+G-p%Im}ccDojfFUf7zf8*@PAutXFZF$Bb?ht|#;ElxH z6_(CZ_LSZkynjklo2*OQ)W9p?xot6!DlOXt7kA%n z>HNT+(qj^$jC?!zc++>4k#C7@Dq1#O4PCfL8F7i>5xgn~ZL#wyxR1;XKB$b$62qr> zsXg`~FZDE~DkJWOW@Th{aF#NX9juOZ62Qo!;5=odHh61{auZRB%#?_uTkMzkX+0>| z@%S^sa?ldn%iqHx}7O$YPdaH8Km0(-Zvz3vQ zrp(o)nu0Ve}(6G@65n6ghG6B+89z*+QhijVks!Y_%I}*0?&}> zMpj@g1)7`gR7U(_+pQp>X__)J0g3=qQ${c87bY)~M39MdhqoX*=$RlF-UBV&p7IH9MeDde~u{k&~M#*30lYQW~ z^SzZhdVzU*Iu=Cs52>O>z208!~*e@UED0aFw_~6OK7rHK6pQ& zRbgY@_2O$EOs=1%>`RJDTcDo8@O#QJ0S&)B{C<2k#bvzoW+w>36a^BeyN&qOXqgP_ zPI4OnplG&RdO^^t_H;{o1UASnu%88?uUgeER=NqkZ=)e^Dfj7re?4OOFx9A~8`Y{^ zaAQwDKOHX3P&F!TpUw^=Ls+^={yiH^8IdQAYC}sq3{sQ!sIL=PR+P1D!tlBe@g%x- z|F}JfoQ{GwTh=jlQEAyE1hFyw0&Pr7n>Y-`3d0s@Q>bOD5KK0tO@`FY4t7ghEYLvE zKh)_G+kT2s8R|qn;YWCYTv9~kDf0=6)q*FL>l2gOV|92#OX!CxBU_1+F*fxZ2*X5G z-q`wyfxtrh`413ZVJ}Id<1R1_F+70rA2pfdct$%DhkJ;`C+>unBBUZ@pbRe#j02?F z5u*hxDzvpWm8YT>pmjOKE$;A%<@lLQKa=RkK|d4eX9E4C(2u=b-04fEA6vPRtx6lU z&_9AU-zs6%Eq?tfo@wyLGEIuc`uH4bjmG0JwW24&V*?5&Jy`MMO~UL1Ovf%^>fy`k z>=>nNFHyTLo$YBog<*R_!^xEMuBKa{59;&JrGuxqs9-<$YF?n&QJ@9(U||`49vIAi z%}&l->f~YGi7U1aAb;5-z}(56!+g73+6dD(WlVDALf!HUpp3ovzeX~Nxa81ccm}|M zDs~<2myg^S)~Z)xfdoqDsHZ}#4DY;u#%7wPSl|`z=3_7!Y}Wwym+49uOn|1IjH3P(l&G>#ONRoZ!YeZw(=x1_KHGiuYY%}HIGZ) zGCKio^uQf3b&{=%V_@+{j{0hMB!Qgz!@7h?TjGy=ZEKhQHdb*IeoNahH4s6ZMh{*{ z3J6AKe?4(O8EY3u0{2o!YUvgaCr;czS{s@V2|bAi&ce+muASBye8|7VZOIryRoY_Z zqwHnURz5N06)6|7EshHJ5E6_i_HZR>oWapvUxsMAjbk%Kw`!Jto)&bRFICzadl&;V zsw)#hKd`{PuSQX8OFNCI{7sJL#`5y79mRjW4AnF4Ll$xbiGc1e1(&gZ`cGQH6S_c% z6J`yx(Qpa+L%@b7_o10Q00oW1avR$lzn)YC$G(u^h|NbJOaT#QJ@~H<;G(5u-=9k3I>$bp1oaSjM_(?@<|ou`hkqi%~6qZ2^9< zsMbF=7sG5XPN1e@terj|HdL3GNrrVvZb}zd=tckWb^WL7jlBQ;)6qX>)fPL2=FeiN zhoi`s3$lcbyhg8Yl?xM>pl=2+ACG>b5&KiOA!(-K(Zb4XtWW7g`b8NT-xSk|MzD9+ zsav(es68&Skzs!NMIHwgXtG(l;~ARcHZxs^U@2nD+Jj_h)1S1W&y|m@oqCd1_>?W) z=jje6cMCW`H}us-cn&+Nzm`g}n+)2K?poz!dwu#0D8#FwG7BOitQ{~cNd644-dCN- z_55V`e0zZnFO(JFFXM2mq1~VS>TkfS7Shoc%Xs7^1(A^qu-1FyF-Z9*!v;me{ZzBg zYLxbaYkp>-WcTyD%}H$mTH>(FNr18_zhAV_efLJ*p1<^G^}GsiDy)nUQmXC)6|56? zj^`)C7cKl{v`r6|y;;$$mVp@gR(E8m(<*1Mo;Ox-`i;>v;S>~^O#p*c(58qg_o^)e zp1cj>v-8k$btJonP3$g6LU6G#NtKVV{hFgaUwvkBJ8I{b4m@GcDjjI|C&k~#53>9D z?SAWJ3tVgt!d##pRZbi|Q!9{LN$U{6%He+TrTp}00dXZTt6Ee-$%z6xvaGtF)Sn7) zfC2@Xdj4pElNZd>-DbfMk}~6|sHDVlpF3h6?Zdgiqm*F4km^X=k6?nKVQ2w?j!a0L6J1?d=nH1v2%X35`z4S9T-@=dBQW1`O`U(3$5od{Y1 zVVE)H082*N`=5al89AOMiSK2DIJJqxKm)`hP911a_qSAUs$K!vA@78c{0Ed2K#xd; zk7p&BQLl?&quva1)(?B1c{-AR^@__#QyPRLB zX8b1Dmbx$<$H4H5y;UnKE5y4}x^!7oU?uaO+f$|zOY2SeZS38#UQl)dmlNZbJ0kb8}Wd3qFh zIXKc4efr0}kb-u^AKa1g?qLs3KkwtuJBl+e@!}$+oVbsKMD_(aKHudf_ zc9zap2!~H;Pt(Dg*7E|=tm0D-0EE2_-2V=r1>9^9u!sBM7FdB-d?~^T3dNoIm8_ry zbJh=&nz6d@DkDz$oU*4G$Hic%@J<@C@ctZ}3rQSz*6;m*1TBVX*2j^aA@4)T1=d7E zbj;HwAjb-Sfn4PGT{t&k8C2J$mCRg_I*feWE1mt=^Zhl!`SklBE)pu8L>d$7zd(50 z9@zQA{jg#ty^JGJfX8u$E>FuVVjFGZ@-C2(9hP5K*QK(+cGl7{wBR9Uu!*2vwE+Y< z_m`xXkzgKPj+~f^b85#hRdr7}#^esxvTJC;3QO=#1t--SJ#^So7(xm-co&lQjpJ5F z#>aO6QoFVJiu6p(y_jzj?*seGLxby$?ZE+IZeZRtpyanpk1E$D)0tJOeOu>oUKnF*!Z+{C0Bz47TubSHx&Z?#AqzEvnDwt|C2_g~LGFvns;Uf$x-(}u1 z%p0wqP&mtc%ceJKl@BGN&cAFnm)VTpex=dWQVv(pS7DN9-MjlLbc(}|(h*kmA|>3{ zB2?Ig@lq@E)RK89_f$ISQ=4p_x9YJ4u-%--VqVfKX*;$OaNsa-K*h3?s{nG^)cm;8 zoNY1F%S?Kn^~{ta*9E$i3qsSB`BG1VBkN2eo6SlIUd5Sc$|xV0DD{YKQ3wL7vR<|7 zMPseakh=^yqU+e)Ais!toIj)ru5{bOd@&Cq!qwGwOI)bDG+6gsn}dPPHZQ`q_x8c98?{Wus4YBhul) z0z~?Vev3)FiMlQot7T9VMG}?`iZ8u2{79Mwhc6>poocaj`e9`R2L^sYqtleBJ~4~1 zv#L$3bfb}tjKzy(dMbFbK=FI09HVpvWXO|VOy0^`wrM`>!1vs^Uu`+S0xu)>l3uhC_k?TwyLGufKLAiZk7`+hJQl+OD~sMrGW|n zb?8IKp@3tMS0BJ4B_HgIFEzQ`M%G)?-=E)dpng)*xcPEVV=^c}{|MFOso=D{!djAz zxV1z7HIT$7BJ`q{pP8F^7P%u!?wQ_lz#>Pcv~C#LmuEhG%3Q=0Px*$xMZ*TxCEk-ijSKgEys`peimV4FA5ueOcvu@ zn6{n&ZlvG6(ePH>$*A;Ja@!g&rW2uMYM7d7o1Z7ZF#jFV{{yxNd5-AY55p*jXFA_gZ1*)&a zy-!*HC>*)E(AF7C@!Xv*&rtScYB+Eo_>^|M{5hi^5a6trJg9F#Cvg!+<@G}lDo(kR zNHD;OF9Y~gm=4+xYdGKVE|O!kzeip~x0?zxvG}J zo}-KVl=(t%lDMNFSt}Xu+5dzy{t2BS>-~wP$UddQ5&s874%$LHVb_0+{1XIuy|}}l zJRc`lUKe*Rv?+V+IDq_S=Vv!q7Tc#hfKLL_N5lWt)0r3uZSx@MgyhtVAxyNdQ+WyU zY7dD!!b7Ocv&bo-*GKR)J3c8dNuF5KYQD`5cCxUJauy!IuNEd4%*o-?xWko)`*Fwq z0j$gsyRpa}A%C~w1!=)Kv!AWDrdRAm5}z~bdA3B-?`Jly0&r>3Xa>&4WL%!+Wi_ET$2!OYu z&21Gk4vv!+V6?E22G`W5V%xD87T3d;q_XTQJ&STW&y4ADKvP|~NcESngDJkZ*3T$qQ=3#l0-%mWW~ zosGfKJ(0;;dX;q$AddJ}l0m`&Vv_RTk9lQ@As;A%>+!b8Qp6g; z+333geX|RC59SR7O6}i(*-#(}F&<|l75YN6>sT@w*pq$0QdUNI(1%_MRA3pH+9Kw% z8^?%EJ#K~`C##jt0?P>)jIuXlewz5yi(s6-isJg(U1YZaoFauHoJYyjd=9NBL!Wij zFv`oJkXR7o>lS^=AVgD~xfBYw3?1S4OqmPhP6xSM+RbYd%2MQH6{(5!d{G*!NRQtG zFY;v1DBoK#37|#$9va&aJ`1}|U6LTyG`f7JRtcj6xt_F!6qd$~EDV1x_ZNdVESp8HVK1cHH$1aEknVQB@9(4IJJ2!KXZpeYMEkl_(l`Vj`bkhia}sd(t5hcs=&j8EwyUEAW);9brf5^djMGJVqOUJLjEL<+QS@f+&h_t!Xsp!~^OI4do)T%UP*fOzs zkr<{ASYXAwL18H6xENOOu6liNRA?vA=XJ|6-G|KGYMh!JA}--sN(U^5v{D@L=r4n+ zy?Q@j_3dN`$MrWL7w}JCnl#U&k2GL^$H^{_>)U9oD7@1zkkEz@X2K5yAh%xqDw-U4 z-Fv7b`yBhY1o;P?pssT0Z_s3PTrF~8Ccqhp*n6<8(XW_t^j|?!TlX5UW{NXPam3$; z1NRy>^|j~dvo7rIEA+kA*cV;=qm*_^#+VJt%U3zgCMPv@8?`7)G-0sR(eJ>h)w*dg z4W5l#;?w7x<_yQ^up-2RZ0=2_qaviG})iInEDFVkQSrLvX^n(EexJ4Ndoj?|> zRH8>+FqNNwg?}HR zNsck`y^L-Wh}X?ki_8xn0>BG0EA*4VOY)TMK2_!NZcK%D_ZdHWp0{&d=6gGky9*_} zZo2*l)VJ=v19LT!O|6gHX*WUK5J4&F@8UeBY{T&3i%zDz$RChf9?%pWa%aCCK?&pi zMV0M%raw2ba{cpL27+@|A4|1X6tdDjd<}>rd;R($kZXGJlWJ)nKJChPGTtt3EskR@ zwQJ9%l8luc{yPu9+Hd)SFnq>G55s3rl=@*3o3d zjZafuM7=iyyV5Q>nf2n)F8*@Q;r_iF+u%(e#x2fBRtt~etx%{(O(WjwA?Vq&g}gO#ZLO;z zSif@3BX=a;9+6kB7<~?|e60EoVbTO)l5lhOyykD;oSifFGq?HX?78%2K3sW6gSji_ zBz|&MxLov@OFx9F5;QglO`u5<%JJ_WT)B9=M_3E$)(AdOSO>c6gokm}3YnmNC0eWo z?{z{JAnO4a6lC1j;EAMhGx(>S`RX-~2>2f_as#N6#m(;KPn$mo^rlz{yb#Gmr%m3K&+S)O2e{gwi zwX2Z+2aQE_%U8Ih`ue(h;jT4}%WGGzaQT+kFMkZZ)C++%4f5Kxb@jpO6+%AX5(xb( z*H;UR>w>QG>g6le35C^-D<7^-ATcTN)z<~9AEsva$U#?K4Imrpgwy|wZYNXA`C51x=O28tXwYeU)RHrE?@HqP*6`rb@G}O!U8TLS7G&>ZjIoteprUo*SRWI*43g8MFr&ri5AkD6~wj44T!9+ zZ>(P7%AD)T5-z>nnw=#i0E<@ER*%Vl5!jZOKT<6epx64k$5u9=Eg!5=YlOYt0NqK) zMfY!9asNwYIH>Wz4Nr5{8eG}#xwqzg=exJf^DM|OD3pqT;{X5sKOlkEa{gspQeA5P z=GmoNJ$VxPQj} zu~)Iu7AX}3)efibX@0f zjgtgn3a&0Z--!E6T=Q_1;9837QCvY>Ex1%%n{oXEu9tAVhHEdbgSg(u^$D)CxW2&U zfCb)&D+kvdxEA7Cit7KI!Qz5~@65St!L4%>6~5Jv%&CE2 zY*^P2tbVLv4$YEt3Z?u&F@K!B0yD;c@#jU{hia!M)syDQ^LRalo?1_{=ZBt}FkZ0(m4hd+q z;z?mP$79nY+H_yrX6D*=oZHTAd)h&?k*1*mvmA>A! zGr&HdU*S6MpRsy;UFPynGOU$O_Z){j%t_xnVin&xx1rKdKAV|(4lORXo=j;v84(2mupZ@PA3GbmbUJAD#P30^we_IZ zACX6GSYT1wl3I_aK=@6^Nkyq2$DbsC)A^*H;|`?_>iKxXY(qIdGxcL}>w?QrD6~oH z`8a;R@>yT#8z`qBK5fGStI}p`JwAftBK2_i@1WzR&$w=`Z$86&S{_;)n|}=-kM!%K z!q0Z99veGUUatDG{XV07JU3c-jA3Ozh!)$ymk=#>m=EqewCcV`f5=T!IhCgRZ0hW6 zU%62>p4+w>NK++8G>JyFS~@#g!2JfBoe?cCQ5A4hs;4~JfFN4+A*>+H72)VA{Aj9r zfiqwAOy~8=eqn;pXBf=F%50CiB4)pUcI{`M1NyvYVUk)}F23AWz)Gh_Js6G{ioWbB zSA@n6kwPUx)Pr$J50eNFCn5o)oJvI7Fs{PZ7}e~Gu49e@zESfJZ;-BDoWi36@+Mfa`_XZ)HP?B zeeTys5XznDK&b{uG2#8e$>CkWi5x0)U$uODXq{!1d~0Z3(h_-eXq{D%hil3U=#*JF zBM@YWh~u(SPUYzB_X1-_+YDfY*c$E2()>n!x+e8%ue1Z$r>-XlTFwFo{l>=4kcZOl z3`ZLB{ALAU)xg1W)V+$j$_2}8e(jaF(U2;5(`5qHCR%FMUvn|)_oLh7Ip{T@hNuH@ zsCu%E9uVd)XFHYYLU5$&afBm5hjPl{)AvAZFor0kL6m;WO`C>_F+?r2$#Yb{N3F9% z94YFYA~w57^%t2R9yZ(KuFRBE0Kt5j1A}U!R_M@Q1Xh+gUSCPib7XAi<^OSIG;vBA z(ya0@&|s|2)+Lh))k+k^*5Qkrv|aTSfznha*{fn>QOX7E_mQDg_9>B4{WsL`l*6xE z@#2c~GvL=}<&i=Q?;}YoI=BO#QJmwCFB?Xb7ZJ;#O;rR4DyqQU^S`L_b>gi<>7%!( z@@=AE0Ldnfgxb*`2~e>oKB9^v@z$ZF(OXnWAE@dj4dSn#P?{g%mI|Hjy76mnUVbP; zElR^gno!OZ^a9+)@lQ}Rl2d;RbzJD|@3n9|y_u4Ykqi=gRy}q!N!F(lhEoo;FxzkV zGFi9Y0vOWJsqah;?ZJ~|kkC8^IvMYvTr%Edw`shReOZ#O*$>^FAPMyg_uU*LR$cE1afwIhNMw_b4XYs{D-ovs_%lA$y@EWu=Uw#8?$ zN{*6v@4zJOSH19Qc6E$8%XZJr_Y~MtcdC!r)dwBorpP@D?Dx!er0#iC+|)L<>&n=M ze{iT$8YV=y*Df}Hf|)-Y5t|R;iOy5^oZmS}4DTgo`v!^Ycj5(bbzav|Rko|PF_ur% zhsW5IopzSODr~BJD(e&F@}T+?s&tBsx@S;p+^XgLk=(cIsO5}Rwrlx6aCeK%GCJ6h zKBll`bo@`^`X$s|<0-VVHrj#3(y5#r#J*u|tX0m5-=SrSS?5@lu4N9+I;TqdhFe-P z9#k$G^2sdu6#MYPCzdl>=Dlj*RMvs450$t*ZewTSpJ=v`YH)a;`tEQ`hQ7qRcvyV53ZD*HugY*9cz7zv-7ReV{MHmX*s{35pWed zJH_VzhLS7nkRL;1Vh2)cBzC^AvU6A18J6`;f}L-!Wv7wY`P6bz%Y0yf9UIuW2zGKt znyi2_`E2}N(nGrIJiM{xf?GZnykkSAtGMO1_*ZK((UiPOFwMw1q~(vAjcF}7XhY_3 z)SgC#((W*)DRs7;eU91i=J3&=Exbz}w3w#dxKsJYDu2y7d}Zu_QR}GC_mM#t+F#`R7@~~)F0ZyN98dr?S}Jq+{2>o59L|RPJ_7E#!75zv7MFJeY%0U z2iRGO<6T$+x4`kqm{5#*yRin2eV#e6UAtmKQLJ1{62l(>PPt?e!@J88^K;z zf3SDLp>!bF+r6Q}P)^KD-7RjNcNw7};zA1cb|ct3-WR%vV6Pa#-aM<)VQW1xg5%=B z9>ITyh_UH75B9Ea4jo3hxQAyCSar?gP(=q5M%o16CqdtYiw}e*)#vL4Xk0<4`q}eDn9oo;g7FSo9=r z%^$`tDaNxcf!_M$mNZZN=GH%_0GqNe!Y;M=E^i3*Lioz=P>au)74PIkyh%h9J3v3Q z9048URJm7t$5EkNe6}9cq%~cnh_yZ$c!)Ga<43+n+OwCgk*LccANUWz?EXf4aXnc- z$N3D~O<0p#>>eom#7y=<>sKitC(%V3I|HYz?24ePmeR|hKIUlgB`Ldl&}~cUckB!d zLfI8UT}k{`ocgbzl`A3~yI3VzFHVpyE+)iRQ-1V&l>ghsYbYnWzXVRx7WQHYkS(k~ zyI8qIbVH=`#CI;S#vTZkHTJT@$`>=0eWArom(bBjk}ssaI|5mgz>T<54G{6IUpkcC zJuSZPuF`-BF)RLxatYpag2@QcCqSt*3N_m;T<_yd60fx|3GifLSs+o|>KL_{Ieajh zcd0E$IQ}mq{17V((_36Svd^F`DeNN{+JCUoy_lspl*AtA!`mhogF|^1WCanC-x|av zmKY}I5CDL?tHl+(nM8FNMw&1XF042g7UBoi*}v-G5l;r|V29bBGX0-SOe_WANm{vo zzE4jvCC7t&$QQAe8EGT<;7v25QZI@Hb@liea&PednqJzSpDlrO3ykQV%U-mBwCi zjUE2d5@Ax$a;YZ+V)W@d&LaZc39<3iMfj-Le4f}S84uQnFOOuD`;2<0Ur#Y5qCPZ! zd25EHdxp2CZsPSTP3XvodK~71ubgKok&O5OwZy5`6FzgT@%TBeCROTTk2_h(_~qv_ z01++9w)2)n*&KuVxYKe@c`8i^&Qs?*)so3Za9WxnA2a0c`GyZOF(OErS9!bDs$*>K zG&_52nuB1yc6`|=Je%)~+NP1ZsQBS&X>54>7I1Cct4IHrITG4fAy#>ucloE+D|ND- zdKV(#sC5c3NDjoFJmBj>B%oGxsh)`#Mf5I+zv;eEeUJr?F{#^9b!;0Z%8=5SE{M%L z(7W;niuZ-J$@-IEU3;F^A+GbJ1O)otUS*G=HIJr3cWJs@pn7{kPY+MC$kSDy0|ESu zz_I$fYLjP3-SxMFHAGseR&V#ns$-bXlLX`o+z09h*V^2z^)_}6etM6=j)c#PuSHtF zyp4Jnn!DszT>G&$7sEXE=G4HHqR$gq1o3;iX+I?rCjF8Mm!He99O@`e6O;!8ne2oG zdY+{2^dEn1$}I)%ZTX%I=H08=27?uq*2)#IF4dD+QBlr;;rdO58Ec%#Hb7@i*6}YE zME)+-yH|yg^Ukzpk$P5P@udi=dzjDe+TSrN%>vo5()76PUo5Wk%a3Mg&9`wlJL0XW z)Kh6D7rx&QWf*cgl;DFFEJw<*GVC>0JIjnRv(NZFp#}(a4+n=GwzUL$2&j8f^KG=; zv$U3>y*>`SZGhKqPix*UzXlv^^>}uAz$oBXK1XsQO{>J}!w&O;YuRc`gAX1aOfHz- z8jNLiUbXh0%nqp2!-hOI3Y&m@qtY?l@#rxh++Ao=cl=Iu1nUUzm$UwlfPrrPA22>* zKY)7FQkyF>V~$M>r{T*SxVyw=iYnZPWw%;^6v+&~T@0T=$Lbt}j1FjLgu693%wJyS z(_KIWE-4R!X>U_R+!~2>0F)-yP10e-u%J*L7HT{!1nsJy+Q%~$gDMYENVG{hD31y? z9uk6SY6Vu64*f_Rq$wPQ71amiJDVfH+tCz@@gF+et>TMSs6?28NHC|seL)OAjBii; zbHyO|k3x+Hgfp)(&+l3kr2tfz~?Dh*|1g8`t zfPnf%koF}+5JHnsu=JQ=!~-03EJt?B6*iv9G09)-PA`_Hdg6cL z6x;zEz(t>VoOHG@r#Szrh0S zTA4)_*<}`pOp@E#ZYHtoU}yrg8IBtTP`+Sndn0ZdjInFbVWgRObD z0h`jA#Jufz7vD*Bd*6`L*+o@u&-#$b5w;t}sEiK-V)tP*VqNmCe%x4bwr91m#t5cJ z)b(h#5nwrv?F?G-Vg@}X$eBvxn?ewDy$#=t838HIDohIpV=n;$nUzCOEQWI=vG#u| z+bZX2frF^&Apl-O%Vre(>=eS|DpV!JsQ-MR?M6T-Pi14N@L%wzN^fa$x3=+9gnaC@ zemf$5c(Fm~*s#X$r`nC5m{oSOYM5F`iJwx?X9)3IKrBc=0#lIm}ZT@!NJ_LL-X5z%U1|G?nW|@g7g!0ryG45IcQMB$bcM zp#U{SrS^#cFud)-@o4|94hEtmoDfREpcPAB=q@9^PI<~M$b&d%ynuC~(E(*I#B4Y*e^>{xgO$YYHg z*&((M>cTEbsKq$oLMh_rWrA>@WEtZNh=!YRe8hC+3*S833e9&A! zQ|a@I&G&$W`q4_?U>E|%mC^^T{5@V`85qq<-$Jo@G$53|C&cCl`Ael3{toqVG_Mnz zzlMV9GnKy8B(Pesna&3&eM`jf$Am-TE#zRP_}pv!wIMhpM#ES6Vi)*r+7|*L>|)aw z^puCQ50sPNHGLp>P{YAU&b*rt-flGH&E-B_yA`f9Of{-^qgu5czHP&+V@}hz zMx`xd*a2j&y_@8JW2aO5`vjI1WsRGlUe|u^2DQhM+b&#ShrpXH z>oB{lG;R`th;4pJv5mBe!<4%AU$|hAHia6u2*DIX+GI#AY+r}8*#Zj${pVYqV)M_T zmGiC0bNvJ_kV~qlJa4|iup05Ea(iM@ORNT8XbJmJWn|H@U2ju=fDEXp${U-$Fp!4O zUOP@x+GQru9z2GI7^am;|ByL?ceFEcxXzRK#CKq&+e~Dj3?B~Y0aD!-qr?g-wAD71 zr$}d^bveW>ZuN=fxDBJ*P`WwjHiT}2>6S`2d%5_IFNJQlawA)nHfkXUrWoHcVc8wn zGvpaCPi&$|(Lf*H!mQCandYaeHo{{AiZpt$;^s-h0tA@uzk;cgr+czvw3Tp$+O?Ui zt?2~R_N<2O@{7*;J75p$t1sn)r?^NPpEvOWWg-f+KpR#i;a7pd?APpM{*_Li;GH;Q zYXS0?JpzV1jpuMBCuJjszA0mpD;MhKK|mRM6~fhu+jo>yyb0BhCT zu|NW4TEC|%<=%Ps?Jv_b#R6}0Hy^{0!FC{UUrSfQ;LQ$Wv6%zOmy07#0Ez? zROG8;AdOKRbR+Wmk%P+D0D{h$3={h$7V`rfZ2mK>Hb&vwjjO*wbv%f6@iE^cUfVnv z)WoqFNJ#rp#*4oP*iVQFf77+_iOTOye5`K*jW?yw!urPSV%n1=PHi>rO~0ad!Gd5Z zOy5aOVJe`IU;+(p#$Ap)l3mmaEy%-TFfxr2?(qlVA1?fY+L$o$14@Wgid^qd~k-Vhie>0a*l>Ep;qkkF6BlX-UI%Fz)n@X0KyV#_jc5PP|WnMf<3 zq1#5G$P+^*9MO>KRWDwt8~Zlg$fwQWdL6 z)jt_6l!!wep{K%TK_4AHp;fuutIt2ixx;!oJ`QqM=Van64eraJ3-TK>q1U@?CG5JYy(fnrA*^GN|=EDY+p)6WxqX!bP zQ7Hn?4yOvw#FHBcoiwRS4QwkbQ@z`LtQ#hB+ZU!rq;^`eXTX5fK$rIXRv4}}8!NeK z$SB^*0&g+z+vUrWePwz#a$r!H>U}#LQ3G$u_bZnza%E^;ibXD03yZ-27~((B?$aMR zN+(!2f7AlmpTeSdi8y`LNlYh5yEwJyx1%TYF{*r760ol`u>(u;4$Ms;W*bNa=Rf-h zDv}~fV>{e<(`Bj?!*o!HO2qKv7+mU8MaV@ULZZY}vlk`XocPduM(F85cRJ-1)`b-8 zY2=tF?^7~S^LE2rRDTXm$t3c!dNB+Xgpn*9gpzCoS(S7>2V^EH&H*VjIo=9CXQB|IugPX%HYCeinaA{0=-cPP9TB;e6%<81rWwG-3+?4N@1*^dvIfh>VM(xx zl-`~ediJpia%Sk+s;M}AS@J{8_kQTacR^deM;;U{oDO0UioQd7E>?d^vw(8)vd;&7 z`;-nRG8LrkX`dU0Rqi5W5BTLVp=T^Ud1UAr+YWhX=$Yg{6QX=V1O*y(Mf%S^zD9pi z`}GF80%ooX`X69sO*>oDX`0>+$*`(7n0K4H8ZLV~3%sdT=BuUCQSPpE)TY{SKm5F`LqCpAB!G-O*aog#nDq*qzzBq?%Bpk28n)DNE_ zb=Enu&O{|TfrDfx!K*m-2@{w04v{*=<|vp!bljy@yT(SU(CyuKn1)vvdwW;yzpNM`>TZS83d0#Zpr`NMgc~ zw%TrUL;zhwhT3?Lt z-j*eIj%nO$kt4$!+hcdr%uE^B2++fgOe)0Q+?&iwX~hydn~zxNTFY!YwE_}`(J2l2 zf^2WPNFnZ;!8?#f5@J8cO?&^XKVv+-_!(-7jgH&cEK|_l>pw22>y_O~d`chlTKIs{ z$%fpcme{aWE_d=hM+{~$d>Lr1a!*w1BI{rmKuc)mJoEe&I`E3&Jt*H$VoSsvZzKh8 z!#;&tn8xE%?G;M*>wohp`B^)mh(Gm)Z2$x^6SP+-?XTZ&f>24kQrudfq!!whuaYgN z5yI%3vA++LH1(DnbvX5n$isaYk*86YrXPgGVyyeLlH>{>T4DJ5^jlDCse^y+#ojn- z&zION^6jWa^uReObU-E+c_q0xxkvx8i6mZC!Y)k;^u&IP5y=7gv0ebIG67&TIdC_a z)P^CG5qf%L?u_7Iwmbe6XdA}bv;ve_bEgE8SQjgFV5+0wq`%8FIEL%TF-=E^a@8sX z90+@GUNaxRED@jI20_#!Y3!I$JY7`&I|)iV2%^{#*xi?8&lsL!_!U%y-q%qf$k|X| zG~7<__+xDsj@<6IvzH?%aP7B-={fRcss>ri?})z`df$#wX2IO}ek#3)>nT0q$M#CP z7N(PAu3bL$W$G1!RG*Cn10>0}T*mpdFm<|Y99(s}DqueM>Hmlb1_0PkA)^GNR|Yvk z-KJBIfmQ7nn~8uUH0rTioxKkqd@rSinj|=+4TeF)BJGVVPp}uP>L)ifLGGG;+WSN$ zooBeDKZsQcl<@ljnn9VPV!r;;*CyG7>$a=N#>q0!eC}X^X1-~IFf41oxhxsjOyN;_ zz8=A_YwFm6Q3q`?x$F02smeMB?WfkJX+N}Bj%szj8Ll-B<|4lpid`fn93Us;?W7fu zo^cK=-5V|8Lsl)EuKM%g+Tq}%C8dBBq9t?b0TI%!nLG@|aEATGn%|+7`1E3UTn(oV z0_|mG%hJmAoo9ix8%MhIu^*U>lAn{SXsZb^A0fnqqLyYSw(hYcG0NyCPTX(FxvF$* zh}13L4S4Lx`^rqZl!&41H*m-maRCk{AVxcn)faDtu8+YN!j$#w8m7D7KK^tnhOz+B(3=*c(+Jd^)#xQ$6JCQYZDQh9Xd(^^8 z4X4~Nt0MC8KZamsz9H`|gX|3Xpy8Vieqb?}ej=*3o%t)-oX4;>&=>P=@24MI;D8CX zVUU0`;xoYMy=ql2Y~-E2FggI<&jC?Bnid3S3^|PqyG!ptC{3~=()9)iiN-?0p!DTH z*wiK?&7L@QHJR4dB%O4%vXs=&Fj0HX4vygF9Qy6B#|6!iN3a?UPC?%@&^N5T?SGQ! z#TGhCfX+#ba10gt9JA|K3XQer`e3AGWrPQP=-milKo&4HN6a-f&aRtw+yFaHQ7h95 zEk`k$l%3;eWQfnd0mkXqMBH9GitQGFQ}|holS~sepF=AiufGGgSY8f;Tn0TJEZ1{R zLo_85AA!LwKu4HO%A6o~B*^8`Zdjc#mf|#4k)Bwr7iX}F%=kkH=AWaDMb7smlh~Fv zeiFZVfAC&)eu7wY&=uee3kDs?b!XJ2vJ5`x;=`3T2T~ADkVS4G;~Go!mzj&qOHuAB z9DIHL96}S4%GJLb$b{;^XrM>m1?HPNq8R*YDu}|ZS<0%t(V~rSz)HO{v}O4dK-V4sI3pf)3d_K+WONRCRJDBb~ihEk7+VFll+ z#|KBnM=*YtwqT-bzqu8Sqq^sbOL!Jz>aLlqa3UVZ_NyHFvozF> zsKrkFa1Q4rVxM4a^&geY(SHp~ZQA+I7|k@7dGWgvAAaS55UX5!iGJLKvsnuLYH8qi zO?;kfSqT-J4a&=xrI}5RX=*#QC`&Y9-ht z)&alCZLFf-#&FiJ7#tsC#W-Tt0|u~aDjpBf2{eM02K1=U{F5m?nj9-(L)uGkpcrVe zcEt<1Uf*Qxr6=)@-{+~kmhj^nha@?!)f1U7$7j40qK4%3kTsEd0<%V!FuTGZm{OzGq=NF4WSik)QfJIahQ-d|MNOSX$Y7uEtjGa7q?QfG@TwP-w!He5L4qn8V3P?Y{z5*xk%pc|=(V6LjC^8SAtH&9(feRw=Jpm`1o zuXgcQZ3lXGZtQ|f`3p$V(UX zzXzADtbRZkI#?JgOvs+zaQB4loPpc4h6&lz=*xV${)qR`3Ac;V6&a&7fM@%-AQHz+NT7cZ`^bv|5E$%U(y00s3_TqCbqB+TL>au!vuTFT1_?dqCUbwrJG z<-*mgAvob-n1r)N4)S(&!G)aqSu1LZR#;Nv`)^II9xU|w5|lq&{BZv(kzeyf&58lR zJW;c9^}^uNzlGE)s%z_()~piz)lbNf`dVkj(wY^hLs4OQVWNe!Y7ud5aswi(Yu8jS za!#D)&JwPC-IJXqBmj$-uBaZ6|6H&wFI-YB6r$JKnw3lI(3UG}W43GBJvq5~_fB`u zDkvVQN$=i*mECY$7d(P6xqe;R@sAD;|9P>n z@y?m8-e0@6WE8%Av-ejKN9r9v_~nnD1YBc2w$$O8Xl;6Iz~#gB+gzL;$`ORUE~J|P>p(wuVsCHkqw`*QWYPZNFS>;- zyO!3@_)%HT2SeV&_e19Qxa;Z>Z5sy;m*8~af#E;THFlkU1+L%WdLP$rTt{%lab3cdQh-(Ch%32J5Jutp|Mi!Ijv81X^9Ho@+DIj!;96etqWGKtecvc)}|Io1%Z!?y=n7Ts`-1@)qSinYSWubzU&9A@AwD zP+oIhOWq548}l~hZO(f&Z%f|md2i&snfF%S+j-maw&z9i+VeW|_U3iv9n9;_JC@gz V*PEy3oyt3%_jO($euys!{~I^M0`C9- literal 0 HcmV?d00001 diff --git a/FSDrivers/IA32/ntfs_ia32.efi b/FSDrivers/IA32/ntfs_ia32.efi new file mode 100644 index 0000000000000000000000000000000000000000..edea0d6eb2261053e23448ec54f0ec2772379ff5 GIT binary patch literal 49152 zcmeFadwf;po$vpwy%X3w7a%t-LCFq?ZUS0C0;IR>fM7zr0a0oD>m=c#dqV&NK|xDN zuueBbJ8r?+6X%=|J3YT7)fu&5O=o%_I-NnO9f7vfnR8}L(Aq$}fOuh}lJowowO820 z(7C+M@Aub?#sb-Z<6+2XYOwW@mf6|K;g{1Z~UjjQW6taNBM@W5{OKayKH@GdU- zzfb>PbKv~wg0n$isH>nURKLQQs)LqUo@PvLxiP1#ucgL=*M{O1+y}pz8lN^J6kp7J zMQv()y~pf1KeFuXL2vbM3j*HXOmGlwq~9~Xrpseo<4D<2)vKx}z3e&NpIP=lI?kt? z_!+P1%<-6gHD3(HtAN>P%)aQKER6f6hT_I5{cX*xP<&{a>U+F7oo<`+>7n?UWiPfn zaDU$M;Ww;~kMH+%3@k85ZUbgJ?LT0gGhVCnfw7_Z?cmnE!xQs89EzuU8kfEatm9r2 z6HJZS=MBa0ppDw9zQCB%YIEWz(H6lv;WhE&Q%tPaW7&NKNB#DC&i+(%o3@cLc=b&1 zX{TI$-k|>u;AvbN_t@v_2H_>@#5ZV&eSH6XXe#SCv+O0CM)C2?vcGZYT!=&ocXI_nNP1QQT*leRiL2U+gC89sDQ73a!SY z6+AcQndLu14yfgE7-ea(FVjYSnakXu*?TmaX5xOv3KnL^ z;OVIo@FF_O#5Io9WW~hy;7uXsGjEXh;`bSNjcml1C5^Qy%Pj93?T(cmE7Vw?#-k;S z)d$?xFB-|{GnyL<-UYg?n6J&@vjI-u$WYv48kbVH)SiP>r>>EHQREL^4D#hzrdb}% zaL3Asy)rN`PGbmuVUvly#9S@}&YR%9<4I%7l1oF#oPEA^tcee{FY{j9e#gb_wFY)u zXP(2P7@gv*rXe z-M$W|PW*T}!T(Lej-4I*#*ne^;CWCMn>;b`{S9E+aFh5h*>>v+E%Bal6ZIN*H@tUs z()o#@_)y-9<>IgC8C`gJtj`KebQISN{$#>@_09oq7%R1-TiFi@;EsZBYt5!7Yy zo5^p_$E~a<6I+?uxKw=Z<+p$9om;||Nl*KVSr%zBS=FmeeUSURnxgsbTh?tEFut{g zmZ^FgxCgS#=_YK~Lz(8t1CcA{;r8TyH!^vi*S;3c(-<$OnApw6>~Az*{dF+&S1k|G zZ^VyAJ<&SToc`gb169JySgA2zz{JwfV+H=u`@O*L0~g&laj!aTK&;gA^|v!#^7E4; z)fQcnV&Y$9T-6n%hTd=UCSY)1#(i?1X~0aQT|Y1@z%jfq^un}M__)x#&@nKuKbU~y zj=3X+_OyF@iixF%Ol)x$Z6kFrR1}(6d1U$vJLxlVNS_ME@T(7Fq%&49Qa5igV+149 z=P_1n7kx$z=`%mkM|^m@fPP>8T)!jgr?u$X_vH2F+9h{Q4WQ4p_B6+DfV=O%+WPpY zbTx9dRI)Gr=QVj_(p6etIbKI^=g@{Z*q6&y>ry;MmmifqX+xeH*M!docRFiiFY_Dx zt5Cd`^=4kmiP>uk-M?vsiS3zeV%t5we((8#D*XCf#=F=Kw&li}CtkdEzsqwE<2B-& zXdStJhr6b(Y)i5A$Q5NNG5n%u7M4L9>$QUW!fuaUw!renMuP8g)=`gltgSzo*GGK4 z*>>OA-Iv8gqi_|T(fc-?ZHKpsF^Ej1>8LG+5QQ17JJo6NQ5PQ2GR_*bv> z!0+QL@t>&6&o_H|N2AMjj9`9DZrhGUwyjU^E{OS{H?wS3Y#L+C=)Ei^84f=fI$Ld7 z{X1tq+=4vDs`Jcgzh&YJ1`=zrtia|^@L7j0%~$TW5%IUsMfh>24ly6d*K0i+N5qdm z0N=6qwmgBGEkBM;f5w!Jb>O&qbY$6cHQVVWh`$H&YH z#nbTPg2?FnD{`C5tWcNcu*d7`^!Y>a-+NQgH{Q-EWtKfI8G_tkq5LE2>F4tJI{Xvx zv~@wyl>w^|8mt>9b?a9?3d5FHMd`M2O;?5AU~Z z|6FTHI`G%{R8h~t60LXN2s2xJ3$OWLp6uf8RI~5*%)jJ8vb2Ia;Sd1!9b;Hq%!Oha zY|_4~z+>;y)Od*a=}pSt0KWPr_gPFI-(_YQJe&R0(uMH};JKIUUU&#ir+nYMpwC?T z3sTML4(ysk^JIJcquFMU=0v*w!}}GBIPq2)WvSqST~X|DDq~4%{Fk5E@^dPe`QPmc z#YZrv;=5jNM(3&V#1M?ViSq59-2O7wxf`SPQ19wi)iq*|EpOw|cP5xU0c78YukRzC z%*B4~`($9BmDYIlE$Rf%=XdH1b&VbqKZs6hXI(T-MzHl<*8VqY=$PoCR;EP2i}Uy_CX z(awBHPiemX8e9+F{`vV*f49%S(#M^zgSRh?Pa!nH6Q15LhGzuCqGpc6E0=%a zIiYwTe2q*Fbr1tC57ItT6zagYi2tk2&&H$wi)%r^`y0QQ3lrS+?5+dxw*fe^8#|E! z<83|}d}nYAza6EO<;m_hsYi0Qr}w#1QH_Tbz$GL zD|)PwBJS51-<)7dsH;3`x)|H0P2+stkMtdp{)~RzwrP(n?wuO@(Cg{^nE5_~et({I z>Yo{suYsMqGN$;l)#LAFX3DOVPx(mjCFvo@wr(F`P6x32cD;3#{DVh=KUckz ziwInS%viRM_=wdMv}4hO3SD2jOuPoh@AxjP%;JVKVnGA}@VYQep-8 zOf~fD;r?o5vTw@Y+V-TKJ|`%1Y|06{-?2oWu*cWzKmGc=(x039M*0fQmNmh7YU>N& zOY`ipat_ye{LPB@a*!YS>(4uJ=Ed?;Ha*tOxS~t)(~VvHInVNKUxg0gBRYi7N#Htk zoV4-b{z$2n(?1>Ft1gJF6x3VwW#BX~Qlxmqu3wC8=%xPb6jRc3m5F^R&+K{Ys)HqO zAxHMOWitl(?as#u*55AXMspcxD~gpfM+Idj-ixmJ3-On_9@fVP_>Y%d8@)4PyOL;= z&Hq!Iww%uI+q4}_qRm`HTYx#5N!v5tP`qZblPlADHjZ9JMy__`Ea8Wes94?v%#%|b zm>7=P{Zm|+{e$y<+@3>XNrSHnpL%H{IZEz#ax6^%YW*lZhIs+FO1x6x6Em5)oZUGPw!H`GGh6f#b@8MSHy~-OK{fQZ0x*9+IJVl zts^^IBIq$6Z9HwhSb1hB9!U69&tu25UUR)?pAV*)<*f-H8+f)HC44OSaSi@OUgtGQ z{BDBZMb5KhhrrF%kK*Oib`B`F^E&VkA1^BjdrYwpe1vx`ZKYd%S9XEl*>4-d}+NiUyjb`orb?}a^+9_ zIXLw~uPv8_MHl4KhKK(Eyq&=N0C;vAWYg6Z(zyc*e8c9m;H`cJ?Wk){UO4agFVg>K z?l&Eh<@>=QJg6V1DYx2b(~_hYw}bxzS10yf>&Rla!z=ZbPE(tM9#bV=fcFvcp~7SK zi`UZO;Qv}dZ+e&b%sP7}i2d_TaA4HH|Gmhn+9dmynzvH$6Rl_N56K_4a|X%yS0?kY zZRSPmME!rk8VU{Rf06(80C|v)8kY`?HeG!=W~&b!I!EoX6CX`CCF|4hldu;beZiCr zq?>p_m#Ob%E`2EnOMK~Oww`PC>_hjanb{HiB7BY`@{#;$X20M`r$q<#a*w+{pZ(jc z(78sfOL*Sn9o2b=m|z_`N4B_jzH(`!I@@clBeKhXHY%|;h&g;dM<%f;lBpp&c2+FR z8mHXWv04|act+leu14-6zzvdPQyeXvlwXtWwexGwnwUSn{h0i`PEV+77j|~%?f-3?p=N2!M9dj3wYN&Iegu2)g2$c?jh>#A9}V5lNWtD)wlCfUALY+!9!qQdr=QduRYEhg9UMdaZm&V)3mlqh zt2tUr-Ba^J@jB+N4VnDo_7px0+EWwz8gTm1$I2JB!&m7&f5Ogv-g3|@ys-IQ#)%Vjd`5kJ2@tN$YH%!@J4!dJ>~@c-gjHdwjG@Rh9P^QI#>A~3ftVfW^IHt@J$ zf8^x&ZFx(?1&^4f*|E3LfgfSJY}o)m$;2V-SP&WxCh66$g6GG;`Dv1G&`um`77yX8m{ei_f8}adzq($$1A(G)2=tu>`^Qo1r|PZ^G^2BYABaZ9U22p z&IrW|$qgT5K4n18v%h=h(7SEn;?L7w<%8{ezv#3lAEmb9U2?qUNzk1fuSpO6g$*ZR-@CswNQ<3g*1DA+ zf;@zgPx%C4aQCsMCA0SY42h$L+AZm~j~M3zWK;1>l=0e=_8)}HX1_`VFYN4(9$*7l7v%Maj(CT#5^Zaf@Ro}~M$ zv4_FQz9*h(LtpLWS#i))jN6A!1g4!g*_oKr|4zBuTiwdnj_vFM@5YP-pULY^qt4A+ zN5$th-{}>yT?-qJ{&&`s%imZseXuZJ2TX!{j6XX_t=bSJVz!Q z#nMhJ#D1MU9`UQ>nmoYLF!e5+z66{#lZn5POJajqcw5>N;;9QWOkELmm3E!)iSV~A z?FT$limz9W?D)}V;=gQy>{jq{XRN4S#iSeMxGlZt|z`mdH zM8k1(mh?g%Fzguf-GS%H71{d?LuJqA5%|ALf8pxpVovfbpEnc!NCv<2Ns{iiQewyL z`mvq2XC>_a%+%Pws0`ir$Nenl+>LCZJ$6}YOg8aXiSgzGPdYc8JYLy|*xymVS2iL^ zj}?&T^Ck3UvLF97`pOPCw2g4&vfGKPT%DU70|-R2eR0nP+5Kxr4)&KGR{wAja)&O` z94F%=IIevXKI$)-Mfcn1j4HCoyUjsH4F1g+@+boXr#x*VV)DI;L80xrD`Mp2o@phH zbobSw*xo+$kYGt)6lAhbJla(KExD2VnHw9&?vb(DFR~_q5rj_RsQItiVa5LW+`!}F z^}ZxI@;Unp+E^R?Od&OLH@CVGc@)-zKf-msDT&QIJtjztb;iyFLBB$ zDolJWw1q3A^N7c9a>|3m66L*?e79$U9=txJ8DKRtu<3$2PboS5$st2;dwU>~Vq40CR!RkoiWu;tCFb;>7D z?(-4n`OJ~bNX-`Vip{?y|N1WQ7F*<9hymC76~kn%Edyp4Jj#hhBB`O0s5QzSuOiiy zJav8mF>kbUtdd*H%7`6DXSwUfU3U@U53Pd^Y=-jD$+`ImG4!zIlZG$<{QATnC-#ni zV%a&1F!5qB`%}JbGq)z2+zmc0>$9ZbGjBbX ztnBty-rB#&58c-|!BnjQMi3tKs2y-D_WHwPv8Ch9zVKvZ342!TgK%0{9W&J`Xtw`a@eYEPu0jaDqLy zI^gT<%1a5pv~vF>I;}s|H|K!IQ{R><8JaY!4tm4D9OPM6S=X+tr01Q)HNY-UHCfR- z%9+2}#Jv&5QJ(BY<}d0IE}r^Y<&)sO_|cpl>VhXn+2dT=gkIBph+mqM1YsddyVjep2#)xJ4&te{uO>x718{IR~j_0 zq0Z%pbA+Ea)OfToE7Ya)4XaoO!Y!~h6#tX61CKY3 zFvS{IZL~(z#>xX1`dz^~Orvdxw##T6NTn_1i&obrk2Ua08o>3l*c?mG~WX6in zu9o@${eJ-6A+ISG{NOZbh(zWY=%_}H4>F%?8NZJCt+q1Own0l|W@xMLve4E7%fEIn z^;#>yZcbwjsZY1&m_E`k9_a7yqP;^{Df+&e>AeeoBWbSGIYwozsDi z#-&xPQ{=bEkNye{{extedm z`V?N&pdZ1@_Q_QKFO(&Zt9B~?kBs{kFp_n(8_&rvkUidoJe9+bOuyOa^Iw)d>hhFj zg`CTZ=CkHGf9c~KLAlS&*@<4ej$A}3cCnE<^myE&->-llr7nkZGm`d!P)U%zd|xQE zwH3Pkk(zmF%)`}wlRXXi*8utp(ZGg;}lS`GZ-}{3vq=KVr!`+LjM%l&zEQC&zOZ`(T$fjf#E3eX^e?xhiEp z;tk}m-I?dvjQOZyZ|QP>V!p%n+ZWP<=r_v4=(uT??{ENIhx&nMmi_gGbIohL9p|TL zUq0oCa!vA6KO#Qlt-H>kfoM3Hz zJl)m-@ic!~*U2-c3w;nj@c@1rYZcm_@!hmAUh4Jr_k6*`%f0Mrp!544AQ#2H0y?d0 zrzfwuv@F>FGIY}Z5v$kX&vo$Uo1$@SsLMUq6+t%_qOTg55AB7M57?^njhwBDuLYLR z%4vR&d{5t1=+;@GlJ^RjdykpZ$2_%r#?1YJapF0vY;^1o4)34weYjBj?)%<=CMVyd zvzyKtvac|{aPoAIw&VIj&fjXSXMo!r)lD^7-@Ecq%e&)D{PnWw{VUNC;?0+tuSRs# zyW>Lf_XYpUZs!}`e9qfW=LY4)|o0#XTnFZ?Xg$(_glG7)I8~7f8FYQit&2TJ@y!! zmsV^m`D#eyB5Q%6IuABZaq5?$W2oNM`6rDh844F+uRYE_j2~M#JK=-9$^2p`F7m<5 z2!|gvw3pl;0hbzNb`AEX;%fY9W9Hg;m1WuMLU`Q_URS`M3XgBDXH4T#I}Ur1GqULG zMs$STzB?=S0dgmu9fp6tF|zmg*yE*}>~-1IXPLQ*y@hKfcyHnz0ofnzjfG|RW|^)E z?DO_HvU%Q)ApR+|#kXJM=v`Yj67rhNk7WH>174Himux+{WnVe%wP%*>Z+~7tCg-!Q z&ge(qK9+|)QBHp^zU-s$QM^_@bu;ntCdwY;e39y!6Fkl{;E135lXSB$#BT#~N3N{% zu*V$MS*LI$qJ5+z!Kr3TC${+=>P{k)%0IdHd$5t{wWaTlY+O2`@rk7`rJ3>bdDdC^ z(dLPzBPqL{`xDr>A5RT!A#r`=mmczY)`-f2&qmk7->UGmjPwl4TN&M!z099^*{tZo zjAa$XEq-gltmxGvmQ@h5=>Eo4`PWtWP05X4G4@&Rn`!e7ey_$?{%HGWRz34rRY`fa z{ajG*6Z~x>mibfjXZ=|HsUxpdvY0ptKR-8YjkfWqi#?R@mv3r~w4bBE5q#~VX&r~R zWi0diC(a5BAIgPKv)}=%5}X!ia+ct%?Z4P_S4|suJ9y?yYguq=IEN;gILN%H-kocA zUt9js&>X(H}mJ;caZbr?Duzt&8>6pp-y-eSScIlWbMkg#xx$yLQX=QeS=T- zS-TJP4v1Izo4n4N#a0ZzAs%5}6#YE(=q~h`{C@c;Ut@hL*ZLv*K!-fzXALl3wx_U0i{)H3$0`fu;(}H<$H3&TSI_PsKv&-rS@Tug zC*$DS6~(2(;aYGAoEs=^J70E8dB8V$c4bw1C7JhUI42zD9IJFgA2#9yd!X()9<7z~ z%MZ?rvR^8keOWoNOwJZHL+=UN&%i$F97;R!4e{sNCTN?+nyWY;mO);&XjHQWce>Q%Sw4Cq=Ww9&n`S4;<=ph$kQIF%~$R$r*ky# zBI()!&lqDbdy#vGTUP@MEc+cH*~UXfp)TTu_$REjeC7X1tEgco`k9c&QIRM`yhh+sP*!*v{GDiB7!4{zUu*a;KcV z*!Q~$X8b?#`;Ywk^j@YlZfz5EW23kqZ~GO*ecVr2+YPP0pnM9`>?7_d=r;8SiDg_o zehAE-&+PX|$c5+FGWs2SW8t`ix+?U=e&k=d9%N=vcl{($R+CiLFo6NJ}_;e{ASz{gkt^^zUN=ZK#Uy@%P$Yjk}m-g(-K z{5?J^)b#@ETJ?p{;mMU=8EdyMpnbrP{-xfT``op?n&VJ{9^GH>(6g6&i@t(04LFVG z2lj`EN3T0QfDT5_HC^zrnxRelc{B6658C!a?}zUV>?=WT$1^7%zrXF+y*z&aeNj7a zGht05awIse&QQ)qc0h17<`mms9RGy;n8tSoiq&=+>wWUGxwb!O(e9_@!1umAP~1LC z{F{g`t9;McPQR7cTv$tf)Rm8ZbjAGz%j`8xjJs#-o|aOs@*BsGG_ew5)&lRi{wbdf zR4svrIVT791#P{XE4^W#JHEnHnCr~7yr(|iSScZUKj0(sjps+R)*f)ywbtMF$^TnZ z8;{2#CJvG(QsnUck`a9-c!2gJ`;a{bLMughknBQf1ZKXQKqvj;!5-SoXwyYs82=6lS>Oyi2$|vq%|Fg-QK7{X~yz8c~l21YY zHo@=TYY!Rz=NiW^t(i|9?|LadVGcTLcR9H>@m}%C{o=o3$*U5wM(m+Dq-H*2e$T`w zB5&BuV)_5I$E}!RnZ>M)9>!?1=P;-9pIKv!S**1@2EN#GWaZhq@himc%XCJYzPZS? z+GKMrPx$A_`p~xX4_LADqlqu=Jle(Yp}X%D$Um1o(K##SeDK|hKEz*}gbryWHVscQ z*#&-6--qpA!@O4L*V>uyBWFXdq)76IkKWbfG0U%`PX)M4BUZTCgN`tx(&6QizLDfM zrjpmdr)p0Nb@Vchn zCe`ebUF{oUSHswwc6d^YAEAD8MH|my@?!EQb`wXo;!j5>8=V=;l^kxg>CfrBo2%d@ z^T(!t!ROzl68&zx>C0V6yx{445PYOJ{I#Ylbq0FcY(llJ8Eem5Kz8H*mH4>m8D$c~Y5j7Rhj2d2{DSIU3E+>*xi^ z-XqM7_^o-HjZFl`Yo<0Yrn%7`f-7^An47+YytOO$4v&5EAF)UB^^4IPd(k(q;4|02 zgFIK)Xs-u3W~~hR`ahK&WquX&tH1m@E2D9#{9`u{tMQEdyR1gx2BK!iV57+*)`~x{S5(PNF_}E%azD z3?mC}{#!iNKKd8otK@w*dbaj^cKq_1Y0HZp#7AxfAN1!wALm`m*{4W*&|1Q`A98$6 zW(l@ANAF-qns(-6PfC239h~RG$Cr%0Y~z*F`S)Czr&IPjL`m~6U#k_^s*@Zf=bb5g zCXI6j)0y9J;p|vB``Quq?jy_<=l$$^+Pqfq^oTgIMSRVJBjS1wM*aNsE8;xLF4`(@ z2hN-kgeKinmPY^5ZKgx*UAYzQk;!G#^v=p*bdO+L-H!hMIXt)$T-UX*2glsYey&>T z#DUVo?d1G!#NGzUB}7K~o6}EkJ66O#&;zs!M>f3>`F^OYlK5o}d%b0aujc>5Y2+#4 z|A}t-jA7cWOAB>nV87exSNDC+@&K<0Se3wN#g?xGFJw6@oMyVVKkB?6le~7czTJ5h zJ>dktnqNOSh93=eEiQZ+zaVYxOTg+zcPHcF1CKSdk?_Yb=(H2wP>JC8jbsfJ`qQHxvsHc&{I+F4 zvU>42L(c&la{m^4Mfj@jIQU+`-OAa5>>TjDBhBpF>EAMEEaM0t-Vv8SyEMmVX2;nh zZygb;$2L|iXAL^|<#j#>egXWjuxCPg4*T)riQ9Lxf5X|=66yNq$pfn`@V1I?oS!RZ zZ)PjGklFY?OHK?lE!{;Q<;13KvzEcPB|fgaYf`@hA1r94r`1h;B|kmWWU)6pJL<`( z^wZ|#;>bMWUaqs}krT_pZ!JCqj;y8J#CRpmjE4_jj4x2qmuS~#pB>0a_k-(iCt1tR z@NN}8MG1cKl9!RKzsLV|WO%IY!(<@C;yXU7c>S8i`_IZvjG%lfW!vG&URUl5$Hn6G z=lc$`XVa%0IeHqokPPjb{BnM!m07vn%2``?WOqLKyrQ}2h74$GM`m^)yFJ82R@v3f zb5qQo4*Grk;*91n^zKCd#oG?#=_j8I%obm@4^V?#a2B=rcMi^jaxmPx>O;?kOV%WR zA7jhrvPU02%Kj-hBV?!MvF6sHj}K&q-mjIG zsI@L14qeb}rKP9egk4yK?$BCVWV&SId)N~;Ii^_nX}orFG~m|H`zKW$nI>CfrSYwy z3VidTslQ|IWL*DkvBz810Ow;*-r?sb|E{Gy#mwoj#y0EB^hsnnml);AUp3fynup+h z@Ro(~J+tzf%SV}gD>t%F&GpHfb1~0+TLHZ#zi=&d-IghPN51E{iCrOCV?E&y#n8>C z_jsZ$g42iI6pSBo^_U&@H*;JV`^n|z5oaz3R^9wiS1bDEB=NxaS%65&w{>jNNw}@8NsjQP{g5+l5`dfIZIf#NM zb%Xl$fcD0a6TSzMRX3kK3iz(P)Y|w!)o;PKDuJ``)!fStM3{f!E}UNi=W_PN(ydGz z-=*LyAHu~!c)gOqBbm3y*-vxvw{ZqHe`1b*dSU?gv2p2e>msN%-8Rl%(^GjQI{FnieAOLfm0^Pa$|^vgr>wa}L~lXDQiYQW!1>u(}XE4Rk7&lie? z%Zd({TDkp??bz9(eHaV;zU(!7Dxs-ANlvI6q@@P_AK)GC0CMqD&$#A2l3~wSQV^W8 zvUVKBrtN8@ug~nT-{~eN9usbc^JWpQI$P@Fyq?x-aHi>!y!g;xFSGyVoA%56H0DqH z&&#*@pGbf2TaT_qu84p8gT%#JZz)=Dqn&dUYNxfP{Y}Bqd};m54_4fq2Q2x93&06o zaltoSZ{j@Lb8wgR0dqr6Z)pL0#T|^3=Jg$R^$&AszaLDjRylv_%PmLoub^)>^K>c? zo6q^M+}E!Oz2BqUJ2*_H{T9~O_Kn7l0pv%fftPqtLi}t&KW8@{H{^p=wuN@DTw}7O zYbU@D_-5}%s;+hZwEj7Td-DDC(H>!8SyA(^`9{#^=V$Ci^V2$iPX9sh`FQ@E<~{T0 z9R2~kJ?zsSYy zxA2?#qBp?XT?dk#$a-f_O#BTmt_|;dFz$G zUdvw4LzGL#gISkn7j$#}W(?(7_=&)Ji0cV6W=?6U*=SK7=KKTetE4pbvW-ogzuInj z`d4BPTCEiO-4GwLRu3%Uq;DuaiQYa89G&r)Zq1t;wY<%ItD&TWTzYVV$&N;*%tNM+ z3Wqv6 z{YA+%mSb!ES?NWBRkV51vP$+3e5sdZ`#GP3zh1Npe4KG6Wfwt16d3sOHVk~Zk`BhS z`+|Q3d=hNUE53WlPG|^XuioX`BJigFhwtMDGKWtQYyKIu>3y;toP{}{*pu>R%F-zF zkaL)kVPezyHr1ao-go&8GZ$g}B>EpER?RIaH1#Wxv2vcXc=lPN(+X<6^=;^(C~f`L z$h6XWZ+)5lZfn|Ma!IF8AWPcsl&oqVqZ*68VXi74g{`UvPq#jk=LPh6JxTs*XfN3t z&F>EOiu;khHO${h`S!?S2kS$!cPJryH_`s@;R$)a`s3hs$jcru?b7Nmzpfm96Gtv9 zx_rbk&bb!#5kIPqGsxN6S3Qwpv{!jl`zhjkx#hEI>_tbZU3u!HW$!S4`h<$22zI&% z`7LMPSoebU3VYENn0p`;IZ@4*9nv}_;0{;bPq zX;1B$ zeB(oLiDWKJ+}@gIPOrpAICdbzQ79BzSFXhLeqv()h=bv%k52#?Azri2h z{yaH$WcTG1GbUK^lX*eEui01y%wywGy(ieiH>h+bvWEB4^}d^~;}h4hsvlkUTrSrD z<&rgBm8;fSbj?){@075IncI_7_MGyBdwKRHuG%Z_8CUk4;?o++weEFIrtx1t?RoR9 zPy62f^yJ&eKke)5d;9ITPkzeJyKjE<>8ZZ=KhpiDAK3qXdiLD8a|Ps!-Fbzl_Pn}$ zVto7Aop129pTWbv@;y5H3Z3>9{OzmcS>J2*<&ww#R`7{;a?E)DXEn#B^Uc5TwlO)m z+sf0Gr@fi-hjwI6%&^YR>GRGg@@@OeC+v3H#w-i7{`Yu%l^HWLC$?Idc0MPXRNr9b zrq?~2IgxiC#z(gWpIF8_;?5WujFFz>XAIwqO-t_?W5&;T);F=7Ye%*zQQHgcQtfuq zEgfUgA;f9B{QgQdg-d38&(7stshr4t<>~08oVv8M${ET%etS*=$JCtgw#xLK)C+hw=kfPI`KZS)wslWWJm~wH>;)Svj{n<)2uw6?$p6igr`LS8ZO(V zecNtG_gfj2MOI2>CFgv?mX~KwdXZ(N6Mv;YPh7(Hakk$0pX5!{wuj{VI>y^)9fEf5 zZ#?gqgto3BHjq!KJWTMP)@%{qeyltU_dAgdbYfOHza68{w*{Qe0~#~%uKpK^-6_oeSB zUw`(3o_F?PoV<9-5z(5<`!~lExv(?naK&-IrXSz^qI_IuZ-HWv+|E}yLq7Ifq1~^a z_n!9SulC5&Nz*J0;JUUGW5ojcEYOIpu+ zOY~06;28Mnim&*Fusw#((e^QZF@4FU_8&y|bpT&^>*RB6>a&vZ^t z&0ZB}3sQ#t-m%_ae%I?M>i3Q+(iyZrzz6vxdbgs^ZaZ7)JE%>Ij zWarFieyKHT?R?7K;tX4l_sUM?5~e~2XLb1u1-ec+_HPBES8)2P>86~96wo%`@2wH+=PET)(wruD9D&nidizyG!be=1yUp#ZCzWKVu zoZWt`j@WuW@XKx9rFClUCFdLUy6sb&oR94D;W!|oq)^4l* zA$S|jw6veItdy}e&dXB|wd~~FYwJ#{{%Pu4V^)18SNRrE+WB9#mXunf*VNFql{M7F zHTtLIs~Bsi_`?|O9}g7oq^y*^{uA^qCJ!jx^EP{-^c&2rJmyJ>?Zv0W_u7xV+Iq*I z(s)#GWcySvU8Zv?8p8veW#lT!@gF5mmwOgj(s!%G_g>CPXl~x2?6)dQ@L%=PJ8P&* zo&(XUI`LFzl`z^eCRK)vbRn>{P5=`~c+`K)mHDBfZw5bJ0)!oSY5&hdK7Y>rW1L#@oPE|GY zh%K!Oq2sGFt@;}1sIIl@8!4-P*sAXVMs>`p@8!82zrF(=&WHqG(0Xy7OL>+rS^cV2 zk7B5*{tf-*;!cp<ey(@^9_( z)Qierke>T|dFu<&$n>+qMS6cNFvKg)zf}$Qy=vKg%LI)6ADS=K`C6S9(w@^B2|e(^ z9aaZ6$ljlx2#q>Nw2*JSz06pjphxv>>vu3~PN|lYsd}%3h%^S+0Vb=WbIk*_98W zZw&pH?8ozqk>LU}vHt}9YbQH4BZ|FdPb~Z0k^D^qcy|_`?la_H`(zWqL*u&NKXU0% znJ-Dlgqf@4u_oH%k3*;?cXkm*K@7=jJ-YppCzB-^9st_p~L0%C-_7E z0-Yy0k5v9(i1P%jnTh02n%Ey=-I%TSoPCHqSPyIQKw|A2VD0pfcRIk@sR7;r)(+QP z!S|5MsbLd>3=$zf87`^3M)r zyXA}VIsB8H{lk9p7Vt~h%GLBBA2hss?=60(C0ir+ZFESZsacCOkyX}9@hzMtGl zQSF3TYZC1qqD{uYz?}b>6e?FaMP~*zFafUe0u${gX|?qCmlcs)nG#ppo2KG zT&4asTy6fpHBhw<8m@u=$KNoqGQL-RnloANym7Fk1Gs#nWL^mWWPrF{-<jXao&#gF7tq_w=m{#Z8e&+|+Y?vZ(1TLQ>8vSmFmJr?lh z$L8pq+bfIhwtnLF6R)IoZMTf=m*O`s!Dl816xvO0q|3i8{|OKM4SfsQW1bOdcp;bm zzvMd}{qQl&-nzaG+3w`&`0hr2Y!daHx$3&q-jU)>&J-SjpYl&1G1kP`gNmj2j&LqK z_gxz*N&j-FByAqK_t~M6ku%6Cb3SuKFjUe%k+XGIkR#7AT`8RXI>DKLFW-Og@NTwc zbp8N%O_#;$6S0|nb}{iclvpSFY1H_C!1s6uo=c~-v!>of-b91mfsh?+N4K@3PgK{( zx2b!1*Gf9BgLP|vuTJz*XSZklz6vc`>sr_DH)XFTC(irEhuM=lU5if{*ip z{gaV)?zlWbE9YkIza7jD01zK!O`Xw?Q|Z+&PVdT zqRt!cX5V-jYmVH;GvO;k9eT$pI)d1S^?1dE3ptGB^*A)AAsE+T-;&<})C9YE{2b0* zhVhksjN{8-?;H5D8PAt;@i@^T>t4_3n^W$W(Vs-FxmGn?f{3$mhi)KK7+8?WvpG z7n5v8DCs>uLt9ri9sXW8r)K|Mp_lY`g}menQaYv2q}wze=j7s?A#>g@<*cOE;z8D8 zIMd9QjOn=sT%(hmwXAvIdt6g`C`ljIXPq8{U zw^I^GMTXET?4!i2?rUS{p7?Qe_M!JV=SIF&=R#SRvmc}FUe3{oZ`vd5X1~ydTdVuT z8nd{Uy|^8He>H8@uNQy444>sVXVg`97j-)KR4#mp>7+lx*_^pSU-O=GS81WC4^b8Z zw}YP2-zt`R413rP?&>ev<-g-wJYI|3&xgk<=iQFS8&f#H&$x5A$A5dq>YZZm_voB} z@@2{?wNmHfeZaj*>p*l8YjUnXw{tJ+SvTtyXAb3 zmb2y~igxqPtm0+SU5KBH?;O+nb>gc-yNP8(6EO(q5)b0X=5&Uo!xKJi5WkYYNf2wq z&(L>5_UawY@0hbSTy@4m?>gU}_}qpHY8cL?YheiVi_;c;~ULz~c;NNu0&t0%oM!us z5N)orQVvHC7B^SoUp#)r;THV)W^(QN?&y)*ryg$k0G_sb#`f=*K z8P^~7=BIs}6U`5LeU0^pA2hURl>nxC@7RrZHCyfa<0kF4`Ow8v+#KU!ci`oq#g zz}8+s%7hBr7U+zFzF!gsenGdRgR5o#z-8pQ)}`8J5x zejF?r$`A3v7d~OXNBhV4LEOEsz!!Qy;442Tm|k!$`gFmuzR_uiEquJv2hCZSg6U-O_nu!F!p37@86-)!4q z`Pa4qN4U~Hrv62=_Z!Y7@f%?Ng}Zp-%7JjTII~mAH3ZH-WX?*B>Bo1ds3bY9)wf9s@t31fKDl&|(QPv^G+*gfDiUu{3D zRy=#8oV~aX+PE736X_9D~3`UN7JX>`USJBy;NEIN!nX)#?{)9A7PXK{)0COFWy#e27<* z@ga+h_9Y`1?Mo^~oKG7cJekIC8gx$Q_ethA{9(1-w*12jdz2DPJN{V!Z?T(-pNV;i z!?8W+S6?CLPB^32hwi}tKHbCL>eTs(WdG~Tr1O@XP0s1Ok@YN? z$+5Zca_z1AJ?GG^jYoBsRk;HG?&RZoCrIZ)^bWEo$hW-smEW4=syKiS>l(kvgt^{?fZ4BfjDKEv(j9-l&dCBA)aVcddO!pq&;{bTt5 za47!13-}|CHvS*MpZ~w`{!J3zKKNPFgUX;5PU3uC=?~vHho}H_cKmt7P%FLdVdX`|ZEM=;OWA2h*PDB}R-?oS5go%*-o9 zw%vZi=H*}Vl9%^%KIPf;sB@Ot{+3VY1aPdyuGF!obO*oEHv=zuFKN$igqI)jH<6}) z!z?c~>HT~My=uR?cFx!7cdnH8x424|2f6m~%pUF0-+xKxvBq|OXhL&t!Y3-AAGW>f z8`SYVM!xrFa+?$7KFYtOa^m(+{@T~^5aX4?!;iCDTci&yzQv$-#|N$=Mo@m~78CzR z+62){A9HVgGxdpH%I&ta+dh&Q9X>M`_F0ERBhbI!9KY;k53vn4p0mfDMb@a3C;8r0 z%~HqzN~yhCe|PWH=%%Y<@9oa)&^*joa&_$OwK{`nPN9@fF^8uZ;}kioQv2340Mo2XZX?`}nNUc=a@MIxvU5h+_I?aed63 zZUoOW3#{0F&ppp|vG36j&+hS#ZT@%CuuC+s7j`;K45a-x{fdXtZ-%&x|+8}6$+ zoc*Kfr`ca(yy|D!3nVt$@7ea;o7npOp6$;a=lYnneC~eFz0X1L{yy*c#2(Z5=H=`U zr9M!7R{Wj%-O$5-r8>T>FeSk(^_${bteUfy5r;+-yp~M9y!Jlg=t0al6MRSOwl{!8;@USy51(=_{MbQ7aEWDU%@v8 zCX*Ls9seN^D)F{WkG(g=bbV*Czo?rW(7WU%dmiw_IAhoKHaSWB=dM2|jy$8Xk&8M+ z+wb}I+pDYx?JbA!rK(?M4@Udd?9E`GtE!J!^#?W2?9ueF){vR{My{!snD6ui|E9yg zweW9KNUBgTG;TZu6u2vv;;=9eh2fwS{1B*f~x~;CKZ%iWez-t9j?y(4#?o zBw~ou<*etvHWSO)8aXR_(3)#bw@bfmU3IpP_S=c&be`XP?bR{iE_y@@d&7J1OUE5b zX?(OD9h%2??6v0id$vBenRCQiiOf9`E>#$n}*J|u5S{I^fnX;xsa zuCjUhu7PX=-w9c&dA<=C53yIJzxgPh7;NG@Tr*AP;X3N8z2@{g-iKSnzX*8z#PT(_ z`(JKZ%e_C<*W5{*#Tjw_wp_HO4;%A$%F|*S+nE!!_t948)en(lRL)P=r&Awp(f!v) zwzNzGk3PPkcLF=L-_!8ihbB1Z96koJH&@rqrkroxZhrq~Cfd?FHx$>tt*bwV+Nf|s z|3rrBA9TlWvzuFFtNzM!&-;vdw4C4R;LQHgQTBn4&gOoD~6(I@ZDL8@wZ%^Q`dPkC}@% z$+0W|-ehnQe)lHuJI*_QH(Zwg#E(6j-v0x>O%rveLf z55w~?K2$m9_#z`hB~fS*ef~m!=M*b<7f$Sc7cZB_uO`MgMox&>Gj=8X(Rq&TqsgVR zhE=99bv|SV&w}UTD?A?{&)~wEo`9wH3*f(K`{agDT-Ud*LoQN~3+WzovWI;Y$%X2Y z@pAb!J^{=17i!_@rToNqD|t7RJlNZ%H+7&}UVC#B@f_D={}EsCHGIR@n*K^Yad^%` zcp-ni$M=gC@E&K+6*P*LHe)r5{~xobcJda!P47uN?6wbO{-ULT_HN$e{OHTizB$ff zf6>#Sza=f7awNE)AGzSHeE#FiYsI(BGV<7+yf@TbM(&}SJ!tX|gRum-{@IM0s`sgDhL4t(`H&9j=8mOt{#+wyN-y#2Dt z-?;hvUt4tn-m!nY;eR%rKbF-}Y#zC)wEL#N{N81GGq%sT;lEY=AUNTcHPIi>+&g~3 zzWkehbTGqz<)qg78TZ~druR3$&T3iYv@aY2@6Z@S%9sC~xz{Dm^R-Kz>z2f|XPNWt!dc&N=O*1RGRw?-6EW+}D*NBNc;0O8 z=D!VQqiHa!DJMTTY`X?iYqwGT0@`mjb+iruYXdz4)YkFe2D6eoK~jloSDSme-pP1% zcIhTwAKGNMSVy^V(NitgmDD>w|33H|8O<5ng`Vg>EPi(ZU3gy4^&ZC6XaRGpjcwTN z_#Ya7ct`=8o{b6q{xN!1+Bj^YeSleUc(;}>nBBtj-SAqpiJu#&yZC2#{v^X|Fkzd% z>%n7_5!4NT1nO|`G&2#KV|RheX0w9+tCDypjE0jZ;e59(MZ?R<#WEr}+6d%-zZ?h$ zNsRcjm7bTvZuNR*oW!4g?uLV#>E-@7ToGs2^WSQC++fSh`UG4_@@hu-hM5Y@-%Li_!q?)&qN;-QJb_ur1H4>~QXXaD44 zJ(^&Lc_C4MYDm50=guTKbK5Vp_1_|U?rt_!!^*=wW+t;=4E{lLgIS8K&F6j=W!IW% z2|!<@Bv~d!SGBnjjd272RhXOkS3ftx(YyFpnr^i{J71xvWLeT+%&iG~vL$hCOk9^I zt~H5kZ9~KAb$2%e8a4zruC84bxVv@}58>5;)$3OUHryGwGg4=(?BV9al}|~hW_Tr9 zNRsQ=idFV3X(daZr$XbrL1{y8Y}j14DzJV-gEQ=kx(zD{E0fDtZdiZM>WvM7Rjcob ztXv(qYU-w|gyn5ji>{tI$01T35l3S6G`coP8bjJ4zzEV8x7qVQ({LV+r!Of4_?5sO?wW*Ce zS63&sUdO%Gq{g|1|B`>I=&{vaZ+Fq#q05DPF-=$5^Lw|=Nv-yV1Uv`YQ0fCfTgsR& zEUi(EAnJvOQ@;>yY3^L!By+-n`|p__;Up{R;_uAM)ySbc&gbz+##f^bH_ipUB5EZ) zjyL4WgE0J$^mFk{rgFIcu7Bf>LJK?S@t}7{*!pEJ13zB?sAE%#I z_9kZRf~0Wm z->Y#YgO0zpiD&5_t;)`*TEUmUJg)@Is23NVuk>pjM z3}+~I^1~gE-+`3e?}q;*JuY9I{uS^*tLf5w7|H{upQCT@VolcBvT{LE9RJN(q4I(x zmEyEJuFJpS*8kA;Azw}$7~cL|jkh5S4&~W{R(l6dReTHiIWXc`-ljZ1QdAy5J zWzDrpKhFVICL7?EtZD#oqU>TAt{ndRVO-GC7iPr8QScYR3B@zvVP)@vZ*WV(*5A(j zsE7Ozr~fkaNOJ7q*i%DU|e{tf%)#0%0S(wL6la)Hi^C2#mRSbm&z zvN(Dn2Dz99;W2enpsses>N?w%ymQ0m^$C@}DRSRxyKG%;!%BkxJ0n{*-yPT#xodrG z!{&__RhdNt&~ zn%8ewfAz-Inxw+!{vZ}Jcrm*eyuF&`wx(MXP&FgLOfekplch+sVHxbv` zPWgt-4f4e|)~>(H&7WLA%E1_rD>tmW8!R@h77LUQQb7V;vu?wx&2_5-HS(e(n?z&X zhT2tjQ@hCpc=E|FFw!3XrbSiaMqS;Ofaq4dn^Y9pWHTC0ZQkUfXVz~BI3!bip)Gh( zzU*r^-B@vRrFffMW#h4F>$jvqbdhN_P@X5H75!tXlUsM{KH=r18t8j5y^7;Of_&-wb5;Ax#FkdoXC+>KhgEYT3 zXH1rLt#z}t&N8NenB^PjyC0b6&2P*HCfk~6-D0h$#u!&T5h5b9hSe(@92wfYe&gzu z8}3>U5`=Y|*R5E+(FE6TuB%G~wyQU8+_3SBfvKCWaqL1Za=NkMivhblu&JST<=R0G z4FWE7+G^Z|_(Y1MmfCTFB0On^2BP83+{u=##2QHNIJW6tN*&){*6C(+$&LKyM10bd ztBH3mKu3=x;?t|`yV>w%=-n(kM!S}H-K|S5QU5>o?2cv2QD9XBZZ&M!xYcOZSFK)s zcVPYMO%0LtcWIp`)_|SNQvB_#+KbnvD+hM{`r36)qlBCiQ{S~2SsIMq@$WXTT#0Tl zchqiNuVHRmzji%JCU8UD*1MG(b<3|`UB|2j7O|XAlNZYG*ceGJ9&A5<^PP9D-WaHY zjAiR;>s<3aSih{H76PuXZK%~OlD9zX1Qtpdoac(f62G-}BSbVHHO|j%>o;w_`|b@J z6XIp&(=9R9G70*n#=V(!x|BqQy;uNsy^}o{9MPfU){PqyqI-*@T9>Zgv|;l`IFuOP zIIB9aV8h0Zo9{;HC!QA}(RP!YHw124y(*HR3Vo=Dz{;>xwDhm=SaiW0nKGOGf$LYV zk0k0rbJN`$)+baZ@YdDdeK%9%U{DodN>NZQK7z+88RSP2rE&RS__ z3zx&QnD^gYo@6~}+DhmqI@AK4D(qgt7?4bzGGG0_?0MJNoPL$vN;J9uXCd6)`r-5j z{}3j#o$V54v%h_Mh)$a^1-;&dQsy^OXur2t+6;d&CERr7WWrrIJftcKH)X8w&A)lj ziNkU(L-k2HsmXy= zW|!Gx4w++S^vAHCIMZcfm+z`TOR~&7v&^hA>r9W?W_Fo9=72e5j+xP)xPGR~%rJAz zBD2D*F&oS_b0VMnd}@B-g%@8+pISPz{OZc;X{X7aF1?^`Yh3rY5%d# z(}cgCR8&b~j|Z>={vw*P`Yh2K(m&cifz1`DDF!DAo_CLu2uJ!I<;Ae#a}nj0!Anz3 zIh=>D753r+(JLsYc0lw8+?L-96Wmk4^&;q?eNp_`#BV5P0G@!IgnRFz$p2hZXD0`H5a@K*3piMS*C@JyXXIpYj`*jrCacA1sN49AIThp`F8XCOz~xkMppdHN%^t20ki% z*?^~U3+4CTCYp}4WNRbLmxm+r2edp{2=iCoCAu!BM6pD44e9IPF_Adxy^nf@MWD0O-Y5@# zgLb9ALhL@uFM`)$kJxV1h&tx{w?w~!_GJ~Y3Os}Yo{5da(CrPqkrz{O<*1}`Ra#|L zPUTfaRh6e&s;xSztM*k-#r(MM`e}dUk9}%ITd@{)<|GV9l-EUF))igVHC@*Y?dg_o z>yGZ~ecjW2J8T9zzLFp8>EB9AQNPRT#yfnK{==d)u0yCgNNvg&GNq$ F_!A_c>i7Tv literal 0 HcmV?d00001 diff --git a/FSDrivers/X64/LICENSE.txt b/FSDrivers/X64/LICENSE.txt new file mode 100644 index 0000000000..cdeae2b89e --- /dev/null +++ b/FSDrivers/X64/LICENSE.txt @@ -0,0 +1,47 @@ +Licensing for the filesystem drivers is complex. Three different licenses +apply to various parts of the code: + +* Christoph Pfisterer's original file system wrapper (FSW) code is covered + by a BSD-style license. Many of the source files with names that take the + form fsw_*.[ch] are so licensed, but this is NOT generally true of + filesystem-specific files (e.g., fsw_ext2.c or fsw_btrfs.c). + +* Certain filesystem drivers are licensed under the GPLv2, either because + they borrow code from the Linux kernel or because a developer (typically + Oracle) applied the GPLv2 license to them. This is true of the ext2fs, + ext4fs, ReiserFS, HFS+, and ISO-9660 drivers. + +* At least one filesystem driver (Btrfs) uses code taken from GRUB, and so + uses the GPLv3 (or later) license. + +Note that the GPLv2 and GPLv3 are, ironically, not compatible licenses. +Thus, code from GPLv2 and GPLv3 projects should not be mixed. The BSD +license used by Pfisterer's original code is compatible with both versions +of the GPL, so the fact that both GPLv2 and GPLv3 drivers is built upon it +is OK. If you intend to contribute to this project's drivers or use the +code yourself, please keep this fact in mind. + +The below was written by Christoph Pfisterer with respect to his original +code: + + File System Wrapper License +============================= + +The various parts of the File System Wrapper source code come from +different sources and may carry different licenses. Here's a quick +account of the situation: + + * The core code was written from scratch and is covered by a + BSD-style license. + + * The EFI host driver was written from scratch, possibly using code + from the TianoCore project and Intel's EFI Application Toolkit. It + is covered by a BSD-style license. + + * The ext2 and reiserfs file system drivers use definitions from the + Linux kernel source. The actual code was written from scratch, + using multiple sources for reference. These drivers are covered by + the GNU GPL. + +For more details, see each file's boilerplate comment. The full text +of the GNU GPL is in the file LICENSE_GPL.txt. diff --git a/FSDrivers/X64/LICENSE_GPL.txt b/FSDrivers/X64/LICENSE_GPL.txt new file mode 100644 index 0000000000..d60c31a97a --- /dev/null +++ b/FSDrivers/X64/LICENSE_GPL.txt @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/FSDrivers/X64/exfat_ia32.efi b/FSDrivers/X64/exfat_ia32.efi new file mode 100644 index 0000000000000000000000000000000000000000..d293a24ccdf14e8b7e4d82aab3499bfadeefc25d GIT binary patch literal 43008 zcmeIb3w)GSmgu{`s)SUf5+D!WNGc#&383;$Y1^srG67#Cv87)p2@tK~odlF<)2T>1 zT>6-nm$*)se(Y0G?5k-7eek zacUFAbIhudr1Gm&P?Nv%Y?FsUKV9S#j561ts>@{!u$QUbr&MA5ILDRxF-=GAR%+s9 zy8I=@*KMxcx>?|EkU#ux;@6x9Px_BrDgSk=D>he$0zNoE7xsYWz1bc1HIkP;u`TN?Jh03 zlKX#}0vASP^?4k=wyb(z)k>vG+cmW!S*grIrS@q@6Jnkle6b>)J+CIja;E!YOL;Cj zkr3NpQ%_t-D(Gvsm;G~=+y1+82BJZaQfD06Rbl$a5U@_Em#QvT!G3u@SMonvFSu0f zoLxmSZ0bPyjlNhZFoQ}R2>oVJ%rVs$Q(FE%m(TLW2A4^Fmpvn5wYlK(#m<$y)MCK> zW$Q=Z)LK7&(AL_&P@T97m@Tybka5o0waE6-zSul)>v+f(c0B5fCE9|;ZvyL-U4;dv zj2X52V)JPuZKXa-sk73i=Y>$C!0NH9*r_Qh+-=kJJ_1Mj?XmU!LguZSlfpTqp685m z>GKBt9|E3?tK%O2V%-2dvrg#79Ks(zxPUnow4N(@S)ZfO@m$G&H|Dv@)*5@zuFv&6 zbJWK#a14z95px#Yv=PD1^<&f%LWcvIItX8OIi6n}b7<;--lxM6ZlYd)&Yl#`)`Fe8 z$p=TN6;C4v+L&PHwg%S?~j(-}%uF{e_;J=y8u zyWvF-vVIck9RLhp0X8rg`I#En&xrdC8pSYx@uH8Peh*y&}g zC~%u@R578u@J54n?hY;NXg27qfD=vf#cV2AOkJ_ggG8e)NWT#B2Q3EZaxzt|2&GtK zrG#JU?;j&$2>k4N6@D3BE(Xq<;Qi2ErOT2v2cPPDv1zo54YV(?U)uhmOWVsDcwFmy z(c;MwhdFM2YWPOxSn+`GF^ezr$bZ$GZ=TR_yG@5}$T7G~X3ogtCAeH;-~ye_WZSh% z+atsA?FE-};BVpLPcU)m7#{v3H0ZKtMqXge4{qnNo9(ob;ghuMhAz@}qQhugW9xfS z@)zhUba{jNm!P5GFSt5PnUAj%T;uDc{|6WPpA_E7x`;ivu=V3r*4p?-eQh9X@)Jxm z)A)6AVS7&Ub+~bK7umMzvNfSSP?p zz&)I%&emhQ9!XUvwg;}x!|loZeqeH*T~D*~WQ?N;Dtx{FlhmkM4=OAI^QDx8cS%X0cY=mvfiT;#c)XQ{&mg!45=Zwuqa=l3Q_TXac+ zirvV#QkRwJ`=Hrw!r-}p=lDK3z)YrHFEES1(ZAStC?`>!C|s-#wf6TP1ScJiHReMJ zw5Q!WQ&iaHQ{km)v<<8~RFtj4g@I{@8t5}&P@f{ka7rJ>a50uAur6;YV|W77@)#?; zgFeFt^;ux{5jwn+MZd3nq2CGVCu`BN@A2!+vP;&Q>PMf;+7lkX0q&0fs_WxU(bdRR zvBewd*H9-qDe*_nlKe zF)VWwTm{e212ugu&{oDM0>{bOGms5*M(bkny>=BeW4jqc^n^t>RX-{$^On4|PKVNw zvQE#H#Q8}ts}l}*+&@LNGR8j73DeFsCx*pekon5Id=-$cuikQHXWyHX2g$$XDb*KA>tVgJLvzA{bgZJ7CJ zBk~w78>P-VH5FUfZ?46TNrsMo-k6v0EAzR;*xTr$uYv0k=!1Oi>e`zaJGC9UWAAl& z0ykZLu<0IfR|TUDIF=qwD%f8Re%SaGA`d}iy#-tymOoTKCj8Aoa&WgU2N{uK`pLK! zU%K}$HuQPHjIi*-@w9=fjDHeaDsT%g^c#Lw{n+qn?4$ID4rkC^x_wEYpXg+UEVR$~XV2lg@9vCt&Cu>Du34fL#hjW(OTG`T_sT3Im4=G=STuRw0WKi-2$fO~Q z&WO8N>FXnYoM@jpPRIE0VaDkZeFlvk+1a{`dS<9tGH?pJ-G=NIOw?h-%dIX)1=GTg zY}G1wI-WDugS&o$-d2~-m%r%SqJ!ioDE0CC1gG1F53fZ$qkJ(x>o8dp*~iCB^Tm?! z<2=adf~zxk7HGaU;bE8E5pg(uvA66A=o@=vN`a=2ON1cPlP&%c_4Ko7JRAR{Q09nF z?6G7(b7O-tBfm$cWey6zSZw+4%)C~R9d6fx#Xn3_Pl&98b8-A$L?$BpoR1#VbpKq| zlIXzS;!}le?Os{$j$vw!(9OT*!#uHzk0+`FZ^3_&2a%{CqZNUrK(_oVh z)Pl#J?EoEFN}$=CpMQ5zY#ey*A>9KFneRTws~7c|HUF$c zb+#3|rq8)KTOWT;s(M0rBD(&g2W2l}?6(RiyBj>PD-nU0vMnL@>(Bdj*qQMEahoqT zj4@?@*KJRUEXZIF!PqsF*V!_A3s~pY9<7UdOSej05PPiIgPr-ncO&}_e0>M|$xQ6m zflvDnXvx?D>I9y{Y1Ap|f;JUvM<=zgE`pQMZODf3`8cwi;a2cIGx8gr6+f09ypUn| zhO!QXN1MSn6JCUDzS`5Y7u#8wsOA*n!-%~UUg1j|n9K9tPwGy_^Gx_9vQT33OZ1fR zD-~SZANnG{q`%c?NgTi0A6gW{kIj^H&k+3TN>D3=9~UxwvH1OAHn@HOorNE&K0)96 zM!_kB4w5n_d=L;spJ&j@qMv`BFBXNafyusB z_JAuqv=8L^TJbGn|E|+B*!gdyS#JC9oI+fPV6A6s9SD6l14rye12TY|9S}abvoG># zFyCZ6k-hlw;$=_9?`)U_xs0H$CU6>%!TsfmR@TjFLMxG76g_qTXC@!naI*xeKD76_pa5{ zoF2O?H$^2ME7aP(y>@3V{_xsnXeD;MA#gfR%5qpIQt#Is%h1dC{k}HrdwNlq=FR1K zjdINMB>372L#mCj^|{G7U-Tm#Cq#dSzM;J< zkv%mm`^zSqvv+|OYSiagFjaiY9X|JNOiWhm0pROB=$Z6qr;=a(0~!V zN*(B9pYwXPR#icNu?56EGV7NDmuC+&4xzI}*LVWmx^0-u^GnD}bV@=v3!kZ+eqB7* z0WUh`A9Z`uLZ2SW44cxU_d99!@!K3boo8Rq%m1aS3es2LY+d8YleP{wzBGB8mT|1Y z=G-a!y$6vW@z-A*N`4A*!x?e%(}7(aL0){@SDA<4Bl8e^P6OAN$7vlOo=@a!8NJh> zz0`S-m8>eQssNnw0=cpu(d(CD8@j3Qo1(m3*Q)UKBh?dcU)%0|TbCo`7CmOs+u}zL z>u(3VVO<_~H|K;4;ZatBiglxF2uEkuQ`g1%_z?f`vTLJzTKM0fsRtO=+IWq;tjizi zb8C;Ao4RCfZg{kvw&(1=Sou;TRwn%vdR2$lG2M_e(+?$3v7#QBr>7V&F&uMxr&ut1 z2l#$U=OKGZg|7;ox@jYF6yNXkKtF@d)1c!rt?w5-l=}lcd08gk*HXT-zyC$?pQ6;& z1w46v9&^yg z*6auurut%T)2Et*?8th}w4-~H)ruz5#|ECRhfE)fH8TVMVpJp;NAG%M={w{LEjt8m zmVOjkKBvckG9$CW-+!vW>$j=74)77YD`+da)sbeb!_S-s9;L`|G||Ar_qnmR5PcXm zeCp#$yFM&7%wH_)KO^E~zJX%m)5udM<5=<~>m7a>I-}czzppaIpZFVa>Sn$|FO{8h zQ7(0O_z%Eq0N#gUccl%oY00kW-2R1*A>&yNbRjP3y(uv*I8?xA8&`SD>PLnq6HdQLL0Phn*ha#IgD6|$GE_})A zNNy84i~aLp{~Y5C80FA^53(w4;(bfuTR!;7T+cn|6MtBb8N}niES`qVH(at#r2ns2 zL%u=%FY({D69+jTEbbqn+M*e%)`1S4C+)El=cg&}hGhIC?8W)(mABueVp(mfsvBN9 z6572EmzpE_3duXry~%1$0KW*IS7g0e25d6#{7 zWITI<_2?Y2#T5%AmNq=nQlXs?yZkXRQGIQ&=WsX-nZ%}uOkHZD3ucD@0XUTFdPvsA zi{z2F+!@GS0Jt7vY_g9QoFu*`wpV=9!sk`k8LK-feqO}pYukaH-80PBCVFEhYodH5 zJ_65{KC$6jOWix@*z&zY*S#fmr-rWkck1pV&fLOSxxnhd4rFPnx-hMw(N8&iFYe#| zMPJoCvBf_ce4dejz1MVKydFA=KPP<5FL$2ZD?D1poS9quNcQjg8qA1N&sL)pE)+)LYTWaalD7GA( z=9P9*-$K2gvk!cZGdbv{7S;-T=3NWACx-=}6|#n2PHt1^OVPC+bf>;YK{mu67rX0M zeZOd89!r?tkT$q^R(MvNe25LcPM43-5s5weuVF1;VE;YLJ-^wsd-Fc;e^OwdCoX|p z>GCG~0-len`q|-k(1GW%UAk<5pUA`!?3jl+w8!bypMmGc!1+a-Z_vU%)POTbmw8tl zZr$LPL_P()jsQpI?#%YZ0`TV*@`XGLy@XaWj>ps|;!n&3XFq%uez(F?u|<&ux=f)r z6Nc2A7v;)`bIJZr)|{LHir;txFhl4w@e^{I=Z04SU-Tt1TP1T4AM)xn(|7EiJD?{m z-%R;D?73pMAl-p50YWy;kX zK#oODPuX3O5OEF5_F88rA`g4uQ~OIx+v;dn1kGhH9Re0U^v(v((aI?oojQ0AI61`^ z%l4sT;injo3!Lws`z+2zHP5?5zoNTV#Gm6jq!WNGIA=^a7x!5PE&m;u@pQZ_4eRF* z&`{)kFdf;W9dNUsy^8rY!CTp@g`lI*briBuXB*YqfR22L@x-?uu(cg|1M@fqT%nnq zF}vuWk*Z=Z(q763+IM@6_Qa#4tO`GKE~b!`8%!= z^OE&bIfA$Y_DjlC^H+?v&l~d(0XM7SQk}YIl3MXTbI@GIp7$pDi(Z`$t=6H-yBDgk z$nBmTzP7$3)0R+ni7g@jb^7VHWQe+AsS{f=MBOs#o@4IM2|dwaPVGDU1B{ylPNGLG zy%FKr(i?t*KH)vL`(k2mo!HtQZ0$tw6WWf#)<(yu6^HRdOPr#fy9zs|VO zXrK7}&FHH?ke7WBcUm%|=tN-Zagzp^QqpY}evo=g(MA7Jc6s9!KBF$}6;OMPEy-GsL=ZXpEieYm@UVPa4nIj2!ZT$x8Op z?5W`^ab$fw_OBw>!~u%^)LU?(CY&{s*?%LK>ViUw}d9E_Xnqt!UcZMy9r|WUmjo&+nt`C#1TZ(^{80;L)_!15+29n zBXBJHB=|^wky&)Ve$S{Vjkw!9WJKZLj3kcI-+#u|JS;4}*IeYJdHjQCe z5+o;FB z?(#Q}2z#a)^?F`Q3m4|Z_2=wP&WZ-`E0|9_Ca%5$_;cg?r-xhNL7~?uD=Jd4wam?5 zBs!1%_-#hHhrL8$whxy654}aE zbbToNsGn@eof)Um*A=!Z-d7NL*4g9u z6(Q`nA6;BCS%qs{oJCGiVLRs~az_9toSS4ue$dCgEvK5Bi@vyFKU52UfzHWmDC1 z{H3<&zuJo_(}&%`nv#Nub>yfG6oH&XZ{`zEsb>zBZ3MU&A;~RTYpsJ!|o&5`x8n z$+jHklkT5HJ9|oQ^iRIpBTCH^IGm?e1(;KVmg)+C2m8RavX_y2Fx#Pl&?$SH@1)Ra z5p>$4)ZFMsUz^x}f39j{J&T<=qo2veoo7;ZTx(7ayE%jYkeH6>FZdLWw~6OU{@cZS zqHFD~pFWt-ihpoIZ2o)fHP#Vpc%S`-|2kjWdxuqPA3S}RGxHDaiIJFnSY#A1;q4qh zzTw_%-(wBqd~I*q$3^6>Lb6jW4`ut>hUeQ`mt`LvzmD}*KlQeq8O%Y)w_|Br7I*HV z!_{1w+g9cgqW^@cDh(ap>B#;=BYOP=K7QLTrv9PvMlE$mzs<2$d}JA~Zf`;kO6Y*p z&ttAq2a!wHfOAoruMIz-Ex$ljb6FzOT zXH41VdtB(gQm6OWNc3YvE(K;GFtcVF@HjKjV}WnkCBCLIN!y&HGG++A_K^2%OVG!N z@|-wBrE>C3y{?^hpJkb zh<=!Al%3*!m&|!3yoWw%?0wq$ZO*m+zW&np4*Ob#XTk%)<&=Fqv4^n{;mcrtUJYgGs?Dw{DJAY>zwe#a)Ds4P` znuEV0r?Ueeu3`)E<0Hb!_iM zwqtqtn?c!|v~SnX_7&&%*OMSfyu^s>QH?z2Qwa);^)iOoy5&#ZQBx9`|J_mW9*)X zR5+2m_06`zA8p+pK{v8&B@p%6J9HC3j1_ zs}u6(y_s;sye4I@lCy!P1iQZOR=u1Op1eINT)%?*dr!H-2NKj1V}%zRCYHFg%w@@p z{fAg@p@Kbv&ED zY2dj7JpUZJ?=$Jp^`W`%L~a_0^-7#jr8SKIGMO(Qwy0I;V1o|#5pU#t7nTK!&#{iI z_>cac!gfu!t>WM7=M(7VkI~7q;dxiGn#=wL-#;_5mOM5$_at^SIsqNh-#_QwDZbcy zti2XnySETM-NISBgESfc<=2|eTbQUV7n@jA53TDP#_u36cW6W8L)@XwGVSe=tJ?D< zcI~*(KQ}_ZKc}zw7&)Kz&s9mm&L!-Jg0hbB4IE0zIt(Kxa%a+rJ3+Urg~!N}!>7Ej zAlEWq;dc>xlw;)Kb(=q1wMm@|TiTQ5Yb%PQf=_2f9U0AD%&Tks;)N)*9TU1pKesX{{By^Ph zQQcMcsunq$pKa_(lc2#n;KR5}omy6Uu9mVCAG{x&*qm>!{zuW$A}Yk-6HmH zY^0mHblD`njeMK)eS!J5_w~;addPXI*cG8i6q?l$`&m8S_X)H(PM^{ibb5K5FLVIe zld|~xULM+tp6}m|Pjs34>X)oTyLLiig~I0++>hk zPpeE`bG{(FzGi^ei8(Syk%2Dsw;Nt}iC@QjgpMufDTxoaV9#W)rq7f1|Ci=z|DrrQ z5=7T)+zYft5;zmEJ+in}^GJ-s7pwhT^pIiqGANq^y#ma;bqJd&HZ-2z7Hz+1_b#5} z>FeiZ?Zjx-kI<|CdL?Ib>CuInSM*%Zz4$frjkR!|HSrcPZ|-@-+LNGfrmyYo?cC`{ zhlriB?n8=ggywDC%vE?YhWss}Td`Hy*s4S5qMq$O?@@gBB75Gv{8U?&hM&I25$wFm zybmR34O@X*!+u5XYt?YC{KN12yiH$KXGP9GWN#v}Co=WW16d{AI}JI1mOYOV+mn1o zL<3*Z=^tae--O44Z@f*laLh9C^L^T1+HKDfnuoRJ{(7~XJ#L2B zf&g~GnW^%)qoV6-!7F|p2`%LO$-*z5=alVAE*K{Fi}(4PXM_vU%>iO=(D6X7`AnOA zS$|B_b@iHqi7|;0NIxh2a)~4F5PBewh3In0>(7)W(?5TkYL)hKht-jx<`C=X#5Q!U z~l-p|{LJ@t%J>7l@syd2sI4*!LIeiPqp{HYek zAx4v)ui?L?Ft&42x^tVYL}0K7@J6U_0Z!2C1d|~RO^yI5-C3>6yKVg~X%-z8_#QnX}ww3-4#&M2w<~EpP1Q>6ojAPPG zWA7b5PCfgW_;EDJr(PVlUiLSm5{MzWa;FhD@u%8KoD+h@PR5R(V__=ernzzjRxW$E zW#H#XoS5#sDxqYJ;0Zp)IFr(InL`K|%QS}$!<7oH8B^~I{zcG9U<+TJPUUT24jygz z&iA?{i_`%s8 zWN9h<6Im5LhGZ=I`bnjHxR$!J3_Pv+RPqby^Lm{8mD65iZv?*&5qs%H_SV3^)8N*F zEVi;fMD~uDvUeNp{}(hV1K(5Nc0}T7v`enKYIY&?c0upltA>^MwdC9=x=rec5vNPM zuZLKl$lX_fA#^X)9Qqu)@xP^AVdA8ccNyO`t|&KvZ=Z|&781{tXMyz!aloQ2lV*E} zPw8VamIqmMz{etZ7^Sa_;e>}#;JptG&>`s#ew}Go%@V#YbvkpGfu|E3*U^6mGI5&t zqtxj#D|n_DycWA!h}=lrvWM}7F1mb?7x__6G%+*R3(U#iek`0ocC=G~zdeDfUil_$`p-zCYxmv{p` zPMe4ucyD1>V>-jQ1ka>51uFs}ch~Dx8GmAaE6W(=k2iqxg1V=ymxhYwlU4>tk zuT(AatILw2O}xHFHsvRXZq!rcO;4@!8$AVg_8BoBxM%b0Aa+aKG~xv25%4dJy8~Y& zcRs+?nuCoyM}TJ@ViPkWkHyUaJEYG+d?1-m7I#2Zu&GhzPzUbVjM5GMRh3gN>t53MIsW@+U2neqS@fOHPQP>NvuHH>&O7g%{*0gZ z-aP-=ndk@S<@vJ@^}nC>ee%gCS;XBfzCu%-uNIvcU(Z|o246i79(p>#Oqr*i2Y)@) z&(nCH-jS)sI=-@a@Vy=nZ(h_sJ=d}A z?{@3$@Im~n|0isYWhpaLCp2lPYmY(yP+a|HEz`B``P2!VO^pq0^Xx9+4xceb3S+o3 zoQ&akslNEWk!tMp=N%IYNn6vESK3}|m#DWB-NO5>=v(Kq9Zu)6$av+QWAB^KS$0O? zfkGELDPvu7^0MjN8TEg6o{3{(hJV{KS3^p$*zu}!f`d5N#kwTD&N<7d^P^Xf5bqa$ zwU9OulU$3fJK_TO?|ODeC^K-%1b2sl(~0B>#FdxlY%5&m08T;bk@0RV!{tg)%Vo@! zsYl08ZDC&9w2V7`?wn9m%Y13Kns!sbSK8d}v@csiyYK(pF~Lu}S6iGD0<>e@FB2J` zPPu_{=vho`5vl#CfiCiZwzV0PClaTaRFYFCxJ>0vzAruNdAA95l z5!9@Ah-n~K=*1PDsqKwC&(AueRVj2)0p)H|T}NM|RKZB)xG-X3AAWu78;@(PZ|%0V z{wYhvWWQFb=BVvaf6ICs{^j2idz zc0mAevxVi}#wjDFyG!d%4|maj1@qqnALV|Qi;FWApI@oRs_dkTBlvps9xtB`%%7VKUPWhK0mag?}R!v}U^KtF?PYhdfK%t&8_)?u4FuxLf)x`_^}$jg%1^ zeeyIZ^q(7|eI4h7&5ReJkG!|uYfsL7g?JtNr#W3b=L-y;gS2hOPTxd6$XZ?l|D>(J zoM*yhesg7PfzLQ|1s8!UaApV`%A`+3;(M$e>u#W|qtB5UnFr@bxxMz`xiX(WfwTCa ziPW!isudA%D8xU@s^>fooExUT(ip(EmKbA<{$(AiO4Ii}?cS_zt*V1Iuh&kf?!d1Z zPORWLd@dI_-Ok({1?G9|RR*l#=n}D;?+NbA<96~g-Yd|qgL96-G0#8;Iwwah&-#g~ zTE}w_F@XpZLS|XVt4N6 z{c|0REpn_?r0a35QFi_8?J>dkY3P3oa`Ue47mkRCo!8rDXM}y=nQXM}wCJhON1D30 zPUN1d+|Ly~@)0uHG)tYG0&a(g`92U?BOc-;{q1odX7Mxsp-z1iS zeA{GHBt*O^>dH8FFgasqrk1($05}o5$hGQ&5|0A@;CrJzb-w*s%GsOZ09WYX;CCC6WC2E%gIS9fw9vb+HJg*xq$Bcg)`$7AIVkm%B;zfv(jF>i^-_Od1&oPS)$ zy~V%J!UiH^SwBR+R-gvj`R$xdQITw~P=_6(N zJTDuyqp_(&t9k_5hEg?&$&}XF6xd|4Y9E>|OO({SR#k z;XUY5bj?BJRo9p^4LldHR*=G~R6tbV!llQu&4mUI1c1xJZz9AW?F zBKE*I<8r1stW#>W{u+PoBF7I%rU3a_gJnrX6N16 zoL@Xt)+hTJy*%-f@ zZxB-#J@Db(TC3b)ka+zB<|wiH#k_NQl(9ZVkIJ`Z-b>;=A9&r)JjG_CUrPOJ=IZY} zdTD#!J|Xg8679$Eo)`BxK1KhH8OAvd>1=fT5#)|D@M4i+Szp(gFmI&n73$*U$|HR4 zP*ozk;!DaqKR-!-a{OFmI7?0F?V*3gO2cM^@H@s53x6+(Z;U}Z?pe=arPV zFb|8?pW@g3k$Ilx9H#JLU+i_xa~4b>URLjm9cJCA+WYz*A@145T0Cs7ox`l1F5--b zSv%#xJIvZ4B^I68Ya@174j+F2uD#$aci#fgzwYy_st|2ofsW3x!D88uNBf&N6LhSV z@*VKTIZn^xB2yWC$X~JigB~nnC%{+O-g_NyuUT^7P>f)FQJR*HHqa&nUgzl&cNKf z4CpGbQ^~i8j<3*`pC;CpuO+W30(S>^dN|vBU(P>xH$-UCO#fDVU+x%syX@-N`$<~( zPxcWJxx!U(!ZQkr~ljirR$l)b9$@+K zPx>W>2rf}%#xHRg{3!0-&dufCkH~!wa#r}!>v_?$S$RdopZm4sUWs8vncr#UIOeGH zopfr++*@(4+`z1E^6=KopbJQ0msQZ&C*ur z>WS4_`9k@E=4pvnL?>VTmqEk~wh8lCYM|2cB8VdC0 zAzyRE$Ef2ypY6=Sz}X5z8Wwf(!4)NZZ;G6^Oe9hG> z_Gt?61@9Y~<9`HG*1i8<`sZ5k>VRbv{;rvWzn_sS=irySw{tNrn82Meo4#i{#rZe! z%J5I%w+9`mv}=j~$=;3kY}mVn(L>gLDuex7KJ)K__ChCVKlt3Mj{RK^ep~r0?o+UD zijRSvD`^|}o@4h;JNxwn_UnnQf8yMbwkJ+aN#y-u&c(%NX6()2#9nyUswK z+PbqZ-Z_#zKzuu~JFU!na69AvfPBX;exLZi2EOmu&sns**L!M&M%=+h+`%sI_~r`z zGT7U`u~6vE`5!)*@KC22vi^m*g?t~rs!E`o3uHs zsjA!1H7)q^?-CDpun$|$Jsx6FyRQpuIpkpv(vQv`{&I5LWNbt(`CB!eyO^(J#t-5KFWz>71= zw#&(}>{sR9Bm6k1_o>eezrlC(6yF8Ol(l_>&+Gb%&zqdbSt2tB2P;CirpSOp*4fYgYt4g)VoLI8(RU+Ui^v^iZdN6q<7_(i-${gN2|?gt7*mhe^k} zXeTj6hjQ}lj11>&W+^!8w4&W>$ci4n=KD)>M*cYOO>$xL00E6%{%d@#A>N-14P$S_ zdcJzx#aK@KdY1SPdgO$}-6Yl~FlJ*P2fqhko%>{P$HI@V?O+^73TNTKpTl?#?qS4_ z6B?v9Bp*Lc{F#jikTnl#*)!-Vh;k~+48`c^rGde zmAHBvB3QhJ`3k)};3M~9;^%N_oKA5cEg>R$be`aj4E5tD;%B#s-Ed57*WY_?M+W^V zYL3J}MJ7dVS|%AXyo2%e`?Tyanv>CiHl@pCJ#7S@@ZF7XA#zcGKCsHVrQVbaX)Ak9 z*8P*fz@CXes5p$p;gZ9y<&2 zj9+uy#`{ikekb=hW&bMnMerB>AJ1QTrO&$+ zQdTiGyoYfgz*b2dQ!i^C6An_gg)-rb;#tnghKf60!e8{DerGL7wMzV?AH8hnUJv(4J@9xo_p;HAu_$qj7<7Am zn7L;mWgQ`h&^mjZPS-5zg(t5ktE$z>3mypSvP(U5?}KMTZ*1wndXhb`-oIlkwi(}o z`r*J3doY+M$(*UK!LCaD!KJig9{r5<;y0AI!z*`Eww^Y>p(OP_&2h}K@9fhejNci6 zhQ!%wJ;2K4>?2Dh>w6K-T(&B7yXZ`j4RBu}eSHf?DETQcQ?X0zpCT^qIGiF@zR?}u4k#1711?FQG!?(cyC8S47r2ez zbyIy?Lt2u{c{4FB_8BeE_lTB4OyQpzM-Df#`AGjTbp9oAlIOl%0@MLsE z@-YqDn*Xrs6CeE*XHwB$f=)wo-ePwE5br{Gz> zQoZ=5rOR}@UB_e|$(n7a=X<_B+244W17~jsPqWsiVLSbSK%R^x>n}q2a^_`2XD2J$ z&T0G>0lN#l7D(IA%XELNko743*h{?oR><6(pD#R#+=Ts)mh}WO~!WTDurGOu8IgQ`F@YnxQnclYW zqb$9x#UI`8TnG$PSBd?Sv%w&`!I5qF6j9pO|NooRz1QE=DYkT{S?-|xCMjpX^yz|bc(VeNj*v-a)8-QASyZE07R#NG%x!wdaR!jWO<-*1mC zIcoEHW#5{kIU>2*@YAQKv5ty$pWt{x_cbDm$43zBc>nR#R^h|+6W4^_S5Re6O>=Ke6?o&9S53rFms-^^efJ#E?7tGc^4>L#)wQ zS&lmEo<|IME`8HTf2hs|!SmcgEqu^+-~Kk@)xDgl+-D!X^Us{a4w(aI7-#*Q$;i10 za#gwqy&2*AR%O_AY)xrds}c7vdyaDf#w&ZCGaP)sgSKt^-^3;#wAJmGdjdbyR?I(W zyMI3uJ{Yx+HO~gd?p#4!KXH3mpU`*e_kDeDanJjoX+KoE@wEFV>Taant2*rO?mwod zzWql@%h(qL!LbbA!p*v1?^{~-ma1~{TsV_=S!%~ui!C{5`_BGf(*7?-}vI(Tl$aqYHfmWr?OXYhW9z_B66?*j9%ZOaEwk9@STg}Liy< zQ_UbH#=U18>BCx;Px8dNh39fk6r{W!xI@v=Vba?J9UV9O9*f?~Hx8!Q!}rmCE%Ff< zLPk7^hMebcA2m+ScZl3QKJt-9Nhcv==lBlqe;Nidd!P2B#u4-%3g09X-)q75`^e9q zu4OOYb#*v__ECJBXp-jbNg%dD4EvnD!24lRfj7##*u-zWJ-jR3Lp}HL*#A+^JJEVM z??X%Zo0PvL<-8C5v^ybJubXJpofbIMog%jL2C<#@iR}!_PR@Ogc#p@ea^EG+b80s4 z1{3FbW18%5gPpxs`@Dh4#IRV$e{%c0cD@Dm{uI^ry~)np4))&f5fAFxZVPi4PJiD9 z|GDjN*z25=vZN)gGPk#`_r-|MWXhSK4_~V6D6w-nXC$VMeJ(9Kp;fgDpNXw^vDT28 zD$e9f6EDMWmr1{A&~GjDt5Mg4QOueCQ9keX1=ob{P4jsL_j~Zy1;);z1O^r`7?ocoiOdPKU zN1;UmcaIwSe2;nXk=R3=Eo2Qxn^icYHqa;bpea+GZ4v!eySgt*`#R!-a_`>0@0zgS zF7uJOaHjVJe(9Ja3Bku&(4nLF9+0g0gSOiJTe#oc^2v7}8>Ln6f7bS$53pOM1GwpD zl!ks{y&Mw##CkcDf{sUj4>^Yva}Lv)L(2!-ID43oe%My`fuES!aNhSjY}@w1d+6}D zlbXiAjSl~zjr-N$IUaq`^2q~_wc0|BxmxvOoXd5-!}-iB@apgAD}Cl_b^G73ryNUV z?2m|7vHv?DX^!TeFR9o(dCyC11OF~YvGDm;U_8PZgM2$%Xri!*?~2tZQlQp^33}L9|PH&FXG)<5Wue@@@oD7NbFZTEe^n4N|EP6KDo1v)vu;~nHs<3U^b zJnsA)^Z3xQ_SD{=Aq#g*d9?9ubo3|roGB{D*?R2RUNz#_TQ~V)w`AFN&rR^pAH%-( zP2Oj>BTMowRug9g;_t|vUa=c|BQV^+xBQNBuLby#5q!TqMEp>mTR!Wbb66YSy9zm# z{M^sVc(0?~n{$=#q~yhKNJgHPYR(AnR-bkg%ar)zIxS^qFET55L^BG!Eu6cbc6I1? zqF4uWZm}or9Hsf^e+(}Kw}rr)3@(D-{U&~=wA5p_OdP-aSzFBqf5Nw^M{nHEUdGNl zmZQLZaD6v8ir*7I*VQI0Yiz$cw!q^Y?VyZrjV=9T{JYIQg{DlLPHJMmp4$5o_UqGy zyiYcwz`Ksv&(ERP>%^HKh30;Is6y^v1%~;&A?70Ub7nguQ?$$-II#yUysSBX)g0rb zma&t)XZRZEBj@mSBh=Xr*07Yxm~yWF5P5-T;VXDv4s_FKmSJ9VdNhh zR39FccYpPJJ7?7w7w-D?UE^H*f#Z*H>SJck*9u`9uAMlWC1})vjyvJ8t{C zA50uIy>9v~e_Q%v&$v6*gr1$bXY9fQ<8OPqJ;iy=q^7Fr_dhVQ`**)hYg}Tq&mIKt z$VlVg``njiq_6RD1P$I|uZH}&(`@fI)8Bs2Xg|38HM9Kef603PyJzp_`n2)0YogJ9 zaQcn+A073z^M6yY@7f1uKGt5_Ik?{HKRE5GH{dxI8fo7mBYlm{walZ>ObdD0T=Ffq z7^wxPa_c=6o5?IuCH&)>0kuJ`*8kp1ev8_~e;ZY`+N>%mPrgjM&8k9gBlQbuzeTO1 zwHsI)>FK6+9sg}qt9TMfQX;jL>VDFD7;l|kTEpu}HF}HnlnXABs~}xPz47zs!LMdC zV{8k$*?ma-?ghHwxrp>W#+A|B>P{V7zt!Z~P5OS>d{*f=)X?4yR}9*% zRYmF!@|&Qw%uVRIk-AHNhNe$Eyv@q5&uAyOT zc7oAR@+3HK(xqr<0d;gvOh7nb}~%6-lmSgm0>;%=z2qY?Qi-))i2~kYt&un|2$3yU z8CB>c)Dx+=PjBg_kI>hWeq+Sd>N3!9$f|H#sXI-3vDHk2X39S{q0g(_O!db68H%2ke2H`khgP9QMDh$>zgnlV ztVEH=smvg6Kw5yeam%{Z?hP9^yQ?cJR=Zd7k3O@VjW1udal?I;)tlX`EAI=es&rpF zwdPv)=8f*VN|(%-InS7cg&gTENV{ktp~sy(i=-aDJr<5MGjJW|RvgT#My>w33>ipfLQ&LvzW)q$PZSd^fKr3cU z3zjv4%wF&?>K8*T;hjaBcuE*>{~Z1ZPGaRO{0+X$Kn|^OzKBOWzB1}i<6P7WGFy=z z!<(_>K`{K!^t14cpXE^fE&s$C$5?A(=K@H(p^s&)-2-*SVp@`NIeaW0T$JQX`xyOX zW!J#5i<0`C0mwNzj||R9Ynivmq~-C6bcxg&^s(@{99>s2QvCW74^-q?xxfi!=IvfHcl(Jk)E9M-e41QXF3f{n$Aq5F#t z62Dc(6&W=Ats3&8e`KBB!(WRk1}a}+21Tq8OIOHR5z99e^+j8VMvv#hrS!iaJVoza z)J@iC@v99hMe;v}+Esapzze^UllxkZuq zRUZ#$Fm~cc8y>p>DZbw=f8l&Ax)}Y7pnn4UB$mnE@6yTQAxFT+akspdapH5!)XHgd8? zWfymGcTz%$$hR@0q2?h_M5e_LGxi>Cq)BYBXba%Rtnq=)z+M*kA@Nc`Txu&0);9-6)eXAFID`Mopf{Rj5V@b^WNh{iPhmW%VeRPu)2 z$BG{(I$0=saSw6n90ZTWE0z?Ly4`MhmLKsbE8J3cPheeTO>NEQ%JouCbfc^$@Id9w zQ&&%SZ>Ze5xop+CEmT(DJavoE%ZPp`wfe?yRjyt;>syQO2`s6(bM3v~y0?1EO8w7_ zRU4}-zjaT|w`h7D;eO*Mu;IRnb%E7x6PkPK7NdO2hP4|u-oL?JQ;8qDx}v()y}5Q% zrTd1hQ*W5Hl>x2#P1S+*U#wNig1dg>>cBmLRTY~98#lN&2i8~CY_3?p$$ihpYWGyx zH%`4_&ej?7$Hd1T3twbXR*fawgIB8fV#ZIFx=DQl zKln*5l>AnmQ)$`_+U?qUjc+&LLw}R?_ha><`knevrE4>_JG2edD7BG2!aeIY-tP|7 zuv6GvxoUHzZq!#-uH14j^%d(3jWV_7#;L1sWH+#(8jjq%0a0N4v1R?r%4+4=uw~sk zV|%44tE)Fw-w1856RDtoO%0on8{K-j8{)58>mC@>8ZbMV{avx{=NIdKtL#8TayPRt z*}{|Px>e9t)`g)v@2Ax8O+|a&j;!Cxf5wi)pqa7H*OB0lwSStSKh1$ogP&&Udx#s@ zEn0Q)CDQ-P^2Thf^|Lwvl{Rmzu2q{iZiKFtn^-e7n*$r}b#J`KT~oV$U0}mnJy;^E z%v~;fGg*1}Y}~TJ@Tn~M)$2D@tT!52@T)8D-LkHtT3@5a3`@4GT2)z7qwcP#-XO!= zWv-uF*41v3*qc?psB#@#b}y+2tlLseFwiQ$yE+hGJW#%1%RTp0R=Z1?M#*|h7~T4UX9KO`Bkifk7#%$h~ok72Z$+kJT|ikAiiwudf{_D_CjJs%YVDcgEAVbV=zY zd71gfRU6k?ZHhLm+PHob>Te}%`dVdm4SG;8D5+ev1(w&kzZTfIPS=hGUJHvCT3z*m z#T!-&{RU{kq$;cLW9@rp@!ephF6L+7AbGR>62w~XZ}IW%9I zHGsM(JxYB=bP2PrhEn3g8~J;;1Xdd!{nQ)s41KLDZT`&CEyBQqRbZt$5(99=09bHl zt-hW{@@LL!w_6@>ls~j(j1|%^l|{{60{y4_M@C%7Z>B*r{jr(uGt=W{8a2~CGadP) z(cf*RH<)RmnXWKXznN||(_Ln|$4vK`X}g&oH`6XNJ!7UQ`=AEqBhA!prZY=xth`dkaD!m&y{tvzEqGft_W*rwWl%!kr{ zNk91q+*LdGQ6~}GAuV?+ZqH58+DU&xTAnTAOxE_1Zc%%+U6Yk^CO(sX=vt*ZRI}RZ zAy!Fxh_pldsV$hR)N+cGs&}<(lDK!vxKG=;Z>zWCzODMU_OnFp+ww8y$y(uUCY;-qdR}E~ zM@U}<^4L3-df1krohjx89N>;EA$CZ*qLdh(HZ|FQ7k9SE-|#i1inKi{csF=4-yaj{ zd)I!AZP&NRC$=VzU8z*P%69&k^joyw#Yxp>(&MCQTC1�Aa1#qm@@G^&QGzyGL;% zF-7wc*A+VLA*~?K!K3=4Hr3V@0B`MSoBmQ6bX~Dg=;qdbOnMjipCNq|Jc65)3IT5) z>BHpns*HRW=`JbXrqoYKul!u0z!eJozmNh!rF@{>wI{mg%$||WW1HR0p5_~x^P2B$ zUeR3MytO&lyr;RPd0+FP=Jw_z&BvQZKI4Ao_%p9P)AdaBnKRGuMJXkR678)=T93EB z*4ot?Z9UW4*Qz3p$jHdph&$qm+z`o&_#%aoJ0mM1~mQ)Fu-7zssoMSdLF6KRR; diyVryM~*~}M_!9`MWT^25ddEK`9DH|{|%}m>Ky<8 literal 0 HcmV?d00001 diff --git a/FSDrivers/X64/exfat_x64.efi b/FSDrivers/X64/exfat_x64.efi new file mode 100644 index 0000000000000000000000000000000000000000..5e1f8a8010ceee950fc31ea1d6701df8519f3683 GIT binary patch literal 40640 zcmeHwdwdkt+5c=dn;Quegw${m7T8E?xCEm$VT0@>yJ1##Ap#MsAi;Asanb{=7(Dv8A zSw76nxjpAO&w0*sJ7*@&?{ok0Z{L61@;`4_Xydpw4;d~4(8EnJj))pL)>zJQ#w@kS z6UA}#Kk_r;f&LHu`Tu*M-iV=vS4bycA%ECx!2cx*_C3UL6NatupJmQ;mDah?GzDX( zanjfakC&htId0v|HLG2#={bYrcC8<{Q+ecP;kb^-bG@G9{Qrfz+C7p_cMHem&8$-a zHln=vr)oXA5B{-wHKi3*CFa3B1$0G{amD1H0=aU2)L)h3F~W7Tp`Xo@K1 z6^lMYbOXoXaXB7!^yo`DU(a#M3uqyFUrTQlWy9ENjnE^72(vk4aR2@Am zHCY_8)wJ9pElSV2AU62ht)_Ift>Ip3AsrEU@lT>}g~=%TP#Ykc)^VKHzQJF&K$Me= z_aY~yiGem`sU5wBS`KM`x&siXKO^hUkfN3r3{#rr7o`;@QIuS!LJU1~RV#HHC;BQ( z7^2IRx=gr3pmAD6DJV*xqvK=fGMq9B*8_DJuu`&&<7`=BQR>4`+&78dxnJ+#I9<(n z)NMsAC2Bdx$;;xAOsqok3)B~zx9F%ts1C}Mla!= z79u+aF-DY7Xv^|vouKI`1X<@-J94&FyG{PS~{tv?~=~~vl)0KeypW!)NC=M_&Nd5jcjI(AE$n3^~ zR6e9$rIY-@&nfFXq^WY8Wi6^Evykd_#Z3!biwd9#MFNR zw#qoDEvg@4=rCd)G1xv_DnUKdc ziOOh})f#*sRG|5=pztebRZ&_}98S@xeeVDm4DyS6XppVMqa>RO88kM~?7q9=n9i_!OOiReoS$s><)3oO z3sQk&BSDZZGO3u=8Qz&qV`lVqi(-z|RJ^gA7TR)DK<)3d+9^wbvnVB=4)08+>X5C; zD%Gce9^sUFDh{`bW^jK^AVegq+Y%w!Ekv>hZzqy{K_q(^t4=zpR3L|S6dB~FXhGxl zt}$g}jE3-PRDi_DbjV2(J^|1^qUdvH%Xh~SapfeLQ1PwI zq)`K#aSqugin7z9JmMf^ibNPjvw=n^7MP{u!6CId>f5YIN=7K5acPngilr;y*yTK(7!HU(vG-ndNGC+^#l)ItvGPQ@NCApj zKu+1uMs4^T5JFZevOth-(U+8joU9X?URPOl0%{asDTh-y;)!M*$9|sRf8$AP?iYgQ zQ!bJk=Ql^B#%eTDdKRJ*lNy&Wu}o_GAIoYD-c9W#!#zY5+3+*81MMH7o1F9nZeWh^ zPLWk&%6l}RQ?aflfExLL9@>TWQ&@XjcE3E6Q)2HXLW6l>G?2p3tWgGqOn?G{!tdCm zYJ(g=3NE2%)X&CT_n>)XIc%Y4+3@;G%9{JXS_#Zx!w$9NIhHl|DXqi^2F#{s$>39m zLiH{i2Vw9U>`7qoC8-HHDV8ue&QyjC2qZoG6={$6MW47Fea}t@fG)dK|9*1~0Ap!^ zgFivRzK037q>B*dQ0C82%4c{Mw{Xfzbjp@aF;wE+cdb;{PnO?-<&x?ktqxZ(}Tw zSO-hRZc!Is; z$&KUOy&xN3|2*Z$bvn&fvN)u6HU#2P05NjE)hU)~r~|=lAwuLS8x|nxGfV;A0O6WX z#uD18#uBw>RW)M?&2?xFV=3MtC4I6HXhUTr{RIyZ>3bglG3h(^5OQ@JVTX`bJ&2(z zy4h^rFiJ>g@=*>z;Bd( zB%ddmzjFT#oESzUyVOaYn!j>AeIS)!{uf}X)8dlFb}pF+<86&|c@99-ampqt#&AcV zOk`z#7&&_4z0m;qJPk-*&AN}JcwtiW0V&Lh#zMeV!+ zYKK%AgR)3XjS!`LbU}8MUX&K#M(&DF$N1Q|3jV0-uenTY(gFN4Fs$lOb=m<|l~?eB z1ulXh2SRj!J#ry?7>@4?_UW4M8_0;jD-ufPQ%&D_vGBn$NgWgk~&IDpe$+ zrzELuVGA<+3`x}1CnN(m-$WHr*ag{`GayQ1&0M06A7l5iw#Xv`*M)}a*zfJ{o?6|7 z^~gjk?iQ`BZzph2ojW;Y2~~%T%Y>)TDF@OCE4HSlV@Y)!|lbK*dtu;1F0s6*0L-{}tW zhvEeOP>VU>zP2gKq!St~br+(dTnSQMwBYkJ0)`epP;FAU(?!dKrOcz2pEq@rY}@{k zk+i3@U8VFz8~;)!`2KNVY?pcc=z=GLtrQMYYY6EYz1CM$F1!mZ6- zW18%~8Kk42SU6?kaw4)yR7othlTX#3a`=AXVPv^Bco&=aA2Z_1GTHvhtglJOF%G6- z{O-QUF!E>^2MP!#Mp}0KHmS`iU(e71rn?Da33K{_lLWHn^iM6~&#_MUUeZ&VV2Ag4hE|Lf(Xril` zg5lm*JQJj->iKe4efh1p-N=6={nR3!M^aMmi-UF%8ejpGe)Zkb!}{F zNK>TXPZ5*C%xTJWO3RZG!Sv+JbV#4urBm&;o)=?vI#D|A@NNCO)wlI)_t+*uR}U%Y z#EQtB=}xd_Z;s;Y=OJZ>B`C^5*zU8$LC5h8H?YihYxW#X>g5iSdPxo_Qdp2j6wyL- z(u;B}0VB=Ze@tkWm<(M^8DM6;s2@+B=U#%bhBS{QhspY#&Ihn^Ot zS6Drj3?$<*s9bW9eGe1WFoy52F=)$}gx(9rer22qkRRVm7_SiJC4~UHi?IF_Y$5Om zFHk(D_YOQm6u*nS(DxuZh&1Troy`PYw1_^kdReZP#FQI;0ici=1G0k=RFfShV5HiU z;}~vgbW|_;V#IKR2jDevi19-lV!^G?gh+%~WFir^YCqpWVpN0o>Wql6V6z7jI34(B zg)P~e>)>U41)4iyc3@+Kx19n9Dn%ftLxMI;;!%;rBl&-#^maHUrjX+-*<0&ea0C%d zMug){WgM6yR08cx=sTnsxJT{fG_nO2Q3{9|`Ke+K!e-+;#i<<*b6{hP=o{&f0x)KL zbNAO##Un!ab~va0&7-BHUs8_mR%QAmD(SAj5St_`v45sW2=k~4#(fuw)@v65Xum~?Wr}^W%Y2Va&*nPtl_3VzL7NXS zuly(pcb_ zC@r^$<}Wr*Q(!Gih8^HKF`Y7xS8ONBvt z#{ycNfxxz9eQeDxCw6)sy3;OQgyB!@M3%qwnWAU?6Gz?5FjqMW91u?Vy%Pw@DO(X3 zu*s!5hxrm;zYhY>Cfj(sbj&7oG(~0W+#~GzH|+YioEdMpKjrtw^ZTP9)%p5|NHoeR zlhB&AOkm65nDd{v`VhlKE4$jtbtn3{ypz`kb>f<1hjA`^9+{?mTKu1zX_Uv5g>dUJ zss||VedG0_U zV#7)*1hJHd0ao+*b|OSBomAY&33f20;KZI5*5NzK_Hhv~yzd1R1!sT~!0d_d6W`Cm zNSkTPP0WemcdSFvL8d%0f-%{|bJuCpF)+lGYTz1PMOtLWg>T) z3*AMVH}W$03ZNIomc2^4=(Aar1!MccP9IRXqWKhGUj!ndr!Nty;&+gi!GQa~=|Q$# zCpiHm03bYsSuj^E{sCwjPHDXjv}VdYCx$e6%mCnE%3#X>^m~l*WVC?#4&Pc)kRELW zzRD{!T6xixOqkR$v^+{xb z-blr_vto)f4Hoy1WCM10C0eLL(TEmIC{D98aSD+~VVgIC$246s2nVNO2gM9a{%IQH?E*I%AQ#QHWzpfp%Lr$4%l6Yyf`kwhztR_c`HJs7EA}I_}4qf=lhT zkN&{D1ylVct}Fu$dcNRB=>&Pv!gkx=Gj$7f?Y6E-6DCb;x4kuK;-pFKwo?;vFEa=D zhyM?7Z2W#PN`P;iJA!}s4VLjzavuMZ!}-1-FAfJTMaj`mAe*yhbd|UK0bZ^UKCJH$ z%3C&I$>=-Ek9%&{aof*({+Oq2mn{Gp^!WdjE(OxBWeMc@m8uT6OJ9G6% z^oKo{ayLzDeg*U>6LPqX(G8t-sR#F}$>drjx5fK-7LXp;b|F@CzPNa>;<<>t~UekZtb>>{u1;(9$k09UVHR zto=(kOcVPLG?K+Qa$gL`DAW<|ENF^`>uNQe;Tt}nKCtj$Vtl~wx8?iv-oAK#M+dUK zeaXD{Ro1%KHv)xLUw$ffQu&8}jZA$2DXD1M$#cFXaSbQRS+PgRga;XRD2Kt(R=GPImk9jgl>k?j~>v5RGz-el6SfXFKdh<-QMT)b0_I&Fsrh z$3{wMG9<`+3PY)zEU-gQDN0r@Pikx1~z?Mz0cevKw})o_70wWZDIwPTzbioE9-~K3>?~ z9i|D>cR78FAm8du)T={!#I%=s_vPpw;pD2!oEeGmLivW6DAY$qst}Aq!Xf>V zfn^+JmF@+?Ukl#X;|1wW@nkneoKJr0nA&ZAz*HL#geI>yfea4m_Y8uw;R0Vz$9f`t z6T4)hF8|O7mb)a*D&-|h`RM{C-*qjnMpvBFaXhH+2qnsi4Zwm6>E%QYBNt>#Y@ko? zDCrR8dQ&4xtmI^B^AJ3zav$+6?Lm1rCnvhb;+pJE;9pYfhbCfV)G##RLVmhVOStp_ zB|0t4bDU2t1&-JzPBN1*E+m7CZ^skl`C{CN-4D(LU6kw;>WBuQA!E*)z7oreB!JR~1Y0%;xxS~FdQ9W=XiL0XdTJs$;=`s6tfSYK#l zWCxuwXzbi(+B4p;n~%~I(~Kg3E%F7Qu{8*HmHd@+XEC4NwV9lE?woSKcV~+_7mOtR zC*gK%rZ_S#xTX*7JGh?oq@3~$Y-^QGzn+4zc{{=(Z0EgBrke+#psUzHtpU@mf4}Rr z*e(=yV^{~ci6G4k(DHyT7fld6QzjvW2MhTd6GiU>BIk;RhQxVBKSkulKCG8($6$; zDOg>?AB`BSjmCW#=BUzrEoMosH9BVYf~ zi`qvgo#D$I)K`Bu#}Nr<-H=@5_ghUCgnfOFA+gt@%0;PTd(e-xtI&H<=Sl-N|KB2& zdBM&*5FI@D8ZC4==|N;G8?M2USc0Cc>yPo!eO7B89go3el;!!N?Ls(!gDd=&zl7UE zGr)yQefiPEjUq(~=>b-LejMQ;99O*Ey7v5343zWbPYAb}zvOqodI_7qbmfcQ{KD?w z@4;+BQ%v->+$jE`Ur~bJ9|Hte023hhm$}*^`#%*yI&-4DF$&V?0cOoDAttd{*SGUZ z+l6qrjpS)4SxR!2!7C$u1?6Q!C=;iww6Iw^!e$7aJrD_<3DA9)$Ic=#TMwEen&G6K z1hJ7K9MX9u6{cv`yQJ7AVN`6xhvEf)K(^FJ*%#0%XN4)-^=F6lrUNIZi?dg9u3Loc zajqLNwggxhI$3xXicG%U2qE?=KmRxqf-D*Zetw7fFk&B|aJWUt9_#M>w_5NGE?R7v z=vncP09F(}>%f9?$4Q2K_|Bn?P2k5y0n>xEL?=ppLMoo|Xz~e0^(ogUOo!3y6-}_U zN7|)=ICYO4kFd322*)&u$)2;x7f!Q4@pymlsjy%0#VVV@=Ab%uM=9969w~2lI&b?x zYNZVv53stN^jgGHjWMbF8v}dH6{b#@9^GgpO0#hi4PiIm%C(pSr__zD4rM7b>B*(x z>x*dyCa-)IF6&yH68jZg>tBgJ+i%)zFC|Oj7_ak4c=F0)lUJVfIomNwwCN5m;*<#{ z@CBx70-HhSJ4!xQ5M`)ZXyw}ApHWR{P9`j5=Z}>TY#zz>W0)83c)Pz5yxqxyx5FYp zQCLU#y<0y;n8)^GzWxQ&mx}ZU$QqMc0?ODjeW2-Zna{S?b9PcxCuOCW_(oefJtdna zHQMf_rxEnDo}LV*d7iC_YZ`48{15%!bCaSv8l4+Fm#*7L67pIUwQs^d}lsj0KHp-7z({+P`#2qU%!F#fZU&Yej$vWh z#XF_jik*0u!!9i@R5is&$Sx>UaX_El2^_JBpeeK%>N}#)41LT1VP|$ELkTb;zY*H3 zUyfB{Rn?`cYD`}Di+)>vHdc`6Eu95cIO=tp!`{+)oVPR|0>gc6n{8UMa)F$8pKTIb zUR|J^WEn%-R^ID5pY0Yh+@ZNY$>tOK+(0#3_hyl(^SE5b8l_3_2T%{ z#?4D}z3##T5agUP1uMf&(uo$Z>n?u(%08R};Wx&<%%eDDASN5Fo^ibB)cYAP?uQ?( zW`S3aDIfGOF;BSIz3rGy%<%v|v`?yTO2h1rP_F})Ouy}rRjl&oK6I$crCQ9(17I^I zm)IWOp!g4hnwOLhScHRo9@la!|B{8G7kb2w_?HTAP-4acx-XWFb)h_6@Z@l=DK`EP zoK8zOzrRC}3!nC08VgD8hkS>F4WC!%K82-}NqDJC35(4;jgt&dtU?y{JqF_NvZ1_? zIxsxWqJ2qTx=Dtml!^XEAPj;PW3W=%oA!6G231~3wR}l4kxP7$R77bo(2 zI!q^J)-{b8TYsX?fYTA7)TS0wcdp-U5cS7GBarCH?RLl6^~W6g4??p%=lVRCdiaL3 zB#XU)XuG#H`a<;BXjh80K6fnN(24vD*0H)wzTps6F(1VtSR9&8=O5mQv{O3cgm*)Z z#e+zK$cd@-oplrDH!dBa6Plt^P22Jtqeq}CW;(NN$)*6qXO7ThP1TwFxgNfu1a1An zD9_p0{6>e`P-t?b>ipdlvq!s@?A_4WPr^$}V$liy2ZLL{j*8iz<7<~DxE4l>P3OX4A}mseFZo7)@I~amN?I7FO0DuX9c`bjLx555knaL=`g*@RmQ7XYd%1D7 zIK2uZ)AU~MDYr>z;_&dE`=AKjmJtxm?HhjsmcpDk^z96(ke;^2^=B30f zGgX8l+(Nov_}x4Z4%3W-ajC>C_5QkK)3&_E=meEp6yWK(7*{(zuPIs&=I~Q2tcOu6 zuQ4%!a)l|aiJrVhYXXMe9()N6Fo}e3T^_$5#Z!+VfEG9#HKHRNkOIOKB%?f?eTje) zO&t*o5ZuHkbmTQU64?Cc^O_O?xE-}om3600OpMmIBLQqg6B+4U-%o>E{K05XXLmn- zjE#Z!SsuCl&2^XI9;MO^FxXuFEi#uRT7AhvQwxbCNEw{iq&Q_N#f@lrtJGSSGuDN@emcwVFUv`F|DDjp3yWw$xDuMscX0MdyDY>>6v9C{ z2OEhY{Bl3Sw}|E~z+m9;%lLQ2si#6l!gph$__6`*@biR5HjV@0FB2R}BThuPYiLJ& zTKRU6{Iv2Ad}xyN*g3%_01odmWv}|ZI3EU|mXl6njd|zZf~_e1MuW0tG@@r;rSXqt zgUR{&>v8pdmB>HlK~-0k_p6v~d3=2z6417@y`d=Ab>0vTS#L)U9^B4>DF}{3+d;1i zknqa_gAv3~tZN&pyC%}5j4stU(uo77{lgEE8#{1>EchmM@YT3&OHutR{=v=OudaD8 z*Zb9ISGxDBRM!~qS7Y7B2OZ`6Z`K-dZu)tGkKrmdC$JQf9+r$yFy!)vCb+T)iz##& zMX1z^&DdF^pC`0bY$g+fJ&R&9>=5-C+gfmU)n{xT#YCP>-q3Vc3ZU=}bI2-g9v3MA z!{Mv~{X7x73*2l}Uu+rJFmH~v&1^yJzBg!Dl0ac}z-s8Pz1Lu>&E!K>d^1}l)^qs=?iTu-(~kDtd!~ zOA&bM53jMBJKf{7?AQn*he>NwNo;c^oPbOKV&xOD@20?0LReOZ>ZEG@42~zt{0-;IXb9#M?gusP9qb2Z< zD67Q!QJRSc0(z4!QLkZijMI4T4_oh0a?9wuQs0eA@dBUXfxQ17r!dNbpgkkMg< z8np=eHw67r{hL-j4xS<%yc^QmLDHkl<{Lp%F{ghjs8{{*^(QbDhrc})E$UQsxZ@FT z`OZ8{Ml2q_KsX5DDB(K?$#KNQY~{m;#gZ1}B??w^U<(fGuRx5aq~#keFCzf9i4wl? z+Zyxr?0}}Wo6GzWSf|(vb@(jU%fTifj_HVUVY0FuBggVdCmWN!$D+LxhC}8ST5sDw z@}mX`Z1@`49G>C2kUwVuR*1@I$LZOt=1GqMXQh&D8IqCC4xQa#!v-C{;{#NOwY~xF zhcX>&SUXyA^K1Y-sfzG#kG*X2ep*B7#y5a zyp2J7u|K3NI* zjg^Xh=u*-aob|C3goE>i_;jqp%(c};zbc3TM2g86z4tG4(zF5*HZVyw= z#$22~&?#&Bhv-h3Y&Z{B10dQBzWE$CbLLDg^qmM88VOEuyas7XK%_@ZMuszpONTQN zOHkvqvoO|vxAurq2m;y7?+?Tpcq&&NBnm0e7$ih;?n*{b0Xq+Ds|5R{^y;iSUfL@? z#9a?!By({N^1(cP=1nmU{@J#g7(8!*7Xp{$FE%Ja~^(;7IXlh}zfZ%VN9 zhXNwCF(JLhHBo5lvdxKdk40Mq=B!P4o1%mA;NBWSZwO7tJ(ti*#CsKJ^?HrLb7_nF zCc!gD1r^0I(fyn)?un{xTQImmTg^x`pp&k#e+mG&=qe(KHCC&JKP#N=P_rx zr#I#6a_ih%LH|g^eYoE z2Reul;Z&E4jMs|D%SVxQj35$>(5%j^6E9;P!dCfCi^F`fc9O$L5K`GPihps&yWBD-j|wmStr<0($m6k+R5;~SpGqbFyE zTaPr>48kE@!koay&#(?nZX9c6nV!BGqI|nf-*BWuY-jC_r~wa9^u0>u4oL&r0S?eB&(WsA$Lbk9y!I)5N#vn;fkS#*48QI% zGa{kjNYiLJuPZm6XwV88Tr#=GWSy|ec?rsR#MP1MkPE|2qdk{EwFNZZBTYK2MAje> z`U39*FmgAI66HH}5m3^R&?ikTo=a(N2#ZgGdw{C2uR@s9NRz#;-sMy zY7Y{^k;7=Zaj9Ki2r>2;0nL}j1mMTr;60CRExPb@8BLdw-b*^X9OeyR%(@WVqd*+) z;Cp10=oa{*A<8ix2D4_LwhC$Wsp}9&B*?mFXN{Sk%Z!wvM!xn6J31Td&XUSN;Lje30aWLsIaD+D4qpOIeM; zsT%z^gU+nfDxDW4cUNc>+JwHOQ@o8^{j9`u>r8j77;d93n_?JC<)}Te7&}aYpQ4LH zY8Qx=w{67kLCQBbMY=czE5b?#!~tCo!`O4H2_HNNw+ZrAEE;zg`#g-b3CkW-*(ze~ zRk*KF)9e{*n#%B;=2nSSpb`t#NT?czIF{SZ2WU~&uChzp8ACzEIHbfr@F8Dc3r7&V z$k&fY74Rcpe?NPGTN}?F68U=C)FIxy6}-vUe@>~3dcHo02R1uehu9|RXo?|GFb9l> z65jhTpwrw1y?9_U7O(C)WJ5lN@5KHh9pd2yPi``YBedZb(cD$@nYF2?&?-6o*tm!5 zB4!}>xOylaFKNP*V8PgMr`B^K@kQu74#!YjB9(Gu!BrZ=fKx^Av|B+_zWy#u0vP)8 zwt(mUC`hI=wKe3mMNiEH$o@nf62iVZ2*SOl4@7xu_k~mAJH2Nwc>~E9%jQua{2J^$ z_MXO83S`UHvks}(dokIKL#oG{aVijg4Mx~khiyu{$?3g>BiVko72_d+3+<{s#0bXiS_M+=B;f*_=8^Y8WptD^tKr2$(n7PDN)5jWJrg_k^|> ztc!O%^He%|=5X#lF?={QvMH*GZv=a`H$q+?7R{GxJ|_BN6QG-D?8xX*$!yPPbC^H- zcgXD7+ReFOM-+9787CRJo1({QrWxMuR!a!P$b~c+{RpZg{&Tos(I;81>?xlhhlL`0VN$rEMb%| zEB$4%>)~6N3Ya4_7SXqUI~^uFVqce;>M8Zv)EVCQUQF+v^Lg0aB^)eRT<|~0GS}Wg zx!m7df`d!&J}3}{7cgOA1Q|kysCVT_?B&V}b)lOzzX4|~AV7{Nk6Z#WK*IdZ#+8w6 z$7t$b+jf+CnLF|}JKahSpZich?n4nb90Bt(#PRtTm_x0=maxHTT5m3^;O8HG4uleLtV%A5wwL(D@(zl< zS$&2H1W13}DkXl`>PxztIx%0WT?G?_X>L9_ich{RS(G35002LVLZbHoU1%YOJDZ{!qjO03 z^aL|d!JBph1Hf^kZ8^BXlarI?%);P4gA?IRyO%P_#_iwU8Wcm0_^RyO&1VEMmH3ld z*OG-l@QO_dzhB__{q~WF-rtdg0~L29;&S&0B=1hZ<-vGdHpbz-^o23F6hyV1wcZ@77QB=lvAWPI7eAx}Vmt)wix zeL8mv*}%mb2s$1X^b!5MeNpb)sL1BIUpLc@uR|PloneTyK{qvVxwGuNwF^1}(dizv zhDO0xW-^Y7dK_jy8j2S)4ztI@z~ol!f1^2k&m(O*yab4C6|9P{MBaf&dDxXCnh(2h z$go{;K(vV&A7E>RZLeNFN-R>oVHEKPjHhg|7we3in(=VpA>uM{~4MsVT9 zjG%=)3;UT!q6f1$2=sxh!Jwa`lm?ouUiDmx8c)!Wy@&`R``89v4pZ({nC>F66NmSL z1z51Dh$^8$bsT+VQJSA>r;lAYe2dUIbME@TD51e-wj}$63yDX1Ne>$;)i}`!!BLF= z>u}Nz!2n(EEEl%W`T9F)xk;ZPiHT|>;r_#o2;cF=EnX>k_`7*SiH;*W)2=k zxnx*{95Aw+ax??N2~i|2G{r%0wWRzXWx)F7lv|)wLMh1lDP=`dmWi^okI@u@lQPv; zPzKIX4Do#ny~PT4oFNd4dq5a`nMynb#n2624WT8G7(!nW-@KCp2!_Mq9pv4$VuOVz|mpDP8bHk99I9RXzr~ges|pRp(yf z4P!qDg#N(|5kkKV!y~j_l;H~kFg~t#IpFlm0FPsU)o;mQop(yFhcY$bQSOo0Ny8$L zQ{MV6CixfG{~JSJ?vYaxsWSvEIb|Vxk>v7^3SxQHVS)>pJNE{TaOlbq#6om{f5{JV zhzx(3Im$hXUbMjHyGF4LOvYdF{)Jj6fS?Fi5>jQ7)KZo+$~8`$YsureS{S6*G#n$i zKW%LmkkP7rKLvqq9F)MT9E>|21!f4d@bwLZ;_paQvgVuW@Bxw>qbrtf@z5Ofdc{X{ zrHoA1m*`!G?}*`mZ*m!q#&5Dhp^ZHNCC1q^j)=`~LiEv3>^+Mk-g<}m#HMQ&$zvWT z2u^vig6Acnm+js->|jN9(n2GLY@1RTp5YoG=VLWakj1*Eir!0cHP<2Z1nXXJUmxhh z#=64?3I*^v3>XAogr=dQ-aQ!=qie>i6{Aq`YgDwdia5+c6$xmfwQ&?_7xH5MZkPPv z`hYm1WpAt+CPMHmj^FVNMg=cvV}VoZ0^#f!kbQkiAC4G^QWT~p4ssO(L;ryC5hEwP zsDv;UcC!=kk_jE0q|_m*u#hI;Z6ZzBdjKZ z^$CNOO0dH4W)wY?C#ctFmq0{&AL|xiKMH;c4EO5!hF=o>5%A-8umuF1ZT&cd1}$F$ zXNEF9szWG)66oe**3EC(+S zWG8B34m;7YD_8tBokG)U)10yxb|R|e(04lYC#dE%APs252->LzI5Az=@2AZh$*_4k z8S~hBVp23*Xkj1DqQ&7Cc@fq!rkQQ*M0E0T+QxpBcpkvrf;TORB={KeskS z-a>|*#}3fJ9q_sd1nr$16fjG+tP6D38ZQ>$10EerYe0G;OcqwEQOxwu$F3CW4*D2A z#hc+GoTa0W=VHsl&4*)H`sJG2G%bcWr?|Nqj+cTCVQz zfnI~(Rgu^2h5Kj3q&THhPU$R^ys-VxoDp67oco|l>C1-nYUBymG_r=LL0Y<}P>}v9 z6PwEIuTkT{E-rnp&fr9(|1`Zyf^Zm#VFb*C3vCuxBCy)zw@RN#--Jfc^Y0ySIZ0J- z-RtmeXtwhQ{~AYoM{g)Iq5bV<|E9+s(lpjJy58%twi0T!G;t_i1>&Z3BI)QDN z$wdmHVLL@%k%yG}Xggji!#P(4TO9AuccG9kyiCJ#;*)Q5>KCreA*)Fj=*DNe_9vRe zC&dvR_Ng7gTM$^F7d`+a9$z}+y_v|!3Ojr&8*jum=GKm^3qISES$<379~+5E+y82r z%yE{+t?SVLF6?xPI5vxKN+$62GvdHY-it|m{b}0u^Ik-_5)mM*mV=)pSes4->#+VD z($75vhwWcEqzzqm=`E-JZw_B+ozvX+Pf&dmWbgy%4F2I?0RUf5a*kvK8BNS6@+wBx zgLp?f!8OjF;dk*wBZ1MZ*uS0LiK1wN7dDpo$J(Q6meJIi*pN`l0jaBRY5kwHVP8oPs+Lh7Ii}RJ|87 zU1|J7$JOVYjo0JTIlmYG=L6K@8(u~(8Yc%o#+p`fj6vEMO2lM?(A2udf@kl=oJ}{0 z@=g0eGB=3BHq>x^3f?;pRL2e+x}#y%!5ii zjSeMt-i9b^PjI=4)F&f?3z^6{0sg9^Iu7X^!WN;a_*yZ(GJPJ{t>qt{Mbk`$m{Y!f z1tx&z8Qwp5gg&%DA1dYRNqym|0MsF|>Bi?{u(90k;v5M zOh0HUXwH~Er#T}-Ox}t^*|t>1cMhqj(b}|fol`n0VBoOV5d_2PqU-n*V(%G>v-X~H zj{jKL{ud5Q(Z2n4T97mciM;nQ*!-x3Q{=(7@W{A!fjnj!4P0Z_SpHBRtt)z&N}gLd z6}*YBOpHLnFdqr~)HgAN1ma$Vc)LOKJ|ax81oO_oq0xBMV^F^hQiTOeM}?EbRsnBq z!2s)mlK_Je#5shCodZnlYzX5poIKY&1r%gUnBPC2hY(mqVUJ}L_Lxs$k3}PJS(bpy zDhhk7f}D718{QXvX%mG#ss$+)k&ksaqR@kIN3oScA++5};Sikm_!vTg;vgc$K`ayt z!Exp5;f7_BW@7%sHH_(27GrvP5Z;IEc$*P|&YfV=tNHppDsv#HPOmf}4-@~a$|gG3 zb!z&Dtc2q2_4EYs5*z~n8WlziW{bqgx^znRKB_=u*fJSpp!dKrMtd}dHwq&b^hgN? zJlUgws|AC~)<&91BZURdMhc%YX#oJx*pxgHau`eSCxFIyP2 zpD}_d*y6j0wbqj`u+Gxhx+KZ(cTDXH+5q=of+S)h?w%n+^RVAGI%hbwON0?a$LBX? zfe+XI3?!Cb>1u@60N>Sn(Xa_2YeS)$-BFBeguwB^t3JNr2=)gtT=u1R47U#05-He_ z7a@2P{52}ry?;GT;)+BR4L#OYf1wWJ{Odm`H4<-)(913EG={z)UA|g{fz^sN6Egm* zF$zs>IJM&M)|-sb%~4i3*vW=tf3)92`|kcC}QvFP)1s^1tXrz;p(0!b>fu5jqeHv zlBqwn1DG{9{ekzRA^HMsHhAzf2l91MKPBBvE4BACQU48gIi;4S`qW(yaa?08H9Chk zM2d;d@H8D6et>XKgjRQtC2|7>UjIAr+^^LiY1Po|fwW!18Sj9-w_7}ZUX-I3iy1Ii zou}xvnGQRi@%lTZZS^o8$n;LO!x|@B3;x{k^A3HBtv+m*t9A4-Xw@(PDSBwK5>di* zgDO-SL9n#R2}A-T#4X=YkC8)&qC5Al;C|RTn)riZ;ksP(6-^u@`W#4zQ=Jg|kbRga zCi@@*X~|og-Vas)5>sJwC!!_+8?aEo6?c#lOiW=ph@T;Q>~H{ zvgoha8rkYiz_3ucE#1mvuPIOU5*|*7f+?D=PtxHIQuR zpv{pHa7ynFLQ}Jt@$pMody@!Bo4g<^5k6EqW&|{`;Fc` z3wDtHI1s9x35XGJ*b05uHHN_PZTjgB^I2E4rLmS^5$ZecfOG`L>l{*PBasR=NwX+z z-AnYx?9ycO4IwsVPRuZNT92aoP8ieyQQreTAe{LII(v+c`1;rI00E#mjYmL9qY}%$ zS;EK{B-b93zpunBDykGQQ3s?1z*38G@br1u^dB&>@u1s zhR`A;`nlvZ@12Jun(`3L!ft&mju{Rtn zMlF1Q?LGQ70sP@?{Ke2Rm{@P@MyFVg}KqlXDRsD2~tj5w_l!U7jT z1<1=Ueoa1j9E4yirXuqD#q9BS-SfnWQIF2!c6FB5n8PdXzxT9Kz3AW>_j8$PN5|Bd z9{AOcb5AdP#)em39(X12!^&mx^ERMZdnzJEzSHIRE$22`SUJO`reYOP@?1 zyXfA==VtFp&Hw#4=Wc&u{Ph!`zHj=b`;*VU{nn_T7O3?n4}td{_?UjL=+*lcSY7lZ z1vcD|jBomNX?It(njV^8r{#Zk_oPoB{A}5BwHBgSBh{y&_wRoyr`&PjDPiBV`)5Dy z-+W?dd8GZ&yJv%%MtRcL8MX$AgOaV2;nNR&gR zrQ9am%g|p1%dO=$bG59-2ILbilv<5@3Ch*qzX!hty{Uaipli*C#cwU36P{MwH=R>HhC?mt8!;;??bdU4ZV}Sepf!z+=vjrb%YVbu zXD~b$w~md^3Os5#f?D-YpbiI*W~Q7`Y%OqcbN8VAnnAQ9jE3VU!nvAp(eQk7Igbz@ z)d2Fp&j*A9aSYLCGg@8=yV6R`c%@3WYEaOPR*|1d6{2h<{*{8pF2*yJ8eHP!QuJ^a zmxeK~)JDT`MX0?Rlu$XDMruU8O2FR0>PI+#9pmRUtRD4BbRy~zS8QZ8jc7ykjc~u( z;~H)z>uV`ykLGP?8-h!@wAN|>XEk6F4er4+;W3zw5r|h>ub0omT0pD<9D;1bXxyMg zDOaZv>`MHhu3YMg=Hbc^hHFn;qT)>LXe13vs2N0~A|}D@n3aM*X>HNxVw4&2c@Nz)02f zhEcosMFfeKW|eUnj-CTs{+rlbB8_A~|aJ$R4> zz*3bd(^&a5)FeGhE1IyX=wIcOR@Y5rwNRbNT+J9%djp4%hqbEGnavP{coF1XgU`nWP|DE|E zoJh+>@K@($2KX@2&$sayj4$;%Tt5SHfksQ*qgpc&ejp70f7(Ux96ZY5+DGh@NI&XY zBRy9RZdc_ot+g^xmo#RCQ?7(hWDW*6`SLbuJ6hSbn6Uv)-O>;FyKIisnWNe?ZsN&^ z#YfylT&vP2g3p!cT7sSiuP?GdiEl~w(uhcpsT`(04_0!7aUD)?m$2R=vrA*xfR#m46!E;7ITbKne0k)(y*h1Gd2;P1oOn`JonMhp6qBK#mOd9aMc9 zk=4V~SDhJEUR>FC273QOzp3^<*Q~#Bg{`c-ptf-R+7)YS-1o4{jFPIF(iLU3D^PW23F{1(^2&{?E6Udx zHE6~(w_4(^TwhtWsnS?m3Ojbq>YB|)*XHU{V`g1i=8bjeFj8J!Q@-Kbr2}v`RIMp5 zD=%5?DzB|{*1A@2s5X{W)fm&rZ%oU)scr^cA_!^s;pg{q{W{e8rC7{xmh9z{ zMD5_;g-<+5t0uzRLsu%uL#rkgXycm^toVqLw^!%=)17~p5*p(Z*za= zuF=ibEz(t@gyX8ng8Y zYpg0W)^6TVQC_*81xsj^8H>p`qm@@y<*rn1s>r%v<&~>9sFfn{Yf9I;D^}OAHL8wq ziMynvw6>O8wz{U0x+&7u&-{wb)f9V++ODnd!qqhx1muO9%@tMFx~r?J zYBYA^^3Y7{YYBLZyHdXkL8Zm;csFZstg3h0-=jK?!kQ|Ll^3~PMDoR@wN>sKP)KXW z-BDHH22t~?YHHlo2r_8t0&p^`varhNEL~HsjS4%3lrWa8TV1)9EfB(^pntZoHP6Uz zw3b$uYvt5ubya1p8gT`@4XdlGF*Pa%OCgGkRrL1~)gQsb>gcD3P(gnE=Keh49+g)1 zd}rZc`YtV4dRdxAUR6?65vgOZEUDU14e@smrsTyYFi5pYC*?32JRRxod zDjxZZ^CL}JhOKf9(XXEt7*uJ^My&nx8*^yM52Uj)DXrBn09&*6k@BjIPn zDK=EsRBb4)1*ie;!C(3!S%Oj5fKp_`tLe4w@-?bOpO%@e%4;UHak-Icg#L#}M&!%2OaFqgADR7knS1E9n0#_+;l>%2OaFqgA zDR7knS1E9n0{@Z%#T<7NDtVr7e17Ni`<`!p-v4~Z^IgxMdcNoRzUR3YQeQB>V0l4& zq40&}FBHG9?uF_XP#N!5q~f;k8UHiY&(=NbdA9M{ozD^wj-w5b;@#_ZSMRRd?b+S9 zd*|*ackkN0clW;C&Aa`(J9c;NKDE1hx3aruci(PqPu!m5J*j()d(!u0?#bR`*(2^L c+_QX7@t$>is`u3G@$6~bvvUss{*&MT1Ex0lm;e9( literal 0 HcmV?d00001 diff --git a/FSDrivers/X64/ext2_x64.efi b/FSDrivers/X64/ext2_x64.efi new file mode 100644 index 0000000000000000000000000000000000000000..1da0928d38c0713e4a0e8eaa71d2edae08aaaa47 GIT binary patch literal 22280 zcmdUX3w%>m*6&G^wkfon0!1pK1Pz)Zj|6aR1SFwJ*?|-a<opEZ;1u17958P9@c8KZhWMhg6kSRFp_70*=)W0INs)u;fYOWW(fZ&R zXIfZXH|`Re4hV~aKux@;Z+8aTPx_Ksyd^dojr5U&Jbjmpv@j50A&=ws7+X9R{O~>%ITK#^n;%^KtRv zjQXkJq<|v^(b>4!DM1Q{A*=ITRuffOZB5AP5MqZ!TMvTajyVZA$<(!Nq*}?!8pMt)Jqu+uaXRtlV zDLxemUebwAHM{HEeBJ6l^L1hJgB)|LfAA8$he+CWC;_p@*V_${9!#zQ$dXJY^AhO) zy^2fk5TDxOAB6W7CVTL{Ces$SZx)|;2=7S`QpEM6oGc!8g4(0e`KS$E(gX4P{=tM5 ztq7|}Yvs~f>Ch^_qt$I{Uj_^VO>FgH-{1tjYG)Y$D3{aosl!w>TNxGCw>j;tzQfUT zkWTQD0c39V52GH@R2_%fbPwMDMALWi%2EG~Pb3~(=1>n}8d&mGCzcHP0W4VscmnMP z0y}{_>d*MHsEwHDS-IsxJRX}3upB~T?mU=fE~17E$T&Wba+f{gQ)0IfAyz_lYXS?= zzwDZ;plQ%bER|~#7d{N|-S;~0X@)9WY+-3LkOr2f#0CG~ndCEPb6q9d3=Rs?RC7B1 zGL?%M4s5igd0G*ZE=-2X8JTpNNe7rbt}tGh3oY*z*E8u}fwj1~S#NRkS#j6h_ck-> z5^q4DC2$PmN}%Vm!@$H>H!~@vqat0c$cK(|>f)10ul>mzpz8wfoo(Q_;lY}J;x-sH zGPy254bargg6HG@EYvhojqG4dsw1hyQknEix}mP(t^OXYVUIt9weXjy7Gg)(25kX? zz6fi_BMWW}5Qsk=cnJrSFsYh@@np6EE{A@Bnmbsi*C%&^gK<`B*u-?Z;|JM>F525> zCg)o*g3BFj=$3c|Ojo>V*y9^sfZ07Ha7WqY7XF;TL%N0jn*t9d&GBC!ct|h!d$UmT za`fnt_@Fq`h?M5(5ZQ;YM-VuJSN;PQR}4ZmLC6-85&7p_uk5jah5+((B>&2vS$wTD( z4Dv#wS1!+FlGmIWPbHsV0#}6h_>^*))7=fLUVO2G+Af&nbZB&WxVaPk)&<=NT0KnfgF~}xc7D8)HvfQF*m?o?+m8z1lGeN=W|_xVF2NA zA$AQ$RLDYJBJzw^ipL9!VMvA$Emapa3T^QY8lzT_O@q$#N>*DqHgp3`06+s>y5c|! zCNDLc0FchWuS{hys^}?}%%?vzosl_q-s`;2IkQ<+sMFJm-m%aqr3+B3+<2-tG~1jV z-{HHNNna>y&#NqH07UR%hu)Xwf!&R+qz1uczQ>#yt-w4`#~^*dL8oY- z7*nn~Cd~GUB{a3WVH_4kptj^iP(P`JCjaGW{}rS{)1Ju_=3cJdsny=yJYzZwal2c@ zLO*Y3b;rXXR?LCEh&fBmR+pILGCOefnhSBAYA(U`9`hnxUo-~*ikmfNvevkH!@OF( zdE5LNZj>%Wm-LBJg5E?6P-4tuZIqYfa2_?FnmL~Ac@ z{uu8z&&r9#+m^gs^%my3pVk2kC)UW)UXrR)`n&Qt>S3w#m|HqD%_ZjW!Q3FXDw3(m4n95qdaNX*);canr55&hN39p?;aP zV}|PI>W-h}EKPn7zOcj3@fAd<*XyHHohc-r$4GHVO zglkY(g?YogTfKSPd=NL>dv>@@tf@L&JJuDo6<$mr2FEuDB)PFT5A_-dLcoxMP)U1y zRUs@P`C69;rXp8mLX@nbbV%9JPRvL?1yOPr>?RldH*U`0rMU~n+{;y-<(39_q`!rv zy%-s^7Zbpe7?~w8GD~7)P-B_^fLUV>t2c>}L5&Zh25LGZT zX5wHb=b#B!FQ0}}`82$TPs7=qzZIOnZzvRseN~Kk*&=uXLa$0(xJ)`V}aDYK#F*B+C0H?sWo4FLaZIxfm9ZW>RBj#hml(8 zwh^?g&0}vZ2xX;-_0OOS*JFLVAUJb3_K6)8SJtDZAk6JB?1yNB09p zr^o1$FuD+5@Fhm)wMW#^Z2+z-NB0tHCUzd3{@)s%;qvIlVRS!eqcgZ@bg@w+rQV#| z#CG2x*JD{Kr@O~ui*Fbo@(OVcAG|%Y4@+MQYff2<;1i&EM_C$Y)_lV@hhSLD2SiYejdiBcptH7l@T2cv-RB4bZ zjmmKD@gjtuw-3YEYaKBlvTs?o#wo7LGCLagNgoG~9&`la$k;d^^O<##!zrHN`$=_& zDZdsxGA8X*>>+>!kDdh3LH{iTloUCf4j^P~_7KF!z%|u;2`$kI=`}PN7d+DL2wXzK z#uI-(W~WB_$l)GnWT-n#={1fS?R@5okt6AKM<`#Dc8XVAiX2I)JE9_L%+eu%jZT1v zAn{D$Be!FuiII06HY?qs*c0oFE4W((UfK58_li&a8HTsqDW^|uOwVLUIL3nQ2LDu! z_7DFA?P1MvUMaL65W}cw?@FLu8PyO+VV}f?Wq?3}MQrE;(?c}d!bos#S=Q4T7-bM@ z4e>}!AB-enjIk)!lL^KaJwOHcPFC8cJfQV!J9A~vD}dL2T72R#Gz3gb9}zsaT-sKX z+K6OOICf1Wni4!bh6Te(!M1R4TcD9$YAlSi_}17qPR-FPskzB1uFrA>&o8ebf->vQ z$07TgWDrKw=?Ud0KSteOH6IPTdbMOv=XjSpiTOY zXxtX4yTtnvL1!ak7f=jZV|^kg(u0S_G!`ZWcODG31yHYdG%mV`cVy{*&j)eim4g@n zv1Ykeo+?j_LoBC(Tse$=KQ@fypBTpV+Ato$Y$Bamx-wc0J}0=0JnwhT##TxcOQ#~o zQk=ooKzZFcbeS347Irl{)Zr9fid{#;IXnhcd_3DOkEf82=hsM)i49YreI zAGH|Qpa=UF@rlJM{{IiGM!A$lDadF(HyZ{r8+v~M@%Hlg^?dyE4blY8T;17!WUjBD z%GgIR3AxRH{594poUeCFyJ^`ZkIO}N1WDz^KP#Bun(dWmSUvG@fo_|}US;$jb=s#G zstrzQiUFAlt5??=M@TTvI$m}e;bwHm2vNGhBkk;n4k>a99?wS9n+^(gOM4ghX7jgY zL#9kW0V#_m#<*XJegetb+BAUc*!)x2RH?QG?-cxL_K5~@^t6Y=i1-rf|cnJLs~XukPQ1UXVI>aK{L$C5F_wgS$seBcR-s zYak-@WAQ@n@8HuX5(L)U>0YT~AW}s|R%z)#2%yN?Vi<^lK?HcC8obWO}8cO^{9 zg}>7*!0PIKlSdkdz)4Nf`&XeRyK@{5fvM8^J7rAwssh8pVXUzw306aB8JkI+1lzmT zbi)EZ9XXFo8bz!|u2~dR((PLpUxT{zbO7OfChoKN`x)|bU(QK;%iU&BoN)bTxTtRxse3o5e+uVb&c5Q0kXY`MtbqyPyy(rxk9{=4OAnXXV)Z?}DO z^({{61Fyco=&?ttuXBgS$KBG0`Et7Cj7ReA>CgF7vnXw&-o;Q6-8)}e+|FFyL>ci0l@e(nnyBzZM+Z>XHtE zRa4DSkZE(B()%vG`7z3wWN#v2BDT_V>a ztbUluLiqsUWcg?z;7@DGa}c`NU_3hbBT*Q;0gtQsBbl|B2r!y^u@vXK1Wqh-Nhh!3 z8qXtfzEN-;JkDer_In&i)1Tr|QUFbZqZbSY0t}6UZ7Z^cOOll?i0!f=Blq1TN-(+OS93&sE4N z{x%X(`Z?<({`C-L@IqW{SdCtTqfZV(j>F%jCHX7d&`92*%dOXcf=6%Z_XW~fPvmGa zw+mwg=T@x1{TZ-(NrGbij!asrCvqgYKsx2o9rMUY8cwAEyv>&f18kCKSezV|61kY~ zC!OnbaDkM+Xb5|xmfD-VSd8aN*H@r3kmZr8jLxl?*dFPjY;bm+&W(jn>1QnRWir#n z7}6iuWiY#C12%X#de|Q1JEaIkeB!G}uL3s^$8HKd4BmW9kYrqUuv@DUwndrllrkA) zyX(*RH+rSzFof-p9Mb9(oogvX^ueUvzUx?MN*rEiY+#g5KswaEd9e{rC-$vZ!j^{$ z(^rEj9~&Iy>7} zr}FUs9v=SB=HdSua{#UI>WxHtjB7jl=9FK+L zL82mn2B=KnK`vl5YLE*c@{kK4XIUWeR4Uot4>iJ(S7Fjpvx9_b^mny=!y3+r4KLt4 z2$Mb!e(msGi>kUyj@{1I z=P4-+AHhbe=YEb{bEtN&55j1#@C}WU^(J1|qJ$TW{t-oBmoYk@W7)2Y-ml&yMSrf|WJU{d z`Ed&TBF18K-E>S?b}V@1PdxyCbg&4+*&aIt1g@c$W-XC zy81~z#J00r!DSWu0VI@wo%V>V(U0(;$_us&>zGagnJw0@1@Sd*bXFwRpN6j1T#NfI zV*M>J{cl3b!2R_=W8uo1OeQ4{dH zVAOnRK=uXKG&rawy~RyOyH#~(!Cgt7v->wfZ3X9F2FHe?2mUZ16MZuHNo?l!aZBM? zFKR{B-LJ>vMp}=;uCvhd=ErdB4P~4%3&PfV{sgNS#-xfjv$NkhAIs{FR*gOV-$1^e zw3FV@;~dDBf`pw%`kQUfM)JE}=^&sBbcaBzN80O4VL2aoq#amI)A@ljz8)UrrQ;kF zsLy@}rJ(ZzDaer^HmA(`dR<^wCdO+L>$d|V?vO-?;0{Ag6NBqk~qvwE(^WQ88BU3S16*#nI>Xo7+JF^sOd(R z47#M#r7K;!&?Sv7#wp_Z!W6m~rpUsko6%t*SxP3oZGIUK%Khp#Kp?8%sdM*FUETd; zpi4&g-LL500Nk0>lO7jGQs*9)nrjuk8txZHr7O@c8NfEt8XCXltp8?)KkyEf8ks&OiM?t7|KQVNqplJUct0K; z#mxU$e<#(acjgC^_74zXK`|(-GWWA<+i0ay$m(XB3k4m8onB0q#0Q zz(kSgEPfH&NgkXLz{xgD=GaJf_8y$-fQzui3P>+D5D~F#H9f89IM@fwa$S$0Vs{#yvcjjBMvIUJw4 z%sCpr@)s2ik)6qOJ}lB;W$1)%e5bZ*M4kBVbZynxX~7uXb{cU%*1ujpW|d1=f6hf8 zwzdMPRhdq>Z>4o6BLC++XU`G6CP*K_IF`QAskHu;w#M{4)+Gb97bvxrJ=$~*Pp3}X zxB>&3G5uX9w6X|`{DUALTcz(|7+&}%6RIg#;b)Jer+7(0i^D5DZnn@%%$r;aUJzpB zAo;t2Jv9JHc<5!)ndjd?%QP_g=Zgp?re)oX79*3Y)Hl za2)6gNfQiJxgXIyd_9wzeSM)=J{+hxhFqC5j-le2;urXBwx3B+<)cs4vk2hTeu|7J z4&p>2G6Ip<%MAb;Hwhvw2_g|9y{5iO5Qz|JH)_DhgDAAUTpk0q`j)?(>K~3{a;b|4 zW2dY;qhm=F&bQLWrUyHV*!Zl8!r8S44{JM`-d1C*%gcH{j#;1A*C4dr78``NnVp*& z)Ta8HV`%zA@UXUB=xsE_b}{=lpK+@WxyMNCdmgTBf*BJi(E!gkt;ic1{LpoR@Xl1dh2;oVmd-X8QYD4$vQzgiR8?88#9sLqDafR@h{ktaBf-!Xy;onqk^;*2g#pf zXU}cKUc1nU{Wa~maa?laj1)wFOMFZ^=?*;@Ctdu(9U29@dy++zG0vP8XJ}GfYJJXm z7Ka(axIw9-(s}m06hYYS%4v1!BCdI@L>@9H1nJVXxutV}r)SSiZ%A&+RW|+>4k|JQO zs3q&9l^AlH8*3)Wf%|8;JhnN8;JC}~b0lrWEOfyj|rDs;Z4i)|wq z?!VLknIA2==mBjwiUxR0K4h)r+P;blyv9Bi+zL)uuiz*+#$qFr=4Qs-LJLnZAyZ9G z1|6WiSDKsK;&7;eTHU(8yZ#T=J3!QzpS5kq25l_8%f8)=20Wit65z+7eS0b(vsNmDiv)0#6^tRD#T z$PbQfqDJrXwFR=X)BlDXDUKB!QUh|-+yz9{yRL%%GJemJcvYzzyppF;X7G)0ZXPq__Hcy2h}0cRu#^>QMMNXammBw)S!}t zq;H7n2$)35WaXRs-b70lw%{j#EQ6%5`RvV=muEa9202rKd zfq}S5F|t#hkx5C)X5XzIc@j?aL~7EVNSZQTE3@yf83oVd?~XS}LSSP3;X_qJJ<`l< zkL)h=gk~T&iQ}8!#tRE!Gcugo*$aO9-zmEd(0?HJh_8;zW;qdH&cxvff2~u-33jQK zsQ8wh{oWPIi-YZbJ^FDLPybfR(wV$D&D`5F`{zu|{~YTT8bzkk8;cu~@_&FK>H>f! z54Uinn7kq;7}A^PJ+VGfgaKJHv5aaop#0l%bCY+l15{&ER5r z-%1ghQ;12yF!snmjxr*#>#OT)W;vgGbbpJ!0^5uo3+Js68Tv6wDFxCToT|S{#tn=F>42qH#-P_&S0;Uo^_p^k99)nNtMc=O7vVj>M`xMD zl5}ui-H!pPbi`YNvR$2~K7?B7sf*LZ^+kqq_;sAtz*`}94^ADV)@Z|>6dWn|GQ@Rx zDIu0>-?qG4>}c>9cA57u-83Vnf2auAe%kE;qtlfKRm^?FbrVuX;@Ec0CPI$YS&D?we9q%C zFC>cKcfaL=f>c3?34hqlaC3`dQ6_GqhTM_+UUx~Cuoa2kmEU6zKS3xzvusqv-CQe; zq-+}DiKEyZ7Vs@Hs}Oy5a9K9;=5l`DP_d5ob#$MxU~?fG*=KPNCiPJj6QF@8KQV}d z^?deX^B1S;PvbiQr4if59trbQ&Szu=Jm3IB3m8wRB+Mlk&+DMt;EF%ngALh24@jT? z327s?8R(4{XU|3h6%X$zf&(h$8Muyyu+-uo!{kTcBn)Ok?3KB@8KOF!vxM077$v929kw4PH%`0sNT`>0zjRZm4i1J*A zl7~eHMO!D7`CteX8!No7QA!uF__oXEa>a%}qRJz`$s31$Noe_UhJ?W6Wk6Qx@ZUg; zE0Et@Ma^luH(po*camBlsa4Vm7z#c5VVe>k@W3tlyE1jw<9mR7;-b@w%@xvE16`JNHDeCRhr5t2{~zVQ4#uhC(O;i2=sa$WNtH7-;2Tpaa)`>rA>96=>fZ z?3p$L`O1%RGH*I&>6QX$ZryQO?2r(x6e6R;93+T%h+Kl}RKBP8yg2|MJieF+l-HP7 zt2J*V0_C^OVbn1Bxc~~U^Z{9VFA3_wkK%DG%xy3$%BO9l%*2*;#2~oQ#{QU%oHfT_ z7>IQhFoV&qs0FFlfmGm926G%@{jY!^zB?D?gH}&Lpc!Y??}JE#E7H zpT;yHX<^|G#f;qpLhpxK5TW&0pfq+m7LHt3o=5g;1TO=@Fe_P?&5HeAp&CvJixKYa zKz1O8XlW~!3`dojL>-@wq!w0E3sML!AE*W7W8v~aY9N4?cudF#se#pMO+r3M4TMnx z^GEVdY$U6Dzwjg5p$Mz-;@>^&eJsMo>YGX@zPUY&5ZRfWY!j~kx97fzC{P>ynRbd? z{bJ+a#-~jPerV?+nS96_rl8oN+}@(vl>6%r%m{^u1v)00{cU`1%uugV&%vrVPAU=yh(Nq;L6@S-zEM zfbJ>305zBT$4R9;)8$$VZhue#thoJ8^%m14nLf<|tOK`|YAxJI;ucP;uer0o`0yG0o^=b2OnvnMb!ULs*cGUIZrjg+QQ||;3$VcU-^e) z-*YQZQ{RF)JP0SZbm2|+pmUxqM3q&+@jMLs0Bltk8Z}IKv1+l&UMM5Efv2~}x8Ut% zQ+^vsj7&MTxS3vH2@jhOTYt6H?~(we>FxNROa2i@X@)mz-*I4_TX(!wW3!3a3-6Ni zuYX3BMJ^2o7nxjZR9=U<{vY#NL?oT;pylmf=_8a6NJA(YgM{zL*w-z9qqi_*d2^`_ zD|!=s;ZsQZQ$qT~S8$E}d?<_buGsh#C+KmN2>kySAdG)#L=@1vO{Fr_t1rl)<+!PH^Celx7&k)E zk<3x9kHXoxfo`J%?MNSsmAN!Gxe);a@Fh#VHdstt=oOPkk46TRPhLDC*moFZn)p^A z5TrbdQhuDTrsooLaSNS+0{7_FVNma}+lUD~iDMZ@bNM4g_gdi0q?rzUOIs)>55;?F zTyebD$9PMNY&7$y;22tNECUl{lrjWU0C-2KljQ5opqdVUZ>hZ#C|6*CL!Uq;3{ptt zmKU4TaF;#R5x|Qk3ph0qU&V-{y!DbhkhjTIKaTnnk z0^o+*)K8>H4@hnj@w;WA%SYZ9V|%iOKjBt#FFc@i~nnWTVP zHofj49709q2BiGy7Z6vHL#3}4M}LFJs0g7b=%GDZSZXHURf3Ew3`Z5>o{SgyuzMvF z{VmDA!xR0Obo~YXBKdI?9{VX@PQm<7u`)bYpf6tJl|EI5V8USumEn+k#QEiqG+cgl+lKQ_TNLjUcj9vMc~vny`Y`;B#@|@{6==^@f?LQJJi*A$ST131V74! zxFc>1!1!SkgtCQm1pLoF!-OJ#X=zz?wJ>8=)j|x=G;QJhg_Si6P2(z-ESlR<>nf`# z^Oc$MXU(hdSCw^C�RBBei4w<>h5nrm2;crlJM2Dk?g_i+r;x%1kc$pMt!Vvu2yz zRaKQ$f@k64SrzkUn+j)D&02t7s)T6^tNn`>RaW`RW(#8hry(qw_fVNIvC?OnQZ{S$ z62VorcwT9lhD4>Lu&UBmR!Yq#;q*^sIUuVm{Z$yCFuk(Ezo5*NS6Nl%U*t19>b^C}k#MP;RaaD9ns`n<{tyhByqlsv74d*N&vwK^IQSyr{UY_`cV%$_4$ej0Ag z5j4R3c@hZHQI7vl@Ag7)kA5p_mjB6Q4xG0B?wgFh{P4; zPt{$26~Yu^pJwp z_9t%LD8rW1FQAnr9`!kK9aQsB=ApeGb^mp~ud>XjjW$=c*-70pfPKMz_JF)+et0@1FR~&u8!H{)Amv-8Qdk zW8?Sng99}%pmdX$Jjr*+b(uduDeVfX^Cl}608?)dtzF%GSJWm_% zgIf8hR{mBi-_Xh(T6s__V_JDpE7QiSRJ^S{U#mUeq?J~!bZF&dtt`>X3a#{OWl$?a zTKS(^`3J51i&nm+l`UGiPbCS226& zl(O=93sJbeZfB8u=D57P+lChZY=l-{IDgL2a+sy+CDp#N1=T~zNey+m$4(o^Z->l= z!Tvw_IWX4&SGcBlP05>C2inJw(@L-E;VWOij={q z%1P4cY@#(IC9Py7)0OEBNxEdgTAR}4))bvVx8n9BoniF@*16W05R`sA6OqsrqSznlooKxt61%>e;Tl8Mhv_Nr*o$APc-Fr>?PcS%L%#8MEwc8b z*Ebomt=9y893Y(ldK!|gdYvxbndeXm@LVUneD=bj{QmE(j`X>C|9@@&MReB4(LHWl zk@tt!c5K}}x9^2#Pamk>u%zdT6I;8F%%6E_-wzLbvG)h@wKtx7?bPj#*!t>Mmn*Y& z%$c`pSZ4h7^PZ22-cNr2!VgpLxbxx1^CsQ<^wWE+-xLk@Ui;)Drqx;Zp4+u-{)PS1 zGfqF0HT~k}M+dzVF+CsOJs^AO(x*z=F8#K7z<{mK_IM&WdHLSZ#q2?MdFE8DZ9O{U zZfjwWooDu~LHM=ou`z4*FWa2-&X}Vw4c@RUWZoXX?Y&vw6ijf>5FeU8@vp-1o%>3T zZ?b&3`0YRav3LJN-A3;iJ~HP|yOa#w_IJF;KKjM*v!7l6*cXeJ+`riTO6oD+W9k2W z%(fzFDyB~%Cbrf2uc`A@ldh9xSY7wE_1cbUn5MU-cd`oxYv0SSl5Jw|3{24BHvGei z$#$1@=;gNt+l>a(qJ~2sN2gT2lJ=h!(7T^55ppVSO`GzWTDKb;;!h zqOHREfVFFfnbHmH{BTX@ha_v46r*Y=^r_Zv9rsBvf&pku;$2db&S6bWNxrq4J}LFe zdP`@;!elnA&`%~$VLua~7losXrtnwgjW^yi*y-r77c>CedxH-C5cABXJ=1YfIYc>aM^6)WGeJ-_O} zF#FkMx7gloST^sqJ3{*Mwq3=)`lfP!&m$)PufME16YbaM&4w@TsQl}Vn z16w&^*wgce^*Hf|UwpB!<-oM>2G4w}@xI)r0|OR6x--%$zG_QPe*T90=ZwhtcI(*D oeaF6#A3uJu-v9i-#lPD2YkP_NySr{P9ItHdo!0NGUhBU9Um}^-rvLx| literal 0 HcmV?d00001 diff --git a/FSDrivers/X64/ext4_x64.efi b/FSDrivers/X64/ext4_x64.efi new file mode 100644 index 0000000000000000000000000000000000000000..bcb65fc0ffcaea918b49d77246a0c31236c5e7dd GIT binary patch literal 22792 zcmdUX4SZ8Y*7r@5wkfpSqD3kq1Pz+XSAw`U0+P_Aoj?kemJb27&<{Zh#WtZu5K_`& zFW0#2>bkm*yW3}1eRbCbU48gkbQ22w01>RBs4Es!xFM*B3ltFY{?FW`6jt|r-`(f; zdw);(_0HUxGiT16bLPyMGjqwGE&R(r-@n}Qa>D|rAe64vUM@iHq%czGogfIo$#~JJ zRVgk(u%Rsevmrx&SO0?3RJaR=1)=xVl|S;H{v+i*iwQ4FLJ86!l7f2#VPH>ye=|SQ zQ&#H%4jMC!GoJQDYY>Fuk)`uI^Qe&cGNngKWwDr%b9m#lAS_voVSl0Ld4@@ccB-MU+Rq75y@P09AgkX;Je{f9g4zH>qE z^^SFUnowsF^S34p4JHeM-QPLEkrIroCP4q;lYr{<-U6tEP-iNjwBly8?wnvx35uKY zE}`krpeP8`#EtSUyRYk{Cy_;4BjeFX8|u6UjdVjv%rVpsw7X~rHhW#Ca8gT6spt}l zl28=GR_>5>Q&==qZVv_ZPIT(92F3c@qtU1(*t|u9!NkV(*Z*1La)_JxxcG3!{n&7l zz!9BjZ`@&*AcZ54)p;(fDXOem;<7pnS+$X@b^r>pI?rV_MU_>HDyzegRY=^F+e21u zB&)-a)j2M!7LwHzRaPx=S#i`LV+v$-7_vI7%BqcuAgjZW)nQduZ4lEx4#!?Jok`yo zLbDC>oegKaMy|gkIOs9A6)dn4dW^SB6hiOciQMXtHO_{hH;V;4YL)(q260&Bw_sej z1QT4Isj~#f-lG#6rsJ)lgKLIZ&+y`~ws?!=nR=?%iw$?6h?VSc%l338uTIC5^4#LG zc6o-dKta^f&aCfpmW!Ll=skLj$d=vWInJ_9MiMMR0ETA+1LF*3jiAPXRdXOY;9%pCKpdHj63ok;c|B@DncX~$a=TmIq4uT2Fwn$OAM}if)2nut27q!oHJ3U}MzghHadW%f+U7YDJ_qUeFX=#L zi+42jh^Fc|)TSM%|BJCf8N6&ETLQ6&X|Um#$pIaA2cN z&C?5+bm1PToSsRinRJNBc?HpeY-oAEsFq3h39Qx0&3dbo&x+Y|?rUb!CEkEQi?J}| z6_@+BTmt$Da)EAHn(Qk;Uo6yVU@1G~JRK7^?qE{Vm2jy9H|q!Baxo+LSfcmPEbu07 z!ORdit!xXYL=b$v+zcT+;AAxvNftPSF2~)7yA5COiut3qzS92E&^z+-m z?sKMN#gp+}d*2gR8Nq`u}E5b%4jUQiE)HQbs<6c-r{Pze)BlveX> zx9l>3tQkE`faOh=CXgL{1Fn0);%qzF(hf^PSuku6p}f$1clqLp)Jj;f#2 zqP>~CLhpTm$vFi~Uc}8KBwaX*Nd>b|I19wWEXsuiC@5go2TWeP0anU0kw!zY$yW)i z$W-ci2PX^|CzB$|qF8^d;VbX6v!L9C{?+MF{0rW`Ak55Z%8SFuW9NjafqkZZhWOSF z`*eGeOS*(91m3zag&guo`F@?eMDLc%)0yNprbm-$1u=jt!e7BKL2?*Voef`!^{seo z_(XhyO6~rO8i!P2G=Xu$k(%97sWID|vA?b6b^8I=0jmgM+dU0y((WHnI zVE6R|JJ18{8kd~QbqR(6ghz$Qbr?|r3%H5MGj1swEtmyEGLmSix)`I-678ljYzEmh z=ybPawge-iw$KCsG|;6gHnd>!N}~Y)sSNx|S4N3V6G!E>YOMqTj`4xJ%bfnwLFTl|3C`_jTr*9j@Nk6I#qJc`s_z-4bogjJv*`E+D zrgcM}YfKMUU>>MrkUry}(_)|)Q?@!L%=Rh8G`0I+941AGuQ@26T1=Dw^0fZ~f~IND zK@cluL0`nIl}58e%yJlQc)E=RcorFp@tkX1 zis$o2A3%|L#Yol~nKz70YG%9fRb-T2M3?lDQjFe26HsE(nK)7tM{43oO&qC-BQ?d5 zn&L=Jaik^{DXZHV1nxQaKfu>ACa2ZfAt3M~UFm{QSZiVl3h0Nrl~mW7cyFwvC2=<8 zP%<+P!yEopZ8#}j*qWHv-GaqhIAbNiKLK`DwOq8!TfTx7ykK2~^?I^-*$_$Ln=;w0 z>0x~Drw$;6=&r~IL~B28{uu8z$IOXEZEH@pnuWO@9P0pv6CSm6fTU`d{;oWZa#-pd z=9CUkcgQ(9Fj&5p&_xSqb7*!*H%p6j+;QQWKn@6INTSl4dgG@1vuJ^dbk0V71XiRg z?dOO*Zn~A%c^`GMlD=z8ufVXbwzU@EdzCWOfvN{5xbUBryUdbH$Au#=YHC2H&F zdcFi>?qw^_a7%+6>2CpPFGdFK#RM?LM`ntT%oHCP)R-m!U|ul>)l7V3P~%RNK#hr? zP-F5iF$tx8n0qgwNX!~zBo3x?4jS-u^J!Sbr{P>a4NEzHD>#4OF#6C6VB0x=m6yMv z$p##t6*xdEaA2mH@#Hu#(+ZI1I7}P|=9r2D#H|N15J!|?ia~?A#7&>VFk3%-G?Q6R zR$uGF?xs=i(KgP~xHUoA@P9rBc1Odk3D}J2vC&}GNl11K+24%K6_eV;dL8rx&X!nz zK?Ce5?-rg3C5sIQ&S4Gwln{^sP~KftTxx#k0u9F zdrt{~sH{+a)(&!6^QCubRc?hR**Wv!?%y(ETHqh<}qtl9O z+b)mJad~t)XOGco`RKmK=(HGJ0!A0$4qtq9Zfi&#-4@`wa&#}EWJ=G`Y5%R!=`N2h z52O1&HaeYyMi&`JQtHpSO>FlJcdW}$Io&rBSvF`=z%4|UMMB45rmAAsNZw8aRr)eQ$@(eh4=agME=}K~S<*hn$s%bX` zTU00~pkcE7kPaSYhIA)u%_APcn&+ic8o9@Ml6!C$yi=rPd7_RinuJ|a$t1lrRj>R~ zT_p|hXql9gz72vB#QN6~VP;Bl^e(tJ>8cG3DGnk42HDaP{u%1A?-v_R1DtmL4TI6E zTb{21m+Wm#CPY%DPO8)^xAPS*MEH68AdG#iBL+m)U8`QPi<>fxw#E;o5B$eEZN4bt zJN9)Rqb77D$>rafPZ=5FY?nk?|5* zq7{O1Xp-kY+GX=yLU_j&-5Ie`BW>u&HE5)(J3_%Yjv4Jd#*3k&sdYywx|4E>7hDP* zO{zPpB5KUgV7nWhj1_{!GmVejijl@g-gDTjWUpe4`x#eow-CItbXX6FPrL@hTW*(A ziyBkY8N!nhf0xc%#L@n*e}eW%Y~j38Xy0QGqoSQ1N4qv0LmY;E5*tM1yL4liR|Xo9J`X5 zo9*J}42S>x>KY;_z3zMzvad-5VMLvlP=547)V&>BqhXh?VD}e5Z@nl!LHY~SV^;bv zt(H#J=xvQ=!Zi-GN#7EUyM1++cwZvuY{cFL6ob~tfY8^e{=*X*3ljYAbo$$UDA(E= zmtI62S^D4eLELoZAcjJ$8IHB5%H!h@%V{824&%cg8b;!e4CBVwFdoHhBAr>eHe3!q z$GMEC@VEBHHVP|Cr$Wb*?EW@idEGg5neN{mbTr!3;S^ko+(5%QG66+=Ji9NCr+|;= zR|u$y4bz~10r!X=stqCY89h}`x^O@F3a|!O^12qSR2}>Ps!zI*Q7)wxkZvCb+HHj6 zGVXl2R5dTH$yXxR5OV1UEyi`|!MaO)VwsBne}L5}mog||8P4TqLq}#q>&++LULL=e zkAIO)n#`H2Is1>y^$b=S`zR(Mw;7OsjI|2q>l|r6xlM9jHlia4K`;AB{-U-_w>;DA ziU#vFyIs~Qz4w^iI!#xtvrE%-h*X%}nzksm1bOC3vO|w$MuUhDg&SPbJKeiO+Bx}8 zWWu{m1qJ)11IzleMY}U0Q>LAaki~L+)T@L)f@Cf2F@PJ`qEk46sW$uX7Q89eDLQfO zR@9Rkd=?G)&n0<3@OO#!ztR%5Oy>xU6CBbxnhb1Fd#0j26OFp0oupk`AZ<8FUx@V- zP=sfnjV02PnNKG?av?fDft~YVmmlZH(^pP{GDb2ysMoCmz0N%lN!+Xu185`&wV@u)-5fU^gWXfpuMRz z0Tx4OotUn6kXy{;+4?iKoAfNO)FjrE1Lh7?81;69VG&J16bWHlONaEXe@CiY6DqH> z_WDk2_$9y)%W)-G&Pe+mfoZ6Ma=r8D!E*odBtcI1PHJru7+A_~ihE7Z9Hxg)N*Os_+-%cjeXQ9pIn%>_5-OSx6E`o_%Ql@`3UkK*@c_9hHS*M@ftpL6!~zNCN=U45~c)ErCMc(Xk4$XDSZsStvP~=tVAd{S# zc8E)7m!~75tl2SShwMyu1~LSvb$7K9mQ$Or$3CO_dV63})G56ur~Wh=nrKb^tv5Lu z1m`3B<9)Uqp+iJyl<6vsa$3%iQt@!3iTPI*!*J6ilykG0bP*BxVoL{;zKgb2>d6QY{40q4Tln^_+HP4rvCBPkwAc9Bd@gmeN|A>AlHUo38N=#L)tTd$Q(Qr<`ge z4?00`X})z?Lt^g74IR=!u03|~H=&R+*j^vWz4iXuGiqB}zUX6naUg za0c)ooI!yMHw8lw&Y(aB$7AAn5N`3I0Se=I5YcEt2_hOq9wHjFB&nHvG0Xno6JgzqEO-M^W7++eA?iA8SN0?4z5{oqpZL566m0 z$IzJRPt>Zej(|0T}EU?qwEUMxNam}|^mnFvwfQAM+nH9~pNHASU+l1l zjwIqO!67+?i6iL&PAM4aN3F=Zd$oAoN?tYWItx5!T!*YXkalROAhgu;H(13W zCRMbVo&DCnE~776HD2re3i5TOoOA~s=Rlq$gdJVd-z*(lY29^8oq*2Q90si}>3}DR zWxeZ?_F_*!cP7qwu5lr{9_64wefC=@1>KoQLZk-~209<6(uW>t^hl*gZ+i5iM+!ak)5zMn!OF9>(qi|SLZsD&q zAV9riFa-K0#v;V5s(q7S-;Ak1^R^cgon$k($qytx3s|@4Y$In*A71d!&@KY#Wiy@D z15ZztQ4tLWBIr}k3OC&6+Hlf8>mlVw3AbKw)b?nL-;VwEsdfQcf}nY|ESU!4hGLMZdsfmWXEP^Uhn3#@1WV$aPi3S8o*N6_1TTYc2q5rMDR?&*l|JF3|b zmcYiMJqUCl-sNWEM7#~vkV=n-SIvnjCJQhNSN-U+#vm%hs$|CIC12{?Y9JI@r$}=% zmDOL;xOO?~qn;UL=uC8#B-!#+_>TldAZXv9K?@phk8@T?#Lhro)a#7DtyhA_K_u~u#A)(GCaADratw5wkTW?cR3Zat*9{73>wO z!>J|-$$KkdxJeZVIEPC>mpMn{S59EtjxiD0=}hCHAPRRG;ZVlBMwE$f&4_u8JsigH z?$gnz1OBg@k6Gms{LcmG!_uBFwJGZf_b~D^afJS?>+CsVo&nOwW*n|>xQP5;sU@Q2 zdtEX>2Y@o>*`rO*?P<~Ut!pr#nKRy^m`Nd={7#UM17CRvt+Vw;1Bz+0l8KZ_Pw|vC zEjG9GxY0zFm^az9dBGMV%fYuQh)E#-l+g!N$UGO{syuIOQcGTmpJ%^e45}sD`FS?q z-n->un{q8e5PbiRRpB=SARHU-zZFAO=6@HBVy$OVvu7X_%Y$nn#}Vzp4WG9l? zi8S8>ws}^+lYY@_1&Wpq>~h>+M1477VWg`TmOuM z75ldJfVTeyW>k<`aC!b&cJ|!Xad>OQDPiorF)y)kW)gOP%RNjw=?pv^C0+d985jq< zdy<8e3HGd3dtho*YJ1jx7FRNY$RO2FYCn5k3Sryr$ZB(FLXL%PL>?k11nJPUJEe1g zr+3~!tvK({1hYaoXJA?HL>{vQ?Po$-?~M+^dXdM35f$h|uRv}IHgw>C-BnW5fb;TG z;uH7M$QK382&a4tbt-pAVoP2E?)y*0_F}gyklKhKa7ii-=fA}@kgRtaXC_3BL|c&9 z8f&z;mDe2@;G1DwWXgkmK8=IeVwq)bp%v%7PI2SJflSika%Hi+6dS`FgjH)Zm3cHD zWhct8vEXGUCBM5YJyw>jSYu^pC;-Jv{fud5TY|XSf?i8L!`eiBk^sLu1e}QJL1qa2 zVPDzKS%B-p+{61=DUF}Z2I;;mDFyt-Sl~{6fCz!PN9d9!kOf~wWP5L7{#vu(y}^k) z!->3(jsXaSjsU{DAbv!d3hb|HBD)EOuVw0HnO~N<=mKrHTnBheL`1OU+JTA#e8igWGF)B7}Y%mJjFf+$~tKlYqihfxTMJ@mxSmTf^@1p`J~xO zvWrDE`KiVN<>^m}xje{Dkwr{#&RnrxfS=BE5sTzK!{J)XLSf=<*YZ z6&n&PpxD-vb*|P^h?l$RJ-*n z>1%QA*FdLsC7nEro2qB*#p!nG1Noi|&;8cdbZA^NgTjNU=-(iJ&^Hpyh8y5PjB^oTI8&^mkX!8iH^X^ z1P$cR7i%}}ri1N`a3n|t-sV*06hj0H#Lb)|2vMJOV@b!&c->d17VPpW%!hHuNlfMb zZN!%e%S5|8!^E^X3)E8+L+f1Gf|yftrN4M6*&H}@gxBp0mA^@Ix#knCu90d!t_B3e-+c`9!#H!vFSr|s}R%f z$_t~hgC=fTa0U5JSVoK`!^qE%T=EQtn=n+pZeE3IQtb!}Gff+_9;_LMwbk1fHD+!uqVIxfn0GGeflQa|EN}&8g0Hw{`%Sc< z0G2S#9=jvMzv-~cP8>fS26C6UF)x#4g@8F7mt4HHb{XF#NNq&LH|*?pjzCTnj2!6F z=9yeW+Q>>7+*!@spJCQdnV9=2JTe+Zx>5<(h7^NN(Nq@)EpbMPojGr&!HwsG%JGj> zO1TG#P83T!j<9m<;>HIIENc(LwQDi&Q@V08z=h*nYK~@fqDDxRKcYEpqG`L2vrHrTc6vn|oiiNQn@n?b)O7VHKlJO3W+j|d8HSQ34j015Ts$TLPsBD5+ zi(mM?xWD_t?@+)Fv;uxrGC$ah;7bZxK)Hf{BQKq$q`~yUAtMrEHk|`DyPx6(mO(~fvLk<1+NW+w_+@Gyamq$ z2i^355ybkV{1PTL(wj*i(DvmJE!%!vy;ARiUPQ3`J9LI)zfxl=xUZf#0aYq?l!CHH zJ-YK?GntyaEJfU0s4Iu(f?GAH6(VzSJ0!U#Hr%QHv4ST}+?10PV9D0qtNTQb`H$l^ zKnK%I*GGQO0);rwpz|y+I#qdC#XLaVG&yN3uGiOWBjoTuvv$XtfXsAa6H$sAV4Tvr z6J`vNL3EhjII%d!Bm0V(FWlalPzw{z1t*D{9LABPNcwRaZ?X@UlSf8+k4u1+$EL_U za-;_V8Xmyjg~|FEM$3cjpeqx984Ma=P?kXhaqS$77CF(>tx8PK%LRXj<0>6PRF4#k z6E@dq2D(g=15vpEm&cVhSU~7f6(}ZK>xT&NTIhgXS>VJaUVNnGFfJjA;7xqP1qG>s z5(EBlUgP8z#iZ1>QA4tUde7?)=@QOa(Yvx2cL(Bx^1J1Fc^Hk1d++KkL3@ueCuY(IRR!<~QEg!UaYn&=JzQ7pUS)G1F0`gS0;?}>dE(lLD|BC>Sx zaRz4Tu6$^2-HC%34GGaqK>&1^g%B8?ZXOCK;-P@&j6MLN@cDQs;1y$&TJlCb6tLYG zLgk`jG2xcQ^&2bn8VqFEyV7NC* zL24pM1umt5;}GkA4%}Gxv-wQ*W7Y8VmS<()@F6})jcn|FSmpjeaF~Dg7VuO@Cej6x{8#C$3^!GspIbeLc;X5Yf1a6hPc>hWs=T>olebNekN% zC}w0X2z5g(h|s^mL22x9eIL=h9GC2k5xfcn!>nXnHY?Wqgla5Ga7OrQ2eN$;>;YTg z)f`hczlU!5bR@MflUk5MaQQ$jijn8?LGZ(emUxZJ2f>dfwInVd1V4f(f%zkO$B)X@ z(`~FHd!PtSsQ7m;3cHMwX&<{BFl`YzP(0|fmd-2a5(;3a5}DTCE4@H)3o(l>m{yu6cWfbJ>B zKn*l+`Cx7*D1d6|R9H-t#2_{%D77Kms+M9IiD$8B4TMlGuNOc3u`7<} zDmk-)xUbzVHq6J%bXrI1PAH(8MOt6+23S(3vUufX@)n)zPEv&TX&)@#%2St7pqIwzy7&f z1=(&~FlBPBUU?nn`oC?}A|mPT3c0s$)6JWANkgE}m?eopoLuK)p*K++JDbYj(HrPX ztOC-XV$vV(!3Fv~s#n!$DaKiE^Z_d}kH;6Ur;JT%$#e0=>v?V*0rN`yyR0{iohrr6;TdMNIw0s*|+Isn)qfQ5TqQF zvOdDS=>-HmtCenffqRs->C`;VQ!#<997`U}<+rfAk8PZp^neZDJQv7`*P~v_n-%RB zL@hblXy#4AMZ4@s8Yaj%Wi6%v@Qzcb!T1oU2AH&~_HLkD0|$pbRf`*>fXXd5j^D9d zUIa>v0IO)?aquX*o)JfR>*aUhd(v$6BQ_(SWFIN|9i(vG{N7A#4fJ~nNb*4dmf?2w zQ#R7WVw{lBRD$SDanYONqQ`kb6S#z`xahHD2Gx?d=y9d0Q!P56CX!H zKPKJyC9g>87z|$X96q&JGvu+@I~5T z^oryNC4scpk65@tqSCg94U-j;;pDKRC}rxE_v|o*xQ5Ng{ASl zXW`@lX)V4&<>^dMBTKx4H~ z1Dc%puaBk)Q}K5f-lhsmLERFe02Ee&?n8T@w|$PZtz0Syoxe|gZ>97cjdfNgR`ot zvPy6*SvId?VX2{DUe&zC=%q@SzNFf_bZKRkr>s<%2)G!+!iA5N2~#RPhG}K=MwsDYu< z>*4LHJ@YvA_KGT^71|SfpRbO}m6Kl(qr51$D4r$qD@!UXx*1baxp?V3&%*iO+KjTQ z>V=g{gu=2CFSx$kFk@k51?o_gGc709!nvfBMy-wpM3z-8D=RgaMq9Il%Wt=vvxFF6 z?!t<)ZvMM5Z121W%Y+>CT2;AtVKv%vVU>>*2iHSsaK6=@69@aK09QcpO`Dnyx+j-T9_ZM9F#aX53gjrmhzLS@FpUyRIevOY0v z>(&$?$8SR{&7Q2j$DhM%9!WoZ;QhY8$`#h%Iw6$*M@v&?&Km>rUkIkA+%o95569u+ z>Gv@_OLEncPiYy&FP5k;|KthM1z0ftM_}V(^!SipfWN25;DO)z*!KNCEFtuxOF{Ij zjg{{nt-dcM=HWMxPEGOq=~y*gdY77#pGvHXxnyR_gvFQf{rswTdu+U} zSo%OLT^36pkEJif(k-#HIhG!XrH5nbQ?c~hSb8Cr>fI`pnXxo0mS)FNM=Z^crE_9w zSuCxNrK@A)*TEd6aP-55(Z$I>0KbZ;#ETP*!Hmg@3Vy86V@8)9izEWI<9=ETyX zSlW~4|G)C&v(kj9!2cCUe^Vw}xGxu{XOy?PY83vLzIhd+%1RfF9Z&Ij^xa_$&4>nCGkrz;D*i(%7&90x;6+K^&2xc z8a6gZfx7Qf8)W8og0;nCpUJ{o#Fz_HR`WP-;~~z*<@%kHJO{Tn`}+2 zsi0|AQ*qORrln1_O}?haru9wFG&ME7)bwi8mZo4+Thsm~YWT1H`2Wd>kEhIQlEx*a z+_sjjJ)5RUPH0+_Gy+9g2^x(>G^Zt{6t88PGOaE_lPH*LlX?wH(&#j6?o80=njSJQ zFyG#zL^Kc8YJ?`k?*{n>3gh^{slt4?1>_=-J5VOvP5;c6tMKX!r#eo({U5!pYu~I+ zIQHt%YbUsm?rwS1v}@MMEbrWw=0QW6)@Ub~*J#I@*CgEBq)pHyB%}zPyH0pg`%Rld z$YSJc5<%n`%V@JXNjqJqP0gBCSz1=Luw;>8=16!13q1>l8>%Wxt0`xr%>2sAMb#s* z*qI0QPqU0h%b$$4+@3u;dv^b{+vyc${PkbNx<+$TPx8P+?HY{;o@;s~tkGzMKTPpH z`R3Ud2T$L3c);)U^+yl<$HpC5-gC8cAAWqmAxG9_2gR<_J1)T8M?ZKy&D*+u z?znlsJYR8Wm2l~Iy`*1kzHQ&YyCyuA0EN-~zQ8=id?O@wV;|jhx{UWylisw>da>de z@9LD7^wSS}Ce2=I9!%9Y>oU#P`Fn~QC7QJwO|&P^p%UP^MtJG$g~Pc+-fRjD zxaHt~?)hnW-q`Wi+_Wa=f4#c5W&eVK7oItNsCvutYu9|;(syj`1D8Jh{-Mtfd@sKG z#sL3)hcMkG_81^?u>b#GMzuFS_gQ6_4jkz3&&l=rDg(IKqAX zlaCsjGVVLKZ`Gm;2WO<6ek5bY#ZQk7e=}rwF1mkc=E{{%6}MmdP4m#9Ezex@L}KFV z1A&W~!)Lo5tol>iv6*ws1=qZD=EGO8QCqcc!YcVoS_e|cD?c*O$Xn6LnZ+=m;bM1d6yt7K4 z*6(*?ULNqmi_6BCmtSrmS}M#BnR|DeDa~y?U#{!#JD&g}=!3?@ z>k<+)Hgj@P;;=s2gybvBO+6J0lUcV$Bdj02`cIm_&%Wc2TSkms8G1XXsp5_I#|{0< zfjw{S3jM11i(5*+{?(JsxsDoF|B!dspoUwrZ`n25@!H-~sm+?7nea+5q?#!+I^N{tSj*i=&9oU)D`{xhz8vn&l9xk}{wX=^7*kzpgvVRFrz%)>ES% H9`wHfdAf{( literal 0 HcmV?d00001 diff --git a/FSDrivers/X64/iso9660_x64.efi b/FSDrivers/X64/iso9660_x64.efi new file mode 100644 index 0000000000000000000000000000000000000000..a3c3bd8055a75fbe27bed15126e2fc85a92ba65b GIT binary patch literal 21832 zcmdUX3wTpi_U}oPv?;Wnf*=J^f(A_mApz7zKoXj?JCZ=9JUW63wB;d{Vw*$DLkOgG zdN{^mMs#%kj)RUf<4CzWGY&6NQwp?&Q7Vd{h!#{hA%MXAm4ZUw{+dIX{LQT>$y-Y8 zD|r?=k;@e0BV)lH`GPO(wpcfl$l`@g7TRuRb&*Bstl4cb5pbp;gW~Ka``!^#a;vVF z+t|EFHq#f_m}7xS>Y|wHS_6i7t89vIiydmRw>ox-kGG(wxFO9|-{_JfuF&CjSMYp9 z>g`@tplfVTWufMj0g*I8aE01OyVE1F<41^Nn`5KUN#EGs9i0pVNX!Y)ZuGn80yNi(cHy+1x>C_4 z6s4jl0d1CBF^psJ##ye$h{=ON-HwP@J1icL+apbzbRZ@{*IWOy=yHo2IbEEbk^hLC zRB*%~y6U&NWJuu%WOaedYMdskok>|8hOAmhR@=}Dvbw-!HBOV&PEA&aA*)7lLw+Y& zwUDe1LssXxtag&D#%Z$JnUoa=4K&6AB4*G;@{w znXGw?rug!hY$g9eV;p+gsCJddWI-30lFt|~VgrPZc$~>8C~ZPJCg(GI!JDdLln zctp;3QuAh*AIzcVd=8RILMN>8d$KUcB;zI;5mU?B#5VDIO#Oe94Mj~%SrMcT=xSl1 z3vsCjO6sXZaWW>aSdDBfjmbZ!3=I`;k-D?Gy;3G?=9MTGVn^AggyqIq1oiSO3vCWk z6Db3535G^oC~jn%zytaPtM6pto^Gcg$Z=L;*ur#e@piVU3$G;Pm3$j0xH7<|tCCg3 zrp`5WdjrG#b&b{#^BosG#14%T?lV<~!g z!<6w5bZa0J7@F0Cn0{nln>lx;HgT1m5bw&AB_`X(8=VOIxjIEt2-$@Qw)7C3N6pVT=+)n z2E=R}r-Eb~WyI7d@1TrdKqy~Dda7ErYHL%|l*ug2wWElIf6~ELoQQxOVotzf7IT(b zY;G~fZE@o1vlQYv(J~#+X_f_ezGw-eDKZTf(kWzKv#ixJTP?35qn6Sr@`vh{OYyj9 z1xR~Dv~r+U4%EtlS~*ZF2Wm|MwI+dDlR&K+P_|-w1hA*x{{WwHOvx-DnSrt_bppm= z&Bmc9pdaeSQeCsrnkd<6%%L1gZc4V{9eZmXdnXHv*TzhgMy+EbSc{YwLDNtUnmW5LF zOAJ8b1$b`H>f!;T`W$uQdh%(!(8}ab)kV}ayd+DV#z*0LqUI+?oZ94?IEl$`PthjT ziW8?fXN*6|10Rx;ikqu&PrpkOeIZRSM)D_VyScOwUtft%tM}+42PVm)ZZ^bm+?j+P!@z_oM4rR2 zau}E@8Vn$}8o+=YVSx*?hU4$I1&!)oE z>6jyhDPEJfCc+$dBiYu!t%*6_WpayHYk;1>vWvCfkVw+sE&94KO|098F#s)1d~`Pr z>S(JfvbXw_9$kFl4EUFgCcoUxFE@H~TD_t3Y1LnN!>j{7TpDYP>RCABZCW6iZWpz- zw|X5d{&0_UvGyqp;a=6Z3!DN^eV^Dd@zGk8_``h#!1C$fs2oo7%6onChti1HEiBx( z3;K2S{@lLtG*A5x3bXrxb(R{r^S2j!?EFvuH(W$DyPw(vyIkAzx-~@=#yJx z`^GC1bscwyd+59&)#Q`AOQ)i}Fj(-gUaZ@zQKuIlZMj07`wDdiPbcd1oVss8ogUPs zfV!}uGj%>kqek5(lzx}G-=kz)XX^C-7IlUz)D?ibZxhrR+(cb$BuS|k=QgoDFvz{C zhsNn{vDm`v?+*KfI2bi9oT2l^TOizcAU%Ioj}%XRx7hKi@QPA>CHW>SXhsiwmeg6z z@FJQ*9eU|2T3whjIg82X)g3hHO7ab}nhgaIF)9n+Kt4OqT<$ak>j0^$*j zazPfQv3ne+z4H6CoQ;#ylraV}m2!cBmE3KT$D7n&(v*j>gh^m>Ue*=}N)T)RWQ3V1 z$uoJCiIyzt!Q@8Oov?xSz0seeKGcyS)_sNMp-Vckt{+DADKoXkC2u#U5g@t3AXk{w zVKj!^NbqSWdjvK+F%SbF$BtzUE^$K-i?e>e{6XkgyE7PvU+r2Iu;?0(q3XG=g8fms)%PSQ9Om&=b9|2||~G(9sTO@Dki= zZ+v^qL7nuCN4levVZ{;J1aZjd7qDDxJeslMD0$WCXL-S;#-ph#j%tAFd+1m^5*>>b zg2Xd{Q|vKY37u~3IWn#jTa z;h%s#a^c6oehY_51AA{0?4!{H;3({qShox{5MUoW*y>c5!TueHWV>UE;hKm0N5{&rsD3heTCl=*XjcU%-7C;bKJ;Y&l8mdj_WP0o57!5RtN162T5%pjW`%Y|-1Sb4oWe`7Yl)mAqfx}^*>#1ULQc=GLYH8vCqVzgzFRw~HiXP) z^mr5L!u_s zOhRrmApZnwRnFI`avQl#lZt#L+k9khFEaV>(6C$|oHnbv9xf1BVUn5bAs?RyYy!PV z37Py6`HfcffyBr#(uifjT~-Qmv9m)YVd3rmc`eyKWs1!kkN9=FypBqfbj;y%H=~}k>eF~*=zOa5 zL8wD?y+teDLW4UzQgF-XIa%{sv(?wWipRb3b|Rcp?63P=tTjQ6+)7?9R@^|gp8|DC z5e7eDCO`OIVilUBo`qV$wQaNs@#)&#jtf=&n=y(YG&}h^3#?^kV$Dvz+QKqq$3CK+ zi-HXdb|%`E)^tXL=aWlpZh1*An|Bi9<=GHCw3?t5ai6lp=GA@a#m-X*V1El#lsu*h z2K#RJEm=PKc)XA=pKuYzQ46^589urE7Ho5iZ1U1uAb=uUv*8vH1`!a1iMM2VB{KG*%O2e`mC5pg84Nwm`monVTcDT|y; zeB~^6S%VlQG-~m1wDQY4Xy;?|%70sAR5yTBU)ZR-o$LU3=R zZV1+7>7>30$C%(eS6}T>GA!f>qzGQ!8Ly*J%>SrvuY7>J2rlut#zwWDtF}?v=&^qt z`X(;ct;MLJQ5T0{-zaryHl9I-h<=?O1Ft)ZS6|8B{qi|)<1r)W>S)2W6Yh|d39U&H z)ZhM{6e7*rc+}{Z&w6#oy-F7!NZ=C7gZi44DOMM6%VeJg+&b;rpu^mW7n-oNc;)7r z8-4JMa^>q5VKAWOl`BoIonx|eUU_kLEETOiScOUsvc}JhOc!Iy)f8W{coc&r0UnY= zh(vBA_gj3$ZLtA10LN|&E&*>opq8YXZ?l0_@S&qjcUIjFv^}+7OPhW2a;Q-U#D;(h zZIu#&gL8=upWo3k264*te7ICy0w!;~(UrR`5cTD>@leVcNYkp^QTH{1V-&k4rXkhT zH@p-vY`kToP(a8icC%a2kyDz(!U3)7yB(5k)#stb(Xm*flqm*#WW+rNv2GOJ5;`W< z+VJ9b?37%-k^&R#$q1K8th*M4P$#A!(1#dMpa*m83W!`;ZGcCb8bjO=JjVt~+z^Q# z2evLao-XX9$V*xikwj1J-ar?oJPZ)avtrj{F-C0@TIrnPnjKOvPwl}#ccxUMeo>Y> z=s58Ftp-MqcG95QNB};z7uD79haB6)$Csd*LcOWt#*t*XU5<{xv1mC;VYvak(OG*k zaI2@bl{yk!Z=&OvL`NMu=3nkOOdHLBo)O88;ciW0s|}Zd`dLawJ`I_MUXMn_jjb+6 zOW;Vf17ZkWGN2<3ndqxgqV;VE2=;`_;aumf4URe;K|-jJn^dF$Dz3&$Lb$73bbHiv*gqcz?WM$5(!Hgrr-z$uwUbf~dmz+nhF3`_#yZLj&! zwrSidak+=KTPgkwg|$auxZ;uE($u&h{Wp^XmTaz(Ne!me1ba;2TPFJr|fM7oe zr0qGPhICM6j=ly$eeyZAA7qc|Rd)jKuFx{4UK&A+#WHwK?MC#Yj+BhvD=~L`3V}%S zi%Jhc9jMjI2?*F;Y)6)bCt46by6xp0vLyRyiO5#%*qG3KM?L_P3sA0jYRrRXD?2yq z(y3W@uaeKBy$Ia{@wgDX1{4*tFbuO#{@N$UaG1x550Gx7jEH?voa>}5aZ4J%QJSRy>Ec$zO< zYRQhj9k_`?h`WwzEU80_&=RLUknY9NO7v0c5L$wTD2?L~n?sF%%^OS8sG)?TnI*9I zM=l@D%mHaG6lM{@SzCqx1T;mx9%}BBk8u)Sg9r&#L^Loed&{NLZY?ln`kp@OlYL5 zbE8w#h==Rmyon5X~b);g_4ZvxCUqdkMs$3rt>WagvEJNnPzHS>4xS-EVO2&g4U(FPwqi zC|YsJIYt!3pVp%o`sTxWCd7JPE`B&sjCn-8R(wHzO29!2+!hx)0)pa$)BP-IXlT2c zjncq5XcW@lcwEb5alp4-?x=NheXm=}IOUKE(cI&c(Y?lwesrSriD24EoyVc<)cJt^LE2R1`(1=pW%jSayF{AEBE#$=;tWT}rwj>LLWFWM4Fdc1DV zLI-RHSom4XDr9}(%v}QnVP`FWgV~N?QpKCtxihX+J-VS+{ngS*$k&^G+82I|HwvU8 z4 zloQc4tWB}E2U63;&_?9WH4CH@qB{Wf_&o}OdklW1t2dly z^4GOWICscY`=j*OH(vRW7lsmM3?0O}`DhD;e-H`6YI<}djfV399$@?9vF|0af}n%R zwLFa$pe;1tAD%~C!^sCp9OfpMg|~7BOcpm3iWu>EjEL0;aqkHzxr!c{^vIw`S9)}z zM>;)B6U2>$sq`>RP=qZvVZcJNluX`gc?mD-Ode4?5sa#M>pc9L?+58o;(-{iWY>)_)rd-whjo-dsJ5g)>(|FMNvc zU26>5)?vg93HO}O%QDb#4QGX4j(HvLigjtmCl znQJRxaA80sBo7AXE!QibkCI0VYx*Mw1fb0T?Ro>W2nnm|+90?#Vk*$Q?ZQM4*$i&- z!^U&{K#1sRA@|M{o%7GYwxa13Go9H9PG^mS{GNEg`^T<_RkQrCJV@mko%zA! z0|Nxj4kI*ifc0)APoI+8cwf*c#XyG34M6UNdW+U9Hj4muqsdac7b`_GKtIDl|5#5mYS2_Y zd6?odSYLJoDqz)Id=nWc91|uttJ~2KtzzCQ1H?wTf({|Dgb?fxE1I69g53yV zUM6Fe*3+klOkw!_;VC*P!!PgmIWWnqx5mbK<2$^xjf|lx1#04RfXs!55_D^fA!-K! zXN@y=B#_yhkakyBaFGsHy%P3{t-y&s2}!z{Al#q{1f0Wdn=70n`qk6zoF+m$i|GOu z6ImI$2^oJU;WeU6d~xTd9<1}krg8w-OV<3tpx2S6f_CWG8aSP-b z@455DJTs&()|ue?MkkX0EANcyu_My##y)^dc=qU{?Qpc1=EO;xSAw7^lizefD~sUd zw*!4#cKBs~T4!r5W)#zAB^xP|*YK1!El!{On8iw!m^Zn!dBHt_95>&p`1n?3jU@p-sO1B646Sw^1B>7BJWeCJJnvF(vB6g2&=-keIOhsAHNx-sxuMr z!&=Yera)gP79#cXal{*3ao8BV)BXkPHao!NsQSB)v`azY)dAWW(PajXBz8s%kWV6s z+Zd}kCe|d9*do2El_ZhG7O9Ouuh`y>Byk&q?*Ur^%U?>9hT&FS+QM6L*4>R!jD%vq zEp#=(i@O21x=#DClj;`N^ zjwBBJef5Ue9tsMYcIpuBZ;bt&VwfeL!g$gBMY?0FAuc1YqeBg9LI)br9UvI7 z>q6J7y4Wsi!;PJ`o8mW#F5;Ynf+%PYNg+C;)bv%|Ktl_CAn>`8gWwR0O-!DX7550u zv^m69!buiMvt~YdPHwZ)slDSoAiOMFv8kz;76i$MAWAP_j$0v!?!S0IBa5XILhe9Sk&T4dwmq$1bWEW#jkf~nPB<)frQ5!P_#Wzto{Q)En0z8QRfH;qQ3_hTI$p@oB=TX2+UH=6k zFE@#GeoRM-CLxe#oCfZB!^?CyFdWPr&4KF)uxpc%&_Li1w;#+Dr-2k9C22HbaZ;%( zxGYsC-RD*O{3c#c&V}dpBedV_S-{Ceb8q;O1zQL)go@N7pU2~J6J2lVd8QX2JN73B z0xE*~2E|RZAvVQPAbL~{c~^Y9dh=f3eNf6+agkTmT}$FTDAxTHLh~zS3toq3i&!>J zmL!yHGULq^Txz)4EN_z#)NPT@*!Q{=sTdkDh`e?yGB#j`xDG5e_K##@KrC#GI^dHe zk8)55?jzcTP#I~_B^>^0?7Iq8q?G1_-asA9(3dMmQAtH=cIFB}Ib0DXkHRsz5K|J3?Pv3hgkfPksj3 zs7w#F3Fa0_eS$T*La9fv#_*kH#j zAEp^C^AzE?;Li%bfzIJ<>KAQ9w{#EY6Bgotr7w*4naQ*<>LHnrW`8%=EMzNz4=IHGh!51Es zeuSjI zqyW)dAA$ob$YjD4sSBa-wAOh`#%FlLlZ<>eVs}yOE7_q=MJrlbie0)2d|kw^3uL># z_84^1t*|l~uK3@8r-|@%;Ua-pM`wo|0tP8m`y^n;mS9)nmQM|&z*0G;Gy35}3!3-5 z-C0--f=;UG3^RCfyS!na=mOeTJ6Aby<1}0u$2GqZfiCjdSQI9(o4gHC6s$L*YcO4* z_25gKf-L-jJeaQ}Qn=laO=jY|ivgAbOeI(ccxOfYeC}-+2(kxE{tO0}c}X#=7V*u* zM|7GrU(@oP(t}vx%=p5>rA#)+ZRZZS5cM|Un+`AZ!xU>mty3qZA#v#z{#6-nVc{Z7 z$0(V`$FL*8WZWs;#1uc=q9QXfpwnu43MPfP5Hr4s-8?zngpzzZY2&zShIQ$(O#oCn z5rl0c)M3^%HakB?iI3`nngBw%4R$2g57YKoppmwua zCv`#Y=jfqZ*yamY!Qf)blE<|BQ|c0U9TTO{C!fWFLo{u|MG_6r&0Ym=W%_>&!4mW>k!CBJXDSVz|=bO%|esgRB6v#>jp z`!H@S(KHz4x23@i@Du@3PU}~YvN{f1C$Egf1e2F*FlHY^4}pseYkG>5?xix!EAUCm z_TuV8p;tbpR`6vQ2Q*aUgXgISC>|K0y)Oi%p4dg?%gxegraS_F%U~hEKKTOpjO7S+ z0v;8rA?cA8LF&yE4|c^0Gav&W-mQznH(;{CLLAA8xg^B%9B9=gUyhfOukwD{PQ5*_?aXLfho%X ztimZ>PmJ>`e_c)8vBqV`3#UWz()_YkB%eb3+4x}-M)nAerU_(s&!y4K^)1l&j;Io>< z!7<-=;tKktDcF1jL_wHbgqu-*K93K8W)h-}f(uR_T%ZtxkB1m0@({zbmLM9T@Wo_^ zp~13ND|sy$V%TblpoA&U1d;gUcgY>`k)R~lS?p5nbT({jA!R0J`iVjC_3Ha$LUPs| z$DuQ^t{i4B+LarZo}0mKz*6lThFD8x1-3Gm&(siHn?P5kxCah3l9SZJM%)Ki>}6_) z`RCdRp6Y0FS*V-h#8p8zZd4)9!V9ug-MheoHaC2_;hKZG=1W?l9?8{al1)Q)Ezl+z z@>534bW9VH7Ir33%-A&WR7fCN4=YpO>5~{l3G=*)lt6eH5QbUlamB1S?h~qT4Fn$Z zWup?q8nqLC?J>24Rx&;vNiA%o7LX6rf}$&2K2|Ot1XY3{7==msAgHodD@n=+L6rzf zU;#tmLeVlFYv7SN~smuC$t7OWQS^5OcP@S3pctskxkV~ zv5X|MShV_DIE-HSlq=Hbk{oO!?o4MP$mU2fQx0ZnQ9C7n1#btN(nmDNS$Ze=clF9Hkk~zX!!P zZ1M+~-7N_=n~A-cgE@S4ftkk~%=v%&67(KYO5Cz$N{vbV3(WO@Y}Fzp=}ruJ$$z68 zJ?~Pe914wDVhrF!+>eFcO7U?z+@biUnZ9l;B>kCA`olfAa8J8QQ=Ka&P2tZ~bSV|^@_f8t}qC@IG0AgcIkMjYk67u|{LX1Usj zp=~s^@X2w(Hd46D{GNv{05T0g{6GN9aI5xtDCyyJoV?Ifg6OSD(c`O7^6XHO6g`&A zSGAI)=&@wBX(dU~W63;?5-gddfQfU66^l*$Kyy=XRN)sCAEgDAKD-{KUR zFYw79sY5a0;6i136|hV;c15!o?C7=_Vr-dDVpJqgQ4-Fajf8G4gnN!c&Kvex<4*)> z5LlyI!0sV5Qn+W9);bC`8P$g6d4&iqEqxXE2lnZ6Z6$y(_7eM|Yyt#!+ z)GWkXC6F9ESQt59Dla!z1uEyxpM6*2ZMHPGG?@>~eW>g%A+w8+DGadX*4#S4HvIBq zXw3lIPL7<9(W0g=1oIJt={2PzIJMlJNSODzi3x&Y2 z0(e&lCHN~BtiYY9oCgk62svn3iFN@&LOLHg;>iG^Mu5>0^4vC?9Z#Wb{%m1xRfXgB z+igOTR8mq_RV7TBQ8^#PnkUVlH@~8KzPX@$(SkXbOWkGVWq~qt{*1ZhQf1lY;whDL zf24GbG;3B_rFmjSg}LaV8Rg}dn->LUl$V*^^#9xVDrS_LJ(ZOem4bKv!WrdrOU;Ed zDrY=|Q7VN=^Q)u<3o0rDWu?Lxv`YXin!C767*`Q6PbiyFx=3)BEu33YmH?t*Qdn6L zC@Z0E<8ha&VisCfRY;W}P?%g%E@J%>mzNXR1r_tF2pjW5GZriW zo*e97>v(+N=IyYT^xK?BuV&hN@;Rt_an|8|?|1uEzOee{(T)Cf_O;o0ul4c&E|QUc z)Ahf3IN2_lrooiZ@6J3eokXgRUzV2qAD=q3fYsrD)VNmypBm)r@i%Y?mBRAE+|%!6 ziWB4ai$qFa0n=|uBAt{-cjjv4nThn5!?kzVI{w>~p#KgW!gc=jpE~ZTpOo(H_P9e> z+d8*$#KZRtf2ZpfypPx3Z}?t)9KX)}-`ihsaK)wfy8Y@ljek$fpOQZMp)2ry@xAwc z33_i%q@xn)#6M0zBVo=BwU6KUGr8h$+! zY5znzG?8}Z`Twsx`I*)DJK@*<#*MMtI^!}#s;V4<|0Qfj`H-^Gc|&hqILSSBsLh@` zWQ;VoymZKfvRQNIBk}k=t|HF^1$lY54Jp2Tc%r;;-s~Z>U?8d%RRzi(sv445F^0H3 zV6dNmoa@-S!ga;#rmvf`Zo#^mb-{J@ z>z-b>cAdGw+F)zQZE!ZQhQfy8hUpD+8WuFvGz1&!8&)?w-LSUdrG{4VS{m9K z4m7kks12tZIvRxaruA9tv)7x~Ti4sx=dO3IXX^{;A}{|x-30u1O}3S(BU96Fd6YeR zE>oA5vUX+attiS#(dq1>Ei*NJ`lC!&rZ=SMjDoEuwadU%ok6$qjuf3??Sr;Cwqc!0 zMB4zpPFQPx;rd`-VI==IUYN;U4RS8Xskn>&+3eqgYcRW-8$YSIV8~l^)8}GakE0*= z`LAb8??3#8b?d6@VpVKL$=a3r(YBTP5w?{nH?GyE=u%SBh4vjM0vSCgj3ZzP^mRrc zIov+fW=qviGUzjMCRCJ`Rn9G$XPz<`Ywp~@oI&Qwiqa~|IVm%w9I| zhoa~0L+!(IhvwefD{~mVqKv=(i%?hUZs?32c&J~g6Tx#`mz0${o$&HF>4`Va{l4F% zJ%{_eV5&X3@4sHzmLr|7nfCBw3uk0*>_7gK_eUK1&9e_Z@uH=zw$It8QcvI67Wh1U zwNml%=>wZ$ug&gv=(?Z0@rj&fF#Pp_ncm9Q^2m~St#I{UJjdRuZr%9EO*gZTI@TU! zN2{mgrCoTs@#lLk+%@jZ^`E^s)zo_Y#`C}a>=SWU>KkdPuczMsRn5$SMR(78=(DfN z_Z792z5Dv}t?OLX-#YK!~)dr(YuhYdl^BgJxp6i5{&V6$@zyBL+8~faJ;Q8G@ zi_RD^s{0Kq^ZxMa+dJFl^!?`PuRf{TwCL)Ur*?K5k^jJ@{og+L>Ar8pS6_SP)w6dv zV;iepS+34_d-mMbL$l(4x!`@jXuEOyH{VXY^R6Y2<&D4Z$tU;PP8Qwj>;1$d=CwWU zJHKbyyl)On&ira|kI5Gg9UJsUqxso*+kot)OV>2x-G060_~uN1>y!svBlUV5RT z#J1>42hm<`d(hVPvYFD|()s0@&MzspE~zHXQ0UWaS6$Ahzz7DRG0D1=6rIzSmTDY$ zl|CiyyXDr-iiOE+Sg8|w+~qz{KIVlRpZ&6%bg}G-J@b!M+&gD-uNSs#ylJ>RYt>VK z{!{PI{`izZIY(w>+iD&Y=cl#>$<0|i~p+Anl_S^RUM%%}~9Z_*^{`NoJ)BD;>uUnkI+E=x| z%g6x@lKVu~H}1dA_0?K#`}7Yj{u6(?cSC-UFVAlr8C==cbJrJRKR*0$|BusuS~cR& zuPzF{@uh#-%u_X^e?Gisan8*nhn24}4tev?l33)~X#48(=56218dcQuaLavv==EgE s>057^ee&ep;kOnYS~T@~`>X*|ZrIRgx25;4@Sv1+FKzX`GHvz$28SO6y#N3J literal 0 HcmV?d00001 diff --git a/FSDrivers/X64/ntfs_x64.efi b/FSDrivers/X64/ntfs_x64.efi new file mode 100644 index 0000000000000000000000000000000000000000..5aaa97aca06fde7ea75f2475f155487b2fa3fb8d GIT binary patch literal 47168 zcmbTf3w%`7wfH~DWFUmZ6NG4ZD1!vWMj;xlfdQQZGjK*G5<~=xXq1PbRww@pAo7&it0|;%`a+rsQ=S9gauHSo)~LG3=WP{2$ZCgcjC^ zs5>!Y_4x=(UE=ku^jOQ*Q&TAiws{q-CC8E4OUnt+&s&`z|zCM*(^E{^tdr5q*F3>L2Di9J!9VLSxfl zJ3o>-%P=R^8ZlS!mktN7b9fENYpmo#9@ZbIVML!Bz14`ju36)71Y(ZLmaQ+m@Pe_) znE|o&1;c#Kh|MWBVoOVB(@sUu42%xOz4`6lE*V0@e8q^>ScZAjFkNpmNJhM*IwI*i z(rZg|m5+-@!K2@e`VS*yXi{! zA|pES>3?%La+VFH>|2zwF2CL3h|liFXYgJ=J$xFQ`cajCkz@eUZf3qXtQ!Gj#HQ8? zm@$9}3mD_6Y)S1N3swZmhY<>YPT?(*m26X~uAdAivwbRb%n>N1LgEU>pcW_)Fm@LY zb7y+(!_<*JSI|sAGv1K?^8Tu7GS_Z$0A=_W(e4S`O+FQ&$$O+p$x6qlhJu)0MkagTMh3{;!xby@Kw>nNZnG=7GnLZcUdh}Knk$EZ zOg}+JyXRiPJYICIpm3wjJZ>ABk%6`vX!{4aV*)t7nX~h9_0Zj)2*|$T!ZTHI%8+fm|cqLc+N4 zr*uebIEB<;{35^5$zQq6V2tXk%{C(j?F@5o2C% zCWh4iPFl{g;gIrCBJy%s?@xGdFC&&DkVZgg3+7 zC9RlSg|TZ5^VYJ(GNYF=qrLj|`gPZD-3&z>mc#DhL{+83P_)+?t`lC17j66x0L3(e z4x1%Us*l$|L1MEshrKmLqIyrlFF#?bV``a9LU&B(GJ z+qu8^;n#DM9l(D<<};$}*0NH?m`XM86g$L4Wi={ZSwb-WmBuT76Yn@vNCwvq&4}`>fKn=o4|jS78&3SIhb*a6s(G zs_s!E7Osk4moLPP7riK`#O75uc(vF1J35wO&N5JpK7P>QNc9CXi#=W_LbYjuCituMakrF#;ZnCy9Zzey3W-f|a`l4v7 zdr`D|@S@4uR8l5;ellg<8iyl1gcfNoFWldVCY^1*BC9-A&~#OimFg?MzzM`B^DIWh|jV>aV7(6eWiNs8Vf=sRgnZi4jQqd7awpqD)(g8b(>X( zQDPBOIbGrwp4bFe%D+hR--SOn^$0=F{*XwG-vhyx`Kzg9RV|{Bk{aWogOVDfRMOVu zb!s}eqyk(qmj|>D$|GJhiwDe+UTdgA!a^$t0$s9mmL(`LALyxdjQY(afqhkvJd2l{ z6DCQR7o|ZKjEpv_poj|4N1$l;tgu&uYk-uTDesi8VyugogF|LIJOU_^{uz>_i96*> zmR1n{wVks=B~5%fljDW~=g7P1+WljxS|sI8=!am?Kpq%;F3Uu`=p4adw^}m%AW-z1 zFJ$$2-G~`;XuIfQ0CWb-hS&GUfXLK>gFhsr>rvIfU~03NACj+_>n$GXl2tUSrcNzO z;&pT9+4HBeB?$7RL0Q#N_Lcsd(d=h<1Lgt4JQgr7A1z|SWtja^`2lkh1T^xi&F>k8 z*=`On5(oPQoh_p6)mAsY8aiE3qdI#?;mgd+@7Cd}W!-5Ru@M`D%mjl{|&1wwwr*Jfcb>-kxXcCN@tS!I;=ZsT8UuX;!_ zFEl>@>RQ9EsZrTdm7_I0!yEciWJ10pd<3#-4gV!6@%o&MuEc`auDT#R3J|yBPdQfY zrIbN1dxa2_tiRsKXUz59{X9^Xri!veJzH6l`l@I~S)%#~s-rCR3z|h6sFPyJDEfn{ zY%4UIc~{bR;$6JuEJqKKRdtAvVu_)~jb0+1#YWjIik)>KD5w@)3#d{JS_#9P*!4^4 z%Na=?DHQPOO9SR^>(T3MG$HwAhUbg$yKv%EDh14K(x~T)(4(761?KBFP*4p^C~mYn zl%5;injea6u956#C7bT{Cl92s7F$qqoWgqp0r}Z|B*mw712Z{I&7FELT3J$8@7Pr` zE^fnIxmZR8Z3&!Dq2AL{FPe~gd_AF{Ot-)K8|LJU9_2L5X>>r$l~|7AWB2vgqqe;k zDpP|F@Q-0w+n^fI)0r?~F3jQ6->@y5)Sk)LwP#vAiSX&oxn((elehkGZf>Z+oRp`>B2B=^ z_z!HI6mxpkZ2c-_QOEzQ?4ZcD)$hAO-7r_%ls@X$Hqx=8PoQ+b>_Yqm&11+_`8GWD zwMrY_7u0+r?f*$)x@6Z$ zByY>0pKF+FRNFug%d$3>GU<|)s{Se2`p-}w1M6(9;bt3BAOpz{B*175S4s&z`qi~z zSHOHN^*zJ<*;;A`%;$VnXNCF+<*Lex!$Z@9ChC7UR61<3_2X*b=G(js@d+;peS z=aP0i4A0h8?@P07zA_RJcq6PmGcaqb7L<($Urb|vSERr6cCgD3)ii1YVpG{9<|`Qc zRYZ~H^yFMM@IO<;kH=|&yOl--SA1KG+^vrfdKGuw?1=Sf>zlV_@K z{9RB{^lRm9km^UP^$Mgl%wH8O097Se$~^mhag$s#T3a=w(yv8matAkvsF;3}YZ_<*fW9 z<(kq2D1?Y$gNpqZx`c-2i;X(-VTQ!np#T~&lP`pOOGex<7rv*6!YFKwjB*I9lTdnTW0f%yPqgP?6LYi1gsvpNTwkgHP*(9(+cfh|eS7 z^B|RTmOVi0&ES)~MV5(lbRF-}TGDxK7QnY46C zhd2$=YwXJV070$|Uz5-~1MqEz^V%~gF zv>Lyo65D-M<1_+A9^I2soypj0 zXP~BMYGgBhFB$EV#b9x47T+liLfFZMq4^U=Y;wknFh?8+wT5{ojw>`gVa$1=iz{C{ z>d#`FIZNHPFPaq-Xp9#l6^zy62>4{v9EMt)JmYffPBmh=$0?Q^q;gIbo_J!GaOs)B z*igf4j7a}tlNkzB)rW-fzIng~Wh7iH;tz@Mw)O*sO1>(XC?gV)YvIF4H+zvn$RQ|I zVP9*>#Baw$#|ThgJxgMQKJfKNSYm`|&6HW@_5)2TZ#6^+;$p&EU7IVz9LG!~)v z;w3$caRng%Kz`1$YmNBK8o)XP>q|gU*R~v%75WnJ))B=cNlSef(IKRvk<+CS)9@NG z(Rx*C=93|J-O#&HksXSl8GZ6rGHreGMpexAjyjE4A0w?sJ|hn4KjM%HcS{8#5wWO5 zBD!i1-yt!U!h7{@JS=SXAc31$Co0q4s+ILv8FN|ct5G}H7}5Ou;XrE^?1Oo<<{s(yG_PSMjPl8) z#yH$&L$?_tJA$6X@;*lFl%SbFnTbt24E^D2Jv{^C6ikfq7|}h}KKQL(!vA zGELbhJHhs-h@eD3p+yvjHkXMmktNJgYl3)Q+!tV=19!2pNb`s6s{Md4; z_JyM!QkdHu1qY-{{%(5&emNf?@r5}-&oQlGJp#`k_iF)jm*4DY&aKJ`_YXK<2sr;< zUH(G&BW*)JZ9^_nU2C{kL}R?8HXOnh(%#!CadI9r3HK*hFAx+m0?iQhNe(rsg zQ-ZPzL9?JzzLdIL5ga$lPZ{l=l97Ka{G2JQ8wS-NJ(}`5wn^-E#~1q z>sJ?K!Dz8Rkd-_iN`Tqt3{JXaIz8PaTW-dq)iYEKoE`Q*1BU z)#-MrIn~WNZ7`mO_D59t=?M4ROS6J^DT{ou+sihO7S5h4n>X><*b2}~e9KX5v=Q@rty?O3z@B$}!8JVl zwT4*`iI)DlO2$K089F?N){<(w&a4JV0w5Z~EIGl>{uoJ`E_v$)Xss6WaeZVZ?{ge* zvV?*?ls{ChC@)G2)DOmPGIaC4Ch)ahlitRsf13(3_zIQ%brr^8XMA0Sd6%aARkziL z`ULx3Z=}u)nD;8aR7=xzM!okZOOsFw$KQPqgH48Da}>eGkL@AYgya2!V4=|vtLaXL zMb^WyP{KN`M#_q*SIVlPmUX8}+M1#X8HE;rva8ldM9m{*Yh_llC!kdNc_{U^{?tpK zKPr(4@uD9r1^OoVRy3joljOO}TK8dgf<7SGKUdk}XX-8Pkz~j9?%Swg3&jXElu(>n ztHdcHPuw;yBzI-jl3qAqHXH+oFjdker&AtHkflg@v_xiR#N~0l&t7{8s3=zJuNy(I z7>}UxX`+pPD!gL`&>6=$w1$836&>{kb{llRcmZ@nNTPUc`5>JZw|PxzbYensLo9X^ zPX~@uyXS9Ivi{2pZ~j>Uo4FJO-)9KYCCje|dc3Yy#sMkz;QK-(r6`GQzK^XtTMv6( z25h0QkJ7{73WuTMYD=FQ>jpFQo>O1+-1#eAL7Q*SB2g0b~$>4<^iW3EY~~-z0;g!%MLf~qK@JYn%k<)&dqsXR*g(FUkR9r>hj(3mH+ZJJB;#O{_%Oa;c~;- zjx85{U)MIy=(DJNpSH0T?+>kmO8}UHyBLBFY@aSe-hB;W4dXt{BDV;{{Iy=J$vdRNGN!EAD zdP@VTHO#A?IVb`?>p(^qVftqr$kU3m$qP={%@8O&rZ}TV2 zG_BE63>EMhog|x+87Y>@Shw&=;>~{6?d4J$hqrhX?^I>(7#+Dg-w~=e zr&hSqf=KL+(oqh$&+ITQ>r%S{J*L7msi3xRWrFci!Rp+?b2M%3L*PkRfZOWhayVF@ zPh&9We?L2zD{<5$3sj5HFE-6hd)RHM0oumtgA6CzW|EXAj1ikW8rMLye~u6H-P2Kb zhPUd1P$|6)4HT*v&fP*4I&644m%YW07X1^5>xWx#89YK)y^*gXTH^!KX-J?)JMw(& zAwVQ;;}7$oh`CyJxnq-%^om0Ece*7u2~6&Ar!J3N770&Nneo}hJ~P+utNcn&^Le`I zxlLAcM*zxJYky2wv-(KKwZ@S^*EULLx(&}AqnE7*RB3eN7xWCYr{T|=Hd>4ROYmdF zd-X{=I#4>wG^cknM=yIl`7*^0JL#EH3_V$8RWMuks<>wK@5F$Mw{9_HoEr?Sy zAkAqT4M^1iTc*V=KC^UuZn!|(IH`2eIQ^8+Ol_l1=T&z2pOi9cos93J9y^9)bklwM#s8R ze4oPWqJkWD=4g$N^5SjAnA~AqY-fhw9pQTA9$_x%li6YV9#;1^2#CoiB=-o2^NuGo zkz#ky*S^w5w51*w6gcmUq18^c$!sIc#1@2mVGAFD)321%R91K;&JfJrj9@;&Czo+L zqB)x%r>-%~DHW=hMR4k2_JkYqcp>IEYm7M&9ikDy`h+)i$&n(e3F;Rl(A&tV=ScJ~0ZJdk< z+2b>jw~dbkjDDK)rNhKwy^)m04F8I7crXDx2+4dQG-;=1E#X-;Z73bS@ISqwN z#N87Df{{l8*aeoq;WPaN5YKx!XwHfVTA^!#bLhGJ5TfX2jY3B z8hZ~KBi}Hb`=`b83gja`Gl%5`m%5_=6Se@noXDMsN$k(wLwf8?J$7|oaypC=G;N<_ zJns@8QWo9sDm<>dd8^Imf&_Ws0%L(x0iC!ut>@TDFs~a6K@4#g~ zKkF{TQTuKFGEpJ|W|9qWY}76zw$hD*9e(vSpB|dS?DgUW3z`n4!Rcm`Fo>t)?g8Zq zBk^8ga|b;zqKCRteWHne(3O=Ksl6*z>Z=+M9&8d?=xJRsKo;hVJePHA*&)4IqHV3w zqOLNOml)=c$|8#N1k9p~9*^WiUNa9Fk)=G5JQ@Aq9q5=EY`T7m`Kors<0bv^P%*yN z%!`C+d)5O~5t*|!S;w_k^v$gAaH-mmXEvyHIDq94t+l9qfagJnu{t4KAFbU_(kE(( zHWNYZkL}hU?OA-91X09G{u4#lRyX(I>_{Oa9+cG%R;)ue7Q1Aqa^NZ~>>xa^xSYNo z7l70`(5{b$#?qo;HuY#-M@Nv9)w=$s^7|{^@3h7+p@esTr&4F;AD(ntPIxeQoeN%+ zu~C}Y&JRy*Zkwur?^?=JEA$Jc?j;eN>|H>+~b80t346At9jE=9X?2 zvXjtlZQ)&P;l{MqFoj&Ta$TZcUJY^Npu;Hdf(k^kowA6v9_`-X)A+_#T)H~pC|mcXo;XyXJGYyO zgmr3RS5vOM6nf8UD~vQv%8`#g-m`XQzG=198QB(TDoFM5HeFb4?x3aAwCK^hSLBg4 zY4y=`Um%y73F=UjqJ=F@xlNbnP%$@kIn9sGHt+J8yHi!Y5y}Uok#0?mR45c4v~kHa zFQ6h#m*;|%AR%3C913S4aTBOrfw<946uR5rRP^azE>{kmZ! ze4d?ei&?{#x`QzF z_CI)IYf9U4u%NE*-ypLiRWyp<;v@TqesJU;>E|~`__DSj8Er>^9aV)5Ur)LbZO_*v zgbhKNS7vOcfBYjo)>mQ=uoXrUv@z{U;Zs?gd6rr~6=R&9PB&jN;!C@=E$3mYZZyAY@6sZ0mzqs*4j<|zcGy9gW5(FH@0<9s$cfCSlf7K z+2uIC(!&I1mzuFR2^|#%*duoP5+G`J_HO)C)wtF;UJCF2h=E}WTb)V+-EYLN5cd$Y zPob}b2}v-L11QL|*$J%FDHE;@=jm;ZvBX8_&BVh=#A3;npsO4bMmdhAt-j`bBfZTx zzA!gjB^!z2hlt$a8ZQK%*(Wl7YqyW1Q1e3kXuWqK;){QUmM7|6<*R6S>^HE{Kkk~*a&Tn^u^g(eAyM_b$}rZ% zMTY?sTXi~n7K9pmjb?^m5P(D+gMR0O)%4tp>ZFcy~F6-tYS*8rlmF&~CjWY-Nm97irtbxN>Ymm7;vvBbZ%=Hb5M*$aXP?gE*y^bf^CXbGVdlKS(Y#=COPXu zI!><(>cEWKJ&aQu0S@sAL%6vYb4xBYf)WdavTL zeyi(!G6`Lu|8*vpDQy5@Gxz235?N_^5W2%5rb1a+}B|65)z? z+2_=7D5br5e|6*ATEj2N3Yv%YhBLK>sDP7=0Z>yCCV;qC5{@4?&=mBH5{Rp&-TJ*f za*eZ9`=_Js{p4C%SP-ob2qxC3l&zS3mjdVtvrt5FqExS7eJ$nK%zS1mk+S&&40jYTEl5blFg!oT6JoZTBeE$rxp2b z5NfORpf34PF`ltMcR@UT^HoB^jCV+m)9tio?y)KG9A)DMI^^@dxc)C9$(Dg(puA&B zb78)(DwtQPHU5es0jCnBZ)h8QWfLWo=SL)(9qEq7gw`10UEAm@^DL6-vP^P1$!XOZ z7fH?^cPHNK*SJS(n8R1>ab?JwFY2Do<)`_b9lF_~o7?st^t3Mf*cUS;*U+BvVa9F2 z21)Br$!|l;UHPmf6if{d|9V*$XLr<@@#K9f7?E$qL4zia90xT&zM|bFrv+5RK@ud~MBdDbC>tx3=aNLPJ>C zh|NWa54Cbm6PiXNlFTUF6*Nt;36$6FK?T6vDNL#8ZoSp1*4;T0=3Wm&eoDMX#u_0` zP63HUOKH}MS*qk1Bd#KZ#R!PcthZjbr&#E;EiP#h8*L8T8_YSv>bIsYfzO^JYRTrU z_s$laUd4GApH^>qmA1aas!~r^{01`ZFl#%IL*xn8X)%Eu7@Bo%0y%6O=mg!+KCdf= znEA23saSA`8y5Dd`HFQjiU9p`M^d@OjF%pMb?6>EHt4Dlqkks`y?aaKrw==+NjS5HCyu<0V1UZXsC6UjyG9aVH*#He|&%=tGn7mDj(qwITkUG;w76knQ z>0ljGmhh`YS9spQ>rI_5waMi2gLsCHbf?}rppti4yY1|=Rkl(fO;?Nt1iq+_sA~3H zN8^?w!m?c;;;e=eSV?S4h$hj``XHkg$(;Iw;1_p2fUzoFflX9bYBF6x@!4fP#HtjX zc&2nEe1q83H4>RWNie+0#MRFG5vKlZ=agmf8>m*6zz{LSpYc!@pJ zx2R4KrDFzas!d~#oIuF;#b(sXN5J$_C4r+v0z&AqIG|XZcld;vtnH#F;HHaC97`+6 z3;%vuB56Z5PqVh_H8scQz=RB@7ulG`Sj#hGXS&|Ml@Hr&Rd(wM<8l_Az})X=kB~J- z#f^%dsx=Iv2Pck(T9nvdyYg!3d#9EA9T^f6_=*%Y$WmSvmB)%n)60wS=K++-m$f{4+0HWhKyXQzE=O5>Rpe;5OyT7MY z(OuRd^>kgLvNP=d3oOpBkA3ghAZG3{t3N8T9a<4uVwm=cs(8^TLIkav5kii>azF)y zztikUo#oS>Y0=}}gW84;Jzn!@^w?ls+t8v-?a-V0aq>-XCd4$1j{%8yg~DlvHO0nF z#U$IP<1LAvgJ-T=%saRfcewIzFuAHx5jd0cvX=+v9OYrUsw7dZv9iHzx<<=)bkrR9 zM+*N+O2vv!B~|=*ML(Bs7?}ZaHL5(!z@n(UalTY#wuJHwU}>{k7HN08YDt4-ZJw<# z=F5rS10KEbPUW{{*;WD_BrE172SF2`X>SXgol5Btx2ddR9l`k>$Xe64cTl-+Z?QA_ z6Nkegi&=j$GNbGGvX`N2w+lOk@=e#_C75@k(yF8}e`daEN*zydZ}GA|9QT72qrZ`r zL4v%b`HY>L*=jhTtM<*zsN~Q(Cbjy*Bn-@QrO?{acHGfB+>}l>{s|v(Royg zXZGax>zyC!=@)!WVecXY%W26kL6_CFaYj~M@ti4KmK0Ts^y;4Uk)$W@BXyDP`G=fz zDOo~Z>X6U8S2$BQciVA7sF3iVw($#m_T`>{={vV;6ox%Bd{eQZS8bljN z=$wYEwLw%nzli7cjVW-8%HPl$gt=riZnbvy#fV3Zody5TV ztayg|2e!b?~R9WY;DGa=x4+0dqZ5-dNg@Oq8{I&L4V?7asu6{2_hkT+BF z!>qs`XbneTN;!Lq{grsD5Lb>h?o?@~t7cgR0{!YQe`x*4U}4m#h_t@kW__G;L_U=MB>WerWJ<*rB4z zJwV(fg@9{BKgHWdVP}V+h+vITMSPd9p^OuF!uYd z$K0ZO5sLfFH8Lz{D3i>q_61dOqr6jvOo)&Uu+z5pO$0T&GRi^#_0H#PqDyEV#CVBy zPcS{J7pAA#qYcRz=gK`;EQ%C%Dk=}DVzW3cV?L;te=1{V2KN~RJ1=vkTVu1mp4mR_ zM`MMn@hbcPd_#+~sN#H^?KaA17pq7VVmrVS+`v4`( zPSZ7GKF>CpQ+8}Xk8Ru|tMO3>Oud3>#A!dQ6Lwhjr`7PAHB|=4-6Xps=JUoVhv+dJ zHoOxpyZrNj^Rs}bE1*s7GRk)w&X?GY5z+8jp^U{D0aji)i%ieVgN&;vr}V7N?%7_$ zb3|+Sjf}VRE2I1?!}($AY$k^FVP6=>oL0dx&MH(gl#BW*ht@EXS=H`UTDxfqo2bCR zz1_zAF2RgV2jWqAZ8M?=yOa_*ZgS}gx2$cY2W=iX2#<)8XOOe}9UDq?zCHctdu`VV zj4;2$x><0DMfcMTii_H6{!c24Z_iVgzkG~QUYD=OuW*(tOi(HJen>-f-|{I>bg0m0 zUVPvNB(I#C(ElcDTtL`d#IxP7z4l`!R0tcGbr{)?A0#(8;?MFh%qy#yMuPswsLLSn z2O&lc9g zZL;-tW35o{#A$+l+T-j)2aCHt785t-x|FhfM@L=6i_#%`_HwfE2=#7OXW2S7Uui(1 zmcoX5{D--I^A&&mhfdwxF1tjFn+FYU*i-M~^kAyAxwY)z1aT>_QQV)8t_cUj`2i<^ z7jLA-MhYt-G=arV-J-I2bKTRpsQn6oiLg6!B zZ}yeul(kHVXpN#{wIp+iK$+YWv@7b(!P1>@ z3-?cM@=4dSD708a+-T$!Y;Sopx1d81QMoOaD*u|4clMNbW@)i0j|PQIxiVHkXG_r2 zrrmQ7jI2Ki@3Va$j15k<)BS+C$9uRfCxjxdtnK0pTar(b{wzF0=5}BF?i^V`788K$ z494ezoD*}auNtbU)D%)F zryL!_P|c)lmt`cq;VY9Sxe&nZl%}X^E;BHFGHnM7U?UmG zZ0pV*8eGzn%!_P0*n^*9WAJ`cBekb`&I!2Z+H{j>KN-t+vt!Aq8L?u$nSdsVqC-0^ z7VQ*oHsL54+fDpU%5_GtN>$}yyf9*`-Yl!+Ld31aCkAA1t?Huu@DY&>gsS2VWd;+m zsm^`=DTjRPK^6)IpQA=7((*5o8f%R6EFX3}E}wHl?M~qxBbv@#_U@wCg;-$)$Im7S zmR`Zq5aW`~OIoo}t9(_$7;zEdWI<@%BQQX46(NE?bL*mUgF~E!le=zO7L6+neYg(?M$v*c%hpweJ$8Y+c_;#V1)&^hdP!`OsAW509k1GB+? z=Ws=z?0Z=>bzZ0hD4C7rO(>6cDHv{e=G`6&rANB$i=U1kDBIN6Kc+QkzH%h#Gq>qm zwtZTBfF2hnRu@_-RdiEU9$an z3FkI_^-=k}a|oq$RmkUTUD6tP;;Xa`#M!aw`9J^q$NG_^?%bU?*57QUC1>Z7)-HUM zdeh82A0=Wj{5NFu8W^z?Q;y8TN%-AX7-xXNq?Wa3yB-Ywe~_&nRfLo&&Ivxsb$RazHUCRh-T?ao|h`+9Rm8J zL~^*V91fzR z20dT0OBz%4u~!rTMmyJ6egLgV@O19hg)HSqStM)p@)wtElaA=++sb#8@6;0?4cDD4 z55w8M0uSAZUz&T|^z!X~^Tl!;C+tMSC%W?m-MQ2GqR+|2416cALs|z#dMxtC`pZy^ z?->ed)w%nYJq*S6uMb75Jro_`e(cb-c^Qnpy!?h2b}#kQwxB07QZ1{r^mb!@D`|zg z&y%>5?F4ba&u{%IlUAO9ZF2RmTKr9uojqzLr=2+1VR*LJ4H0pA5f%|^P64MY@T&&6 za3b858h%B*Fz1T+pj;_&Y9PHmklv;@=SmqVfDMu8@qOSaC00UWiP)1tqP{;G|6Q?_ z50Xs7(W>0nV!cc&jjf?o@bWT)jq02uST zjnxt+xE=o4~dnwbZ;pha#Se@OjOX zb0*Y>2kA#z@NuWZqn^c?0is)TQ$v{k;ga(zCiGoVpvUX;Q~ij6aXl;2Sade6VGVEE zGaYgLSuTT%&v0u~cgHX9jO&M^-DfYK8$Ei#P-et|Xv=KzrPW<-ZpSI$V^8YHZe#vO z`qK&<^CjzF(x9hn#i1 z)dl-u3NT#X~ZWy8gxD{ z{9Pb>k&_2YW{ zyI=&x(B~3@O@7Zjo5MWo#ZPj^-fcvGEnDc|eXKdBau1G1cuW6NKmEyDW$Zg7E1j4y zN^ATtUL)hq4?E@F7|v3~y`B2_#PW~zNOu{hk?h1sH-7dRIqb0QZq7Zgf&wdG!q(I$ zk?~`sW~;B62+P)<%Kq`K;XawP<`(&K@}-aGzC$7*HNU86G%z`I4!?77&qlg$ylWKI z|82sM6$3Y?H-6Pu`%R(_ufle+>ciZcvqpsknA>H4M{B$cB6B&CN{b$IFDI<4@FjZU zuztWkuMt}#vqc;qLr1s<&fv9O)pt_@t>1_}EBQe)1GEDUa9WRxf9eDK+;STA?sFlJ z*oZ*_P14UtJc>wU>}VbspVT>_pU_|{G&oik9)yE3KB>SODpq-VYcO7uZXOsp2GyoX ze|I$JFcVdUMCw!SNKxc&CeH4foGd7FN9x1o*2u9@VU)-Zlm7v#`ubb-@tt8;^FUw{ zo7B8rAK#*DKS@Yxe)B+G-QlK>?=a$%r5SMBPozW8qX<*CNPA{`G&wnRWi(lW(wFQX z;%3L3(08NB!jPLg9z#PpSQm0dk2=F1ZUzvN=<$GaQmn8u^_@(@r1rc{QG!#0GYL~9 z7oUnMJ}Fw(X^WG_Z7ga?h~PLy)8$tM2wB1*C_pEhgA(ZO-yvW(G)jIn`57obr$mqC zaA8(7L7#I{sKkkUp71>h^K+)f@)BtHL63qdN37H=l-Xy`!#kA*E+-T-zCm>X;mL|! z=2}n8QKDBXx8VxGx-gF=m3tzMFY{w=^z584Dl{PAd81B@yphm5`Abm8DX%}PxQ2T# zW7QpO3PdhFzs+CcKy8lyAcr?jMua;_Z$8Z)$?4Bj$j~Xh*E^oe#AbEsn*T^F++zKU zoz5*HA0+h2)4H6%jFL0PWhJBsI;&itYzBloQv;}z`dn@{Xj;{xaw3#h%&s})1B z#01U4Zun4ZsKb1M7qy0=6oDVLh99aIOqqV_rBG{l3*rfHUJ7q&4WG!@QK#0BazI-2{4C>Rgpk)uV|0A0o|8RbRESp2oYxa-|Z@H%P!gv5VqdSpVegKGuSoJH*< z)Tnt@jnAxZ(TPOD2U||+Zu_DTF0La+pXGl5fuxz13xzLI?~x$3XsM+3g{v|Q1E;E( zbc?E5gKQMR&?nXfUikf_mn^C4n$(szvI3AjAN73b>+2DOkCnY)#8(|WynpDn=$q`T z7SorN10ehYZlXAHpv`{}*|O@*pm`*Ev^Z?A3ATxDqRZ05?)tdl)_jTRF|Mg-*(~g+ zO-05f^K!TAO{WCXZ2$|ukoqp|YEd~VF{P<+Wb!|F;jI1sEwT)AsiSokyu{XfvwweH zh2GRBQ|~pstq=2JU*s~Ij*;<>aJP}(o;syDw^?g~J=>d**Bos;w(J9;FZUT86dDK1 zyKFKC%G-jTkN-Dhj;uQ92%$&JI!IWrB6oA%kPNva6NWg#DMjm#klf!w>%Wtw6P~|( z0+yJH&F{Cl5B+JKTg|rjF=i7tEQ+Ey zU_{GhVW~C~)@TlSpp+;L^(oP52}7tsaU~plFdmm49Tjyodv9D;O)c5vk;d$JUC$TV zq&I9FytG2Zs5FL;MfTNC)XirS&f(&f%vKr# zWQX-5(Xm0o^VRZsSv9yy+RsFX;LsOU{LP+V-taR$xSx!;D?L7gI0qC^hqi*PV8aaz za=`8+tz3oMzJgZ1?Rc#eDh2&IZf~fYE`xESl(-D2hed&BrU4cQxbnxSy(Fb9nP+qv zg7?M$IZ?#p84vJ4uXiIl_f3_IqV=53vCbjTF75gQDU`X5GN@&DRq1JB#IDW@%+Fq_ zxTHgzExyz&TrQ<{P->4XqMABCMEyu=zP3Tvv<-n%@S0v-Vbd0hcNclG0Ec|P}LUeSl2DS6nZbHsrFyla6+m=&VsGzquz`p|Q$_`d?5+GrIS zy@6>Xv4aH6ecjaQg|7bL2B6Ir4V_ zNT%E;?81d5az4$CyT#nN8;lPlP;sjW>}YpRxJ2~O+6;(?>3T9I^ow@qhA)>af8>Wb zW5V28yEF8PLWC_m1owoo0pg~R+js@LsEt(T_Um$vLULwfXR4o3zFoa;2a`)vL6;99YFenGO|UH-|6-+O041X}O$OgI($_!V`PRM9~@tz(=CMR2fI$ zbx~=CwirkDxB2qZA}TN|6mMoCU#=-d36VR!IA}%87YAMp&-DD`rs;FYeKqIRy|)|W zD?0 zT>?zFob}FoYW)y3oJgY|`CPn~m z<|je(fW!$r&iGcF1Mod)TMp&d)u+CzM?8+uMeuWfjwZGAn6<2>&tlqQvA#uJnN0nC<=gyB#(`{^ zv$v|F7@{;!FOFT1D#;4S)4$s@JhqKnVKYKzaMZYq;~Uq&RoqICSdPA5lf9cpPJt3z zSnr7bwk$&b9Vs!|IG;Z@bVRJWCgcvh!Y5qX-rSeI5emRXgwd77xmx4ZD!W~FVr0%- zjTxdf6p`p{#t`*!q?U%OGPeRZs20R}MjR09Q}TULvm`84Tv%4>1+}AFVY>c0Sq^xH z&h|E4k`yIQO}ambiSt-wC6n&gvQ{*)Mkap^#&T-6o}$b&t>KR(_)NPcDfI-UV8T++ zb%s}@Cl^QWD9#VvCBd-im+TWpp~aD^v6Kyuu=b0o#q|NYeO!|Iw^3ihSMCwgxU7ME zvhgZ3We2o{K3ojeq9i{=UsyhxFOtEqPgb}-n4}J>2C(>(Kb2*|^(rY$`gqCqG3d{O z1t>uoTsB#9KoVReSZmNA7~OcuPbEqA*{qNxWiAw7%B-uguMs*P4`lDls(TG;qMT+G z<2+j11#P(Fz}U|sc91!#HOzyWk#S?S#;bVA^fGSjx7K80U2rQ?=Zh+*sI%>;W2j-} zU)cVycj=%66AhpYfBS~5E`ozQtYH#8u5Pi?8V-YOkfpVWrwl)w$k|7l0Le^{M8miza za*J5n7Ja&GEx>ZZGoxwtBOv0R&d(BYEJ{$S&WK}|0(kn#fIBbj4Y*al?9gQe7?)C2 z26%4x6n1h{(Aa0^F@V2f|7n=%a_GEs^j*SD%B0c0AY#c$1Cc|uGA9>{%Snx&?Y9#j zruZ^N$6%Q9MQ7?2eo_S`I{+d!CG>f^Y#mSHB80*%yrO^XeJ9{Kx_k&t9vw!L$}2Wi znk0ldc>(ogoS zFr50nk=;Jc_m#}bbwCVwKETQD$9O95N$}A^3wao|?L?Z0B{Vfiha;qk|Cp*Wti*6s z&quT`zNgmGzHDB@$?yYbCn1WOAt{GcLt>X)a}a!8!{r4N_h>(`=*V z7GChc7!L=X2Ltr_o-@@7DvDfHFTHy1R&`4dj!!&F+Qt@^ZxUJ-d2+)8^IfI4Y`R#fzfd z{Z{x;zy@y~3%Ee}4r9}cEY5g2JT8MLTBKXL^m7oL4wEexp31`PWaQ*ITUn; zM^G?t*-*P+E(O1&pidPf=tBw$&_Z7m7BWi;r?Ec^m@Ozp38R1OV|{JcA`aJl?VexD z0D5*WpTf0K5H3K60=Kkw6N+HS#XGI}=mB($_JQ)gBIg1o1g_7McOa5M(zWOmeq|ei zBR{euK?p_Y%wRcd`tc13h0%u!R;j>BV*y)Els%}|9WWtcpj$P|zQy~=&%y99r`Gse zp+8Py?H(oQz}eq}Gc;)Z5}XyvTuv`2LkUp+KsECxHFjS|`RAl-(FgfG0cB@s$hV;! zT4JLs``e)VrLNHZQZ*^)rUF7u#&8=AhbDZ}PR%)WqpIUZx*AVp(77$>+#@AVMPGtO zYDw^&LR7QP;nb|sk8#56GHQ6nMitIkji8ioJ zf|A>SVB5e~daa4lGwJdFwjX~%j7b-Wq?2B#F7@h%KR(54DG4uY@CV=6h0n|XcU`dc ziEr$~?*Y-%2lZz&GI9VGxa%C*;5*BRV#MY6n)-zb0*q?H%IEep!^!CyG~;Sd=bacp z2u8c#_Wm7fUhgF@zW6a*25tt0E8wclH(6rz)o(f6G##s6uTDaM!qq z38D^jkxp#YW5L+>HwCmU@8ru~+Y8nhJQD#=%Zdkr=2yB3KTlmCU`JLG)RI@mzNM!{ zi~c|c*O{17Rp<_XC@E{MCq)8BH;LaP81o|)R~;0jN&;pp2Ac9%!I!9M)wOcD0y=Ct zb%^UbY>b#?;Xz$%a667D`vU{tK1~<4(A$p6!!iHEl`Y<;zsUlr zuYSin0v*0-)neLTSIr!ZaSkeav_NY(KObI-9xWoM90i9rT-Hcp}MYFDM0qFVKn%_}XYY;gnGD4QcB|zhr zQ#a~+)G7!KA!s_J36&e=Pa+1QJM&XN<2N_;V;Q*q%f<*!kaSxZyWT^b8n_OM{4x%N}k0NgfV+s1l8!# ziqI(S-re^5xaDUXas4mGf4)H}t??;Rsa%}=fH`gB*oSX-s*u5k&{BJum-pz=aVst| z;umdzXxtEQ@%n@RiEz}d6DR&U{N~l=@2-B+AtS~1qUcnO=uq7ZVnqK0QXlqDUZF$|N5W>w%}h-}^AM_LY9t3K`D=~uf!$5onz1s>lF68A4c9UN zGR|xU!6R~EvHZa=twEMA-ljku5zEn}ixY=zx%1YKTstjS;+Br$u>UY*R# ztN-a>Dh5_RFB4M6piqn6kKIKf*}wTauZnA@#Rr`u9nY|9U+tMmGOt8CjZf?-gEzUY zxj!GSXZZ+>e332`2=}rra1fez3t^J;8FvMaN)J*_LH#;N8y1?54W~%W0?pS-2kVo= zfuRUeeG(H_A7^3?r4Te1pZMpIP*6=_ZNpRzAuwIsbhE`xH&xtp)5R$h{B~aP-Emy*Y!=iC zS(%ibcdBB#d9@5r7h6Kej+Yc6BtC^fU&>`JHgm8M9&<9DPat9B7KyGQ4>L67XifEFLn~;uD7eK+QA%QRZ4# z!SQ)EO3h1={4K$eok>4%|3{EQO!jKZ4OSlY?{0}l9NB50#NZrpuc(9%hc`fC^XX25 zkU9JZ(W9;vY;(Bs?c@$O$@ZUt=++u{VDF3n0vbqnyGBS}b(iY$boMfmzo$ST`py9n zS0bXM>wUSFr=EVk^Dp^2h5Nen=)vOfD22Xmo;X|e>XeFvLF*c72q7z8&FyV8;2b5*bvT;(N~J@FDctYp)|U1lr+VPX zGg;NcgO$5zRTrmVHb4G*`=6|;sSA#OV_l;;1&$o##4HB;l}0)0YW04J2I>g#9!=n@ zt={i%Kz$I^yEuS0F1i->-0t^+&Q@+E3B;G?$RAa-6$41YNt7)g7LudZ23x2!L9kIH zBzk6|I~P&b*Z@rtqBIv?m)wA^lM#O?7NHYG-;2Y0iN5FfFh*7*_K|%Il#+eOK$-Hs z=GT)FGo_ZWi9e;J06VUsz!l6#E@VQ8+8~Nj&x#;VewSJ(yttV3NPXH7<_{}y>TX-; z5Kf7e-U+kd0RmHV@uH4!J@NP+ACVd{b#l| zhP~l`OyBH=ay?$I_tiZJ)$3Hu#H>xy8e?257pcvPFl<`GF65ax>tX(Clc(Cb-3EC9 zs3-;RJmN3W?`i{{SL)nN_rz)6!8fXiaC#ucYd!d=p znE4}8XnVs2Nk0d?iNaToIPr;2QCQ*>^w)x6gwC$3+*38{VeO&TfLw~(u9#urV@hL2 zi0>Cti7#+q&~sF~?-8;icjus-J;0l`p)boy4%b)Y%Sf93wE<_VEMqbMTG7#m2^yyd zJO}DdZ9-;#sd|&lZ<>}9aK5Hm2sqK1cSn@w=?GOB&X0}gSI+QQ^dRSM5ULvk#4I?r z&tDA<5^!3Z^Sq$v%}}1VsZL-C>i1lYbOhtYL33e~kP4k-lVPrUOz6+(%3y1aDK%u( zj4-?NJ1M>vg*st4yWj)CS!;YzO30tJevTIeK*ng?0VUm5Uv>AlB46^iDj&%OuYAim zoGTb}9fcYPcMq$`o}AECv5L(miZ8T=#j?^lw+qWDWJE8MaZ(7$jgdWEazKk-#y4>b zkHIadP`x+>gJNE7(yg+?YoSNIEfI*pIM}0#pKLYI%=(k(CDU1Je3m{dX079dqbQX} zjwJ7;2bah5zQa`kb%kwC9D84c^4cczSKiApQSgKQ+&Gd>)>4YUWAa)x*FjQ%X#yTM{AEJp{EYVjv;Qc)L>_+nd$FKSy5fcslXmZL|Ab_I=8a zv&;Wr#zi~(Z{d5o{r$j6`9D7C+kI(+dEx3SjkPb#8gj+ucMm&j?iD}1X2EfId-qL! zb@f+!2mIn<$J%o)OH@B`->{PN?mlnozhCw6=)u!(ZhHKJb)}R4GNk(dwG{R{`^-mw zaNdd^7Qgw@-v|6+id}xhN$_5SKjq)kPWyQ$+LZh&wjW>n6{TAKb!MJFSz~{noc?eo z{p0I~e{|Q!v**~Q@J^j#zn%R2-beA0s}Db-uRrI97d+6ia?i>6+4?6x*U37e+27gU+d_-#V)qP<&HYMo=H zqfV9hKIwvseBHovKKb^){~i2gv}U)Rg`TPYjriRJbivcdb2;rwYi>u4!gg`C;{UJq zzZsHS^=DazzW-f+<|`cPDDP%eY}(zzm2lJfUJ9+HZ$i)8$vg4iH`Av#ypUtD>Yooh z>Kp>~_WuUzH^GyUS)wR*6S#yOH&TB=FWL!4-^?esgS~LcH}lDfJR*Fw49Nd`J`fy) zV}w2{srhZ#Exe5pzfGY5KDW}2ngS}prixJZHvU@(jYEoOZp*+GPF_e0a~-4T^Sn%N z9FAF(z5zi)>4``m>B0B;lG*z0v*4TH-KeN35PH*D4fi+F|J!IU zHA0i^dc&@;pC|ur%H*GSQoiudqF#KKt>;(rZ;BebD;!sSBRAQEFL{{{GyK2uf6AQZicbdhum)#yy5rtq>oFN-tl zNmb_Q%{)spPj}{dLnyTH`%6Ra(CzMJ3vXE9UV1|vABz{d7v8qOefuK!q9wN~k^N2M zk>yX}P8s3(NFm`|d#zZYMoDI}@bf78Sk=RA@Z0U-TNk)*yFFw#d*iLQ&%Z@Fc07Il z?YAvoxGdyeuyFa3`3v3WjH)|Fu$*<(l=Cn6uHDHD&Ezqa*&-55=vBkJaQZ@rP%}FV zMba%%+`r`iYwzk|+c?kgr!7kWx0APgNG(_es)SbDRB?>PvL(huBvBA)M{S4tL>{Gs zk9WlVSY*&aV@7WcPy{eQ4z`A)mlhs9YV^+!KdkKg*uledLc1LNJ4(dHyZ3`Pfu9T+d}Dg9p)_;m@+ zZbH*_yqeeyk31OP-#i=h3rc zXe_tXzf4yCwbGH+97j`b+N7-*X=NUSC{imOIwry5iR>73Y2V zKgwfq(erD-fZlX54zn2Oc{<)6z$blWE4iiU`b~Q%s~}n>k+%C<{O0-ptbeeUBLegD z&oZhFW*~i7zO2O(yV)-7U0ji$2ruo8I}xI+8Z63vr?tI(!d$LZch zDx8?HZ67pm-mLt@R?nG@@I}eB{6#yOw#NhP%4|+AeH#I5lL^pbR+U(el1;B+?eM3s zkw@uVBbG<5Uj-8EXAbAuUS1p2O|HKW{cr~B5Iw(vI8y9AbUwAQdOp5dGdf;e+7JuC%r(TM2@`uG;yWx#fcs! zI*#X0ism2;mLoUz+HR1{A1 zpNl`D@A#|uyZER0xA?_EWnp`Pe^KEB^elfuy!%f4L;OqpNBnZ(+CqIHz#Sp1dBTX$ znI(KeI@k=qIn0x*HLF758Skyr{+-#3k|8%1GsLoUW2>Ac{;PNU?8RM%ykIIV{h zgeD8~dp2`ypeAA;wX6C9c6f{o3HrVipO{Np$Oeo%IyW8Rs;>Q+owgB6Hu2IOALFEp zekWfYam4he%j(m0;4=GZMfGSE^y~Is@e1d^>)h_8>`1mfpp}HtKv3&#*X_x`jT0|8 zpr0EbP!F@%e`~Lu_DgFA>VDvK^&n%X=&27<*wUnXM}3#JT8IteYbOf0&As4ZfFL8k z^anjY8@1QhT_0MNRk#zvWPbhY$SYo+jK7_BI&LJJ5Tns`e4D-}_Zx`=0oI+w(Tdze z)R7xB27O*LF23VL5F&xq=;K}xr@dYn8S@giG0p7NprK#1?>78&7Y{O&vtX%p{q$h6 zqn2YQ3XSR3b!gpn<1meYkl9{nua`sTa}i&jInL%HR)JtGz3Ax~uMkRh7! zmwZ(7bR^ak{Bqq5JaZpx#=S5wArtF$on8;B(Ht~As1yOp^27DuB@;Z>d`9NMQzLpCc| zj}SK*Qy_H&q}U_r^MllD>yBx$vf5u>tX!YGt@IZwD?HO5W+|3Xhh8TE>UN!#_Qx2^ zx9e>w`SAwdFdBQP{O~@U`h7G1C4Zod*mZ3X_J}|Ur=&_-X4SizhQ$t@EdTQvIq34Fa_r2c# zvY|_ct{QsR&^<$YhU!^DRIaUja{afT{%-ZNwcB^rH>&n}NlOGu1WE)-1WE)-1WE)- z1WE)-1WE)-1WE)-1WE)-1WE)-1WE)-1WE)-1pbc^IOcEvgm^N1I($BSH9Q->9{w;q zAHEr08eJaA(dy{d=)vf4)Eo6j$D?mYk4LYbojp5$_U761lNTp1Pfkx>oe2D;B!00Y zv!$$(t!B5fyV*{*mp#Z1vtHKEjq_S#+C8v_}2LDc!z&h4aa{01X??2 literal 0 HcmV?d00001 diff --git a/FSDrivers/exfat.inf b/FSDrivers/exfat.inf new file mode 100644 index 0000000000..caf940cfda --- /dev/null +++ b/FSDrivers/exfat.inf @@ -0,0 +1,27 @@ +# ReadOnly exFAT filesystem driver +# From https://efi.akeo.ie/ v1.5 +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = exfat + FILE_GUID = CB683001-379F-48C7-B7B6-707D29454BF5 + MODULE_TYPE = UEFI_DRIVER + VERSION_STRING = 1.0 + + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +VALID_ARCHITECTURES = X64 IA32 + +[Binaries.X64] + PE32|X64/exfat_x64.efi|* + +[Binaries.IA32] + PE32|IA32/exfat_ia32.efi|* + + diff --git a/FSDrivers/ext2.inf b/FSDrivers/ext2.inf new file mode 100644 index 0000000000..67a985e385 --- /dev/null +++ b/FSDrivers/ext2.inf @@ -0,0 +1,25 @@ +# EXT2 filesystem driver. See */LICENSE.txt for details. +# https://www.rodsbooks.com/refind/ v0.12 + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = ext2 + FILE_GUID = 8EC49C43-D1C4-4E6C-98BF-232CA5D89A1B + MODULE_TYPE = UEFI_DRIVER + VERSION_STRING = 1.0 + + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +VALID_ARCHITECTURES = X64 IA32 + +[Binaries.X64] + PE32|X64/ext2_x64.efi|* + +[Binaries.IA32] + PE32|IA32/ext2_ia32.efi|* + diff --git a/FSDrivers/ext4.inf b/FSDrivers/ext4.inf new file mode 100644 index 0000000000..c9d0807251 --- /dev/null +++ b/FSDrivers/ext4.inf @@ -0,0 +1,25 @@ +# EXT4 filesystem driver. See */LICENSE.txt for details. +# https://www.rodsbooks.com/refind/ v0.12 + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = ext4 + FILE_GUID = 9d380387-a15a-4053-ae19-ff3495b6d0d5 + MODULE_TYPE = UEFI_DRIVER + VERSION_STRING = 1.0 + + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +VALID_ARCHITECTURES = X64 IA32 + +[Binaries.X64] + PE32|X64/ext4_x64.efi|* + +[Binaries.IA32] + PE32|IA32/ext4_ia32.efi|* + diff --git a/FSDrivers/iso9660.inf b/FSDrivers/iso9660.inf new file mode 100644 index 0000000000..49063d8c59 --- /dev/null +++ b/FSDrivers/iso9660.inf @@ -0,0 +1,25 @@ +# ISO9660 filesystem driver. See */LICENSE.txt for details. +# https://www.rodsbooks.com/refind/ v0.12 + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = iso9660 + FILE_GUID = 33FAF091-A3E0-43E9-B303-DAFB6A226B6E + MODULE_TYPE = UEFI_DRIVER + VERSION_STRING = 1.0 + + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +VALID_ARCHITECTURES = X64 IA32 + +[Binaries.X64] + PE32|X64/iso9660_x64.efi|* + +[Binaries.IA32] + PE32|IA32/iso9660_ia32.efi|* + diff --git a/FSDrivers/ntfs.inf b/FSDrivers/ntfs.inf new file mode 100644 index 0000000000..804f655cd7 --- /dev/null +++ b/FSDrivers/ntfs.inf @@ -0,0 +1,27 @@ +# ReadOnly NTFS filesystem driver +# From https://efi.akeo.ie/ v1.5 +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = ntfs + FILE_GUID = 2282efd0-678b-4753-8d06-200d5940285d + MODULE_TYPE = UEFI_DRIVER + VERSION_STRING = 1.0 + + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +VALID_ARCHITECTURES = X64 IA32 + +[Binaries.X64] + PE32|X64/ntfs_x64.efi|* + +[Binaries.IA32] + PE32|IA32/ntfs_ia32.efi|* + + From 73b1b3dc1292c9088de51f281638b0874f8906ec Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Wed, 15 Apr 2020 16:21:46 +0200 Subject: [PATCH 020/357] DasharoPayloadPkg: Use new filesystem drivers Signed-off-by: Patrick Rudolph --- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 9c7db7388c..20ddeb6f7a 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -151,6 +151,23 @@ INF MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf +# +# Filesystem drivers +# +!if $(ARCH) == IA32 +INF RuleOverride=BINARY USE = IA32 FSDrivers/exfat.inf +INF RuleOverride=BINARY USE = IA32 FSDrivers/iso9660.inf +INF RuleOverride=BINARY USE = IA32 FSDrivers/ext2.inf +INF RuleOverride=BINARY USE = IA32 FSDrivers/ntfs.inf +INF RuleOverride=BINARY USE = IA32 FSDrivers/ext4.inf +!else +INF RuleOverride=BINARY USE = X64 FSDrivers/exfat.inf +INF RuleOverride=BINARY USE = X64 FSDrivers/iso9660.inf +INF RuleOverride=BINARY USE = X64 FSDrivers/ext2.inf +INF RuleOverride=BINARY USE = X64 FSDrivers/ntfs.inf +INF RuleOverride=BINARY USE = X64 FSDrivers/ext4.inf +!endif + # # SD/eMMC Support # From fea31f1aaee9288d07f8d09bfe9d4b93159ed77b Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Fri, 17 Apr 2020 15:58:58 +0200 Subject: [PATCH 021/357] DasharoPayloadPkg: Add support for Firmware Volume Block Protocol (SMMSTORE) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use coreboot's SMMSTORE v2 to implement a FVB protocol. Add a library for SMMStore to be used in PEI and DXE. The DXE component provides runtime services and takes care of virtual to physical mapping the communication buffers between SMM and OS. Make use of the APRIORI DXE to initialize an empty store on the first boot and set the PCDs to sane values before the variable driver is loaded. To avoid BSOD on Windows10: * Convert all runtime memory pointers to virtual memory * Mark store MMIO address as MMIO and runtime memory Signed-off-by: Patrick Rudolph Signed-off-by: Michał Żygowski --- .../BlSMMStoreDxe/BlSMMStoreDxe.c | 337 ++++++++ .../BlSMMStoreDxe/BlSMMStoreDxe.h | 118 +++ .../BlSMMStoreDxe/BlSMMStoreDxe.inf | 65 ++ .../BlSMMStoreDxe/BlSMMStoreFvbDxe.c | 813 ++++++++++++++++++ DasharoPayloadPkg/BlSupportPei/BlSupportPei.c | 12 + DasharoPayloadPkg/BlSupportPei/BlSupportPei.h | 1 + .../BlSupportPei/BlSupportPei.inf | 1 + DasharoPayloadPkg/DasharoPayloadPkg.dec | 1 + DasharoPayloadPkg/DasharoPayloadPkg.dsc | 25 +- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 20 + DasharoPayloadPkg/Include/Coreboot.h | 13 + .../Include/Guid/SMMSTOREInfoGuid.h | 27 + .../Include/Library/BlParseLib.h | 16 + .../Include/Library/SMMStoreLib.h | 98 +++ .../Library/CbParseLib/CbParseLib.c | 42 + .../Library/CbSMMStoreLib/CbSMMStoreLib.inf | 28 + .../Library/CbSMMStoreLib/CorebootSMMStore.c | 281 ++++++ .../Library/SblParseLib/SblParseLib.c | 17 + .../Library/SblSMMStoreLib/SblSMMStore.c | 102 +++ .../Library/SblSMMStoreLib/SblSMMStoreLib.inf | 28 + 20 files changed, 2038 insertions(+), 7 deletions(-) create mode 100644 DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.c create mode 100644 DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.h create mode 100644 DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf create mode 100644 DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreFvbDxe.c create mode 100644 DasharoPayloadPkg/Include/Guid/SMMSTOREInfoGuid.h create mode 100644 DasharoPayloadPkg/Include/Library/SMMStoreLib.h create mode 100644 DasharoPayloadPkg/Library/CbSMMStoreLib/CbSMMStoreLib.inf create mode 100644 DasharoPayloadPkg/Library/CbSMMStoreLib/CorebootSMMStore.c create mode 100644 DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStore.c create mode 100644 DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStoreLib.inf diff --git a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.c b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.c new file mode 100644 index 0000000000..fa5459cd28 --- /dev/null +++ b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.c @@ -0,0 +1,337 @@ +/** @file BlSMMStoreDxe.c + + Copyright (c) 2020, 9elements Agency GmbH
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "BlSMMStoreDxe.h" + +STATIC EFI_EVENT mSMMStoreVirtualAddrChangeEvent; + +// +// Global variable declarations +// +SMMSTORE_INSTANCE *mSMMStoreInstance; + +SMMSTORE_INSTANCE mSMMStoreInstanceTemplate = { + SMMSTORE_SIGNATURE, // Signature + NULL, // Handle ... NEED TO BE FILLED + { + 0, // MediaId ... NEED TO BE FILLED + FALSE, // RemovableMedia + TRUE, // MediaPresent + FALSE, // LogicalPartition + FALSE, // ReadOnly + FALSE, // WriteCaching; + 0, // BlockSize ... NEED TO BE FILLED + 4, // IoAlign + 0, // LastBlock ... NEED TO BE FILLED + 0, // LowestAlignedLba + 1, // LogicalBlocksPerPhysicalBlock + }, //Media; + + { + FvbGetAttributes, // GetAttributes + FvbSetAttributes, // SetAttributes + FvbGetPhysicalAddress, // GetPhysicalAddress + FvbGetBlockSize, // GetBlockSize + FvbRead, // Read + FvbWrite, // Write + FvbEraseBlocks, // EraseBlocks + NULL, //ParentHandle + }, // FvbProtoccol; + { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8)(OFFSET_OF (NOR_FLASH_DEVICE_PATH, End)), + (UINT8)(OFFSET_OF (NOR_FLASH_DEVICE_PATH, End) >> 8) + } + }, + { 0x0, 0x0, 0x0, { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 } }, // GUID ... NEED TO BE FILLED + }, + 0, // Index + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { sizeof (EFI_DEVICE_PATH_PROTOCOL), 0 } + } + } // DevicePath +}; + +STATIC +EFI_STATUS +SMMStoreCreateInstance ( + IN UINTN NumberofBlocks, + IN UINTN BlockSize, + OUT SMMSTORE_INSTANCE** SMMStoreInstance + ) +{ + EFI_STATUS Status; + SMMSTORE_INSTANCE* Instance; + + ASSERT(SMMStoreInstance != NULL); + + Instance = AllocateRuntimeCopyPool (sizeof(SMMSTORE_INSTANCE),&mSMMStoreInstanceTemplate); + if (Instance == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Instance->Media.MediaId = 0; + Instance->Media.BlockSize = BlockSize; + Instance->Media.LastBlock = NumberofBlocks - 1; + + CopyGuid (&Instance->DevicePath.Vendor.Guid, &gEfiCallerIdGuid); + Instance->DevicePath.Index = (UINT8)0; + + Status = SMMStoreFvbInitialize (Instance); + if (EFI_ERROR(Status)) { + FreePool (Instance); + return Status; + } + + Status = gBS->InstallMultipleProtocolInterfaces ( + &Instance->Handle, + &gEfiDevicePathProtocolGuid, &Instance->DevicePath, + &gEfiFirmwareVolumeBlockProtocolGuid, &Instance->FvbProtocol, + NULL + ); + if (EFI_ERROR(Status)) { + FreePool (Instance); + return Status; + } + + DEBUG((DEBUG_INFO, "%a: Created a new instance\n", __FUNCTION__)); + + *SMMStoreInstance = Instance; + return Status; +} + +/** + Fixup internal data so that EFI can be call in virtual mode. + Call the passed in Child Notify event and convert any pointers in + lib to virtual mode. + + @param[in] Event The Event that is being processed + @param[in] Context Event Context +**/ +VOID +EFIAPI +BlSMMStoreVirtualNotifyEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + // Convert Fvb + EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.EraseBlocks); + EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.GetAttributes); + EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.GetBlockSize); + EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.GetPhysicalAddress); + EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.Read); + EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.SetAttributes); + EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.Write); + + SMMStoreVirtualNotifyEvent (Event, Context); + + return; +} + +EFI_STATUS +EFIAPI +BlSMMSTOREInitialise ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + VOID *ComBuf; + VOID *GuidHob; + SMMSTORE_INFO *SMMStoreInfoHob; + EFI_GCD_MEMORY_SPACE_DESCRIPTOR GcdDescriptor; + + if (PcdGetBool (PcdEmuVariableNvModeEnable)) { + DEBUG ((DEBUG_WARN, "Variable emulation is active! Skipping driver init.\n")); + return EFI_SUCCESS; + } + + // + // Find the SMMSTORE information guid hob + // + GuidHob = GetFirstGuidHob (&gEfiSMMSTOREInfoHobGuid); + if (GuidHob == NULL) { + DEBUG ((DEBUG_WARN, "SMMSTORE not supported! Skipping driver init.\n")); + PcdSetBoolS (PcdEmuVariableNvModeEnable, TRUE); + return EFI_SUCCESS; + } + + // + // Allocate Communication Buffer for arguments to pass to SMM + // + ComBuf = AllocateRuntimePool (SMMSTORE_COMBUF_SIZE); + if (!ComBuf) { + PcdSetBoolS (PcdEmuVariableNvModeEnable, TRUE); + return EFI_OUT_OF_RESOURCES; + } + + // + // Place SMMSTORE information hob in a runtime buffer + // + SMMStoreInfoHob = AllocateRuntimePool (GET_GUID_HOB_DATA_SIZE(GuidHob)); + if (!SMMStoreInfoHob) { + FreePool(ComBuf); + PcdSetBoolS (PcdEmuVariableNvModeEnable, TRUE); + return EFI_OUT_OF_RESOURCES; + } + + CopyMem(SMMStoreInfoHob, GET_GUID_HOB_DATA (GuidHob), GET_GUID_HOB_DATA_SIZE(GuidHob)); + + if (!SMMStoreInfoHob->MmioAddress || + !SMMStoreInfoHob->ComBuffer || + !SMMStoreInfoHob->BlockSize || + !SMMStoreInfoHob->NumBlocks) { + DEBUG((EFI_D_ERROR, "%a: Invalid data in SMMStore Info hob\n", __FUNCTION__)); + FreePool(ComBuf); + FreePool(SMMStoreInfoHob); + return EFI_WRITE_PROTECTED; + } + + Status = SMMStoreInitialize(ComBuf, SMMStoreInfoHob); + if (EFI_ERROR(Status)) { + DEBUG((EFI_D_ERROR,"%a: Failed to initialize SMMStore\n", + __FUNCTION__)); + PcdSetBoolS (PcdEmuVariableNvModeEnable, TRUE); + FreePool(ComBuf); + FreePool(SMMStoreInfoHob); + return Status; + } + + // Update PCDs for Variable/RuntimeDxe + PcdSet32S (PcdFlashNvStorageVariableBase, + PcdGet32 (PcdFlashNvStorageVariableBase) + SMMStoreInfoHob->MmioAddress); + PcdSet32S (PcdFlashNvStorageFtwWorkingBase, + PcdGet32 (PcdFlashNvStorageFtwWorkingBase) + SMMStoreInfoHob->MmioAddress); + PcdSet32S (PcdFlashNvStorageFtwSpareBase, + PcdGet32 (PcdFlashNvStorageFtwSpareBase) + SMMStoreInfoHob->MmioAddress); + + mSMMStoreInstance = AllocateRuntimePool (sizeof(SMMSTORE_INSTANCE*)); + if (!mSMMStoreInstance) { + DEBUG((EFI_D_ERROR, "%a: Out of resources\n", __FUNCTION__)); + FreePool(ComBuf); + FreePool(SMMStoreInfoHob); + PcdSetBoolS (PcdEmuVariableNvModeEnable, TRUE); + return EFI_OUT_OF_RESOURCES; + } + + Status = SMMStoreCreateInstance ( + SMMStoreInfoHob->NumBlocks, + SMMStoreInfoHob->BlockSize, + &mSMMStoreInstance + ); + if (EFI_ERROR(Status)) { + DEBUG((EFI_D_ERROR, "%a: Fail to create instance for SMMStore\n", + __FUNCTION__)); + PcdSetBoolS (PcdEmuVariableNvModeEnable, TRUE); + FreePool(ComBuf); + FreePool(SMMStoreInfoHob); + return Status; + } + + // + // Register for the virtual address change event + // + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + BlSMMStoreVirtualNotifyEvent, + NULL, + &gEfiEventVirtualAddressChangeGuid, + &mSMMStoreVirtualAddrChangeEvent + ); + ASSERT_EFI_ERROR (Status); + + // + // Finally mark the SMM communication buffer provided by CB or SBL as runtime memory + // + Status = gDS->GetMemorySpaceDescriptor (SMMStoreInfoHob->ComBuffer, &GcdDescriptor); + if (EFI_ERROR (Status) || GcdDescriptor.GcdMemoryType == EfiGcdMemoryTypeNonExistent) { + DEBUG((EFI_D_INFO, "%a: No memory space descriptor for com buffer found\n", + __FUNCTION__)); + + // + // Add a new entry if not covered by existing mapping + // + Status = gDS->AddMemorySpace ( + EfiGcdMemoryTypeReserved, + SMMStoreInfoHob->ComBuffer, SMMStoreInfoHob->ComBufferSize, + EFI_MEMORY_WB | EFI_MEMORY_RUNTIME + ); + if (EFI_ERROR (Status)) + DEBUG((EFI_D_ERROR, "%a: Failed to add memory space for com buffer (%r)\n", + __FUNCTION__, Status)); + } + + // + // Mark as runtime service + // + Status = gDS->SetMemorySpaceAttributes ( + SMMStoreInfoHob->ComBuffer, + SMMStoreInfoHob->ComBufferSize, + EFI_MEMORY_RUNTIME + ); + if (EFI_ERROR (Status)) + DEBUG((EFI_D_ERROR, "%a: Failed to mark com buffer as Runtime Service memory (%r)\n", + __FUNCTION__, Status)); + + if (!SMMStoreInfoHob->MmioAddress) + return Status; + + // + // Mark the memory mapped store as MMIO memory + // + Status = gDS->GetMemorySpaceDescriptor (SMMStoreInfoHob->MmioAddress, &GcdDescriptor); + if (EFI_ERROR (Status) || GcdDescriptor.GcdMemoryType == EfiGcdMemoryTypeNonExistent) { + DEBUG((EFI_D_INFO, "%a: No memory space descriptor for MMIO found\n", + __FUNCTION__)); + + // + // Add a new entry if not covered by existing mapping + // + Status = gDS->AddMemorySpace ( + EfiGcdMemoryTypeMemoryMappedIo, + SMMStoreInfoHob->MmioAddress, + SMMStoreInfoHob->NumBlocks * SMMStoreInfoHob->BlockSize, + EFI_MEMORY_UC | EFI_MEMORY_RUNTIME + ); + if (EFI_ERROR (Status)) + DEBUG((EFI_D_ERROR, "%a: Failed to add memory space for MMIO (%r)\n", + __FUNCTION__, Status)); + } + + // + // Mark as runtime service + // + Status = gDS->SetMemorySpaceAttributes ( + SMMStoreInfoHob->MmioAddress, + SMMStoreInfoHob->NumBlocks * SMMStoreInfoHob->BlockSize, + EFI_MEMORY_RUNTIME + ); + if (EFI_ERROR (Status)) + DEBUG((EFI_D_ERROR, "%a: Failed to mark MMIO as Runtime Service memory (%r)\n", + __FUNCTION__, Status)); + + + return Status; +} diff --git a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.h b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.h new file mode 100644 index 0000000000..87fcbc3894 --- /dev/null +++ b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.h @@ -0,0 +1,118 @@ +/** @file BlSMMStoreDxe.h + + Copyright (c) 2020, 9elements Agency GmbH
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __COREBOOT_SMM_STORE_DXE_H__ +#define __COREBOOT_SMM_STORE_DXE_H__ + + +#include +#include + +#include + +#include +#include +#include + +#include +#include +#include +#include + +#define SMMSTORE_SIGNATURE SIGNATURE_32('S', 'M', 'M', 'S') +#define INSTANCE_FROM_FVB_THIS(a) CR(a, SMMSTORE_INSTANCE, FvbProtocol, SMMSTORE_SIGNATURE) + +typedef struct _SMMSTORE_INSTANCE SMMSTORE_INSTANCE; + +#pragma pack (1) +typedef struct { + VENDOR_DEVICE_PATH Vendor; + UINT8 Index; + EFI_DEVICE_PATH_PROTOCOL End; +} NOR_FLASH_DEVICE_PATH; +#pragma pack () + +struct _SMMSTORE_INSTANCE { + UINT32 Signature; + EFI_HANDLE Handle; + EFI_BLOCK_IO_MEDIA Media; + + EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL FvbProtocol; + + NOR_FLASH_DEVICE_PATH DevicePath; +}; + +// +// BlSMMStoreFvbDxe.c +// + +EFI_STATUS +EFIAPI +SMMStoreFvbInitialize ( + IN SMMSTORE_INSTANCE* Instance + ); + +EFI_STATUS +EFIAPI +FvbGetAttributes( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + OUT EFI_FVB_ATTRIBUTES_2 *Attributes + ); + +EFI_STATUS +EFIAPI +FvbSetAttributes( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN OUT EFI_FVB_ATTRIBUTES_2 *Attributes + ); + +EFI_STATUS +EFIAPI +FvbGetPhysicalAddress( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + OUT EFI_PHYSICAL_ADDRESS *Address + ); + +EFI_STATUS +EFIAPI +FvbGetBlockSize( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN EFI_LBA Lba, + OUT UINTN *BlockSize, + OUT UINTN *NumberOfBlocks + ); + +EFI_STATUS +EFIAPI +FvbRead( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN EFI_LBA Lba, + IN UINTN Offset, + IN OUT UINTN *NumBytes, + IN OUT UINT8 *Buffer + ); + +EFI_STATUS +EFIAPI +FvbWrite( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN EFI_LBA Lba, + IN UINTN Offset, + IN OUT UINTN *NumBytes, + IN UINT8 *Buffer + ); + +EFI_STATUS +EFIAPI +FvbEraseBlocks( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + ... + ); + + +#endif /* __COREBOOT_SMM_STORE_DXE_H__ */ diff --git a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf new file mode 100644 index 0000000000..0bcaff65a6 --- /dev/null +++ b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf @@ -0,0 +1,65 @@ +#/** @file +# +# Component description file for SMMSTORE module +# +# Copyright (c) 2020, 9elements Agency GmbH
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +#**/ +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = UefiPayloadBlSMMStoreDxe + FILE_GUID = A0402FCA-6B25-4CEA-B7DD-C08F99714B29 + MODULE_TYPE = DXE_RUNTIME_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = BlSMMSTOREInitialise + +[Sources.common] + BlSMMStoreDxe.h + BlSMMStoreDxe.c + BlSMMStoreFvbDxe.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + EmbeddedPkg/EmbeddedPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec + +[LibraryClasses] + IoLib + BaseLib + DebugLib + HobLib + SmmStoreLib + UefiLib + UefiDriverEntryPoint + UefiBootServicesTableLib + UefiRuntimeLib + DxeServicesTableLib + +[Guids] + gEfiSystemNvDataFvGuid + gEfiVariableGuid + gEfiAuthenticatedVariableGuid + gEfiEventVirtualAddressChangeGuid + gEdkiiNvVarStoreFormattedGuid ## PRODUCES ## PROTOCOL + gEfiSMMSTOREInfoHobGuid + +[Protocols] + gEfiBlockIoProtocolGuid + gEfiDevicePathProtocolGuid + gEfiFirmwareVolumeBlockProtocolGuid ## PRODUCES + gEfiDiskIoProtocolGuid + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable + +[Depex] + gEfiCpuArchProtocolGuid diff --git a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreFvbDxe.c b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreFvbDxe.c new file mode 100644 index 0000000000..63ca6172a6 --- /dev/null +++ b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreFvbDxe.c @@ -0,0 +1,813 @@ +/*++ @file BlSMMStoreFvbDxe.c + + Copyright (c) 2020, 9elements Agency GmbH
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + + --*/ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "BlSMMStoreDxe.h" + +STATIC EFI_EVENT mFvbVirtualAddrChangeEvent; +STATIC UINTN mFlashNvStorageVariableBase; + +/// +/// The Firmware Volume Block Protocol is the low-level interface +/// to a firmware volume. File-level access to a firmware volume +/// should not be done using the Firmware Volume Block Protocol. +/// Normal access to a firmware volume must use the Firmware +/// Volume Protocol. Typically, only the file system driver that +/// produces the Firmware Volume Protocol will bind to the +/// Firmware Volume Block Protocol. +/// + +/** + Initialises the FV Header and Variable Store Header + to support variable operations. + + @param[in] Ptr - Location to initialise the headers + +**/ +EFI_STATUS +InitializeFvAndVariableStoreHeaders ( + IN SMMSTORE_INSTANCE *Instance + ) +{ + EFI_STATUS Status; + VOID* Headers; + UINTN HeadersLength; + EFI_FIRMWARE_VOLUME_HEADER *FirmwareVolumeHeader; + VARIABLE_STORE_HEADER *VariableStoreHeader; + + HeadersLength = sizeof(EFI_FIRMWARE_VOLUME_HEADER) + sizeof(EFI_FV_BLOCK_MAP_ENTRY) + sizeof(VARIABLE_STORE_HEADER); + Headers = AllocateZeroPool(HeadersLength); + + // FirmwareVolumeHeader->FvLength is declared to have the Variable area AND the FTW working area AND the FTW Spare contiguous. + ASSERT(PcdGet32(PcdFlashNvStorageVariableBase) + PcdGet32(PcdFlashNvStorageVariableSize) == PcdGet32(PcdFlashNvStorageFtwWorkingBase)); + ASSERT(PcdGet32(PcdFlashNvStorageFtwWorkingBase) + PcdGet32(PcdFlashNvStorageFtwWorkingSize) == PcdGet32(PcdFlashNvStorageFtwSpareBase)); + + // Check if the size of the area is at least one block size + ASSERT((PcdGet32(PcdFlashNvStorageVariableSize) > 0) && (PcdGet32(PcdFlashNvStorageVariableSize) / Instance->Media.BlockSize > 0)); + ASSERT((PcdGet32(PcdFlashNvStorageFtwWorkingSize) > 0) && (PcdGet32(PcdFlashNvStorageFtwWorkingSize) / Instance->Media.BlockSize > 0)); + ASSERT((PcdGet32(PcdFlashNvStorageFtwSpareSize) > 0) && (PcdGet32(PcdFlashNvStorageFtwSpareSize) / Instance->Media.BlockSize > 0)); + + // Ensure the Variable area Base Addresses are aligned on a block size boundaries + ASSERT(PcdGet32(PcdFlashNvStorageVariableBase) % Instance->Media.BlockSize == 0); + ASSERT(PcdGet32(PcdFlashNvStorageFtwWorkingBase) % Instance->Media.BlockSize == 0); + ASSERT(PcdGet32(PcdFlashNvStorageFtwSpareBase) % Instance->Media.BlockSize == 0); + + // + // EFI_FIRMWARE_VOLUME_HEADER + // + FirmwareVolumeHeader = (EFI_FIRMWARE_VOLUME_HEADER*)Headers; + CopyGuid (&FirmwareVolumeHeader->FileSystemGuid, &gEfiSystemNvDataFvGuid); + FirmwareVolumeHeader->FvLength = + PcdGet32(PcdFlashNvStorageVariableSize) + + PcdGet32(PcdFlashNvStorageFtwWorkingSize) + + PcdGet32(PcdFlashNvStorageFtwSpareSize); + FirmwareVolumeHeader->Signature = EFI_FVH_SIGNATURE; + FirmwareVolumeHeader->Attributes = (EFI_FVB_ATTRIBUTES_2) ( + EFI_FVB2_READ_ENABLED_CAP | // Reads may be enabled + EFI_FVB2_READ_STATUS | // Reads are currently enabled + EFI_FVB2_STICKY_WRITE | // A block erase is required to flip bits into EFI_FVB2_ERASE_POLARITY + EFI_FVB2_MEMORY_MAPPED | // It is memory mapped + EFI_FVB2_ERASE_POLARITY | // After erasure all bits take this value (i.e. '1') + EFI_FVB2_WRITE_STATUS | // Writes are currently enabled + EFI_FVB2_WRITE_ENABLED_CAP // Writes may be enabled + ); + FirmwareVolumeHeader->HeaderLength = sizeof(EFI_FIRMWARE_VOLUME_HEADER) + sizeof(EFI_FV_BLOCK_MAP_ENTRY); + FirmwareVolumeHeader->Revision = EFI_FVH_REVISION; + FirmwareVolumeHeader->BlockMap[0].NumBlocks = Instance->Media.LastBlock + 1; + FirmwareVolumeHeader->BlockMap[0].Length = Instance->Media.BlockSize; + FirmwareVolumeHeader->BlockMap[1].NumBlocks = 0; + FirmwareVolumeHeader->BlockMap[1].Length = 0; + FirmwareVolumeHeader->Checksum = CalculateCheckSum16 ((UINT16*)FirmwareVolumeHeader,FirmwareVolumeHeader->HeaderLength); + + // + // VARIABLE_STORE_HEADER + // + VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)Headers + FirmwareVolumeHeader->HeaderLength); + CopyGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid); + VariableStoreHeader->Size = PcdGet32(PcdFlashNvStorageVariableSize) - FirmwareVolumeHeader->HeaderLength; + VariableStoreHeader->Format = VARIABLE_STORE_FORMATTED; + VariableStoreHeader->State = VARIABLE_STORE_HEALTHY; + + // Install the combined super-header in the store + Status = FvbWrite (&Instance->FvbProtocol, 0, 0, &HeadersLength, Headers); + + FreePool (Headers); + return Status; +} + +/** + Check the integrity of firmware volume header. + + @param[in] FwVolHeader - A pointer to a firmware volume header + + @retval EFI_SUCCESS - The firmware volume is consistent + @retval EFI_NOT_FOUND - The firmware volume has been corrupted. + +**/ +EFI_STATUS +ValidateFvHeader ( + IN SMMSTORE_INSTANCE *Instance + ) +{ + UINT16 Checksum; + EFI_FIRMWARE_VOLUME_HEADER *FwVolHeader; + VARIABLE_STORE_HEADER *VariableStoreHeader; + UINTN VariableStoreLength; + UINTN FvLength; + EFI_STATUS TempStatus; + UINTN BufferSize; + UINTN BufferSizeReqested; + + BufferSizeReqested = sizeof(EFI_FIRMWARE_VOLUME_HEADER); + FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER*)AllocatePool(BufferSizeReqested); + if (!FwVolHeader) { + return EFI_OUT_OF_RESOURCES; + } + BufferSize = BufferSizeReqested; + TempStatus = SMMStoreRead (0, 0, &BufferSize, (UINT8 *)FwVolHeader); + if (EFI_ERROR (TempStatus) || BufferSizeReqested != BufferSize) { + FreePool (FwVolHeader); + return EFI_DEVICE_ERROR; + } + + FvLength = PcdGet32(PcdFlashNvStorageVariableSize) + PcdGet32(PcdFlashNvStorageFtwWorkingSize) + + PcdGet32(PcdFlashNvStorageFtwSpareSize); + + // + // Verify the header revision, header signature, length + // Length of FvBlock cannot be 2**64-1 + // HeaderLength cannot be an odd number + // + if ( (FwVolHeader->Revision != EFI_FVH_REVISION) + || (FwVolHeader->Signature != EFI_FVH_SIGNATURE) + || (FwVolHeader->FvLength != FvLength) + ) + { + DEBUG ((EFI_D_INFO, "%a: No Firmware Volume header present\n", + __FUNCTION__)); + FreePool (FwVolHeader); + return EFI_NOT_FOUND; + } + + // Check the Firmware Volume Guid + if( CompareGuid (&FwVolHeader->FileSystemGuid, &gEfiSystemNvDataFvGuid) == FALSE ) { + DEBUG ((EFI_D_INFO, "%a: Firmware Volume Guid non-compatible\n", + __FUNCTION__)); + FreePool (FwVolHeader); + return EFI_NOT_FOUND; + } + + BufferSizeReqested = FwVolHeader->HeaderLength; + FreePool (FwVolHeader); + FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER*)AllocatePool(BufferSizeReqested); + if (!FwVolHeader) { + return EFI_OUT_OF_RESOURCES; + } + BufferSize = BufferSizeReqested; + TempStatus = SMMStoreRead (0, 0, &BufferSize, (UINT8 *)FwVolHeader); + if (EFI_ERROR (TempStatus) || BufferSizeReqested != BufferSize) { + FreePool (FwVolHeader); + return EFI_DEVICE_ERROR; + } + + // Verify the header checksum + Checksum = CalculateSum16((UINT16*)FwVolHeader, FwVolHeader->HeaderLength); + if (Checksum != 0) { + DEBUG ((EFI_D_INFO, "%a: FV checksum is invalid (Checksum:0x%X)\n", + __FUNCTION__, Checksum)); + FreePool (FwVolHeader); + return EFI_NOT_FOUND; + } + + BufferSizeReqested = sizeof(VARIABLE_STORE_HEADER); + VariableStoreHeader = (VARIABLE_STORE_HEADER*)AllocatePool(BufferSizeReqested); + if (!VariableStoreHeader) { + return EFI_OUT_OF_RESOURCES; + } + BufferSize = BufferSizeReqested; + TempStatus = SMMStoreRead (0, FwVolHeader->HeaderLength, &BufferSize, (UINT8 *)VariableStoreHeader); + if (EFI_ERROR (TempStatus) || BufferSizeReqested != BufferSize) { + FreePool (VariableStoreHeader); + FreePool (FwVolHeader); + return EFI_DEVICE_ERROR; + } + + // Check the Variable Store Guid + if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) && + !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) { + DEBUG ((EFI_D_INFO, "%a: Variable Store Guid non-compatible\n", + __FUNCTION__)); + FreePool (FwVolHeader); + FreePool (VariableStoreHeader); + return EFI_NOT_FOUND; + } + + VariableStoreLength = PcdGet32 (PcdFlashNvStorageVariableSize) - FwVolHeader->HeaderLength; + if (VariableStoreHeader->Size != VariableStoreLength) { + DEBUG ((EFI_D_INFO, "%a: Variable Store Length does not match\n", + __FUNCTION__)); + FreePool (FwVolHeader); + FreePool (VariableStoreHeader); + return EFI_NOT_FOUND; + } + + FreePool (FwVolHeader); + FreePool (VariableStoreHeader); + + return EFI_SUCCESS; +} + +/** + The GetAttributes() function retrieves the attributes and + current settings of the block. + + @param This Indicates the EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL instance. + + @param Attributes Pointer to EFI_FVB_ATTRIBUTES_2 in which the attributes and + current settings are returned. + Type EFI_FVB_ATTRIBUTES_2 is defined in EFI_FIRMWARE_VOLUME_HEADER. + + @retval EFI_SUCCESS The firmware volume attributes were returned. + + **/ +EFI_STATUS +EFIAPI +FvbGetAttributes( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + OUT EFI_FVB_ATTRIBUTES_2 *Attributes + ) +{ + EFI_FVB_ATTRIBUTES_2 FlashFvbAttributes; + SMMSTORE_INSTANCE *Instance; + + Instance = INSTANCE_FROM_FVB_THIS(This); + + FlashFvbAttributes = (EFI_FVB_ATTRIBUTES_2) ( + + EFI_FVB2_READ_ENABLED_CAP | // Reads may be enabled + EFI_FVB2_READ_STATUS | // Reads are currently enabled + EFI_FVB2_STICKY_WRITE | // A block erase is required to flip bits into EFI_FVB2_ERASE_POLARITY + EFI_FVB2_MEMORY_MAPPED | // It is memory mapped + EFI_FVB2_ERASE_POLARITY // After erasure all bits take this value (i.e. '1') + + ); + + // Check if it is write protected + if (Instance->Media.ReadOnly != TRUE) { + + FlashFvbAttributes = FlashFvbAttributes | + EFI_FVB2_WRITE_STATUS | // Writes are currently enabled + EFI_FVB2_WRITE_ENABLED_CAP; // Writes may be enabled + } + + *Attributes = FlashFvbAttributes; + + DEBUG ((DEBUG_BLKIO, "FvbGetAttributes(0x%X)\n", *Attributes)); + + return EFI_SUCCESS; +} + +/** + The SetAttributes() function sets configurable firmware volume attributes + and returns the new settings of the firmware volume. + + + @param This Indicates the EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL instance. + + @param Attributes On input, Attributes is a pointer to EFI_FVB_ATTRIBUTES_2 + that contains the desired firmware volume settings. + On successful return, it contains the new settings of + the firmware volume. + Type EFI_FVB_ATTRIBUTES_2 is defined in EFI_FIRMWARE_VOLUME_HEADER. + + @retval EFI_SUCCESS The firmware volume attributes were returned. + + @retval EFI_INVALID_PARAMETER The attributes requested are in conflict with the capabilities + as declared in the firmware volume header. + + **/ +EFI_STATUS +EFIAPI +FvbSetAttributes( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN OUT EFI_FVB_ATTRIBUTES_2 *Attributes + ) +{ + DEBUG ((DEBUG_BLKIO, "FvbSetAttributes(0x%X) is not supported\n",*Attributes)); + return EFI_UNSUPPORTED; +} + +/** + The GetPhysicalAddress() function retrieves the base address of + a memory-mapped firmware volume. This function should be called + only for memory-mapped firmware volumes. + + @param This Indicates the EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL instance. + + @param Address Pointer to a caller-allocated + EFI_PHYSICAL_ADDRESS that, on successful + return from GetPhysicalAddress(), contains the + base address of the firmware volume. + + @retval EFI_SUCCESS The firmware volume base address was returned. + + @retval EFI_NOT_SUPPORTED The firmware volume is not memory mapped. + + **/ +EFI_STATUS +EFIAPI +FvbGetPhysicalAddress ( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + OUT EFI_PHYSICAL_ADDRESS *Address + ) +{ + ASSERT(Address != NULL); + + *Address = mFlashNvStorageVariableBase; + return EFI_SUCCESS; +} + +/** + The GetBlockSize() function retrieves the size of the requested + block. It also returns the number of additional blocks with + the identical size. The GetBlockSize() function is used to + retrieve the block map (see EFI_FIRMWARE_VOLUME_HEADER). + + + @param This Indicates the EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL instance. + + @param Lba Indicates the block for which to return the size. + + @param BlockSize Pointer to a caller-allocated UINTN in which + the size of the block is returned. + + @param NumberOfBlocks Pointer to a caller-allocated UINTN in + which the number of consecutive blocks, + starting with Lba, is returned. All + blocks in this range have a size of + BlockSize. + + + @retval EFI_SUCCESS The firmware volume base address was returned. + + @retval EFI_INVALID_PARAMETER The requested LBA is out of range. + + **/ +EFI_STATUS +EFIAPI +FvbGetBlockSize ( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN EFI_LBA Lba, + OUT UINTN *BlockSize, + OUT UINTN *NumberOfBlocks + ) +{ + EFI_STATUS Status; + SMMSTORE_INSTANCE *Instance; + + Instance = INSTANCE_FROM_FVB_THIS(This); + + DEBUG ((DEBUG_BLKIO, "FvbGetBlockSize(Lba=%ld, BlockSize=0x%x, LastBlock=%ld)\n", Lba, Instance->Media.BlockSize, Instance->Media.LastBlock)); + + if (Lba > Instance->Media.LastBlock) { + DEBUG ((EFI_D_ERROR, "FvbGetBlockSize: ERROR - Parameter LBA %ld is beyond the last Lba (%ld).\n", Lba, Instance->Media.LastBlock)); + Status = EFI_INVALID_PARAMETER; + } else { + *BlockSize = (UINTN) Instance->Media.BlockSize; + *NumberOfBlocks = (UINTN) (Instance->Media.LastBlock - Lba + 1); + + DEBUG ((DEBUG_BLKIO, "FvbGetBlockSize: *BlockSize=0x%x, *NumberOfBlocks=0x%x.\n", *BlockSize, *NumberOfBlocks)); + + Status = EFI_SUCCESS; + } + + return Status; +} + +/** + Reads the specified number of bytes into a buffer from the specified block. + + The Read() function reads the requested number of bytes from the + requested block and stores them in the provided buffer. + Implementations should be mindful that the firmware volume + might be in the ReadDisabled state. If it is in this state, + the Read() function must return the status code + EFI_ACCESS_DENIED without modifying the contents of the + buffer. The Read() function must also prevent spanning block + boundaries. If a read is requested that would span a block + boundary, the read must read up to the boundary but not + beyond. The output parameter NumBytes must be set to correctly + indicate the number of bytes actually read. The caller must be + aware that a read may be partially completed. + + @param This Indicates the EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL instance. + + @param Lba The starting logical block index from which to read. + + @param Offset Offset into the block at which to begin reading. + + @param NumBytes Pointer to a UINTN. + At entry, *NumBytes contains the total size of the buffer. + At exit, *NumBytes contains the total number of bytes read. + + @param Buffer Pointer to a caller-allocated buffer that will be used + to hold the data that is read. + + @retval EFI_SUCCESS The firmware volume was read successfully, and contents are + in Buffer. + + @retval EFI_BAD_BUFFER_SIZE Read attempted across an LBA boundary. + On output, NumBytes contains the total number of bytes + returned in Buffer. + + @retval EFI_ACCESS_DENIED The firmware volume is in the ReadDisabled state. + + @retval EFI_DEVICE_ERROR The block device is not functioning correctly and could not be read. + + **/ +EFI_STATUS +EFIAPI +FvbRead ( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN EFI_LBA Lba, + IN UINTN Offset, + IN OUT UINTN *NumBytes, + IN OUT UINT8 *Buffer + ) +{ + UINTN BlockSize; + SMMSTORE_INSTANCE *Instance; + + Instance = INSTANCE_FROM_FVB_THIS(This); + + DEBUG ((DEBUG_BLKIO, "FvbRead(Parameters: Lba=%ld, Offset=0x%x, *NumBytes=0x%x, Buffer @ 0x%08x)\n", Lba, Offset, *NumBytes, Buffer)); + + // Cache the block size to avoid de-referencing pointers all the time + BlockSize = Instance->Media.BlockSize; + + DEBUG ((DEBUG_BLKIO, "FvbRead: Check if (Offset=0x%x + NumBytes=0x%x) <= BlockSize=0x%x\n", Offset, *NumBytes, BlockSize )); + + // The read must not span block boundaries. + // We need to check each variable individually because adding two large values together overflows. + if ((Offset >= BlockSize) || + (*NumBytes > BlockSize) || + ((Offset + *NumBytes) > BlockSize)) { + DEBUG ((EFI_D_ERROR, "FvbRead: ERROR - EFI_BAD_BUFFER_SIZE: (Offset=0x%x + NumBytes=0x%x) > BlockSize=0x%x\n", Offset, *NumBytes, BlockSize )); + return EFI_BAD_BUFFER_SIZE; + } + + // We must have some bytes to read + if (*NumBytes == 0) { + return EFI_BAD_BUFFER_SIZE; + } + + return SMMStoreRead (Lba, Offset, NumBytes, Buffer); +} + +/** + Writes the specified number of bytes from the input buffer to the block. + + The Write() function writes the specified number of bytes from + the provided buffer to the specified block and offset. If the + firmware volume is sticky write, the caller must ensure that + all the bits of the specified range to write are in the + EFI_FVB_ERASE_POLARITY state before calling the Write() + function, or else the result will be unpredictable. This + unpredictability arises because, for a sticky-write firmware + volume, a write may negate a bit in the EFI_FVB_ERASE_POLARITY + state but cannot flip it back again. Before calling the + Write() function, it is recommended for the caller to first call + the EraseBlocks() function to erase the specified block to + write. A block erase cycle will transition bits from the + (NOT)EFI_FVB_ERASE_POLARITY state back to the + EFI_FVB_ERASE_POLARITY state. Implementations should be + mindful that the firmware volume might be in the WriteDisabled + state. If it is in this state, the Write() function must + return the status code EFI_ACCESS_DENIED without modifying the + contents of the firmware volume. The Write() function must + also prevent spanning block boundaries. If a write is + requested that spans a block boundary, the write must store up + to the boundary but not beyond. The output parameter NumBytes + must be set to correctly indicate the number of bytes actually + written. The caller must be aware that a write may be + partially completed. All writes, partial or otherwise, must be + fully flushed to the hardware before the Write() service + returns. + + @param This Indicates the EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL instance. + + @param Lba The starting logical block index to write to. + + @param Offset Offset into the block at which to begin writing. + + @param NumBytes The pointer to a UINTN. + At entry, *NumBytes contains the total size of the buffer. + At exit, *NumBytes contains the total number of bytes actually written. + + @param Buffer The pointer to a caller-allocated buffer that contains the source for the write. + + @retval EFI_SUCCESS The firmware volume was written successfully. + + @retval EFI_BAD_BUFFER_SIZE The write was attempted across an LBA boundary. + On output, NumBytes contains the total number of bytes + actually written. + + @retval EFI_ACCESS_DENIED The firmware volume is in the WriteDisabled state. + + @retval EFI_DEVICE_ERROR The block device is malfunctioning and could not be written. + + + **/ +EFI_STATUS +EFIAPI +FvbWrite ( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN EFI_LBA Lba, + IN UINTN Offset, + IN OUT UINTN *NumBytes, + IN UINT8 *Buffer + ) +{ + UINTN BlockSize; + SMMSTORE_INSTANCE *Instance; + + Instance = INSTANCE_FROM_FVB_THIS(This); + + DEBUG ((DEBUG_BLKIO, "FvbWrite(Parameters: Lba=%ld, Offset=0x%x, *NumBytes=0x%x, Buffer @ 0x%08x)\n", Lba, Offset, *NumBytes, Buffer)); + + // Cache the block size to avoid de-referencing pointers all the time + BlockSize = Instance->Media.BlockSize; + + // The read must not span block boundaries. + // We need to check each variable individually because adding two large values together overflows. + if ((Offset >= BlockSize) || + (*NumBytes > BlockSize) || + ((Offset + *NumBytes) > BlockSize)) { + DEBUG ((EFI_D_ERROR, "FvbRead: ERROR - EFI_BAD_BUFFER_SIZE: (Offset=0x%x + NumBytes=0x%x) > BlockSize=0x%x\n", Offset, *NumBytes, BlockSize )); + return EFI_BAD_BUFFER_SIZE; + } + + // We must have some bytes to read + if (*NumBytes == 0) { + return EFI_BAD_BUFFER_SIZE; + } + + return SMMStoreWrite (Lba, Offset, NumBytes, Buffer); +} + +/** + Erases and initialises a firmware volume block. + + The EraseBlocks() function erases one or more blocks as denoted + by the variable argument list. The entire parameter list of + blocks must be verified before erasing any blocks. If a block is + requested that does not exist within the associated firmware + volume (it has a larger index than the last block of the + firmware volume), the EraseBlocks() function must return the + status code EFI_INVALID_PARAMETER without modifying the contents + of the firmware volume. Implementations should be mindful that + the firmware volume might be in the WriteDisabled state. If it + is in this state, the EraseBlocks() function must return the + status code EFI_ACCESS_DENIED without modifying the contents of + the firmware volume. All calls to EraseBlocks() must be fully + flushed to the hardware before the EraseBlocks() service + returns. + + @param This Indicates the EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL + instance. + + @param ... The variable argument list is a list of tuples. + Each tuple describes a range of LBAs to erase + and consists of the following: + - An EFI_LBA that indicates the starting LBA + - A UINTN that indicates the number of blocks to erase. + + The list is terminated with an EFI_LBA_LIST_TERMINATOR. + For example, the following indicates that two ranges of blocks + (5-7 and 10-11) are to be erased: + EraseBlocks (This, 5, 3, 10, 2, EFI_LBA_LIST_TERMINATOR); + + @retval EFI_SUCCESS The erase request successfully completed. + + @retval EFI_ACCESS_DENIED The firmware volume is in the WriteDisabled state. + + @retval EFI_DEVICE_ERROR The block device is not functioning correctly and could not be written. + The firmware device may have been partially erased. + + @retval EFI_INVALID_PARAMETER One or more of the LBAs listed in the variable argument list do + not exist in the firmware volume. + + **/ +EFI_STATUS +EFIAPI +FvbEraseBlocks ( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + ... + ) +{ + EFI_STATUS Status; + VA_LIST Args; + EFI_LBA StartingLba; // Lba from which we start erasing + UINTN NumOfLba; // Number of Lba blocks to erase + SMMSTORE_INSTANCE *Instance; + + Instance = INSTANCE_FROM_FVB_THIS(This); + + DEBUG ((DEBUG_BLKIO, "FvbEraseBlocks()\n")); + + Status = EFI_SUCCESS; + + // Detect WriteDisabled state + if (Instance->Media.ReadOnly == TRUE) { + // Firmware volume is in WriteDisabled state + DEBUG ((EFI_D_ERROR, "FvbEraseBlocks: ERROR - Device is in WriteDisabled state.\n")); + return EFI_ACCESS_DENIED; + } + + // Before erasing, check the entire list of parameters to ensure all specified blocks are valid + + VA_START (Args, This); + do { + // Get the Lba from which we start erasing + StartingLba = VA_ARG (Args, EFI_LBA); + + // Have we reached the end of the list? + if (StartingLba == EFI_LBA_LIST_TERMINATOR) { + //Exit the while loop + break; + } + + // How many Lba blocks are we requested to erase? + NumOfLba = VA_ARG (Args, UINTN); + + // All blocks must be within range + DEBUG (( + DEBUG_BLKIO, + "FvbEraseBlocks: Check if: ( StartingLba=%ld + NumOfLba=%Lu - 1 ) > LastBlock=%ld.\n", + StartingLba, + (UINT64)NumOfLba, + Instance->Media.LastBlock + )); + if ((NumOfLba == 0) || ((StartingLba + NumOfLba - 1) > Instance->Media.LastBlock)) { + VA_END (Args); + DEBUG ((EFI_D_ERROR, "FvbEraseBlocks: ERROR - Lba range goes past the last Lba.\n")); + Status = EFI_INVALID_PARAMETER; + goto EXIT; + } + } while (TRUE); + VA_END (Args); + + // + // To get here, all must be ok, so start erasing + // + VA_START (Args, This); + do { + // Get the Lba from which we start erasing + StartingLba = VA_ARG (Args, EFI_LBA); + + // Have we reached the end of the list? + if (StartingLba == EFI_LBA_LIST_TERMINATOR) { + // Exit the while loop + break; + } + + // How many Lba blocks are we requested to erase? + NumOfLba = VA_ARG (Args, UINTN); + + // Go through each one and erase it + while (NumOfLba > 0) { + // Erase it + DEBUG ((DEBUG_BLKIO, "FvbEraseBlocks: Erasing Lba=%ld\n", StartingLba)); + Status = SMMStoreEraseBlock (StartingLba); + if (EFI_ERROR(Status)) { + VA_END (Args); + Status = EFI_DEVICE_ERROR; + goto EXIT; + } + + // Move to the next Lba + StartingLba++; + NumOfLba--; + } + } while (TRUE); + VA_END (Args); + +EXIT: + return Status; +} + +/** + Fixup internal data so that EFI can be call in virtual mode. + Call the passed in Child Notify event and convert any pointers in + lib to virtual mode. + + @param[in] Event The Event that is being processed + @param[in] Context Event Context +**/ +VOID +EFIAPI +FvbVirtualNotifyEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EfiConvertPointer (0x0, (VOID**)&mFlashNvStorageVariableBase); + return; +} + +EFI_STATUS +EFIAPI +SMMStoreFvbInitialize ( + IN SMMSTORE_INSTANCE* Instance + ) +{ + EFI_STATUS Status; + UINT32 FvbNumLba; + EFI_BOOT_MODE BootMode; + + DEBUG((DEBUG_BLKIO,"NorFlashFvbInitialize\n")); + ASSERT((Instance != NULL)); + + mFlashNvStorageVariableBase = PcdGet32 (PcdFlashNvStorageVariableBase); + + BootMode = GetBootModeHob (); + if (BootMode == BOOT_WITH_DEFAULT_SETTINGS) { + Status = EFI_INVALID_PARAMETER; + } else { + // Determine if there is a valid header at the beginning of the NorFlash + Status = ValidateFvHeader (Instance); + } + + // Install the Default FVB header if required + if (EFI_ERROR(Status)) { + // There is no valid header, so time to install one. + DEBUG ((EFI_D_INFO, "%a: The FVB Header is not valid.\n", __FUNCTION__)); + DEBUG ((EFI_D_INFO, "%a: Installing a correct one for this volume.\n", + __FUNCTION__)); + + // Erase all the NorFlash that is reserved for variable storage + FvbNumLba = (PcdGet32(PcdFlashNvStorageVariableSize) + + PcdGet32(PcdFlashNvStorageFtwWorkingSize) + + PcdGet32(PcdFlashNvStorageFtwSpareSize)) / Instance->Media.BlockSize; + + Status = FvbEraseBlocks (&Instance->FvbProtocol, (EFI_LBA)0, FvbNumLba, EFI_LBA_LIST_TERMINATOR); + if (EFI_ERROR(Status)) { + return Status; + } + + // Install all appropriate headers + Status = InitializeFvAndVariableStoreHeaders (Instance); + if (EFI_ERROR(Status)) { + return Status; + } + } else { + DEBUG((DEBUG_INFO, "%a: FVB header is valid\n", __FUNCTION__)); + } + + // + // The driver implementing the variable read service can now be dispatched; + // the varstore headers are in place. + // + Status = gBS->InstallProtocolInterface ( + &gImageHandle, + &gEdkiiNvVarStoreFormattedGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); + + // + // Register for the virtual address change event + // + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + FvbVirtualNotifyEvent, + NULL, + &gEfiEventVirtualAddressChangeGuid, + &mFvbVirtualAddrChangeEvent + ); + ASSERT_EFI_ERROR (Status); + + return Status; +} diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c index 2297245311..a4d6fa6215 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c @@ -385,6 +385,8 @@ BlPeiEntryPoint ( SYSTEM_TABLE_INFO *NewSysTableInfo; ACPI_BOARD_INFO AcpiBoardInfo; ACPI_BOARD_INFO *NewAcpiBoardInfo; + SMMSTORE_INFO SMMSTOREInfo; + SMMSTORE_INFO *NewSMMSTOREInfo; EFI_PEI_GRAPHICS_INFO_HOB GfxInfo; EFI_PEI_GRAPHICS_INFO_HOB *NewGfxInfo; EFI_PEI_GRAPHICS_DEVICE_INFO_HOB GfxDeviceInfo; @@ -523,6 +525,16 @@ BlPeiEntryPoint ( DEBUG ((DEBUG_INFO, "Created graphics device info hob\n")); } + // + // Create guid hob for SMMSTORE + // + Status = ParseSMMSTOREInfo (&SMMSTOREInfo); + if (!EFI_ERROR (Status)) { + NewSMMSTOREInfo = BuildGuidHob (&gEfiSMMSTOREInfoHobGuid, sizeof (SMMSTOREInfo)); + ASSERT (NewSMMSTOREInfo != NULL); + CopyMem (NewSMMSTOREInfo, &SMMSTOREInfo, sizeof (SMMSTOREInfo)); + DEBUG ((DEBUG_INFO, "Created SMMSTORE info hob\n")); + } // // Create guid hob for system tables like acpi table and smbios table diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h index d11a3570a1..705667627d 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h @@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf index e5d14d58a9..f23fc0a723 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf @@ -56,6 +56,7 @@ gEfiGraphicsInfoHobGuid gEfiGraphicsDeviceInfoHobGuid gUefiAcpiBoardInfoGuid + gEfiSMMSTOREInfoHobGuid [Ppis] gEfiPeiMasterBootModePpiGuid diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index 7aa7ac26f8..d5568e4ddc 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -33,6 +33,7 @@ gUefiAcpiBoardInfoGuid = {0xad3d31b, 0xb3d8, 0x4506, {0xae, 0x71, 0x2e, 0xf1, 0x10, 0x6, 0xd9, 0xf}} gUefiSerialPortInfoGuid = { 0x6c6872fe, 0x56a9, 0x4403, { 0xbb, 0x98, 0x95, 0x8d, 0x62, 0xde, 0x87, 0xf1 } } gLoaderMemoryMapInfoGuid = { 0xa1ff7424, 0x7a1a, 0x478e, { 0xa9, 0xe4, 0x92, 0xf3, 0x57, 0xd1, 0x28, 0x32 } } + gEfiSMMSTOREInfoHobGuid = { 0xf585ca19, 0x881b, 0x44fb, { 0x3f, 0x3d, 0x81, 0x89, 0x7c, 0x57, 0xbb, 0x01 }} [Ppis] gEfiPayLoadHobBasePpiGuid = { 0xdbe23aa1, 0xa342, 0x4b97, {0x85, 0xb6, 0xb2, 0x26, 0xf1, 0x61, 0x73, 0x89} } diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index bc361bd55f..30b36a4edb 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -236,6 +236,12 @@ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif +!if $(BOOTLOADER) == "COREBOOT" + SmmStoreLib|DasharoPayloadPkg/Library/CbSMMStoreLib/CbSMMStoreLib.inf +!else + SmmStoreLib|DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStoreLib.inf +!endif + [LibraryClasses.IA32.SEC] DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf @@ -304,14 +310,11 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE [PcdsFixedAtBuild] - gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x10000 + # UEFI spec: Minimal value is 0x8000! + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8000 + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8800 gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize|0x8000 gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x10000 - # - # Make VariableRuntimeDxe work at emulated non-volatile variable mode. - # - gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable|TRUE - gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0 gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } @@ -375,10 +378,11 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|3 + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable|FALSE ## This PCD defines the video horizontal resolution. # This PCD could be set to 0 then video resolution could be at highest resolution. @@ -563,6 +567,13 @@ MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf + # + # SMMSTORE + # +!if $(BOOTLOADER) == "COREBOOT" + DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf +!endif + #------------------------------ # Build the shell #------------------------------ diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 20ddeb6f7a..28b753c15b 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -77,6 +77,10 @@ APRIORI DXE { INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf +!if $(BOOTLOADER) == "COREBOOT" + # Initialize VariableStore and update PCDs before VariableRuntimeDxe + INF DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf +!endif } # @@ -112,6 +116,9 @@ INF DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf INF MdeModulePkg/Logo/LogoDxe.inf +!if $(BOOTLOADER) == "COREBOOT" +INF DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf +!endif # # PCI Support @@ -244,6 +251,19 @@ INF RuleOverride = BINARY USE = X64 ShellBinPkg/UefiShell/UefiShell.inf !endif !endif +# Constrains: +# PcdFlashNvStorageVariableSize <= FtwMaxBlockSize +# GetNonVolatileMaxVariableSize () < (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)) +DEFINE BLOCK_SIZE = 0x10000 + +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase = 0 +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize = $(BLOCK_SIZE) + +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase = gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize = $(BLOCK_SIZE) + +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase = gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize = $(BLOCK_SIZE) ################################################################################ # diff --git a/DasharoPayloadPkg/Include/Coreboot.h b/DasharoPayloadPkg/Include/Coreboot.h index 8a6c300cde..0416dd0493 100644 --- a/DasharoPayloadPkg/Include/Coreboot.h +++ b/DasharoPayloadPkg/Include/Coreboot.h @@ -236,6 +236,19 @@ struct cb_cbmem_tab { UINT64 cbmem_tab; }; +#define CB_TAG_SMMSTOREV2 0x0039 +struct cb_smmstorev2 { + UINT32 tag; + UINT32 size; + UINT32 num_blocks; /* Number of writeable blocks in SMM */ + UINT32 block_size; /* Size of a block in byte. Default: 64 KiB */ + UINT32 mmap_addr; /* MMIO address of the store for read only access */ + UINT32 com_buffer; /* Physical address of the communication buffer */ + UINT32 com_buffer_size; /* Size of the communication buffer in byte */ + UINT8 apm_cmd; /* The command byte to write to the APM I/O port */ + UINT8 unused[3]; /* Set to zero */ +}; + /* Helpful macros */ #define MEM_RANGE_COUNT(_rec) \ diff --git a/DasharoPayloadPkg/Include/Guid/SMMSTOREInfoGuid.h b/DasharoPayloadPkg/Include/Guid/SMMSTOREInfoGuid.h new file mode 100644 index 0000000000..552f86115b --- /dev/null +++ b/DasharoPayloadPkg/Include/Guid/SMMSTOREInfoGuid.h @@ -0,0 +1,27 @@ +/** @file + This file defines the hob structure for system tables like ACPI, SMBIOS tables. + + Copyright (c) 2020, 9elements Agency GmbH
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SMMSTORE_GUID_H__ +#define __SMMSTORE_GUID_H__ + +/// +/// System Table Information GUID +/// +extern EFI_GUID gEfiSMMSTOREInfoHobGuid; + +typedef struct { + UINT64 ComBuffer; + UINT32 ComBufferSize; + UINT32 NumBlocks; + UINT32 BlockSize; + UINT64 MmioAddress; + UINT8 ApmCmd; + UINT8 Reserved0[3]; +} SMMSTORE_INFO; + +#endif diff --git a/DasharoPayloadPkg/Include/Library/BlParseLib.h b/DasharoPayloadPkg/Include/Library/BlParseLib.h index 3f9e591ede..542c714c55 100644 --- a/DasharoPayloadPkg/Include/Library/BlParseLib.h +++ b/DasharoPayloadPkg/Include/Library/BlParseLib.h @@ -12,6 +12,7 @@ #include #include #include +#include #ifndef __BOOTLOADER_PARSE_LIB__ #define __BOOTLOADER_PARSE_LIB__ @@ -117,4 +118,19 @@ ParseGfxDeviceInfo ( OUT EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *GfxDeviceInfo ); +/** + Find the video frame buffer device information + + @param SMMSTOREInfo Pointer to the SMMSTORE_INFO structure + + @retval RETURN_SUCCESS Successfully find the SMM store buffer information. + @retval RETURN_NOT_FOUND Failed to find the SMM store buffer information . + +**/ +RETURN_STATUS +EFIAPI +ParseSMMSTOREInfo ( + OUT SMMSTORE_INFO *SMMSTOREInfo + ); + #endif diff --git a/DasharoPayloadPkg/Include/Library/SMMStoreLib.h b/DasharoPayloadPkg/Include/Library/SMMStoreLib.h new file mode 100644 index 0000000000..be7b9a54a1 --- /dev/null +++ b/DasharoPayloadPkg/Include/Library/SMMStoreLib.h @@ -0,0 +1,98 @@ +/** @file SMMStoreLib.h + + Copyright (c) 2020, 9elements Agency GmbH
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SMM_STORE_LIB_H__ +#define __SMM_STORE_LIB_H__ + +#include +#include +#include + +#define SMMSTORE_COMBUF_SIZE 16 + +/** + Read from SMMStore + + @param[in] Lba The starting logical block index to read from. + @param[in] Offset Offset into the block at which to begin reading. + @param[in] NumBytes On input, indicates the requested read size. On + output, indicates the actual number of bytes read + @param[in] Buffer Pointer to the buffer to read into. + +**/ +EFI_STATUS +SMMStoreRead ( + IN EFI_LBA Lba, + IN UINTN Offset, + IN UINTN *NumBytes, + IN UINT8 *Buffer + ); + + +/** + Write to SMMStore + + @param[in] Lba The starting logical block index to write to. + @param[in] Offset Offset into the block at which to begin writing. + @param[in] NumBytes On input, indicates the requested write size. On + output, indicates the actual number of bytes written + @param[in] Buffer Pointer to the data to write. + +**/ +EFI_STATUS +SMMStoreWrite ( + IN EFI_LBA Lba, + IN UINTN Offset, + IN UINTN *NumBytes, + IN UINT8 *Buffer + ); + + +/** + Erase a block using the SMMStore + + @param Lba The logical block index to erase. + +**/ +EFI_STATUS +SMMStoreEraseBlock ( + IN EFI_LBA Lba + ); + + +/** + Notify the SMMStore Library about a VirtualNotify + +**/ + +VOID +EFIAPI +SMMStoreVirtualNotifyEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ); + +/** + Initializes SMMStore support + + @param[in] Ptr A runtime buffer where arguments are stored + for SMM communication + @param[in] SmmStoreInfoHob A runtime buffer with a copy of the + SmmStore Info Hob + + @retval EFI_WRITE_PROTECTED The SMMSTORE is not present. + @retval EFI_SUCCESS The SMMSTORE is supported. + +**/ +EFI_STATUS +SMMStoreInitialize ( + IN VOID *Ptr, + IN SMMSTORE_INFO *SmmStoreInfoHob + ); + +#endif /* __SMM_STORE_LIB_H__ */ diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c index 4e23cff50e..2b449f05eb 100644 --- a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c @@ -558,3 +558,45 @@ ParseGfxDeviceInfo ( return RETURN_NOT_FOUND; } +/** + Find the SMM store information + + @param SMMSTOREInfo Pointer to the SMMSTORE_INFO structure + + @retval RETURN_SUCCESS Successfully find the SMM store buffer information. + @retval RETURN_NOT_FOUND Failed to find the SMM store buffer information . + +**/ +RETURN_STATUS +EFIAPI +ParseSMMSTOREInfo ( + OUT SMMSTORE_INFO *SMMSTOREInfo + ) +{ + struct cb_smmstorev2 *CbSSRec; + + if (SMMSTOREInfo == NULL) { + return RETURN_INVALID_PARAMETER; + } + + CbSSRec = FindCbTag (CB_TAG_SMMSTOREV2); + if (CbSSRec == NULL) { + return RETURN_NOT_FOUND; + } + + DEBUG ((DEBUG_INFO, "Found SMM Store information\n")); + DEBUG ((DEBUG_INFO, "block size: 0x%x\n", CbSSRec->block_size)); + DEBUG ((DEBUG_INFO, "number of blocks: 0x%x\n", CbSSRec->num_blocks)); + DEBUG ((DEBUG_INFO, "communication buffer: 0x%x\n", CbSSRec->com_buffer)); + DEBUG ((DEBUG_INFO, "communication buffer size: 0x%x\n", CbSSRec->com_buffer_size)); + DEBUG ((DEBUG_INFO, "MMIO address of store: 0x%x\n", CbSSRec->mmap_addr)); + + SMMSTOREInfo->ComBuffer = CbSSRec->com_buffer; + SMMSTOREInfo->ComBufferSize = CbSSRec->com_buffer_size; + SMMSTOREInfo->BlockSize = CbSSRec->block_size; + SMMSTOREInfo->NumBlocks = CbSSRec->num_blocks; + SMMSTOREInfo->MmioAddress = CbSSRec->mmap_addr; + SMMSTOREInfo->ApmCmd = CbSSRec->apm_cmd; + + return RETURN_SUCCESS; +} diff --git a/DasharoPayloadPkg/Library/CbSMMStoreLib/CbSMMStoreLib.inf b/DasharoPayloadPkg/Library/CbSMMStoreLib/CbSMMStoreLib.inf new file mode 100644 index 0000000000..1e07f01d2b --- /dev/null +++ b/DasharoPayloadPkg/Library/CbSMMStoreLib/CbSMMStoreLib.inf @@ -0,0 +1,28 @@ +## @file +# SMMStore library for coreboot +# +# Copyright (c) 2020 9elements Agency GmbH.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = CbSmmStoreLib + FILE_GUID = 40A2CBC6-CFB8-447b-A90E-298E88FD345E + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = SmmStoreLib + +[Sources] + CorebootSMMStore.c + +[LibraryClasses] + BaseMemoryLib + DebugLib + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec diff --git a/DasharoPayloadPkg/Library/CbSMMStoreLib/CorebootSMMStore.c b/DasharoPayloadPkg/Library/CbSMMStoreLib/CorebootSMMStore.c new file mode 100644 index 0000000000..15c69d7bdd --- /dev/null +++ b/DasharoPayloadPkg/Library/CbSMMStoreLib/CorebootSMMStore.c @@ -0,0 +1,281 @@ +/** @file CorebootSMMStoreDxe.c + + Copyright (c) 2020, 9elements Agency GmbH
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include + +#include +#include +#include +#include + +/* + * calls into SMM with the given cmd and subcmd in eax, and arg in ebx + * + * static inline because the resulting assembly is often smaller than + * the call sequence due to constant folding. + */ +static inline UINT32 call_smm(UINT8 cmd, UINT8 subcmd, UINT32 arg) { + UINT32 res = ~0; + __asm__ __volatile__ ( + "outb %b0, $0xb2" + : "=a" (res) + : "a" ((subcmd << 8) | cmd), "b" (arg) + : "memory"); + return res; +} + +#define SMMSTORE_RET_SUCCESS 0 +#define SMMSTORE_RET_FAILURE 1 +#define SMMSTORE_RET_UNSUPPORTED 2 + +/* Version 2 only */ +#define SMMSTORE_CMD_INIT 4 +#define SMMSTORE_CMD_RAW_READ 5 +#define SMMSTORE_CMD_RAW_WRITE 6 +#define SMMSTORE_CMD_RAW_CLEAR 7 + +/* + * This allows the payload to store raw data in the flash regions. + * This can be used by a FaultTolerantWrite implementation, that uses at least + * two regions in an A/B update scheme. + */ + +#pragma pack(1) +/* + * Reads a chunk of raw data with size @bufsize from the block specified by + * @block_id starting at @bufoffset. + * The read data is placed in @buf. + * + * @block_id must be less than num_blocks + * @bufoffset + @bufsize must be less than block_size + */ +struct smmstore_params_raw_write { + UINT32 bufsize; + UINT32 bufoffset; + UINT32 block_id; +}; + +/* + * Writes a chunk of raw data with size @bufsize to the block specified by + * @block_id starting at @bufoffset. + * + * @block_id must be less than num_blocks + * @bufoffset + @bufsize must be less than block_size + */ +struct smmstore_params_raw_read { + UINT32 bufsize; + UINT32 bufoffset; + UINT32 block_id; +}; + +/* + * Erases the specified block. + * + * @block_id must be less than num_blocks + */ +struct smmstore_params_raw_clear { + UINT32 block_id; +}; + +typedef struct smmstore_comm_buffer { + union { + struct smmstore_params_raw_write raw_write; + struct smmstore_params_raw_read raw_read; + struct smmstore_params_raw_clear raw_clear; + }; +} SMMSTORE_COMBUF; +#pragma pack(0) + +/* + * A memory buffer to place arguments in. + */ +STATIC SMMSTORE_COMBUF *mArgComBuf; +STATIC UINT32 mArgComBufPhys; + +/* + * Metadata provided by the first stage bootloader. + */ +STATIC SMMSTORE_INFO *mSmmStoreInfo; + +/** + Read from SMMStore + + @param[in] Lba The starting logical block index to read from. + @param[in] Offset Offset into the block at which to begin reading. + @param[in] NumBytes On input, indicates the requested read size. On + output, indicates the actual number of bytes read + @param[in] Buffer Pointer to the buffer to read into. + +**/ +EFI_STATUS +SMMStoreRead ( + IN EFI_LBA Lba, + IN UINTN Offset, + IN UINTN *NumBytes, + IN UINT8 *Buffer + ) +{ + UINT32 Result; + + if (!mSmmStoreInfo) { + return EFI_NO_MEDIA; + } + if (Lba >= mSmmStoreInfo->NumBlocks) { + return EFI_INVALID_PARAMETER; + } + if ((*NumBytes + Offset) > mSmmStoreInfo->BlockSize || + (*NumBytes + Offset) > mSmmStoreInfo->ComBufferSize) { + return EFI_INVALID_PARAMETER; + } + + mArgComBuf->raw_read.bufsize = *NumBytes; + mArgComBuf->raw_read.bufoffset = Offset; + mArgComBuf->raw_read.block_id = Lba; + + Result = call_smm(mSmmStoreInfo->ApmCmd, SMMSTORE_CMD_RAW_READ, mArgComBufPhys); + if (Result == SMMSTORE_RET_FAILURE) { + return EFI_DEVICE_ERROR; + } else if (Result == SMMSTORE_RET_UNSUPPORTED) { + return EFI_UNSUPPORTED; + } else if (Result != SMMSTORE_RET_SUCCESS) { + return EFI_NO_RESPONSE; + } + + CopyMem (Buffer, (VOID *)(mSmmStoreInfo->ComBuffer + Offset), *NumBytes); + + return EFI_SUCCESS; +} + + +/** + Write to SMMStore + + @param[in] Lba The starting logical block index to write to. + @param[in] Offset Offset into the block at which to begin writing. + @param[in] NumBytes On input, indicates the requested write size. On + output, indicates the actual number of bytes written + @param[in] Buffer Pointer to the data to write. + +**/ +EFI_STATUS +SMMStoreWrite ( + IN EFI_LBA Lba, + IN UINTN Offset, + IN UINTN *NumBytes, + IN UINT8 *Buffer + ) +{ + UINTN Result; + + if (!mSmmStoreInfo) { + return EFI_NO_MEDIA; + } + if (Lba >= mSmmStoreInfo->NumBlocks) { + return EFI_INVALID_PARAMETER; + } + if ((*NumBytes + Offset) > mSmmStoreInfo->BlockSize || + (*NumBytes + Offset) > mSmmStoreInfo->ComBufferSize) { + return EFI_INVALID_PARAMETER; + } + + mArgComBuf->raw_write.bufsize = *NumBytes; + mArgComBuf->raw_write.bufoffset = Offset; + mArgComBuf->raw_write.block_id = Lba; + + CopyMem ((VOID *)(mSmmStoreInfo->ComBuffer + Offset), Buffer, *NumBytes); + + Result = call_smm(mSmmStoreInfo->ApmCmd, SMMSTORE_CMD_RAW_WRITE, mArgComBufPhys); + if (Result == SMMSTORE_RET_FAILURE) { + return EFI_DEVICE_ERROR; + } else if (Result == SMMSTORE_RET_UNSUPPORTED) { + return EFI_UNSUPPORTED; + } else if (Result != SMMSTORE_RET_SUCCESS) { + return EFI_NO_RESPONSE; + } + + return EFI_SUCCESS; +} + + +/** + Erase a SMMStore block + + @param Lba The logical block index to erase. + +**/ +EFI_STATUS +SMMStoreEraseBlock ( + IN EFI_LBA Lba + ) +{ + UINTN Result; + + if (!mSmmStoreInfo) { + return EFI_NO_MEDIA; + } + if (Lba >= mSmmStoreInfo->NumBlocks) { + return EFI_INVALID_PARAMETER; + } + + mArgComBuf->raw_clear.block_id = Lba; + + Result = call_smm(mSmmStoreInfo->ApmCmd, SMMSTORE_CMD_RAW_CLEAR, mArgComBufPhys); + if (Result == SMMSTORE_RET_FAILURE) { + return EFI_DEVICE_ERROR; + } else if (Result == SMMSTORE_RET_UNSUPPORTED) { + return EFI_UNSUPPORTED; + } else if (Result != SMMSTORE_RET_SUCCESS) { + return EFI_NO_RESPONSE; + } + + return EFI_SUCCESS; +} + +VOID +EFIAPI +SMMStoreVirtualNotifyEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EfiConvertPointer (0x0, (VOID**)&mArgComBuf); + if (mSmmStoreInfo) { + EfiConvertPointer (0x0, (VOID**)&mSmmStoreInfo->ComBuffer); + EfiConvertPointer (0x0, (VOID**)&mSmmStoreInfo); + } + + return; +} + +/** + Initializes SMMStore support + + @param[in] Ptr A runtime buffer where arguments are stored + for SMM communication + @param[in] SmmStoreInfoHob A runtime buffer with a copy of the + SmmStore Info Hob + + @retval EFI_WRITE_PROTECTED The SMMSTORE is not present. + @retval EFI_SUCCESS The SMMSTORE is supported. + +**/ +EFI_STATUS +SMMStoreInitialize ( + IN VOID *Ptr, + IN SMMSTORE_INFO *SmmStoreInfoHob + ) +{ + ASSERT (Ptr != NULL); + ASSERT (SmmStoreInfoHob != NULL); + + mArgComBuf = Ptr; + mArgComBufPhys = (UINT32)(UINTN)mArgComBuf; + + mSmmStoreInfo = SmmStoreInfoHob; + + return EFI_SUCCESS; +} diff --git a/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c b/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c index 7214fd87d2..87e7605a2b 100644 --- a/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c +++ b/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c @@ -221,3 +221,20 @@ ParseGfxDeviceInfo ( return RETURN_SUCCESS; } +/** + Find the video frame buffer device information + + @param SMMSTOREInfo Pointer to the SMMSTORE_INFO structure + + @retval RETURN_SUCCESS Successfully find the SMM store buffer information. + @retval RETURN_NOT_FOUND Failed to find the SMM store buffer information . + +**/ +RETURN_STATUS +EFIAPI +ParseSMMSTOREInfo ( + OUT SMMSTORE_INFO *SMMSTOREInfo + ) +{ + return RETURN_NOT_FOUND; +} diff --git a/DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStore.c b/DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStore.c new file mode 100644 index 0000000000..733ec7995c --- /dev/null +++ b/DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStore.c @@ -0,0 +1,102 @@ +/** @file CorebootSMMStoreDxe.c + + Copyright (c) 2020, 9elements Agency GmbH
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include + +#include +#include +#include +#include + +/** + Read from SMMStore + + @param[in] Lba The starting logical block index to read from. + @param[in] Offset Offset into the block at which to begin reading. + @param[in] NumBytes On input, indicates the requested read size. On + output, indicates the actual number of bytes read + @param[in] Buffer Pointer to the buffer to read into. + +**/ +EFI_STATUS +SMMStoreRead ( + IN EFI_LBA Lba, + IN UINTN Offset, + IN UINTN *NumBytes, + IN UINT8 *Buffer + ) +{ + return EFI_UNSUPPORTED; +} + + +/** + Write to SMMStore + + @param[in] Lba The starting logical block index to write to. + @param[in] Offset Offset into the block at which to begin writing. + @param[in] NumBytes On input, indicates the requested write size. On + output, indicates the actual number of bytes written + @param[in] Buffer Pointer to the data to write. + +**/ +EFI_STATUS +SMMStoreWrite ( + IN EFI_LBA Lba, + IN UINTN Offset, + IN UINTN *NumBytes, + IN UINT8 *Buffer + ) +{ + return EFI_UNSUPPORTED; +} + + +/** + Erase a SMMStore block + + @param Lba The logical block index to erase. + +**/ +EFI_STATUS +SMMStoreEraseBlock ( + IN EFI_LBA Lba + ) +{ + return EFI_UNSUPPORTED; +} + +VOID +EFIAPI +SMMStoreVirtualNotifyEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + return; +} + +/** + Initializes SMMStore support + + @param[in] Ptr A runtime buffer where arguments are stored + for SMM communication + @param[in] SmmStoreInfoHob A runtime buffer with a copy of the + SmmStore Info Hob + + @retval EFI_WRITE_PROTECTED The SMMSTORE is not present. + @retval EFI_SUCCESS The SMMSTORE is supported. + +**/ +EFI_STATUS +SMMStoreInitialize ( + IN VOID *Ptr, + IN SMMSTORE_INFO *SmmStoreInfoHob + ) +{ + return EFI_UNSUPPORTED; +} diff --git a/DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStoreLib.inf b/DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStoreLib.inf new file mode 100644 index 0000000000..2e9830b461 --- /dev/null +++ b/DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStoreLib.inf @@ -0,0 +1,28 @@ +## @file +# SMMStore library for Slimbootloader +# +# Copyright (c) 2020 9elements Agency GmbH.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SblSmmStoreLib + FILE_GUID = 2CA0BC03-A619-4B88-A0C5-06A1992750C3 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = SmmStoreLib + +[Sources] + SblSMMStore.c + +[LibraryClasses] + BaseMemoryLib + DebugLib + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec From 88acde6c0744d6932c87f32016507ea4669a4697 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Thu, 23 Apr 2020 16:50:29 +0200 Subject: [PATCH 022/357] DasharoPayloadPkg: Add network support Signed-off-by: Patrick Rudolph --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 41 +++++++++++++++++++++++-- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 5 +++ 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 30b36a4edb..8a4f365e16 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -87,6 +87,16 @@ # DEFINE SECURE_BOOT_ENABLE = FALSE + # + # Network definition + # + DEFINE NETWORK_TLS_ENABLE = FALSE + DEFINE NETWORK_IP6_ENABLE = FALSE + DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE + DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE + +!include NetworkPkg/NetworkDefines.dsc.inc + [BuildOptions] *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG @@ -223,8 +233,14 @@ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf +# +# Network +# +!include NetworkPkg/NetworkLibs.dsc.inc + !if $(NETWORK_TLS_ENABLE) == TRUE OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf !else OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf !endif @@ -236,6 +252,9 @@ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif + # + # SMMSTORE + # !if $(BOOTLOADER) == "COREBOOT" SmmStoreLib|DasharoPayloadPkg/Library/CbSMMStoreLib/CbSMMStoreLib.inf !else @@ -298,7 +317,9 @@ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf - +!if $(NETWORK_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!endif ################################################################################ # # Pcd Section - list of all EDK II PCD Entries defined by this Platform. @@ -341,6 +362,11 @@ gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F !endif + # + # Network Pcds + # +!include NetworkPkg/NetworkPcds.dsc.inc + # # The following parameters are set by Library/PlatformHookLib # @@ -574,6 +600,18 @@ DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf !endif + # + # Network Support + # +!include NetworkPkg/NetworkComponents.dsc.inc + +!if $(NETWORK_TLS_ENABLE) == TRUE + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf { + + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf + } +!endif + #------------------------------ # Build the shell #------------------------------ @@ -588,7 +626,6 @@ DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf - !include NetworkPkg/NetworkLibs.dsc.inc [Components.X64] ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf { diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 28b753c15b..b493207e78 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -226,6 +226,11 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf !endif +# +# Network Support +# +!include NetworkPkg/Network.fdf.inc + # # Shell # From 81dc2d5294ea37bbd4065b805eb8dcfc70e14006 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Mon, 11 May 2020 14:31:44 +0200 Subject: [PATCH 023/357] DasharoPayloadPkg: Add RNG support Uses the RDRAND instruction if available. Signed-off-by: Patrick Rudolph --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 8 + DasharoPayloadPkg/DasharoPayloadPkg.fdf | 5 + .../Library/BaseRngLib/BaseRng.c | 192 ++++++++++++++++++ .../Library/BaseRngLib/BaseRngLib.inf | 32 +++ .../Library/BaseRngLib/BaseRngLib.uni | 17 ++ 5 files changed, 254 insertions(+) create mode 100644 DasharoPayloadPkg/Library/BaseRngLib/BaseRng.c create mode 100644 DasharoPayloadPkg/Library/BaseRngLib/BaseRngLib.inf create mode 100644 DasharoPayloadPkg/Library/BaseRngLib/BaseRngLib.uni diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 8a4f365e16..222985c00e 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -612,6 +612,14 @@ } !endif + # + # Random Number Generator + # + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf { + + RngLib|DasharoPayloadPkg/Library/BaseRngLib/BaseRngLib.inf + } + #------------------------------ # Build the shell #------------------------------ diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index b493207e78..c1c015d36c 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -231,6 +231,11 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf # !include NetworkPkg/Network.fdf.inc +# +# Random Number Generator +# +INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf + # # Shell # diff --git a/DasharoPayloadPkg/Library/BaseRngLib/BaseRng.c b/DasharoPayloadPkg/Library/BaseRngLib/BaseRng.c new file mode 100644 index 0000000000..2aa3495be0 --- /dev/null +++ b/DasharoPayloadPkg/Library/BaseRngLib/BaseRng.c @@ -0,0 +1,192 @@ +/** @file + Random number generator services that uses RdRand instruction access + to provide high-quality random numbers. + +Copyright (c) 2015, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +STATIC BOOLEAN mHasRdRand; + +// +// Bit mask used to determine if RdRand instruction is supported. +// +#define RDRAND_MASK BIT30 + +// +// Limited retry number when valid random data is returned. +// Uses the recommended value defined in Section 7.3.17 of "Intel 64 and IA-32 +// Architectures Software Developer's Mannual". +// +#define RDRAND_RETRY_LIMIT 10 + +/** + The constructor function checks whether or not RDRAND instruction is supported + by the host hardware. + + The constructor function checks whether or not RDRAND instruction is supported. + It will ASSERT() if RDRAND instruction is not supported. + It will always return RETURN_SUCCESS. + + @retval RETURN_SUCCESS The constructor always returns EFI_SUCCESS. + +**/ +RETURN_STATUS +EFIAPI +BaseRngLibConstructor ( + VOID + ) +{ + UINT32 RegEcx; + + // + // Determine RDRAND support by examining bit 30 of the ECX register returned by + // CPUID. A value of 1 indicates that processor support RDRAND instruction. + // + AsmCpuid (1, 0, 0, &RegEcx, 0); + + mHasRdRand = ((RegEcx & RDRAND_MASK) == RDRAND_MASK); + + return RETURN_SUCCESS; +} + +/** + Generates a 16-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 16-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber16 ( + OUT UINT16 *Rand + ) +{ + UINT32 Index; + + ASSERT (Rand != NULL); + + if (mHasRdRand) { + // + // A loop to fetch a 16 bit random value with a retry count limit. + // + for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) { + if (AsmRdRand16 (Rand)) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Generates a 32-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 32-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber32 ( + OUT UINT32 *Rand + ) +{ + UINT32 Index; + + ASSERT (Rand != NULL); + + if (mHasRdRand) { + // + // A loop to fetch a 32 bit random value with a retry count limit. + // + for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) { + if (AsmRdRand32 (Rand)) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Generates a 64-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 64-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber64 ( + OUT UINT64 *Rand + ) +{ + UINT32 Index; + + ASSERT (Rand != NULL); + + if (mHasRdRand) { + // + // A loop to fetch a 64 bit random value with a retry count limit. + // + for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) { + if (AsmRdRand64 (Rand)) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Generates a 128-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 128-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber128 ( + OUT UINT64 *Rand + ) +{ + ASSERT (Rand != NULL); + + // + // Read first 64 bits + // + if (!GetRandomNumber64 (Rand)) { + return FALSE; + } + + // + // Read second 64 bits + // + return GetRandomNumber64 (++Rand); +} diff --git a/DasharoPayloadPkg/Library/BaseRngLib/BaseRngLib.inf b/DasharoPayloadPkg/Library/BaseRngLib/BaseRngLib.inf new file mode 100644 index 0000000000..67a91ccfff --- /dev/null +++ b/DasharoPayloadPkg/Library/BaseRngLib/BaseRngLib.inf @@ -0,0 +1,32 @@ +## @file +# Instance of RNG (Random Number Generator) Library. +# +# Copyright (c) 2020 9elements Agency GmbH.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = BaseRngLib + MODULE_UNI_FILE = BaseRngLib.uni + FILE_GUID = 05C48431-DE18-4550-931A-3350E8551498 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = RngLib + CONSTRUCTOR = BaseRngLibConstructor + +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources.Ia32, Sources.X64] + BaseRng.c + +[Packages] + MdePkg/MdePkg.dec + +[LibraryClasses] + BaseLib + DebugLib diff --git a/DasharoPayloadPkg/Library/BaseRngLib/BaseRngLib.uni b/DasharoPayloadPkg/Library/BaseRngLib/BaseRngLib.uni new file mode 100644 index 0000000000..f3ed954c52 --- /dev/null +++ b/DasharoPayloadPkg/Library/BaseRngLib/BaseRngLib.uni @@ -0,0 +1,17 @@ +// /** @file +// Instance of RNG (Random Number Generator) Library. +// +// BaseRng Library that uses CPU RdRand instruction access to provide +// high-quality random numbers. +// +// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Instance of RNG Library" + +#string STR_MODULE_DESCRIPTION #language en-US "BaseRng Library that uses CPU RdRand instruction access to provide high-quality random numbers" + From 068a5e87a53d9fa69455ea1e793f63262c79e9d1 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Mon, 11 May 2020 14:32:59 +0200 Subject: [PATCH 024/357] DasharoPayloadPkg: Scan for PCI devices after end of DXE This allows EFI applications to iterate over those devices. An example is iPXE.efi that requires those devices to be present. Signed-off-by: Patrick Rudolph --- .../PlatformBootManager.c | 76 +++++++++++++++++++ .../PlatformBootManagerLib.inf | 1 + 2 files changed, 77 insertions(+) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index eb2ada759f..b292900cec 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -138,6 +138,79 @@ PlatformRegisterFvBootOption ( } } +STATIC +EFI_STATUS +VisitAllInstancesOfProtocol ( + IN EFI_GUID *Id, + IN PROTOCOL_INSTANCE_CALLBACK CallBackFunction, + IN VOID *Context + ) +{ + EFI_STATUS Status; + UINTN HandleCount; + EFI_HANDLE *HandleBuffer; + UINTN Index; + VOID *Instance; + + // + // Start to check all the PciIo to find all possible device + // + HandleCount = 0; + HandleBuffer = NULL; + Status = gBS->LocateHandleBuffer ( + ByProtocol, + Id, + NULL, + &HandleCount, + &HandleBuffer + ); + if (EFI_ERROR (Status)) { + return Status; + } + + for (Index = 0; Index < HandleCount; Index++) { + Status = gBS->HandleProtocol (HandleBuffer[Index], Id, &Instance); + if (EFI_ERROR (Status)) { + continue; + } + + Status = (*CallBackFunction) ( + HandleBuffer[Index], + Instance, + Context + ); + } + + gBS->FreePool (HandleBuffer); + + return EFI_SUCCESS; +} + +STATIC +EFI_STATUS +EFIAPI +ConnectRootBridge ( + IN EFI_HANDLE RootBridgeHandle, + IN VOID *Instance, + IN VOID *Context + ) +{ + EFI_STATUS Status; + + // + // Make the PCI bus driver connect the root bridge, non-recursively. This + // will produce a number of child handles with PciIo on them. + // + Status = gBS->ConnectController ( + RootBridgeHandle, // ControllerHandle + NULL, // DriverImageHandle + NULL, // RemainingDevicePath -- produce all + // children + FALSE // Recursive + ); + return Status; +} + /** Do the platform specific action before the console is connected. @@ -155,6 +228,9 @@ PlatformBootManagerBeforeConsole ( EFI_INPUT_KEY Escape; EFI_BOOT_MANAGER_LOAD_OPTION BootOption; + VisitAllInstancesOfProtocol (&gEfiPciRootBridgeIoProtocolGuid, + ConnectRootBridge, NULL); + PlatformConsoleInit (); // diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index ec1119f6f6..6e5f600001 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -58,6 +58,7 @@ gEfiBootLogoProtocolGuid ## CONSUMES gEfiDxeSmmReadyToLockProtocolGuid gEfiSmmAccess2ProtocolGuid + gEfiPciRootBridgeIoProtocolGuid ## CONSUMES [Pcd] gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut From 23e2dba821f0531b2e31da0753df7aef81e2bcff Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Mon, 11 May 2020 14:38:51 +0200 Subject: [PATCH 025/357] DasharoPayloadPkg: Add iPXE support Signed-off-by: Patrick Rudolph --- DasharoPayloadPkg/DasharoPayloadPkg.dec | 3 +++ DasharoPayloadPkg/DasharoPayloadPkg.dsc | 4 ++++ DasharoPayloadPkg/DasharoPayloadPkg.fdf | 9 +++++++++ .../PlatformBootManagerLib/PlatformBootManager.c | 12 +++++++++++- .../PlatformBootManagerLib.inf | 1 + ReadMe.rst | 6 ++++++ 6 files changed, 34 insertions(+), 1 deletion(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index d5568e4ddc..9700c218c4 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -62,6 +62,9 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadStackTop|0x90000|UINT32|0x10000004 ## FFS filename to find the shell application. gDasharoPayloadPkgTokenSpaceGuid.PcdShellFile|{ 0x83, 0xA5, 0x04, 0x7C, 0x3E, 0x9E, 0x1c, 0x4f, 0xAD, 0x65, 0xE0, 0x52, 0x68, 0xD0, 0xB4, 0xD1 }|VOID*|0x10000005 +### FFS filename to find the ipxe application. +gDasharoPayloadPkgTokenSpaceGuid.PcdiPXEFile|{ 0xC7, 0x53, 0x86, 0xb6, 0xA1, 0xEE, 0x35, 0x44, 0xA1, 0x99, 0xA4, 0x4F, 0x59, 0xE4, 0x47, 0x6C }|VOID*|0x10000006 + ## Used to help reduce fragmentation in the EFI memory map gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0x08|UINT32|0x10000012 gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0x04|UINT32|0x10000013 diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 222985c00e..28f2608cad 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -96,6 +96,10 @@ DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE !include NetworkPkg/NetworkDefines.dsc.inc + # + # IPXE support + # + DEFINE NETWORK_IPXE = FALSE [BuildOptions] *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index c1c015d36c..780d490830 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -231,6 +231,15 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf # !include NetworkPkg/Network.fdf.inc +# +# iPXE support +# +!if $(NETWORK_IPXE) == TRUE + FILE FREEFORM = B68653C7-EEA1-4435-A199-A44F59E4476C { + SECTION PE32 = DasharoPayloadPkg/NetworkDrivers/ipxe.efi + } +!endif + # # Random Number Generator # diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index b292900cec..15a09c6fcd 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -289,7 +289,17 @@ PlatformBootManagerAfterConsole ( // PlatformRegisterFvBootOption (PcdGetPtr (PcdShellFile), L"UEFI Shell", LOAD_OPTION_ACTIVE); - Print (L"Press ESC to enter Boot Manager Menu.\n"); + // + // Register iPXE + // + PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), L"iPXE Network boot", LOAD_OPTION_ACTIVE); + + Print ( + L"\n" + L"F2 or Down to enter Boot Manager Menu.\n" + L"ENTER to boot directly.\n" + L"\n" + ); } /** diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 6e5f600001..a3b33ed110 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -67,6 +67,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn gEfiMdeModulePkgTokenSpaceGuid.PcdConInConnectOnDemand gDasharoPayloadPkgTokenSpaceGuid.PcdShellFile + gDasharoPayloadPkgTokenSpaceGuid.PcdiPXEFile gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity diff --git a/ReadMe.rst b/ReadMe.rst index 808ccd37af..33f0225d8a 100644 --- a/ReadMe.rst +++ b/ReadMe.rst @@ -64,6 +64,12 @@ OvmfPkg_Ubuntu_GCC5_ | IA32 |op32du| |op32ru| |op3 `More OvmfPkg CI Build Information `__ +To use iPXE as payload: + +.. code-block:: bash + + build -D NETWORK_IPXE=TRUE -D SERIAL_TERMINAL=FALSE -D SECURE_BOOT_ENABLE=TRUE -D BOOTLOADER=COREBOOT -D PCIE_BASE=0xe0000000 -DPS2_KEYBOARD_ENABLE -a IA32 -a X64 -t GCC5 -b DEBUG -p DasharoPayloadPkg/DasharoPayloadPkgIa32X64.dsc` + License Details --------------- From a914d11e88a24384bbae70bcef3ba54c1fac2a78 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Mon, 11 May 2020 14:46:40 +0200 Subject: [PATCH 026/357] DasharoPayloadPkg: Support UEFI PXE boot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is done via external ROM integration: a file placed at "DasharoPayloadPkg/NetworkDrivers/LanRom.efi". Signed-off-by: Patrick Rudolph Signed-off-by: Michał Żygowski Co-authored-by: Michał Kopeć Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 14 ++++++++++++++ DasharoPayloadPkg/DasharoPayloadPkg.fdf | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 28f2608cad..8594e32114 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -90,10 +90,24 @@ # # Network definition # + DEFINE NETWORK_PXE_BOOT = FALSE + DEFINE NETWORK_ENABLE = FALSE DEFINE NETWORK_TLS_ENABLE = FALSE DEFINE NETWORK_IP6_ENABLE = FALSE + DEFINE NETWORK_IP4_ENABLE = TRUE + DEFINE NETWORK_LAN_ROM = FALSE + +!if $(NETWORK_PXE_BOOT) == TRUE + DEFINE NETWORK_SNP_ENABLE = TRUE DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE + DEFINE NETWORK_ISCSI_ENABLE = FALSE +!else + DEFINE NETWORK_SNP_ENABLE = FALSE + DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE + DEFINE NETWORK_ISCSI_ENABLE = TRUE +!endif + !include NetworkPkg/NetworkDefines.dsc.inc # diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 780d490830..8895ea1321 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -231,6 +231,20 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf # !include NetworkPkg/Network.fdf.inc +# +# Network modules (only available on X64) +# +!if $(NETWORK_LAN_ROM) == TRUE +# +# Build system must place the LanRom.efi before building the UEFI Payload. + +# Typically will be done per platform needs by coreboot. +# + FILE DRIVER = DEB917C0-C56A-4860-A05B-BF2F22EBB717 { + SECTION PE32 = DasharoPayloadPkg/NetworkDrivers/LanRom.efi + } +!endif + # # iPXE support # From 3367a9ef1811cb0bd4e0e6c8e7beabf6d6d395aa Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Fri, 15 May 2020 16:47:18 +0200 Subject: [PATCH 027/357] MdeModulePkg: Fix OptionROM scanning The Option ROM scanner can't work as enumeration was done by the first stage bootloader. Running it will disable the ability of the PCIPlatform code to scan for ROMs. Required for the following patch that enables custom Option ROM scanning using gPciPlatformProtocol. Signed-off-by: Patrick Rudolph --- MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c index 6594b8eae8..f5ba038842 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c @@ -2587,10 +2587,12 @@ PciEnumeratorLight ( // RemoveRejectedPciDevices (RootBridgeDev->Handle, RootBridgeDev); - // - // Process option rom light - // - ProcessOptionRomLight (RootBridgeDev); + if (!PcdGetBool (PcdPciDisableBusEnumeration)) { + // + // Process option rom light + // + ProcessOptionRomLight (RootBridgeDev); + } // // Determine attributes for all devices under this root bridge From 7a2cc00a6c7258115ce13d63cbce99601299585a Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Fri, 15 May 2020 16:50:01 +0200 Subject: [PATCH 028/357] DasharoPayloadPkg: Scan for Option ROMs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Install the gPciPlatformProtocol to scan for Option ROMs. For every device we probe the Option ROM and provide a pointer to the activated BAR if found. It's safe to assume that all ROM bars have been enumerated, reserved in the bridge resources and are disabled by default. Enabling them and leaving them enabled will do no harm. Signed-off-by: Patrick Rudolph Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + DasharoPayloadPkg/DasharoPayloadPkg.fdf | 1 + .../PciPlatformDxe/PciPlatformDxe.c | 409 ++++++++++++++++++ .../PciPlatformDxe/PciPlatformDxe.h | 19 + .../PciPlatformDxe/PciPlatformDxe.inf | 46 ++ 5 files changed, 476 insertions(+) create mode 100644 DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c create mode 100644 DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.h create mode 100644 DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 8594e32114..0968816eb6 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -610,6 +610,7 @@ MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf + DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf # # SMMSTORE diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 8895ea1321..76f46b40e2 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -143,6 +143,7 @@ INF MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf INF MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf INF DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf +INF DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf # # SCSI/ATA/IDE/DISK Support diff --git a/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c new file mode 100644 index 0000000000..18caac8d55 --- /dev/null +++ b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c @@ -0,0 +1,409 @@ +/** @file + Implementation for a generic GOP driver. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + + +**/ + +#include "PciPlatformDxe.h" +#include +#include + +// +// The driver should only start on one graphics controller. +// So a global flag is used to remember that the driver is already started. +// +EFI_HANDLE mDriverHandle = NULL; + +EFI_STATUS +EFIAPI +PciPlatformNotify( + IN EFI_PCI_PLATFORM_PROTOCOL *This, + IN EFI_HANDLE HostBridge, + IN EFI_PCI_HOST_BRIDGE_RESOURCE_ALLOCATION_PHASE Phase, + IN EFI_PCI_EXECUTION_PHASE ExecPhase + ) +{ + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciPlatformPrepController( + IN EFI_PCI_PLATFORM_PROTOCOL *This, + IN EFI_HANDLE HostBridge, + IN EFI_HANDLE RootBridge, + IN EFI_PCI_ROOT_BRIDGE_IO_PROTOCOL_PCI_ADDRESS PciAddress, + IN EFI_PCI_CONTROLLER_RESOURCE_ALLOCATION_PHASE Phase, + IN EFI_PCI_EXECUTION_PHASE ExecPhase + ) +{ + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciGetPciRom ( + IN CONST EFI_PCI_PLATFORM_PROTOCOL *This, + IN EFI_HANDLE PciHandle, + OUT VOID **RomImage, + OUT UINTN *RomSize + ) +{ + EFI_STATUS Status; + IN EFI_PCI_IO_PROTOCOL *PciIo; + UINTN PciSegment; + UINTN PciBus; + UINTN PciDevice; + UINTN PciFunction; + UINTN RomBarIndex; + UINT32 Buffer; + UINT32 AllOnes; + PCI_IO_DEVICE *PciIoDevice; + UINT8 Indicator; + UINT16 OffsetPcir; + UINT32 RomBarOffset; + UINT32 RomBar; + BOOLEAN FirstCheck; + PCI_EXPANSION_ROM_HEADER *RomHeader; + PCI_DATA_STRUCTURE *RomPcir; + UINT64 RomImageSize; + UINT32 LegacyImageLength; + UINT8 *RomInMemory; + UINT8 CodeType; + + if (!RomImage || !RomSize) { + return EFI_INVALID_PARAMETER; + } + + *RomImage = NULL; + *RomSize = 0; + + Status = gBS->HandleProtocol ( + PciHandle, + &gEfiPciIoProtocolGuid, + (VOID **) &PciIo + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_INFO, "%a: Failed to open gEfiPciIoProtocolGuid\n", __FUNCTION__)); + + return EFI_UNSUPPORTED; + } + PciIoDevice = PCI_IO_DEVICE_FROM_PCI_IO_THIS (PciIo); + + // + // Get the location of the PCI device + // + PciIo->GetLocation ( + PciIo, + &PciSegment, + &PciBus, + &PciDevice, + &PciFunction + ); + + DEBUG ((EFI_D_INFO, "%a: Searching Option ROM on device:\n", __FUNCTION__)); + DEBUG ((EFI_D_INFO, " PciSegment - %02x\n", PciSegment)); + DEBUG ((EFI_D_INFO, " PciBus - %02x\n", PciBus)); + DEBUG ((EFI_D_INFO, " PciDevice - %02x\n", PciDevice)); + DEBUG ((EFI_D_INFO, " PciFunction - %02x\n", PciFunction)); + + // + // 0x30 + // + RomBarIndex = PCI_EXPANSION_ROM_BASE; + + if (IS_PCI_BRIDGE (&PciIoDevice->Pci)) { + // + // If is ppb, 0x38 + // + RomBarIndex = PCI_BRIDGE_ROMBAR; + } + // + // Backup BAR + // + + Status = PciIo->Pci.Read ( + PciIo, + EfiPciWidthUint32, + RomBarIndex, + 1, + &Buffer + ); + if (EFI_ERROR (Status)) { + goto CloseAndReturn; + return Status; + } + + // + // The bit0 is 0 to prevent the enabling of the Rom address decoder + // + AllOnes = 0xfffffffe; + + Status = PciIo->Pci.Write ( + PciIo, + EfiPciWidthUint32, + RomBarIndex, + 1, + &AllOnes + ); + if (EFI_ERROR (Status)) { + goto CloseAndReturn; + } + + // + // Read back + // + Status = PciIo->Pci.Read( + PciIo, + EfiPciWidthUint32, + RomBarIndex, + 1, + &AllOnes + ); + if (EFI_ERROR (Status)) { + goto CloseAndReturn; + } + + // + // Bits [1, 10] are reserved + // + AllOnes &= 0xFFFFF800; + if ((AllOnes == 0) || (AllOnes == 0xFFFFF800)) { + DEBUG ((EFI_D_INFO, "%a: No Option ROM found\n", __FUNCTION__)); + return EFI_NOT_FOUND; + } + + *RomSize = (~AllOnes) + 1; + + DEBUG ((EFI_D_INFO, "%a: Option ROM with size %d\n", __FUNCTION__, *RomSize)); + + // + // Restore BAR and enable it + // + Buffer |= 1; + Status = PciIo->Pci.Write ( + PciIo, + EfiPciWidthUint32, + RomBarIndex, + 1, + &Buffer + ); + if (EFI_ERROR (Status)) { + goto CloseAndReturn; + } + + // + // Allocate memory for Rom header and PCIR + // + RomHeader = AllocatePool (sizeof (PCI_EXPANSION_ROM_HEADER)); + if (RomHeader == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto CloseAndReturn; + } + + RomPcir = AllocatePool (sizeof (PCI_DATA_STRUCTURE)); + if (RomPcir == NULL) { + FreePool (RomHeader); + Status = EFI_OUT_OF_RESOURCES; + goto CloseAndReturn; + } + + RomBar = (UINT32) Buffer &~1; + + RomBarOffset = RomBar; + FirstCheck = TRUE; + LegacyImageLength = 0; + RomImageSize = 0; + + do { + PciIoDevice->PciRootBridgeIo->Mem.Read ( + PciIoDevice->PciRootBridgeIo, + EfiPciWidthUint8, + RomBarOffset, + sizeof (PCI_EXPANSION_ROM_HEADER), + (UINT8 *) RomHeader + ); + + DEBUG ((EFI_D_INFO, "%a: RomHeader->Signature %x\n", __FUNCTION__, RomHeader->Signature)); + + if (RomHeader->Signature != PCI_EXPANSION_ROM_HEADER_SIGNATURE) { + RomBarOffset = RomBarOffset + 512; + if (FirstCheck) { + break; + } else { + RomImageSize = RomImageSize + 512; + continue; + } + } + + FirstCheck = FALSE; + OffsetPcir = RomHeader->PcirOffset; + // + // If the pointer to the PCI Data Structure is invalid, no further images can be located. + // The PCI Data Structure must be DWORD aligned. + // + if (OffsetPcir == 0 || + (OffsetPcir & 3) != 0 || + RomImageSize + OffsetPcir + sizeof (PCI_DATA_STRUCTURE) > *RomSize) { + break; + } + + PciIoDevice->PciRootBridgeIo->Mem.Read ( + PciIoDevice->PciRootBridgeIo, + EfiPciWidthUint8, + RomBarOffset + OffsetPcir, + sizeof (PCI_DATA_STRUCTURE), + (UINT8 *) RomPcir + ); + DEBUG ((EFI_D_INFO, "%a: RomPcir->Signature %x\n", __FUNCTION__, RomPcir->Signature)); + + // + // If a valid signature is not present in the PCI Data Structure, no further images can be located. + // + if (RomPcir->Signature != PCI_DATA_STRUCTURE_SIGNATURE) { + break; + } + if (RomImageSize + RomPcir->ImageLength * 512 > *RomSize) { + break; + } + if (RomPcir->CodeType == PCI_CODE_TYPE_PCAT_IMAGE) { + CodeType = PCI_CODE_TYPE_PCAT_IMAGE; + LegacyImageLength = ((UINT32)((EFI_LEGACY_EXPANSION_ROM_HEADER *)RomHeader)->Size512) * 512; + } + Indicator = RomPcir->Indicator; + RomImageSize = RomImageSize + RomPcir->ImageLength * 512; + RomBarOffset = RomBarOffset + RomPcir->ImageLength * 512; + } while (((Indicator & 0x80) == 0x00) && ((RomBarOffset - RomBar) < *RomSize)); + + // + // Some Legacy Cards do not report the correct ImageLength so used the maximum + // of the legacy length and the PCIR Image Length + // + if (CodeType == PCI_CODE_TYPE_PCAT_IMAGE) { + RomImageSize = MAX (RomImageSize, LegacyImageLength); + } + + if (RomImageSize > 0) { + Status = EFI_SUCCESS; + RomInMemory = (UINT8 *) AllocatePool ((UINT32) RomImageSize); + if (RomInMemory == NULL) { + PciIo->Pci.Write ( + PciIo, + EfiPciWidthUint32, + RomBarIndex, + 1, + &RomBar + ); + FreePool (RomHeader); + FreePool (RomPcir); + Status = EFI_OUT_OF_RESOURCES; + goto CloseAndReturn; + } + // + DEBUG ((EFI_D_INFO, "%a: Found Option ROM at %p, length 0x%x\n", __FUNCTION__, + RomBar, RomImageSize)); + // Copy Rom image into memory + // + PciIoDevice->PciRootBridgeIo->Mem.Read ( + PciIoDevice->PciRootBridgeIo, + EfiPciWidthUint8, + RomBar, + (UINT32) RomImageSize, + RomInMemory + ); + } else { + FreePool (RomHeader); + FreePool (RomPcir); + Status = EFI_NOT_FOUND; + goto CloseAndReturn; + } + + PciIo->Pci.Write ( + PciIo, + EfiPciWidthUint32, + RomBarIndex, + 1, + &RomBar + ); + + PciIoDevice->EmbeddedRom = TRUE; + PciIoDevice->PciIo.RomSize = RomImageSize; + PciIoDevice->PciIo.RomImage = RomInMemory; + + // + // Free allocated memory + // + FreePool (RomHeader); + FreePool (RomPcir); + + *RomImage = RomInMemory; + *RomSize = RomImageSize; + + Status = EFI_SUCCESS; + +CloseAndReturn: + // + // Close the I/O Abstraction(s) used to perform the supported test + // + gBS->CloseProtocol ( + PciHandle, + &gEfiPciIoProtocolGuid, + PciIo, + PciHandle + ); + + return Status; +} + +EFI_STATUS +EFIAPI +PciGetPlatformPolicy ( + IN CONST EFI_PCI_PLATFORM_PROTOCOL *This, + OUT EFI_PCI_PLATFORM_POLICY *PciPolicy + ) +{ + if (PciPolicy == NULL) + return EFI_INVALID_PARAMETER; + + *PciPolicy = 0; + + return EFI_SUCCESS; +} + +EFI_PCI_PLATFORM_PROTOCOL mPciPlatformProtocol = { + PciPlatformNotify, + PciPlatformPrepController, + PciGetPlatformPolicy, + PciGetPciRom, +}; + +/** + The Entry Point for Option ROM driver. + + It installs DriverBinding. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval other Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +InstallPciPlatformProtocol ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + Status = gBS->InstallProtocolInterface ( + &mDriverHandle, + &gEfiPciPlatformProtocolGuid, + EFI_NATIVE_INTERFACE, + &mPciPlatformProtocol + ); + + return Status; +} diff --git a/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.h b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.h new file mode 100644 index 0000000000..c40518c703 --- /dev/null +++ b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.h @@ -0,0 +1,19 @@ +/** @file + Header file for a PCI platform driver. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + + +**/ +#ifndef _PCI_PLATFORM_DXE_H_ +#define _PCI_PLATFORM_DXE_H_ +#include + +#include +#include +#include +#include +#include + +#endif diff --git a/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf new file mode 100644 index 0000000000..96cedad5af --- /dev/null +++ b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf @@ -0,0 +1,46 @@ +## @file +# This driver produces gEfiPciPlatform protocol to load PCI Option ROMs +# +# Copyright (c) 2020, 9elements Agency GmbH +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PciPlatformDxe + FILE_GUID = 86D58F7B-6E7C-401F-BDD4-E32E6D582AAD + MODULE_TYPE = UEFI_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = InstallPciPlatformProtocol + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources.common] + PciPlatformDxe.h + PciPlatformDxe.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + UefiDriverEntryPoint + UefiBootServicesTableLib + DxeServicesTableLib + DebugLib + MemoryAllocationLib + BaseMemoryLib + DevicePathLib + UefiLib + HobLib + +[Protocols] + gEfiPciPlatformProtocolGuid ## PRODUCES + gEfiPciIoProtocolGuid ## COMSUMES From 74a76f9e18517dfd760a952fb2d537f1974e37cc Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Tue, 19 May 2020 08:29:49 +0200 Subject: [PATCH 029/357] DasharoPayloadPkg/Library/PciHostBridgeLib: Add warning for coreboot/EDK2 incompatibility EDK2 expects PCI bars to be continuously be allocated without "gaps" of reserved memory in between. coreboot places PCI bars anywhere in the PCI MMIO space, interleaved with MMCONF and reserved I/O MMIO space. Warn about this behaviour and refuse to add the BAR to the PCI aperture as it would cause the PciHostBridgeDxe to fail. Signed-off-by: Patrick Rudolph --- .../PciHostBridgeLib/PciHostBridgeLib.inf | 1 + .../PciHostBridgeLib/PciHostBridgeSupport.c | 80 +++++++++++++++++++ 2 files changed, 81 insertions(+) diff --git a/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf index 7896df2416..1682493406 100644 --- a/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf +++ b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf @@ -39,3 +39,4 @@ DevicePathLib MemoryAllocationLib PciLib + DxeServicesTableLib diff --git a/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeSupport.c b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeSupport.c index fffbf04cad..d460434dae 100644 --- a/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeSupport.c +++ b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeSupport.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "PciHostBridge.h" /** @@ -139,6 +140,55 @@ PcatPciRootBridgeBarExisted ( EnableInterrupts (); } +STATIC +EFI_STATUS +PcatPciRootBridgeWarnAboutBrokenFW ( + IN UINT64 Start, + IN UINT64 Limit +) +{ + EFI_STATUS Status; + UINTN Index; + UINT64 IntersectionBase; + UINT64 IntersectionEnd; + UINTN NumberOfDescriptors; + EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Map; + + Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors, &Map); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a: %a: GetMemorySpaceMap(): %r\n", + gEfiCallerBaseName, __FUNCTION__, Status)); + return Status; + } + + for (Index = 0; Index < NumberOfDescriptors; Index++) { + if (Map[Index].GcdMemoryType == EfiGcdMemoryTypeNonExistent) { + // + // Ignore non existent entries + // + continue; + } + + IntersectionBase = MAX (Start, Map[Index].BaseAddress); + IntersectionEnd = MIN (Limit, Map[Index].BaseAddress + Map[Index].Length); + if (IntersectionBase >= IntersectionEnd) { + // + // The descriptor and the aperture don't overlap. + // + continue; + } + + if (Map[Index].GcdMemoryType == EfiGcdMemoryTypeReserved) { + DEBUG ((EFI_D_ERROR, "%a: PCI aperature overlaps reserved memory region\n", + __FUNCTION__)); + DEBUG ((EFI_D_ERROR, "%a: Please consider fixing EDK2 or your firmware\n", + __FUNCTION__)); + return EFI_ACCESS_DENIED; + } + } + return EFI_SUCCESS; +} + /** Parse PCI bar and collect the assigned PCI resource information. @@ -192,6 +242,9 @@ PcatPciRootBridgeParseBars ( UINT64 Length; UINT64 Limit; PCI_ROOT_BRIDGE_APERTURE *MemAperture; + UINT64 NewBase; + UINT64 NewLength; + EFI_STATUS Status; for (Offset = BarOffsetBase; Offset < BarOffsetEnd; Offset += sizeof (UINT32)) { PcatPciRootBridgeBarExisted ( @@ -271,6 +324,33 @@ PcatPciRootBridgeParseBars ( Limit = Base + Length - 1; if ((Base > 0) && (Base < Limit)) { + NewBase = MemAperture->Base; + if (MemAperture->Base > Base) { + NewBase = Base; + } + NewLength = MemAperture->Base; + if (MemAperture->Limit < Limit) { + NewLength = Base; + } + + // + // In case the BAR is placed on "the other side" of the MMCONF window + // this would cause the aperature to cover the MMCONF window, which + // isn't supported by EDK2. + // + Status = PcatPciRootBridgeWarnAboutBrokenFW(NewBase, NewLength); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a: Not adding PCI %x:%x.%x BAR@%d %x:%x to aperature\n", + __FUNCTION__, + Bus, + Device, + Function, + Offset, + Base, + Limit)); + continue; + } + if (MemAperture->Base > Base) { MemAperture->Base = Base; } From f7f97914c558e67430a2837952d9be72894fef72 Mon Sep 17 00:00:00 2001 From: Christian Walter Date: Mon, 25 May 2020 09:27:49 +0200 Subject: [PATCH 030/357] DasharoPayloadPkg: Add TPM2 Support in EDK2 Signed-off-by: Christian Walter --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 58 +++++++- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 15 +++ .../Tcg/Tcg2Config/Tcg2ConfigPei.inf | 54 ++++++++ .../Tcg/Tcg2Config/Tcg2ConfigPeim.c | 127 ++++++++++++++++++ 4 files changed, 251 insertions(+), 3 deletions(-) create mode 100644 DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf create mode 100644 DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 0968816eb6..ddf2ca1c85 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -86,6 +86,7 @@ # Security options: # DEFINE SECURE_BOOT_ENABLE = FALSE + DEFINE TPM_ENABLE = TRUE # # Network definition @@ -167,6 +168,7 @@ PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMaintenanceLib.inf SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf + RngLib|DasharoPayloadPkg/Library/BaseRngLib/BaseRngLib.inf # # UEFI & PI @@ -279,6 +281,14 @@ SmmStoreLib|DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStoreLib.inf !endif +!if $(TPM_ENABLE) == TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +!endif + [LibraryClasses.IA32.SEC] DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf @@ -297,6 +307,13 @@ DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SecPeiDebugAgentLib.inf !endif +[LibraryClasses.common.PEIM] +!if $(TPM_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +!endif + [LibraryClasses.common.DXE_CORE] PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf @@ -443,6 +460,8 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow|31 gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn|100 + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} + ################################################################################ # # Components Section - list of all EDK II Modules needed by this Platform. @@ -472,6 +491,20 @@ DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +!if $(TPM_ENABLE) == TRUE + DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + SecurityPkg/Tcg/TcgPei/TcgPei.inf + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!endif + [Components.X64] # # DXE Core @@ -634,10 +667,29 @@ # # Random Number Generator # - SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf { - - RngLib|DasharoPayloadPkg/Library/BaseRngLib/BaseRngLib.inf + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf + +!if $(TPM_ENABLE) == TRUE + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf + } + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { + + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + } +!endif #------------------------------ # Build the shell diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 76f46b40e2..68e9b7e88d 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -51,6 +51,12 @@ INF MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf INF DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +!if $(TPM_ENABLE) == TRUE +INF DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +!endif + ################################################################################ [FV.DXEFV] @@ -260,6 +266,15 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf # INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +# +# Security +# +!if $(TPM_ENABLE) == TRUE +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif + # # Shell # diff --git a/DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf new file mode 100644 index 0000000000..16205e20df --- /dev/null +++ b/DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -0,0 +1,54 @@ +## @file +# Set TPM device type +# +# In SecurityPkg, this module initializes the TPM device type based on a UEFI +# variable and/or hardware detection. In OvmfPkg, the module only performs TPM2 +# hardware detection. +# +# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+# Copyright (C) 2018, Red Hat, Inc. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2ConfigPei + FILE_GUID = BF7F2B0C-9F2F-4889-AB5C-12460022BE87 + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = Tcg2ConfigPeimEntryPoint + +[Sources] + Tcg2ConfigPeim.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + PeimEntryPoint + DebugLib + PeiServicesLib + Tpm12CommandLib + Tpm12DeviceLib + Tpm2DeviceLib + +[Guids] + gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID + gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES + gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES + +[Ppis] + gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES + +[Depex.IA32, Depex.X64] + TRUE + +[Depex.ARM, Depex.AARCH64] + gOvmfTpmDiscoveredPpiGuid diff --git a/DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c new file mode 100644 index 0000000000..9234dd9119 --- /dev/null +++ b/DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c @@ -0,0 +1,127 @@ +/** @file + Set TPM device type + + In SecurityPkg, this module initializes the TPM device type based on a UEFI + variable and/or hardware detection. In OvmfPkg, the module only performs TPM2 + hardware detection. + + Copyright (c) 2015, Intel Corporation. All rights reserved.
+ Copyright (C) 2018, Red Hat, Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include + +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi = { + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEfiTpmDeviceSelectedGuid, + NULL +}; + +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gPeiTpmInitializationDonePpiGuid, + NULL +}; + +#pragma pack (1) + +typedef struct { + TPM_RSP_COMMAND_HDR Hdr; + TPM_CURRENT_TICKS CurrentTicks; +} TPM_RSP_GET_TICKS; + +#pragma pack () + +static +EFI_STATUS +TestTpm12 ( + ) +{ + EFI_STATUS Status; + TPM_RQU_COMMAND_HDR Command; + TPM_RSP_GET_TICKS Response; + UINT32 Length; + + Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.paramSize = SwapBytes32 (sizeof (Command)); + Command.ordinal = SwapBytes32 (TPM_ORD_GetTicks); + + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + + return EFI_SUCCESS; +} + + +/** + The entry point for Tcg2 configuration driver. + + @param FileHandle Handle of the file being invoked. + @param PeiServices Describes the list of possible PEI Services. +**/ +EFI_STATUS +EFIAPI +Tcg2ConfigPeimEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + UINTN Size; + EFI_STATUS Status; + + Status = Tpm12RequestUseTpm (); + if (!EFI_ERROR (Status) && !EFI_ERROR (TestTpm12 ())) { + DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__)); + Size = sizeof (gEfiTpmDeviceInstanceTpm12Guid); + Status = PcdSetPtrS ( + PcdTpmInstanceGuid, + &Size, + &gEfiTpmDeviceInstanceTpm12Guid + ); + ASSERT_EFI_ERROR (Status); + } else { + Status = Tpm2RequestUseTpm (); + if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__)); + Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid); + Status = PcdSetPtrS ( + PcdTpmInstanceGuid, + &Size, + &gEfiTpmDeviceInstanceTpm20DtpmGuid + ); + ASSERT_EFI_ERROR (Status); + } else { + DEBUG ((DEBUG_INFO, "%a: no TPM detected\n", __FUNCTION__)); + // + // If no TPM2 was detected, we still need to install + // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing + // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have + // to install the PPI in its place, in order to unblock any dependent + // PEIMs. + // + Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList); + ASSERT_EFI_ERROR (Status); + } + } + + // + // Selection done + // + Status = PeiServicesInstallPpi (&mTpmSelectedPpi); + ASSERT_EFI_ERROR (Status); + + return Status; +} From 2b22d792f3a80e0fcf1adefbbcc94d35a4e07e1f Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Wed, 22 Jul 2020 11:08:57 +0200 Subject: [PATCH 031/357] DasharoPayloadPkg/BlSupportDxe: Use EfiSmbiosProtocol to install tables The default EfiSmbiosProtocol operates on an empty SMBIOS tables. As the SMBIOS tables are provided by the bootloader, install the SMBIOS tables using the EfiSmbiosProtocol to make them appear in the UI, which until now doesn't display hardware information. Tests showed that the OS can still see the SMBIOS tables. Signed-off-by: Patrick Rudolph --- DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c | 111 +++++++++++++++++- DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.h | 3 + .../BlSupportDxe/BlSupportDxe.inf | 5 +- 3 files changed, 116 insertions(+), 3 deletions(-) diff --git a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c index 28dfc8fc55..16fe5c63f9 100644 --- a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c +++ b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c @@ -79,6 +79,109 @@ ReserveResourceInGcd ( return Status; } +EFI_STATUS +EFIAPI +BlDxeInstallSMBIOStables( + IN UINT64 SmbiosTableBase, + IN UINT32 SmbiosTableSize +) +{ + EFI_STATUS Status; + SMBIOS_TABLE_ENTRY_POINT *SmbiosTable; + SMBIOS_TABLE_3_0_ENTRY_POINT *Smbios30Table; + SMBIOS_STRUCTURE_POINTER Smbios; + SMBIOS_STRUCTURE_POINTER SmbiosEnd; + CHAR8 *String; + EFI_SMBIOS_HANDLE SmbiosHandle; + EFI_SMBIOS_PROTOCOL *SmbiosProto; + + // + // Locate Smbios protocol. + // + Status = gBS->LocateProtocol (&gEfiSmbiosProtocolGuid, NULL, (VOID **)&SmbiosProto); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Failed to locate gEfiSmbiosProtocolGuid\n", + __FUNCTION__ + )); + return Status; + } + + Smbios30Table = (SMBIOS_TABLE_3_0_ENTRY_POINT *)(UINTN)(SmbiosTableBase); + SmbiosTable = (SMBIOS_TABLE_ENTRY_POINT *)(UINTN)(SmbiosTableBase); + + if (CompareMem (Smbios30Table->AnchorString, "_SM3_", 5) == 0) { + Smbios.Hdr = (SMBIOS_STRUCTURE *) (UINTN) Smbios30Table->TableAddress; + SmbiosEnd.Raw = (UINT8 *) (UINTN) (Smbios30Table->TableAddress + Smbios30Table->TableMaximumSize); + if (Smbios30Table->TableMaximumSize > SmbiosTableSize) { + DEBUG((EFI_D_INFO, "%a: SMBIOS table size greater than reported by bootloader\n", + __FUNCTION__)); + } + } else if (CompareMem (SmbiosTable->AnchorString, "_SM_", 4) == 0) { + Smbios.Hdr = (SMBIOS_STRUCTURE *) (UINTN) SmbiosTable->TableAddress; + SmbiosEnd.Raw = (UINT8 *) ((UINTN) SmbiosTable->TableAddress + SmbiosTable->TableLength); + + if (SmbiosTable->TableLength > SmbiosTableSize) { + DEBUG((EFI_D_INFO, "%a: SMBIOS table size greater than reported by bootloader\n", + __FUNCTION__ + )); + } + } else { + DEBUG ((DEBUG_ERROR, "%a: No valid SMBIOS table found\n", + __FUNCTION__ + )); + return EFI_NOT_FOUND; + } + + do { + // Check for end marker + if (Smbios.Hdr->Type == 127) { + break; + } + + // Install the table + SmbiosHandle = SMBIOS_HANDLE_PI_RESERVED; + Status = SmbiosProto->Add ( + SmbiosProto, + gImageHandle, + &SmbiosHandle, + Smbios.Hdr + ); + ASSERT_EFI_ERROR (Status); + + // + // Go to the next SMBIOS structure. Each SMBIOS structure may include 2 parts: + // 1. Formatted section; 2. Unformatted string section. So, 2 steps are needed + // to skip one SMBIOS structure. + // + + // + // Step 1: Skip over formatted section. + // + String = (CHAR8 *) (Smbios.Raw + Smbios.Hdr->Length); + + // + // Step 2: Skip over unformatted string section. + // + do { + // + // Each string is terminated with a NULL(00h) BYTE and the sets of strings + // is terminated with an additional NULL(00h) BYTE. + // + for ( ; *String != 0; String++) { + } + + if (*(UINT8*)++String == 0) { + // + // Pointer to the next SMBIOS structure. + // + Smbios.Raw = (UINT8 *)++String; + break; + } + } while (TRUE); + } while (Smbios.Raw < SmbiosEnd.Raw); + + return EFI_SUCCESS; +} /** Main entry for the bootloader support DXE module. @@ -133,8 +236,12 @@ BlDxeEntryPoint ( // if (SystemTableInfo->SmbiosTableBase != 0 && SystemTableInfo->SmbiosTableSize != 0) { DEBUG ((DEBUG_ERROR, "Install Smbios Table at 0x%lx, length 0x%x\n", SystemTableInfo->SmbiosTableBase, SystemTableInfo->SmbiosTableSize)); - Status = gBS->InstallConfigurationTable (&gEfiSmbiosTableGuid, (VOID *)(UINTN)SystemTableInfo->SmbiosTableBase); - ASSERT_EFI_ERROR (Status); + + if (BlDxeInstallSMBIOStables(SystemTableInfo->SmbiosTableBase, + SystemTableInfo->SmbiosTableSize) != EFI_SUCCESS) { + Status = gBS->InstallConfigurationTable (&gEfiSmbiosTableGuid, (VOID *)(UINTN)SystemTableInfo->SmbiosTableBase); + ASSERT_EFI_ERROR (Status); + } } // diff --git a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.h b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.h index 512105fafd..a5216cd2e9 100644 --- a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.h +++ b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.h @@ -10,6 +10,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include +#include + #include #include #include @@ -26,5 +28,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +#include #endif diff --git a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf index 80b17fa58f..3593ac107a 100644 --- a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf +++ b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf @@ -54,5 +54,8 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution +[Protocols] + gEfiSmbiosProtocolGuid + [Depex] - TRUE + gEfiSmbiosProtocolGuid From 3113c1ca353701de81c645e087a3d4438fa43a50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 12 Sep 2019 12:22:55 +0200 Subject: [PATCH 032/357] DasharoPayloadPkg,PcAtChipsetPkg: fixes for apu2 build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dec | 9 +++++++++ PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c | 4 ++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index 9700c218c4..bb9a7e37ca 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -71,3 +71,12 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0x04|UINT32|0x100 gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0x04|UINT32|0x00000014 gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0xC0|UINT32|0x00000015 gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x80|UINT32|0x00000016 + +[PcdsFixedAtBuild] +## Specifies the initial value for Register_A in RTC. +# @Prompt Initial value for Register_A in RTC. +gPcAtChipsetPkgTokenSpaceGuid.PcdInitialValueRtcRegisterA|0x26|UINT8|0x00000006 + +## Specifies the initial value for Register_B in RTC. +# @Prompt Initial value for Register_B in RTC. +gPcAtChipsetPkgTokenSpaceGuid.PcdInitialValueRtcRegisterB|0x02|UINT8|0x00000002 diff --git a/PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c b/PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c index ff1b019ce2..1ee6b5ffbd 100644 --- a/PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c +++ b/PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c @@ -241,8 +241,8 @@ PcRtcInit ( // // Clear RTC register D // - RegisterD.Data = FixedPcdGet8 (PcdInitialValueRtcRegisterD); - RtcWrite (RTC_ADDRESS_REGISTER_D, RegisterD.Data); + RegisterD.Data = RtcRead (RTC_ADDRESS_REGISTER_D); + RtcWrite (RTC_ADDRESS_REGISTER_D, RegisterD.Data & 0x80); // // Wait for up to 0.1 seconds for the RTC to be updated From 56d2ea575fd2c90d992ded9e6e912b1e17359fca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sun, 4 Oct 2020 20:29:23 +0200 Subject: [PATCH 033/357] DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c: fix BM assert MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../PlatformBootManager.c | 49 ++++++++++--------- 1 file changed, 27 insertions(+), 22 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 15a09c6fcd..9133dcd3c1 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -82,22 +82,15 @@ PlatformFindLoadOption ( return -1; } -/** - Register a boot option using a file GUID in the FV. - - @param FileGuid The file GUID name in FV. - @param Description The boot option description. - @param Attributes The attributes used for the boot option loading. -**/ VOID PlatformRegisterFvBootOption ( EFI_GUID *FileGuid, CHAR16 *Description, UINT32 Attributes -) + ) { EFI_STATUS Status; - UINTN OptionIndex; + INTN OptionIndex; EFI_BOOT_MANAGER_LOAD_OPTION NewOption; EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; UINTN BootOptionCount; @@ -105,14 +98,21 @@ PlatformRegisterFvBootOption ( EFI_LOADED_IMAGE_PROTOCOL *LoadedImage; EFI_DEVICE_PATH_PROTOCOL *DevicePath; - Status = gBS->HandleProtocol (gImageHandle, &gEfiLoadedImageProtocolGuid, (VOID **) &LoadedImage); + Status = gBS->HandleProtocol ( + gImageHandle, + &gEfiLoadedImageProtocolGuid, + (VOID **) &LoadedImage + ); ASSERT_EFI_ERROR (Status); EfiInitializeFwVolDevicepathNode (&FileNode, FileGuid); + DevicePath = DevicePathFromHandle (LoadedImage->DeviceHandle); + ASSERT (DevicePath != NULL); DevicePath = AppendDevicePathNode ( - DevicePathFromHandle (LoadedImage->DeviceHandle), + DevicePath, (EFI_DEVICE_PATH_PROTOCOL *) &FileNode - ); + ); + ASSERT (DevicePath != NULL); Status = EfiBootManagerInitializeLoadOption ( &NewOption, @@ -123,19 +123,24 @@ PlatformRegisterFvBootOption ( DevicePath, NULL, 0 - ); - if (!EFI_ERROR (Status)) { - BootOptions = EfiBootManagerGetLoadOptions (&BootOptionCount, LoadOptionTypeBoot); + ); + ASSERT_EFI_ERROR (Status); + FreePool (DevicePath); - OptionIndex = PlatformFindLoadOption (&NewOption, BootOptions, BootOptionCount); + BootOptions = EfiBootManagerGetLoadOptions ( + &BootOptionCount, LoadOptionTypeBoot + ); - if (OptionIndex == -1) { - Status = EfiBootManagerAddLoadOptionVariable (&NewOption, (UINTN) -1); - ASSERT_EFI_ERROR (Status); - } - EfiBootManagerFreeLoadOption (&NewOption); - EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); + OptionIndex = EfiBootManagerFindLoadOption ( + &NewOption, BootOptions, BootOptionCount + ); + + if (OptionIndex == -1) { + Status = EfiBootManagerAddLoadOptionVariable (&NewOption, MAX_UINTN); + ASSERT_EFI_ERROR (Status); } + EfiBootManagerFreeLoadOption (&NewOption); + EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); } STATIC From 43fd8dd34543a55497532237839417958921abae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sun, 4 Oct 2020 20:42:47 +0200 Subject: [PATCH 034/357] DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c: debug boot options registering MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../Library/PlatformBootManagerLib/PlatformBootManager.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 9133dcd3c1..41de1c38f5 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -292,11 +292,13 @@ PlatformBootManagerAfterConsole ( // // Register UEFI Shell // + DEBUG((DEBUG_INFO, "Registering UEFI Shell boot option\n")); PlatformRegisterFvBootOption (PcdGetPtr (PcdShellFile), L"UEFI Shell", LOAD_OPTION_ACTIVE); // // Register iPXE // + DEBUG((DEBUG_INFO, "Registering iPXE boot option\n")); PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), L"iPXE Network boot", LOAD_OPTION_ACTIVE); Print ( From 9a38a59654cf750067f1ba308edfe70ad02a3902 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 22 Feb 2021 00:30:00 +0100 Subject: [PATCH 035/357] DasharoPayloadPkg: boot manager improvements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 10 + .../PlatformBootManager.c | 177 ++++++++++++++++-- 2 files changed, 175 insertions(+), 12 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index ddf2ca1c85..fc3eed80f0 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -338,6 +338,10 @@ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!if $(TPM_ENABLE) == TRUE + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif [LibraryClasses.common.DXE_RUNTIME_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -462,6 +466,12 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} +[PcdsDynamicHii] +!if $(TPM_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|4|NV,BS +!endif + ################################################################################ # # Components Section - list of all EDK II Modules needed by this Platform. diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 41de1c38f5..44f121c195 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -9,6 +9,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "PlatformBootManager.h" #include "PlatformConsole.h" +#include + +EFI_GUID mBootMenuFile = { + 0xEEC25BDC, 0x67F2, 0x4D95, { 0xB1, 0xD5, 0xF8, 0x1B, 0x20, 0x39, 0xD1, 0x1D } +}; VOID InstallReadyToLock ( @@ -216,6 +221,141 @@ ConnectRootBridge ( return Status; } +EFI_DEVICE_PATH * +FvFilePath ( + EFI_GUID *FileGuid + ) +{ + + EFI_STATUS Status; + EFI_LOADED_IMAGE_PROTOCOL *LoadedImage; + MEDIA_FW_VOL_FILEPATH_DEVICE_PATH FileNode; + + EfiInitializeFwVolDevicepathNode (&FileNode, FileGuid); + + Status = gBS->HandleProtocol ( + gImageHandle, + &gEfiLoadedImageProtocolGuid, + (VOID **) &LoadedImage + ); + ASSERT_EFI_ERROR (Status); + return AppendDevicePathNode ( + DevicePathFromHandle (LoadedImage->DeviceHandle), + (EFI_DEVICE_PATH_PROTOCOL *) &FileNode + ); +} + +/** + Create one boot option for BootManagerMenuApp. + + @retval OptionNumber Return the option number info. + +**/ +UINTN +RegisterBootManagerMenuAppBootOption ( + VOID + ) +{ + EFI_STATUS Status; + EFI_BOOT_MANAGER_LOAD_OPTION NewOption; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + UINTN OptionNumber; + + DevicePath = FvFilePath (&mBootMenuFile); + // Use LOAD_OPTION_HIDDEN to not display Boot Manager Menu App in + // "One Time Boot" menu. + Status = EfiBootManagerInitializeLoadOption ( + &NewOption, + LoadOptionNumberUnassigned, + LoadOptionTypeBoot, + LOAD_OPTION_CATEGORY_APP | LOAD_OPTION_HIDDEN, + L"UEFI BootManagerMenuApp", + DevicePath, + NULL, + 0 + ); + ASSERT_EFI_ERROR (Status); + FreePool (DevicePath); + + Status = EfiBootManagerAddLoadOptionVariable (&NewOption, MAX_UINTN); + ASSERT_EFI_ERROR (Status); + + OptionNumber = NewOption.OptionNumber; + + EfiBootManagerFreeLoadOption (&NewOption); + + return OptionNumber; +} + +/** + Check if it's a Device Path pointing to BootManagerMenuApp. + + @param DevicePath Input device path. + + @retval TRUE The device path is BootManagerMenuApp File Device Path. + @retval FALSE The device path is NOT BootManagerMenuApp File Device Path. +**/ +BOOLEAN +IsBootManagerMenuAppFilePath ( + EFI_DEVICE_PATH_PROTOCOL *DevicePath +) +{ + EFI_HANDLE FvHandle; + VOID *NameGuid; + EFI_STATUS Status; + + Status = gBS->LocateDevicePath (&gEfiFirmwareVolume2ProtocolGuid, &DevicePath, &FvHandle); + if (!EFI_ERROR (Status)) { + NameGuid = EfiGetNameGuidFromFwVolDevicePathNode ((CONST MEDIA_FW_VOL_FILEPATH_DEVICE_PATH *) DevicePath); + if (NameGuid != NULL) { + return CompareGuid (NameGuid, &mBootMenuFile); + } + } + + return FALSE; +} + +/** + Return the boot option number to the BootManagerMenuApp. + + If not found it in the current boot option, create a new one. + + @retval OptionNumber Return the boot option number to the BootManagerMenuApp. + +**/ +UINTN +GetBootManagerMenuAppOption ( + VOID + ) +{ + UINTN BootOptionCount; + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; + UINTN Index; + UINTN OptionNumber; + + OptionNumber = 0; + + BootOptions = EfiBootManagerGetLoadOptions (&BootOptionCount, LoadOptionTypeBoot); + + for (Index = 0; Index < BootOptionCount; Index++) { + if (IsBootManagerMenuAppFilePath (BootOptions[Index].FilePath)) { + OptionNumber = BootOptions[Index].OptionNumber; + break; + } + } + + EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); + + if (Index >= BootOptionCount) { + // + // If not found the BootManagerMenuApp, create it. + // + OptionNumber = (UINT16) RegisterBootManagerMenuAppBootOption (); + } + + return OptionNumber; +} + /** Do the platform specific action before the console is connected. @@ -230,8 +370,11 @@ PlatformBootManagerBeforeConsole ( VOID ) { - EFI_INPUT_KEY Escape; - EFI_BOOT_MANAGER_LOAD_OPTION BootOption; + EFI_INPUT_KEY Enter; + EFI_INPUT_KEY Esc; + EFI_INPUT_KEY F12; + EFI_BOOT_MANAGER_LOAD_OPTION BootOption; + UINTN OptionNumber; VisitAllInstancesOfProtocol (&gEfiPciRootBridgeIoProtocolGuid, ConnectRootBridge, NULL); @@ -239,12 +382,26 @@ PlatformBootManagerBeforeConsole ( PlatformConsoleInit (); // - // Map Escape to Boot Manager Menu + // Register ENTER as CONTINUE key + // + Enter.ScanCode = SCAN_NULL; + Enter.UnicodeChar = CHAR_CARRIAGE_RETURN; + EfiBootManagerRegisterContinueKeyOption (0, &Enter, NULL); // - Escape.ScanCode = SCAN_ESC; - Escape.UnicodeChar = CHAR_NULL; + // Map ESC to Boot Manager Menu + // + Esc.ScanCode = SCAN_ESC; + Esc.UnicodeChar = CHAR_NULL; EfiBootManagerGetBootManagerMenu (&BootOption); - EfiBootManagerAddKeyOptionVariable (NULL, (UINT16) BootOption.OptionNumber, 0, &Escape, NULL); + EfiBootManagerAddKeyOptionVariable (NULL, (UINT16) BootOption.OptionNumber, 0, &Esc, NULL); + + // + // Map F12 to Boot Device List menu + // + F12.ScanCode = SCAN_F12; + F12.UnicodeChar = CHAR_NULL; + OptionNumber = GetBootManagerMenuAppOption (); + EfiBootManagerAddKeyOptionVariable (NULL, (UINT16)OptionNumber, 0, &F12, NULL); // // Install ready to lock. @@ -258,6 +415,7 @@ PlatformBootManagerBeforeConsole ( EfiBootManagerDispatchDeferredImages (); } + /** Do the platform specific action after the console is connected. @@ -301,12 +459,7 @@ PlatformBootManagerAfterConsole ( DEBUG((DEBUG_INFO, "Registering iPXE boot option\n")); PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), L"iPXE Network boot", LOAD_OPTION_ACTIVE); - Print ( - L"\n" - L"F2 or Down to enter Boot Manager Menu.\n" - L"ENTER to boot directly.\n" - L"\n" - ); + Print (L"ESC to enter Setup\nF12 to enter Boot Manager Menu\nEnter to boot directly"); } /** From b91310a01ef1ef8eb50453b20d7ecf617a669e3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 22 Feb 2021 23:54:55 +0100 Subject: [PATCH 036/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: improve the BM with progress and more hotkeys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../PlatformBootManager.c | 36 ++++++++++++++++++- .../PlatformBootManagerLib.inf | 1 + 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 44f121c195..9a85e0d96f 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -10,6 +10,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "PlatformBootManager.h" #include "PlatformConsole.h" #include +#include +#include EFI_GUID mBootMenuFile = { 0xEEC25BDC, 0x67F2, 0x4D95, { 0xB1, 0xD5, 0xF8, 0x1B, 0x20, 0x39, 0xD1, 0x1D } @@ -375,6 +377,9 @@ PlatformBootManagerBeforeConsole ( EFI_INPUT_KEY F12; EFI_BOOT_MANAGER_LOAD_OPTION BootOption; UINTN OptionNumber; + EFI_STATUS Status; + UINT16 BootTimeOut; + UINTN VarSize; VisitAllInstancesOfProtocol (&gEfiPciRootBridgeIoProtocolGuid, ConnectRootBridge, NULL); @@ -403,6 +408,19 @@ PlatformBootManagerBeforeConsole ( OptionNumber = GetBootManagerMenuAppOption (); EfiBootManagerAddKeyOptionVariable (NULL, (UINT16)OptionNumber, 0, &F12, NULL); + Status = gRT->GetVariable( + L"Timeout", + &gEfiGlobalVariableGuid, + NULL, + &VarSize, + &BootTimeOut + ); + if (!EFI_ERROR (Status)) { + if (VarSize == sizeof(UINT16) && BootTimeOut != 0) { + PcdSet16S (PcdPlatformBootTimeOut, BootTimeOut); + } + } + // // Install ready to lock. // This needs to be done before option rom dispatched. @@ -473,7 +491,23 @@ PlatformBootManagerWaitCallback ( UINT16 TimeoutRemain ) { - return; + EFI_GRAPHICS_OUTPUT_BLT_PIXEL_UNION Black; + EFI_GRAPHICS_OUTPUT_BLT_PIXEL_UNION White; + UINT16 Timeout; + + Timeout = PcdGet16 (PcdPlatformBootTimeOut); + + Black.Raw = 0x00000000; + White.Raw = 0x00FFFFFF; + + BootLogoUpdateProgress ( + White.Pixel, + Black.Pixel, + L"Start boot option", + White.Pixel, + (Timeout - TimeoutRemain) * 100 / Timeout, + 0 + ); } /** diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index a3b33ed110..f3f8474f69 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -50,6 +50,7 @@ [Guids] gEfiEndOfDxeEventGroupGuid + gEfiGlobalVariableGuid [Protocols] gEfiGenericMemTestProtocolGuid ## CONSUMES From f48d13659add64f7743da96bb9e4e8a4bd2a8520 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 7 Oct 2020 23:26:18 +0200 Subject: [PATCH 037/357] DasharoPayloadPkg/DasharoPayloadPkgIa32X64: add HDD and OPAL password MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The new features are guarded by options. Changes in SecurityPkg: * SecurityPkg/HddPassword/HddPasswordDxe.c Ignore mHddPasswordEndOfDxe in HddPasswordNotificationEvent which fixes empty password issue. * SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c Don't check for EndOfDxe which doesn't work in DasharoPayloadPkg because we do PCIe enumeration in BDS. Signed-off-by: Michał Kopeć --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 34 +++++++++++++++++-- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 13 +++++++ SecurityPkg/HddPassword/HddPasswordDxe.c | 12 ++++--- .../Tcg/Opal/OpalPassword/OpalDriver.c | 4 --- 4 files changed, 53 insertions(+), 10 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index fc3eed80f0..4bf1ba845b 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -87,7 +87,8 @@ # DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE TPM_ENABLE = TRUE - + DEFINE SATA_PASSWORD_ENABLE = FALSE + DEFINE OPAL_PASSWORD_ENABLE = FALSE # # Network definition # @@ -253,6 +254,12 @@ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf +!if $(OPAL_PASSWORD_ENABLE) == TRUE + TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf + TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf +!endif + S3BootScriptLib|MdePkg/Library/BaseS3BootScriptLibNull/BaseS3BootScriptLibNull.inf + # # Network # @@ -284,7 +291,6 @@ !if $(TPM_ENABLE) == TRUE Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf !endif @@ -312,6 +318,7 @@ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf !endif [LibraryClasses.common.DXE_CORE] @@ -341,6 +348,7 @@ !if $(TPM_ENABLE) == TRUE Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf !endif [LibraryClasses.common.DXE_RUNTIME_DRIVER] @@ -513,6 +521,13 @@ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } +!if $(OPAL_PASSWORD_ENABLE) == TRUE + SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.inf +!endif +!endif + +!if $(SATA_PASSWORD_ENABLE) == TRUE + SecurityPkg/HddPassword/HddPasswordPei.inf !endif [Components.X64] @@ -699,7 +714,22 @@ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf } + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf{ + + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + } +!if $(OPAL_PASSWORD_ENABLE) == TRUE + SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf + } !endif +!endif + +!if $(SATA_PASSWORD_ENABLE) == TRUE + SecurityPkg/HddPassword/HddPasswordDxe.inf +!endif + #------------------------------ # Build the shell diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 68e9b7e88d..c4d1ece4f0 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -55,8 +55,14 @@ INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf INF DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +!if $(OPAL_PASSWORD_ENABLE) == TRUE +INF SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.inf +!endif !endif +!if $(SATA_PASSWORD_ENABLE) == TRUE +INF SecurityPkg/HddPassword/HddPasswordPei.inf +!endif ################################################################################ [FV.DXEFV] @@ -273,6 +279,13 @@ INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!if $(OPAL_PASSWORD_ENABLE) == TRUE +INF SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf +!endif +!endif + +!if $(SATA_PASSWORD_ENABLE) == TRUE +INF SecurityPkg/HddPassword/HddPasswordDxe.inf !endif # diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPassword/HddPasswordDxe.c index 6f36b5a0a2..7c6aa729a6 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.c +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -2625,10 +2625,14 @@ HddPasswordNotificationEvent ( UINTN DevNum; UINTN FuncNum; - if (mHddPasswordEndOfDxe) { - gBS->CloseEvent (Event); - return; - } + // FIXME: AtaPassThruProtocol is installed in BDS, which makes it impossible + // to create a list of disks for the UI menu before END_OF_DXE signal which + // sets mHddPasswordEndOfDxe via notify function. It creates a dead end + // resulting in empty HDD password menu. + // if (mHddPasswordEndOfDxe) { + // gBS->CloseEvent (Event); + // return; + // } Private = (HDD_PASSWORD_DXE_PRIVATE_DATA *)Context; diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c index ba9fa66c60..fc90cb0a6b 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -2717,10 +2717,6 @@ OpalEfiDriverBindingSupported ( EFI_STATUS Status; EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *SecurityCommand; - if (mOpalEndOfDxe) { - return EFI_UNSUPPORTED; - } - // // Test EFI_STORAGE_SECURITY_COMMAND_PROTOCOL on controller Handle. // From 7c1d207240093f6e334ea6bbc82e354296a7197f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 24 Feb 2021 01:03:27 +0100 Subject: [PATCH 038/357] DasharoPayloadPkg: add more boot applications MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 4 ++++ DasharoPayloadPkg/DasharoPayloadPkg.fdf | 3 +++ .../Library/PlatformBootManagerLib/PlatformBootManager.c | 4 +--- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 4bf1ba845b..239facc362 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -376,6 +376,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics|TRUE [PcdsFixedAtBuild] # UEFI spec: Minimal value is 0x8000! @@ -568,6 +569,9 @@ NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerUiLib.inf } + MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf + MdeModulePkg/Application/VariableInfo/VariableInfo.inf + MdeModulePkg/Application/DumpDynPcd/DumpDynPcd.inf PcAtChipsetPkg/HpetTimerDxe/HpetTimerDxe.inf MdeModulePkg/Universal/Metronome/Metronome.inf diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index c4d1ece4f0..2e7d53de9b 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -107,6 +107,9 @@ INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf INF UefiCpuPkg/CpuDxe/CpuDxe.inf INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf INF MdeModulePkg/Application/UiApp/UiApp.inf +INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf +INF MdeModulePkg/Application/VariableInfo/VariableInfo.inf +INF MdeModulePkg/Application/DumpDynPcd/DumpDynPcd.inf INF PcAtChipsetPkg/HpetTimerDxe/HpetTimerDxe.inf INF MdeModulePkg/Universal/Metronome/Metronome.inf INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 9a85e0d96f..c1df5f697d 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -415,10 +415,8 @@ PlatformBootManagerBeforeConsole ( &VarSize, &BootTimeOut ); - if (!EFI_ERROR (Status)) { - if (VarSize == sizeof(UINT16) && BootTimeOut != 0) { + if (!EFI_ERROR (Status) && BootTimeOut != 0) { PcdSet16S (PcdPlatformBootTimeOut, BootTimeOut); - } } // From 704e1148ca1ffd328dfc05287509cc755c4a5922 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 24 Feb 2021 01:23:53 +0100 Subject: [PATCH 039/357] MdeModulePkg/Universal/BdsDxe: fix setting autoboot timeout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../PlatformBootManager.c | 16 +--------------- .../BootMaintenance.c | 1 + MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 17 +++++++++++++---- 3 files changed, 15 insertions(+), 19 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index c1df5f697d..2a3b44f1d2 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -377,9 +377,6 @@ PlatformBootManagerBeforeConsole ( EFI_INPUT_KEY F12; EFI_BOOT_MANAGER_LOAD_OPTION BootOption; UINTN OptionNumber; - EFI_STATUS Status; - UINT16 BootTimeOut; - UINTN VarSize; VisitAllInstancesOfProtocol (&gEfiPciRootBridgeIoProtocolGuid, ConnectRootBridge, NULL); @@ -408,17 +405,6 @@ PlatformBootManagerBeforeConsole ( OptionNumber = GetBootManagerMenuAppOption (); EfiBootManagerAddKeyOptionVariable (NULL, (UINT16)OptionNumber, 0, &F12, NULL); - Status = gRT->GetVariable( - L"Timeout", - &gEfiGlobalVariableGuid, - NULL, - &VarSize, - &BootTimeOut - ); - if (!EFI_ERROR (Status) && BootTimeOut != 0) { - PcdSet16S (PcdPlatformBootTimeOut, BootTimeOut); - } - // // Install ready to lock. // This needs to be done before option rom dispatched. @@ -501,7 +487,7 @@ PlatformBootManagerWaitCallback ( BootLogoUpdateProgress ( White.Pixel, Black.Pixel, - L"Start boot option", + L"", White.Pixel, (Timeout - TimeoutRemain) * 100 / Timeout, 0 diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c index 19751642a3..774269dd87 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c @@ -894,6 +894,7 @@ BootMaintRouteConfig ( goto Exit; } + PcdSet16S (PcdPlatformBootTimeOut, NewBmmData->BootTimeOut); Private->BmmOldFakeNVData.BootTimeOut = NewBmmData->BootTimeOut; } diff --git a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c index 72de8d3211..9a16832f1b 100644 --- a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c +++ b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c @@ -746,10 +746,19 @@ BdsEntry ( InitializeHwErrRecSupport (); - // - // Initialize L"Timeout" EFI global variable. - // - BootTimeOut = PcdGet16 (PcdPlatformBootTimeOut); + Status = gRT->GetVariable( + L"Timeout", + &gEfiGlobalVariableGuid, + NULL, + &DataSize, + &BootTimeOut + ); + if (!EFI_ERROR (Status) && BootTimeOut != 0 && BootTimeOut != 0xFFFF) { + PcdSet16S (PcdPlatformBootTimeOut, BootTimeOut); + } else { + BootTimeOut = PcdGet16 (PcdPlatformBootTimeOut); + } + if (BootTimeOut != 0xFFFF) { // // If time out value equal 0xFFFF, no need set to 0xFFFF to variable area because UEFI specification From d8abbc9961b3d4e8979bb8f2ec622ebb43a93dc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 24 Feb 2021 01:43:24 +0100 Subject: [PATCH 040/357] MdeModulePkg/Library/BootLogoLib/BootLogoLib.c: draw progress bar without spaces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- MdeModulePkg/Library/BootLogoLib/BootLogoLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c b/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c index 8721b31465..a7a831ae46 100644 --- a/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c +++ b/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c @@ -535,7 +535,7 @@ BootLogoUpdateProgress ( 0, PosX, PosY, - BlockWidth - 1, + BlockWidth, BlockHeight, (BlockWidth) * sizeof (EFI_UGA_PIXEL) ); From 27850501f7e450659f3afad49a780912a46b5451 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 24 Feb 2021 01:55:04 +0100 Subject: [PATCH 041/357] MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c: rename UiApp boot options as Setup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c index d14fac06c2..2f2318da0e 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c @@ -2900,7 +2900,7 @@ BmRegisterBootManagerMenu ( LoadOptionNumberUnassigned, LoadOptionTypeBoot, LOAD_OPTION_CATEGORY_APP | LOAD_OPTION_ACTIVE | LOAD_OPTION_HIDDEN, - (Description != NULL) ? Description : L"Boot Manager Menu", + L"Setup", DevicePath, NULL, 0 From ef40a2cb48ff306e33450d991181ffe61fd623d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 7 Apr 2021 12:56:33 +0200 Subject: [PATCH 042/357] MdePkg/Library/UefiLib/UefiLibPrint.c: free only non-NULL buffers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- MdePkg/Library/UefiLib/UefiLibPrint.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/MdePkg/Library/UefiLib/UefiLibPrint.c b/MdePkg/Library/UefiLib/UefiLibPrint.c index 39edeb7283..ab7bc25632 100644 --- a/MdePkg/Library/UefiLib/UefiLibPrint.c +++ b/MdePkg/Library/UefiLib/UefiLibPrint.c @@ -545,8 +545,9 @@ InternalPrintGraphic ( } else { PrintNum = 0; } - - FreePool (RowInfoArray); + if (RowInfoArray != NULL) { + FreePool (RowInfoArray); + } FreePool (Blt); return PrintNum; From 2e331e89762e7d6c1acb421f41f2411228a293a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sun, 21 Mar 2021 16:56:36 +0100 Subject: [PATCH 043/357] DasharoPayloadPkg/DasharoPayloadPkgIa32X64.dsc: add max print buffer size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + 1 file changed, 1 insertion(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 239facc362..8b1065bf16 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -387,6 +387,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0 gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } + gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|$(PCIE_BASE) From 052637ed883d30f21dbd7b4043eef953b3bac593 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 25 May 2021 14:24:34 +0200 Subject: [PATCH 044/357] DasharoPayloadPkg: add option to select boot menu key MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dec | 3 +++ DasharoPayloadPkg/DasharoPayloadPkg.dsc | 3 +++ .../PlatformBootManager.c | 21 +++++++++++++++++-- .../PlatformBootManagerLib.inf | 1 + 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index bb9a7e37ca..6f0697c042 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -80,3 +80,6 @@ gPcAtChipsetPkgTokenSpaceGuid.PcdInitialValueRtcRegisterA|0x26|UINT8|0x00000006 ## Specifies the initial value for Register_B in RTC. # @Prompt Initial value for Register_B in RTC. gPcAtChipsetPkgTokenSpaceGuid.PcdInitialValueRtcRegisterB|0x02|UINT8|0x00000002 + +## Specifies the scan code of the key to enter boot menu +gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey|0x0016|UINT16|0x00000007 diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 8b1065bf16..bb11932f4a 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -59,6 +59,8 @@ DEFINE UART_DEFAULT_STOP_BITS = 1 DEFINE DEFAULT_TERMINAL_TYPE = 0 + DEFINE BOOT_MENU_KEY = 0x0016 + # # typedef struct { # UINT16 VendorId; ///< Vendor ID to match the PCI device. The value 0xFFFF terminates the list of entries. @@ -388,6 +390,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 + gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey|$(BOOT_MENU_KEY) gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|$(PCIE_BASE) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 2a3b44f1d2..06f7c69d6a 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -400,7 +400,7 @@ PlatformBootManagerBeforeConsole ( // // Map F12 to Boot Device List menu // - F12.ScanCode = SCAN_F12; + F12.ScanCode = FixedPcdGet16(PcdBootMenuKey); F12.UnicodeChar = CHAR_NULL; OptionNumber = GetBootManagerMenuAppOption (); EfiBootManagerAddKeyOptionVariable (NULL, (UINT16)OptionNumber, 0, &F12, NULL); @@ -436,6 +436,7 @@ PlatformBootManagerAfterConsole ( { EFI_GRAPHICS_OUTPUT_BLT_PIXEL Black; EFI_GRAPHICS_OUTPUT_BLT_PIXEL White; + CHAR16 *BootMenuKey; Black.Blue = Black.Green = Black.Red = Black.Reserved = 0; White.Blue = White.Green = White.Red = White.Reserved = 0xFF; @@ -461,7 +462,23 @@ PlatformBootManagerAfterConsole ( DEBUG((DEBUG_INFO, "Registering iPXE boot option\n")); PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), L"iPXE Network boot", LOAD_OPTION_ACTIVE); - Print (L"ESC to enter Setup\nF12 to enter Boot Manager Menu\nEnter to boot directly"); + switch (FixedPcdGet16(PcdBootMenuKey)) { + case 0x000B: BootMenuKey = L"F1 "; break; + case 0x000C: BootMenuKey = L"F2 "; break; + case 0x000D: BootMenuKey = L"F3 "; break; + case 0x000E: BootMenuKey = L"F4 "; break; + case 0x000F: BootMenuKey = L"F5 "; break; + case 0x0010: BootMenuKey = L"F6 "; break; + case 0x0011: BootMenuKey = L"F7 "; break; + case 0x0012: BootMenuKey = L"F8 "; break; + case 0x0013: BootMenuKey = L"F9 "; break; + case 0x0014: BootMenuKey = L"F10"; break; + case 0x0015: BootMenuKey = L"F11"; break; + case 0x0016: BootMenuKey = L"F12"; break; + default: BootMenuKey = L"F12"; break; + } + + Print (L"ESC to enter Setup\n%s to enter Boot Manager Menu\nEnter to boot directly", BootMenuKey); } /** diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index f3f8474f69..7d63b36cc2 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -73,3 +73,4 @@ gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity gEfiMdePkgTokenSpaceGuid.PcdUartDefaultStopBits + gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey From 097de6b93b17bf128324a70b7097c04694aba489 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 25 May 2021 15:45:00 +0200 Subject: [PATCH 045/357] DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c: remove hardcoded serial console MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../PlatformBootManagerLib/PlatformConsole.c | 45 ++++--------------- 1 file changed, 9 insertions(+), 36 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c index a27cc552ab..04d1048f8b 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c @@ -38,28 +38,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent 0 \ } -#define gPciRootBridge \ - PNPID_DEVICE_PATH_NODE(0x0A03) - -#define gPnp16550ComPort \ - PNPID_DEVICE_PATH_NODE(0x0501) - -#define gPnpPs2Keyboard \ - PNPID_DEVICE_PATH_NODE(0x0303) - -#define gUartVendor \ - { \ - { \ - HARDWARE_DEVICE_PATH, \ - HW_VENDOR_DP, \ - { \ - (UINT8) (sizeof (VENDOR_DEVICE_PATH)), \ - (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) \ - } \ - }, \ - EDKII_SERIAL_PORT_LIB_VENDOR_GUID \ - } - #define gUart \ { \ { \ @@ -90,11 +68,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent DEVICE_PATH_MESSAGING_PC_ANSI \ } +#define gPciRootBridge \ + PNPID_DEVICE_PATH_NODE(0x0A03) + +#define gPnp16550ComPort \ + PNPID_DEVICE_PATH_NODE(0x0501) + +#define gPnpPs2Keyboard \ + PNPID_DEVICE_PATH_NODE(0x0303) + ACPI_HID_DEVICE_PATH gPnpPs2KeyboardDeviceNode = gPnpPs2Keyboard; -ACPI_HID_DEVICE_PATH gPnp16550ComPortDeviceNode = gPnp16550ComPort; UART_DEVICE_PATH gUartDeviceNode = gUart; VENDOR_DEVICE_PATH gTerminalTypeDeviceNode = gPcAnsiTerminal; -VENDOR_DEVICE_PATH gUartDeviceVendorNode = gUartVendor; // // Predefined platform root bridge @@ -148,18 +133,6 @@ PrepareLpcBridgeDevicePath ( DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gPnpPs2KeyboardDeviceNode); EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); - // - // Register COM1 - // - DevicePath = TempDevicePath; - DevicePath = AppendDevicePathNode ((EFI_DEVICE_PATH_PROTOCOL *)NULL, (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceVendorNode); - DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode); - DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode); - - EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); - EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); - EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL); - return EFI_SUCCESS; } From 8597895e2070dc9dde229373517309df364f1d59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 25 May 2021 16:20:27 +0200 Subject: [PATCH 046/357] DasharoPayloadPkg/DasharoPayloadPkgIa32X64.dsc: set default terminal type to tty MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index bb11932f4a..38d4249b82 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -57,7 +57,7 @@ DEFINE UART_DEFAULT_DATA_BITS = 8 DEFINE UART_DEFAULT_PARITY = 1 DEFINE UART_DEFAULT_STOP_BITS = 1 - DEFINE DEFAULT_TERMINAL_TYPE = 0 + DEFINE DEFAULT_TERMINAL_TYPE = 4 DEFINE BOOT_MENU_KEY = 0x0016 From b5d6ec4c6f8548245cff059004f5218e0cb6c798 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 25 May 2021 16:42:39 +0200 Subject: [PATCH 047/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: create serial console instance based on default terminal type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../PlatformBootManagerLib.inf | 14 ++++- .../PlatformBootManagerLib/PlatformConsole.c | 56 +++++++++++++++++++ 2 files changed, 69 insertions(+), 1 deletion(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 7d63b36cc2..da57741b03 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -51,6 +51,16 @@ [Guids] gEfiEndOfDxeEventGroupGuid gEfiGlobalVariableGuid + gEfiPcAnsiGuid + gEfiVT100Guid + gEfiVT100PlusGuid + gEfiVTUTF8Guid + gEfiTtyTermGuid + gEdkiiLinuxTermGuid + gEdkiiXtermR6Guid + gEdkiiVT400Guid + gEdkiiSCOTermGuid + gEfiPcAnsiGuid [Protocols] gEfiGenericMemTestProtocolGuid ## CONSUMES @@ -59,7 +69,8 @@ gEfiBootLogoProtocolGuid ## CONSUMES gEfiDxeSmmReadyToLockProtocolGuid gEfiSmmAccess2ProtocolGuid - gEfiPciRootBridgeIoProtocolGuid ## CONSUMES + gEfiPciRootBridgeIoProtocolGuid ## CONSUMES + gEfiDevicePathProtocolGuid ## CONSUMES [Pcd] gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut @@ -73,4 +84,5 @@ gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity gEfiMdePkgTokenSpaceGuid.PcdUartDefaultStopBits + gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c index 04d1048f8b..a75487a21f 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c @@ -9,6 +9,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "PlatformBootManager.h" #include "PlatformConsole.h" #include +#include +#include #define PCI_DEVICE_PATH_NODE(Func, Dev) \ { \ @@ -38,6 +40,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent 0 \ } +#define gUartVendor \ + { \ + { \ + HARDWARE_DEVICE_PATH, \ + HW_VENDOR_DP, \ + { \ + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), \ + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) \ + } \ + }, \ + EDKII_SERIAL_PORT_LIB_VENDOR_GUID \ + } + #define gUart \ { \ { \ @@ -77,9 +92,22 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define gPnpPs2Keyboard \ PNPID_DEVICE_PATH_NODE(0x0303) +typedef enum _TYPE_OF_TERMINAL { + TerminalTypePcAnsi = 0, + TerminalTypeVt100, + TerminalTypeVt100Plus, + TerminalTypeVtUtf8, + TerminalTypeTtyTerm, + TerminalTypeLinux, + TerminalTypeXtermR6, + TerminalTypeVt400, + TerminalTypeSCO +} TYPE_OF_TERMINAL; + ACPI_HID_DEVICE_PATH gPnpPs2KeyboardDeviceNode = gPnpPs2Keyboard; UART_DEVICE_PATH gUartDeviceNode = gUart; VENDOR_DEVICE_PATH gTerminalTypeDeviceNode = gPcAnsiTerminal; +VENDOR_DEVICE_PATH gUartDeviceVendorNode = gUartVendor; // // Predefined platform root bridge @@ -115,6 +143,7 @@ PrepareLpcBridgeDevicePath ( EFI_STATUS Status; EFI_DEVICE_PATH_PROTOCOL *DevicePath; EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; + EFI_GUID TerminalTypeGuid; DevicePath = NULL; Status = gBS->HandleProtocol ( @@ -132,6 +161,33 @@ PrepareLpcBridgeDevicePath ( // DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gPnpPs2KeyboardDeviceNode); EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + // + // Register COM1 + // + DevicePath = TempDevicePath; + DevicePath = AppendDevicePathNode ((EFI_DEVICE_PATH_PROTOCOL *)NULL, (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceVendorNode); + DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode); + + switch (PcdGet8 (PcdDefaultTerminalType)) { + case TerminalTypePcAnsi: TerminalTypeGuid = gEfiPcAnsiGuid; break; + case TerminalTypeVt100: TerminalTypeGuid = gEfiVT100Guid; break; + case TerminalTypeVt100Plus: TerminalTypeGuid = gEfiVT100PlusGuid; break; + case TerminalTypeVtUtf8: TerminalTypeGuid = gEfiVTUTF8Guid; break; + case TerminalTypeTtyTerm: TerminalTypeGuid = gEfiTtyTermGuid; break; + case TerminalTypeLinux: TerminalTypeGuid = gEdkiiLinuxTermGuid; break; + case TerminalTypeXtermR6: TerminalTypeGuid = gEdkiiXtermR6Guid; break; + case TerminalTypeVt400: TerminalTypeGuid = gEdkiiVT400Guid; break; + case TerminalTypeSCO: TerminalTypeGuid = gEdkiiSCOTermGuid; break; + default: TerminalTypeGuid = gEfiPcAnsiGuid; break; + } + + CopyGuid (&gTerminalTypeDeviceNode.Guid, &TerminalTypeGuid); + + DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode); + + EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL); return EFI_SUCCESS; } From afcf1568ea675899f2bf1292131bb65afd0ae9bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 9 Jun 2021 12:35:28 +0200 Subject: [PATCH 048/357] DasharoPayloadPkg: add support for setup menu key selection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dec | 3 + DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 + .../PlatformBootManager.c | 58 +++++++++++++------ .../PlatformBootManagerLib.inf | 1 + 4 files changed, 45 insertions(+), 19 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index 6f0697c042..b3a879dcb8 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -83,3 +83,6 @@ gPcAtChipsetPkgTokenSpaceGuid.PcdInitialValueRtcRegisterB|0x02|UINT8|0x00000002 ## Specifies the scan code of the key to enter boot menu gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey|0x0016|UINT16|0x00000007 + +## Specifies the scan code of the key to enter boot menu +gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey|0x0017|UINT16|0x00000008 diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 38d4249b82..5b58ed4882 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -60,6 +60,7 @@ DEFINE DEFAULT_TERMINAL_TYPE = 4 DEFINE BOOT_MENU_KEY = 0x0016 + DEFINE SETUP_MENU_KEY = 0x0017 # # typedef struct { @@ -391,6 +392,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey|$(BOOT_MENU_KEY) + gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey|$(SETUP_MENU_KEY) gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|$(PCIE_BASE) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 06f7c69d6a..08991a8c1e 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -392,7 +392,7 @@ PlatformBootManagerBeforeConsole ( // // Map ESC to Boot Manager Menu // - Esc.ScanCode = SCAN_ESC; + Esc.ScanCode = FixedPcdGet16(PcdSetupMenuKey);; Esc.UnicodeChar = CHAR_NULL; EfiBootManagerGetBootManagerMenu (&BootOption); EfiBootManagerAddKeyOptionVariable (NULL, (UINT16) BootOption.OptionNumber, 0, &Esc, NULL); @@ -400,8 +400,8 @@ PlatformBootManagerBeforeConsole ( // // Map F12 to Boot Device List menu // - F12.ScanCode = FixedPcdGet16(PcdBootMenuKey); - F12.UnicodeChar = CHAR_NULL; + F12.ScanCode = FixedPcdGet16(PcdBootMenuKey); + F12.UnicodeChar = CHAR_NULL; OptionNumber = GetBootManagerMenuAppOption (); EfiBootManagerAddKeyOptionVariable (NULL, (UINT16)OptionNumber, 0, &F12, NULL); @@ -417,6 +417,37 @@ PlatformBootManagerBeforeConsole ( EfiBootManagerDispatchDeferredImages (); } +CHAR16* +GetKeyStringFromScanCode ( + UINT16 ScanCode, + CHAR16* Default +) +{ + switch (ScanCode) { + case SCAN_UP: return L"UP"; + case SCAN_DOWN: return L"DOWN"; + case SCAN_RIGHT: return L"RIGHT"; + case SCAN_LEFT: return L"LEFT"; + case SCAN_HOME: return L"HOME"; + case SCAN_END: return L"END"; + case SCAN_INSERT: return L"INS"; + case SCAN_DELETE: return L"DEL"; + case SCAN_F1: return L"F1"; + case SCAN_F2: return L"F2"; + case SCAN_F3: return L"F3"; + case SCAN_F4: return L"F4"; + case SCAN_F5: return L"F5"; + case SCAN_F6: return L"F6"; + case SCAN_F7: return L"F7"; + case SCAN_F8: return L"F8"; + case SCAN_F9: return L"F9"; + case SCAN_F10: return L"F10"; + case SCAN_F11: return L"F11"; + case SCAN_F12: return L"F12"; + case SCAN_ESC: return L"ESC"; + default: return Default; + } +} /** Do the platform specific action after the console is connected. @@ -437,6 +468,7 @@ PlatformBootManagerAfterConsole ( EFI_GRAPHICS_OUTPUT_BLT_PIXEL Black; EFI_GRAPHICS_OUTPUT_BLT_PIXEL White; CHAR16 *BootMenuKey; + CHAR16 *SetupMenuKey; Black.Blue = Black.Green = Black.Red = Black.Reserved = 0; White.Blue = White.Green = White.Red = White.Reserved = 0xFF; @@ -462,23 +494,11 @@ PlatformBootManagerAfterConsole ( DEBUG((DEBUG_INFO, "Registering iPXE boot option\n")); PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), L"iPXE Network boot", LOAD_OPTION_ACTIVE); - switch (FixedPcdGet16(PcdBootMenuKey)) { - case 0x000B: BootMenuKey = L"F1 "; break; - case 0x000C: BootMenuKey = L"F2 "; break; - case 0x000D: BootMenuKey = L"F3 "; break; - case 0x000E: BootMenuKey = L"F4 "; break; - case 0x000F: BootMenuKey = L"F5 "; break; - case 0x0010: BootMenuKey = L"F6 "; break; - case 0x0011: BootMenuKey = L"F7 "; break; - case 0x0012: BootMenuKey = L"F8 "; break; - case 0x0013: BootMenuKey = L"F9 "; break; - case 0x0014: BootMenuKey = L"F10"; break; - case 0x0015: BootMenuKey = L"F11"; break; - case 0x0016: BootMenuKey = L"F12"; break; - default: BootMenuKey = L"F12"; break; - } + BootMenuKey = GetKeyStringFromScanCode (FixedPcdGet16(PcdBootMenuKey), L"F12"); + SetupMenuKey = GetKeyStringFromScanCode (FixedPcdGet16(PcdSetupMenuKey), L"ESC"); - Print (L"ESC to enter Setup\n%s to enter Boot Manager Menu\nEnter to boot directly", BootMenuKey); + Print (L"%-5s to enter Setup\n%-5s to enter Boot Manager Menu\nENTER to boot directly", + SetupMenuKey, BootMenuKey); } /** diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index da57741b03..c28370a24c 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -86,3 +86,4 @@ gEfiMdePkgTokenSpaceGuid.PcdUartDefaultStopBits gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey + gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey From eb307b795c6eecb254710510dac8a22c75f6af35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 14 Mar 2022 15:18:59 +0100 Subject: [PATCH 049/357] DasharoPayloadPkg: Add driver health manager MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + DasharoPayloadPkg/DasharoPayloadPkg.fdf | 1 + 2 files changed, 2 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 5b58ed4882..3bff86c1c8 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -567,6 +567,7 @@ !endif UefiCpuPkg/CpuDxe/CpuDxe.inf + MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf MdeModulePkg/Logo/LogoDxe.inf MdeModulePkg/Application/UiApp/UiApp.inf { diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 2e7d53de9b..a198ba4fbd 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -105,6 +105,7 @@ INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntime INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf INF UefiCpuPkg/CpuDxe/CpuDxe.inf +INF MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf INF MdeModulePkg/Application/UiApp/UiApp.inf INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf From ce9f52524b1eaae75e33afbab3d19d0f085b293c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 14 Mar 2022 16:48:09 +0100 Subject: [PATCH 050/357] DasharoPayloadPkg: Add PCD to enable/disable loading of EFI Option ROMs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dec | 2 ++ DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 ++ DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c | 4 ++++ DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf | 5 +++++ 4 files changed, 13 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index b3a879dcb8..b4a33e449d 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -72,6 +72,8 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0x04|UINT32| gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0xC0|UINT32|0x00000015 gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x80|UINT32|0x00000016 +gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|TRUE|BOOLEAN|0x00000017 + [PcdsFixedAtBuild] ## Specifies the initial value for Register_A in RTC. # @Prompt Initial value for Register_A in RTC. diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 3bff86c1c8..fb2352148d 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -92,6 +92,7 @@ DEFINE TPM_ENABLE = TRUE DEFINE SATA_PASSWORD_ENABLE = FALSE DEFINE OPAL_PASSWORD_ENABLE = FALSE + DEFINE LOAD_OPTION_ROMS = TRUE # # Network definition # @@ -393,6 +394,7 @@ gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey|$(BOOT_MENU_KEY) gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey|$(SETUP_MENU_KEY) + gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|$(LOAD_OPTION_ROMS) gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|$(PCIE_BASE) diff --git a/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c index 18caac8d55..014af92013 100644 --- a/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c +++ b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c @@ -81,6 +81,10 @@ PciGetPciRom ( *RomImage = NULL; *RomSize = 0; + if (!PcdGetBool(PcdLoadOptionRoms)) { + return EFI_NOT_FOUND; + } + Status = gBS->HandleProtocol ( PciHandle, &gEfiPciIoProtocolGuid, diff --git a/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf index 96cedad5af..df36f1daf2 100644 --- a/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf +++ b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf @@ -29,6 +29,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec [LibraryClasses] UefiDriverEntryPoint @@ -40,7 +41,11 @@ DevicePathLib UefiLib HobLib + PcdLib [Protocols] gEfiPciPlatformProtocolGuid ## PRODUCES gEfiPciIoProtocolGuid ## COMSUMES + +[Pcd] + gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms From c2a92cce0d4dbb263bdd17b8f720ab5479bbb4c2 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Mon, 11 May 2020 14:55:39 +0200 Subject: [PATCH 051/357] DasharoPayloadPkg: Store the real size of the MMCONF window This will fix issues with the PciBusDxe. Signed-off-by: Patrick Rudolph --- DasharoPayloadPkg/BlSupportPei/BlSupportPei.c | 3 +++ DasharoPayloadPkg/Include/Guid/AcpiBoardInfoGuid.h | 1 + 2 files changed, 4 insertions(+) diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c index a4d6fa6215..e42d832cff 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c @@ -240,8 +240,10 @@ ParseAcpiInfo ( if (MmCfgHdr != NULL) { MmCfgBase = (EFI_ACPI_MEMORY_MAPPED_ENHANCED_CONFIGURATION_SPACE_BASE_ADDRESS_ALLOCATION_STRUCTURE *)((UINT8*) MmCfgHdr + sizeof (*MmCfgHdr)); AcpiBoardInfo->PcieBaseAddress = MmCfgBase->BaseAddress; + AcpiBoardInfo->PcieBaseSize = (MmCfgBase->EndBusNumber + 1 - MmCfgBase->StartBusNumber) * 4096 * 32 * 8; } else { AcpiBoardInfo->PcieBaseAddress = 0; + AcpiBoardInfo->PcieBaseSize = 0; } DEBUG ((DEBUG_INFO, "PmCtrl Reg 0x%lx\n", AcpiBoardInfo->PmCtrlRegBase)); DEBUG ((DEBUG_INFO, "PmTimer Reg 0x%lx\n", AcpiBoardInfo->PmTimerRegBase)); @@ -250,6 +252,7 @@ ParseAcpiInfo ( DEBUG ((DEBUG_INFO, "PmEvt Reg 0x%lx\n", AcpiBoardInfo->PmEvtBase)); DEBUG ((DEBUG_INFO, "PmGpeEn Reg 0x%lx\n", AcpiBoardInfo->PmGpeEnBase)); DEBUG ((DEBUG_INFO, "PcieBaseAddr 0x%lx\n", AcpiBoardInfo->PcieBaseAddress)); + DEBUG ((DEBUG_INFO, "PcieBaseSize 0x%lx\n", AcpiBoardInfo->PcieBaseSize)); // // Verify values for proper operation diff --git a/DasharoPayloadPkg/Include/Guid/AcpiBoardInfoGuid.h b/DasharoPayloadPkg/Include/Guid/AcpiBoardInfoGuid.h index fe783fe5e1..043b748ae4 100644 --- a/DasharoPayloadPkg/Include/Guid/AcpiBoardInfoGuid.h +++ b/DasharoPayloadPkg/Include/Guid/AcpiBoardInfoGuid.h @@ -24,6 +24,7 @@ typedef struct { UINT64 PmTimerRegBase; UINT64 ResetRegAddress; UINT64 PcieBaseAddress; + UINT64 PcieBaseSize; } ACPI_BOARD_INFO; #endif From 6ff8ebe7ad3ed7b7cb96936d57e522c13932016d Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Mon, 3 Feb 2020 11:47:59 -0700 Subject: [PATCH 052/357] DasharoPayloadPkg: Enable NVMe support --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + DasharoPayloadPkg/DasharoPayloadPkg.fdf | 1 + 2 files changed, 2 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index fb2352148d..3fcd613e7f 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -644,6 +644,7 @@ MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index a198ba4fbd..d35926323a 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -170,6 +170,7 @@ INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf INF MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf INF MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf INF MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf +INF MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf INF MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf From 41974a2fefaa09a2d49a8b486e7403ec72e125ca Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Thu, 23 Apr 2020 11:53:24 +0200 Subject: [PATCH 053/357] UefipayloadPkg: Protect coreboot tables Signed-off-by: Patrick Rudolph --- DasharoPayloadPkg/BlSupportPei/BlSupportPei.c | 26 ++++++++++++++----- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c index e42d832cff..2138764a80 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c @@ -395,24 +395,36 @@ BlPeiEntryPoint ( EFI_PEI_GRAPHICS_DEVICE_INFO_HOB GfxDeviceInfo; EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *NewGfxDeviceInfo; - - // - // Report lower 640KB of RAM. Attribute EFI_RESOURCE_ATTRIBUTE_TESTED - // is intentionally omitted to prevent erasing of the coreboot header - // record before it is processed by ParseMemoryInfo. + // Report lower 640KB of RAM. + // Mark memory as reserved to keep coreboot header in place. // BuildResourceDescriptorHob ( - EFI_RESOURCE_SYSTEM_MEMORY, + EFI_RESOURCE_MEMORY_RESERVED, ( EFI_RESOURCE_ATTRIBUTE_PRESENT | EFI_RESOURCE_ATTRIBUTE_INITIALIZED | + EFI_RESOURCE_ATTRIBUTE_TESTED | EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE | EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE | EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE | EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE ), (EFI_PHYSICAL_ADDRESS)(0), - (UINT64)(0xA0000) + (UINT64)(0x1000) + ); + + BuildResourceDescriptorHob ( + EFI_RESOURCE_SYSTEM_MEMORY, + ( + EFI_RESOURCE_ATTRIBUTE_PRESENT | + EFI_RESOURCE_ATTRIBUTE_INITIALIZED | + EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE + ), + (EFI_PHYSICAL_ADDRESS)(0x1000), + (UINT64)(0x9F000) ); BuildResourceDescriptorHob ( From f778019c9956657193f47a7166ea8821778af55d Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Mon, 18 May 2020 08:49:22 +0200 Subject: [PATCH 054/357] DasharoPayloadPkg: Fix MMCONF mess * Don't hardcode PCIE_BASE at build time * Support arbitrary platforms with different or even no MMCONF space * Fix buffer overflow accessing MMCONF where less than 256 buses are exposed * Use PciCfg8 for PCI access in PEI, which is only used for debugging Use PeiDxeDebugLibReportStatusCode library as DebugLib where use of BaseDebugLibSerialPort causes dependency cycle. Signed-off-by: Patrick Rudolph --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 21 +- .../BasePciExpressLib/BasePciExpressLib.inf | 46 + .../BasePciExpressLib/BasePciExpressLib.uni | 17 + .../Library/BasePciExpressLib/PciExpressLib.c | 1455 +++++++++++++++++ .../BasePciLibPciExpress.inf | 42 + .../BasePciLibPciExpress.uni | 17 + .../Library/BasePciLibPciExpress/PciLib.c | 1302 +++++++++++++++ 7 files changed, 2887 insertions(+), 13 deletions(-) create mode 100644 DasharoPayloadPkg/Library/BasePciExpressLib/BasePciExpressLib.inf create mode 100644 DasharoPayloadPkg/Library/BasePciExpressLib/BasePciExpressLib.uni create mode 100644 DasharoPayloadPkg/Library/BasePciExpressLib/PciExpressLib.c create mode 100644 DasharoPayloadPkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf create mode 100644 DasharoPayloadPkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.uni create mode 100644 DasharoPayloadPkg/Library/BasePciLibPciExpress/PciLib.c diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 3fcd613e7f..4b1d0623c1 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -38,11 +38,6 @@ # DEFINE MAX_LOGICAL_PROCESSORS = 64 - # - # PCI options - # - DEFINE PCIE_BASE = 0xE0000000 - # # Serial port set up # @@ -161,13 +156,9 @@ PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf CpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf -!if $(PCIE_BASE) == 0 - PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf PciCf8Lib|MdePkg/Library/BasePciCf8Lib/BasePciCf8Lib.inf -!else - PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf - PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf -!endif + PciLib|DasharoPayloadPkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf + PciExpressLib|DasharoPayloadPkg/Library/BasePciExpressLib/BasePciExpressLib.inf PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf @@ -310,6 +301,7 @@ [LibraryClasses.IA32.PEI_CORE, LibraryClasses.IA32.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf ExtractGuidedSectionLib|MdePkg/Library/PeiExtractGuidedSectionLib/PeiExtractGuidedSectionLib.inf @@ -362,6 +354,7 @@ ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf [LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -371,6 +364,7 @@ !if $(NETWORK_ENABLE) == TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf !endif + DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf ################################################################################ # # Pcd Section - list of all EDK II PCD Entries defined by this Platform. @@ -396,8 +390,6 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey|$(SETUP_MENU_KEY) gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|$(LOAD_OPTION_ROMS) - gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|$(PCIE_BASE) - !if $(SOURCE_DEBUG_ENABLE) gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 !endif @@ -539,6 +531,9 @@ SecurityPkg/HddPassword/HddPasswordPei.inf !endif +[LibraryClasses.common.DXE_CORE,LibraryClasses.common.DXE_DRIVER,LibraryClasses.common.UEFI_APPLICATION] + DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf + [Components.X64] # # DXE Core diff --git a/DasharoPayloadPkg/Library/BasePciExpressLib/BasePciExpressLib.inf b/DasharoPayloadPkg/Library/BasePciExpressLib/BasePciExpressLib.inf new file mode 100644 index 0000000000..07cc8a2c7c --- /dev/null +++ b/DasharoPayloadPkg/Library/BasePciExpressLib/BasePciExpressLib.inf @@ -0,0 +1,46 @@ +## @file +# Instance of PCI Express Library using the 256 MB PCI Express MMIO window. +# +# PCI Express Library that uses the 256 MB PCI Express MMIO window to perform +# PCI Configuration cycles. Layers on top of an I/O Library instance. +# +# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = BasePciExpressLib + MODULE_UNI_FILE = BasePciExpressLib.uni + FILE_GUID = 287e50f4-a188-4699-b907-3e4080ca5688 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = PciExpressLib + CONSTRUCTOR = PciExpressLibInitialize + +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + PciExpressLib.c + +[Packages] + MdePkg/MdePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + HobLib + IoLib + +[Guids] + gUefiAcpiBoardInfoGuid + +[Pcd] + gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress ## CONSUMES + diff --git a/DasharoPayloadPkg/Library/BasePciExpressLib/BasePciExpressLib.uni b/DasharoPayloadPkg/Library/BasePciExpressLib/BasePciExpressLib.uni new file mode 100644 index 0000000000..98010ef2f9 --- /dev/null +++ b/DasharoPayloadPkg/Library/BasePciExpressLib/BasePciExpressLib.uni @@ -0,0 +1,17 @@ +// /** @file +// Instance of PCI Express Library using the 256 MB PCI Express MMIO window. +// +// PCI Express Library that uses the 256 MB PCI Express MMIO window to perform +// PCI Configuration cycles. Layers on top of an I/O Library instance. +// +// Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Instance of PCI Express Library using the 256 MB PCI Express MMIO window" + +#string STR_MODULE_DESCRIPTION #language en-US "PCI Express Library that uses the 256 MB PCI Express MMIO window to perform PCI Configuration cycles. Layers on top of an I/O Library instance." + diff --git a/DasharoPayloadPkg/Library/BasePciExpressLib/PciExpressLib.c b/DasharoPayloadPkg/Library/BasePciExpressLib/PciExpressLib.c new file mode 100644 index 0000000000..f3b4582d3c --- /dev/null +++ b/DasharoPayloadPkg/Library/BasePciExpressLib/PciExpressLib.c @@ -0,0 +1,1455 @@ +/** @file + Functions in this library instance make use of MMIO functions in IoLib to + access memory mapped PCI configuration space. + + All assertions for I/O operations are handled in MMIO functions in the IoLib + Library. + + Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include +#include + +STATIC ACPI_BOARD_INFO mBoardInfo; +/** + Assert the validity of a PCI address. + If Address > 0x0FFFFFFF, then ASSERT(). + + Return 0xff on transaction outside of the MMCONF space. + + @param A The address to validate. + +**/ +#define ASSERT_INVALID_PCI_ADDRESS(A) \ + ASSERT (((A) & ~0xfffffff) == 0); \ + if ((A) >= mBoardInfo.PcieBaseSize) { \ + return ~0; \ + } + +/** + Registers a PCI device so PCI configuration registers may be accessed after + SetVirtualAddressMap(). + + Registers the PCI device specified by Address so all the PCI configuration + registers associated with that PCI device may be accessed after SetVirtualAddressMap() + is called. + + If Address > 0x0FFFFFFF, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + + @retval RETURN_SUCCESS The PCI device was registered for runtime access. + @retval RETURN_UNSUPPORTED An attempt was made to call this function + after ExitBootServices(). + @retval RETURN_UNSUPPORTED The resources required to access the PCI device + at runtime could not be mapped. + @retval RETURN_OUT_OF_RESOURCES There are not enough resources available to + complete the registration. + +**/ +RETURN_STATUS +EFIAPI +PciExpressRegisterForRuntimeAccess ( + IN UINTN Address + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return RETURN_UNSUPPORTED; +} + +/** + Performs platform specific initialization required for the CPU to access + the MMCONF space. This function does not initialize the MMCONF itself. + + @retval RETURN_SUCCESS The platform specific initialization succeeded. + @retval RETURN_DEVICE_ERROR The platform specific initialization could not be completed. + +**/ +RETURN_STATUS +EFIAPI +PciExpressLibInitialize ( + VOID + ) +{ + EFI_HOB_GUID_TYPE *GuidHob; + + // + // Find the acpi board information guid hob + // + GuidHob = GetFirstGuidHob (&gUefiAcpiBoardInfoGuid); + ASSERT (GuidHob != NULL); + if (GuidHob == NULL) { + return EFI_UNSUPPORTED; + } + + CopyMem (&mBoardInfo, GET_GUID_HOB_DATA (GuidHob), sizeof(mBoardInfo)); + return EFI_SUCCESS; +} + +/** + Gets the base address of PCI Express. + + This internal functions retrieves PCI Express Base Address via a PCD entry + PcdPciExpressBaseAddress. + + @return The base address of PCI Express. + +**/ +VOID* +GetPciExpressBaseAddress ( + VOID + ) +{ + return (VOID*)(UINTN) mBoardInfo.PcieBaseAddress; +} + +/** + Reads an 8-bit PCI configuration register. + + Reads and returns the 8-bit PCI configuration register specified by Address. + This function must guarantee that all PCI read and write operations are + serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + + @return The read value from the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciExpressRead8 ( + IN UINTN Address + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioRead8 ((UINTN) GetPciExpressBaseAddress () + Address); +} + +/** + Writes an 8-bit PCI configuration register. + + Writes the 8-bit PCI configuration register specified by Address with the + value specified by Value. Value is returned. This function must guarantee + that all PCI read and write operations are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param Value The value to write. + + @return The value written to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciExpressWrite8 ( + IN UINTN Address, + IN UINT8 Value + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioWrite8 ((UINTN) GetPciExpressBaseAddress () + Address, Value); +} + +/** + Performs a bitwise OR of an 8-bit PCI configuration register with + an 8-bit value. + + Reads the 8-bit PCI configuration register specified by Address, performs a + bitwise OR between the read result and the value specified by + OrData, and writes the result to the 8-bit PCI configuration register + specified by Address. The value written to the PCI configuration register is + returned. This function must guarantee that all PCI read and write operations + are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param OrData The value to OR with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciExpressOr8 ( + IN UINTN Address, + IN UINT8 OrData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioOr8 ((UINTN) GetPciExpressBaseAddress () + Address, OrData); +} + +/** + Performs a bitwise AND of an 8-bit PCI configuration register with an 8-bit + value. + + Reads the 8-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, and + writes the result to the 8-bit PCI configuration register specified by + Address. The value written to the PCI configuration register is returned. + This function must guarantee that all PCI read and write operations are + serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param AndData The value to AND with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciExpressAnd8 ( + IN UINTN Address, + IN UINT8 AndData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioAnd8 ((UINTN) GetPciExpressBaseAddress () + Address, AndData); +} + +/** + Performs a bitwise AND of an 8-bit PCI configuration register with an 8-bit + value, followed a bitwise OR with another 8-bit value. + + Reads the 8-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, + performs a bitwise OR between the result of the AND operation and + the value specified by OrData, and writes the result to the 8-bit PCI + configuration register specified by Address. The value written to the PCI + configuration register is returned. This function must guarantee that all PCI + read and write operations are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param AndData The value to AND with the PCI configuration register. + @param OrData The value to OR with the result of the AND operation. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciExpressAndThenOr8 ( + IN UINTN Address, + IN UINT8 AndData, + IN UINT8 OrData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioAndThenOr8 ( + (UINTN) GetPciExpressBaseAddress () + Address, + AndData, + OrData + ); +} + +/** + Reads a bit field of a PCI configuration register. + + Reads the bit field in an 8-bit PCI configuration register. The bit field is + specified by the StartBit and the EndBit. The value of the bit field is + returned. + + If Address > 0x0FFFFFFF, then ASSERT(). + If StartBit is greater than 7, then ASSERT(). + If EndBit is greater than 7, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + + @param Address The PCI configuration register to read. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..7. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..7. + + @return The value of the bit field read from the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciExpressBitFieldRead8 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldRead8 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit + ); +} + +/** + Writes a bit field to a PCI configuration register. + + Writes Value to the bit field of the PCI configuration register. The bit + field is specified by the StartBit and the EndBit. All other bits in the + destination PCI configuration register are preserved. The new value of the + 8-bit register is returned. + + If Address > 0x0FFFFFFF, then ASSERT(). + If StartBit is greater than 7, then ASSERT(). + If EndBit is greater than 7, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If Value is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..7. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..7. + @param Value The new value of the bit field. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciExpressBitFieldWrite8 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT8 Value + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldWrite8 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit, + Value + ); +} + +/** + Reads a bit field in an 8-bit PCI configuration, performs a bitwise OR, and + writes the result back to the bit field in the 8-bit port. + + Reads the 8-bit PCI configuration register specified by Address, performs a + bitwise OR between the read result and the value specified by + OrData, and writes the result to the 8-bit PCI configuration register + specified by Address. The value written to the PCI configuration register is + returned. This function must guarantee that all PCI read and write operations + are serialized. Extra left bits in OrData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If StartBit is greater than 7, then ASSERT(). + If EndBit is greater than 7, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If OrData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..7. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..7. + @param OrData The value to OR with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciExpressBitFieldOr8 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT8 OrData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldOr8 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit, + OrData + ); +} + +/** + Reads a bit field in an 8-bit PCI configuration register, performs a bitwise + AND, and writes the result back to the bit field in the 8-bit register. + + Reads the 8-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, and + writes the result to the 8-bit PCI configuration register specified by + Address. The value written to the PCI configuration register is returned. + This function must guarantee that all PCI read and write operations are + serialized. Extra left bits in AndData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If StartBit is greater than 7, then ASSERT(). + If EndBit is greater than 7, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If AndData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..7. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..7. + @param AndData The value to AND with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciExpressBitFieldAnd8 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT8 AndData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldAnd8 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit, + AndData + ); +} + +/** + Reads a bit field in an 8-bit port, performs a bitwise AND followed by a + bitwise OR, and writes the result back to the bit field in the + 8-bit port. + + Reads the 8-bit PCI configuration register specified by Address, performs a + bitwise AND followed by a bitwise OR between the read result and + the value specified by AndData, and writes the result to the 8-bit PCI + configuration register specified by Address. The value written to the PCI + configuration register is returned. This function must guarantee that all PCI + read and write operations are serialized. Extra left bits in both AndData and + OrData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If StartBit is greater than 7, then ASSERT(). + If EndBit is greater than 7, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If AndData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + If OrData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..7. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..7. + @param AndData The value to AND with the PCI configuration register. + @param OrData The value to OR with the result of the AND operation. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciExpressBitFieldAndThenOr8 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT8 AndData, + IN UINT8 OrData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldAndThenOr8 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit, + AndData, + OrData + ); +} + +/** + Reads a 16-bit PCI configuration register. + + Reads and returns the 16-bit PCI configuration register specified by Address. + This function must guarantee that all PCI read and write operations are + serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + + @return The read value from the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciExpressRead16 ( + IN UINTN Address + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioRead16 ((UINTN) GetPciExpressBaseAddress () + Address); +} + +/** + Writes a 16-bit PCI configuration register. + + Writes the 16-bit PCI configuration register specified by Address with the + value specified by Value. Value is returned. This function must guarantee + that all PCI read and write operations are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param Value The value to write. + + @return The value written to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciExpressWrite16 ( + IN UINTN Address, + IN UINT16 Value + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioWrite16 ((UINTN) GetPciExpressBaseAddress () + Address, Value); +} + +/** + Performs a bitwise OR of a 16-bit PCI configuration register with + a 16-bit value. + + Reads the 16-bit PCI configuration register specified by Address, performs a + bitwise OR between the read result and the value specified by + OrData, and writes the result to the 16-bit PCI configuration register + specified by Address. The value written to the PCI configuration register is + returned. This function must guarantee that all PCI read and write operations + are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param OrData The value to OR with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciExpressOr16 ( + IN UINTN Address, + IN UINT16 OrData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioOr16 ((UINTN) GetPciExpressBaseAddress () + Address, OrData); +} + +/** + Performs a bitwise AND of a 16-bit PCI configuration register with a 16-bit + value. + + Reads the 16-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, and + writes the result to the 16-bit PCI configuration register specified by + Address. The value written to the PCI configuration register is returned. + This function must guarantee that all PCI read and write operations are + serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param AndData The value to AND with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciExpressAnd16 ( + IN UINTN Address, + IN UINT16 AndData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioAnd16 ((UINTN) GetPciExpressBaseAddress () + Address, AndData); +} + +/** + Performs a bitwise AND of a 16-bit PCI configuration register with a 16-bit + value, followed a bitwise OR with another 16-bit value. + + Reads the 16-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, + performs a bitwise OR between the result of the AND operation and + the value specified by OrData, and writes the result to the 16-bit PCI + configuration register specified by Address. The value written to the PCI + configuration register is returned. This function must guarantee that all PCI + read and write operations are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param AndData The value to AND with the PCI configuration register. + @param OrData The value to OR with the result of the AND operation. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciExpressAndThenOr16 ( + IN UINTN Address, + IN UINT16 AndData, + IN UINT16 OrData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioAndThenOr16 ( + (UINTN) GetPciExpressBaseAddress () + Address, + AndData, + OrData + ); +} + +/** + Reads a bit field of a PCI configuration register. + + Reads the bit field in a 16-bit PCI configuration register. The bit field is + specified by the StartBit and the EndBit. The value of the bit field is + returned. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + If StartBit is greater than 15, then ASSERT(). + If EndBit is greater than 15, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + + @param Address The PCI configuration register to read. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..15. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..15. + + @return The value of the bit field read from the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciExpressBitFieldRead16 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldRead16 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit + ); +} + +/** + Writes a bit field to a PCI configuration register. + + Writes Value to the bit field of the PCI configuration register. The bit + field is specified by the StartBit and the EndBit. All other bits in the + destination PCI configuration register are preserved. The new value of the + 16-bit register is returned. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + If StartBit is greater than 15, then ASSERT(). + If EndBit is greater than 15, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If Value is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..15. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..15. + @param Value The new value of the bit field. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciExpressBitFieldWrite16 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT16 Value + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldWrite16 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit, + Value + ); +} + +/** + Reads a bit field in a 16-bit PCI configuration, performs a bitwise OR, and + writes the result back to the bit field in the 16-bit port. + + Reads the 16-bit PCI configuration register specified by Address, performs a + bitwise OR between the read result and the value specified by + OrData, and writes the result to the 16-bit PCI configuration register + specified by Address. The value written to the PCI configuration register is + returned. This function must guarantee that all PCI read and write operations + are serialized. Extra left bits in OrData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + If StartBit is greater than 15, then ASSERT(). + If EndBit is greater than 15, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If OrData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..15. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..15. + @param OrData The value to OR with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciExpressBitFieldOr16 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT16 OrData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldOr16 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit, + OrData + ); +} + +/** + Reads a bit field in a 16-bit PCI configuration register, performs a bitwise + AND, and writes the result back to the bit field in the 16-bit register. + + Reads the 16-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, and + writes the result to the 16-bit PCI configuration register specified by + Address. The value written to the PCI configuration register is returned. + This function must guarantee that all PCI read and write operations are + serialized. Extra left bits in AndData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + If StartBit is greater than 15, then ASSERT(). + If EndBit is greater than 15, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If AndData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..15. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..15. + @param AndData The value to AND with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciExpressBitFieldAnd16 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT16 AndData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldAnd16 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit, + AndData + ); +} + +/** + Reads a bit field in a 16-bit port, performs a bitwise AND followed by a + bitwise OR, and writes the result back to the bit field in the + 16-bit port. + + Reads the 16-bit PCI configuration register specified by Address, performs a + bitwise AND followed by a bitwise OR between the read result and + the value specified by AndData, and writes the result to the 16-bit PCI + configuration register specified by Address. The value written to the PCI + configuration register is returned. This function must guarantee that all PCI + read and write operations are serialized. Extra left bits in both AndData and + OrData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + If StartBit is greater than 15, then ASSERT(). + If EndBit is greater than 15, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If AndData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + If OrData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..15. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..15. + @param AndData The value to AND with the PCI configuration register. + @param OrData The value to OR with the result of the AND operation. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciExpressBitFieldAndThenOr16 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT16 AndData, + IN UINT16 OrData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldAndThenOr16 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit, + AndData, + OrData + ); +} + +/** + Reads a 32-bit PCI configuration register. + + Reads and returns the 32-bit PCI configuration register specified by Address. + This function must guarantee that all PCI read and write operations are + serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + + @return The read value from the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciExpressRead32 ( + IN UINTN Address + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioRead32 ((UINTN) GetPciExpressBaseAddress () + Address); +} + +/** + Writes a 32-bit PCI configuration register. + + Writes the 32-bit PCI configuration register specified by Address with the + value specified by Value. Value is returned. This function must guarantee + that all PCI read and write operations are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param Value The value to write. + + @return The value written to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciExpressWrite32 ( + IN UINTN Address, + IN UINT32 Value + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioWrite32 ((UINTN) GetPciExpressBaseAddress () + Address, Value); +} + +/** + Performs a bitwise OR of a 32-bit PCI configuration register with + a 32-bit value. + + Reads the 32-bit PCI configuration register specified by Address, performs a + bitwise OR between the read result and the value specified by + OrData, and writes the result to the 32-bit PCI configuration register + specified by Address. The value written to the PCI configuration register is + returned. This function must guarantee that all PCI read and write operations + are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param OrData The value to OR with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciExpressOr32 ( + IN UINTN Address, + IN UINT32 OrData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioOr32 ((UINTN) GetPciExpressBaseAddress () + Address, OrData); +} + +/** + Performs a bitwise AND of a 32-bit PCI configuration register with a 32-bit + value. + + Reads the 32-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, and + writes the result to the 32-bit PCI configuration register specified by + Address. The value written to the PCI configuration register is returned. + This function must guarantee that all PCI read and write operations are + serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param AndData The value to AND with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciExpressAnd32 ( + IN UINTN Address, + IN UINT32 AndData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioAnd32 ((UINTN) GetPciExpressBaseAddress () + Address, AndData); +} + +/** + Performs a bitwise AND of a 32-bit PCI configuration register with a 32-bit + value, followed a bitwise OR with another 32-bit value. + + Reads the 32-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, + performs a bitwise OR between the result of the AND operation and + the value specified by OrData, and writes the result to the 32-bit PCI + configuration register specified by Address. The value written to the PCI + configuration register is returned. This function must guarantee that all PCI + read and write operations are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param AndData The value to AND with the PCI configuration register. + @param OrData The value to OR with the result of the AND operation. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciExpressAndThenOr32 ( + IN UINTN Address, + IN UINT32 AndData, + IN UINT32 OrData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioAndThenOr32 ( + (UINTN) GetPciExpressBaseAddress () + Address, + AndData, + OrData + ); +} + +/** + Reads a bit field of a PCI configuration register. + + Reads the bit field in a 32-bit PCI configuration register. The bit field is + specified by the StartBit and the EndBit. The value of the bit field is + returned. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + If StartBit is greater than 31, then ASSERT(). + If EndBit is greater than 31, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + + @param Address The PCI configuration register to read. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..31. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..31. + + @return The value of the bit field read from the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciExpressBitFieldRead32 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldRead32 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit + ); +} + +/** + Writes a bit field to a PCI configuration register. + + Writes Value to the bit field of the PCI configuration register. The bit + field is specified by the StartBit and the EndBit. All other bits in the + destination PCI configuration register are preserved. The new value of the + 32-bit register is returned. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + If StartBit is greater than 31, then ASSERT(). + If EndBit is greater than 31, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If Value is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..31. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..31. + @param Value The new value of the bit field. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciExpressBitFieldWrite32 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT32 Value + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldWrite32 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit, + Value + ); +} + +/** + Reads a bit field in a 32-bit PCI configuration, performs a bitwise OR, and + writes the result back to the bit field in the 32-bit port. + + Reads the 32-bit PCI configuration register specified by Address, performs a + bitwise OR between the read result and the value specified by + OrData, and writes the result to the 32-bit PCI configuration register + specified by Address. The value written to the PCI configuration register is + returned. This function must guarantee that all PCI read and write operations + are serialized. Extra left bits in OrData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + If StartBit is greater than 31, then ASSERT(). + If EndBit is greater than 31, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If OrData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..31. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..31. + @param OrData The value to OR with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciExpressBitFieldOr32 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT32 OrData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldOr32 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit, + OrData + ); +} + +/** + Reads a bit field in a 32-bit PCI configuration register, performs a bitwise + AND, and writes the result back to the bit field in the 32-bit register. + + Reads the 32-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, and + writes the result to the 32-bit PCI configuration register specified by + Address. The value written to the PCI configuration register is returned. + This function must guarantee that all PCI read and write operations are + serialized. Extra left bits in AndData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + If StartBit is greater than 31, then ASSERT(). + If EndBit is greater than 31, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If AndData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..31. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..31. + @param AndData The value to AND with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciExpressBitFieldAnd32 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT32 AndData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldAnd32 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit, + AndData + ); +} + +/** + Reads a bit field in a 32-bit port, performs a bitwise AND followed by a + bitwise OR, and writes the result back to the bit field in the + 32-bit port. + + Reads the 32-bit PCI configuration register specified by Address, performs a + bitwise AND followed by a bitwise OR between the read result and + the value specified by AndData, and writes the result to the 32-bit PCI + configuration register specified by Address. The value written to the PCI + configuration register is returned. This function must guarantee that all PCI + read and write operations are serialized. Extra left bits in both AndData and + OrData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + If StartBit is greater than 31, then ASSERT(). + If EndBit is greater than 31, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If AndData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + If OrData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..31. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..31. + @param AndData The value to AND with the PCI configuration register. + @param OrData The value to OR with the result of the AND operation. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciExpressBitFieldAndThenOr32 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT32 AndData, + IN UINT32 OrData + ) +{ + ASSERT_INVALID_PCI_ADDRESS (Address); + return MmioBitFieldAndThenOr32 ( + (UINTN) GetPciExpressBaseAddress () + Address, + StartBit, + EndBit, + AndData, + OrData + ); +} + +/** + Reads a range of PCI configuration registers into a caller supplied buffer. + + Reads the range of PCI configuration registers specified by StartAddress and + Size into the buffer specified by Buffer. This function only allows the PCI + configuration registers from a single PCI function to be read. Size is + returned. When possible 32-bit PCI configuration read cycles are used to read + from StartAdress to StartAddress + Size. Due to alignment restrictions, 8-bit + and 16-bit PCI configuration read cycles may be used at the beginning and the + end of the range. + + If StartAddress > 0x0FFFFFFF, then ASSERT(). + If ((StartAddress & 0xFFF) + Size) > 0x1000, then ASSERT(). + If Size > 0 and Buffer is NULL, then ASSERT(). + + @param StartAddress The starting address that encodes the PCI Bus, Device, + Function and Register. + @param Size The size in bytes of the transfer. + @param Buffer The pointer to a buffer receiving the data read. + + @return Size read data from StartAddress. + +**/ +UINTN +EFIAPI +PciExpressReadBuffer ( + IN UINTN StartAddress, + IN UINTN Size, + OUT VOID *Buffer + ) +{ + UINTN ReturnValue; + + ASSERT_INVALID_PCI_ADDRESS (StartAddress); + ASSERT (((StartAddress & 0xFFF) + Size) <= 0x1000); + + if (Size == 0) { + return Size; + } + + ASSERT (Buffer != NULL); + + // + // Save Size for return + // + ReturnValue = Size; + + if ((StartAddress & 1) != 0) { + // + // Read a byte if StartAddress is byte aligned + // + *(volatile UINT8 *)Buffer = PciExpressRead8 (StartAddress); + StartAddress += sizeof (UINT8); + Size -= sizeof (UINT8); + Buffer = (UINT8*)Buffer + 1; + } + + if (Size >= sizeof (UINT16) && (StartAddress & 2) != 0) { + // + // Read a word if StartAddress is word aligned + // + WriteUnaligned16 ((UINT16 *) Buffer, (UINT16) PciExpressRead16 (StartAddress)); + + StartAddress += sizeof (UINT16); + Size -= sizeof (UINT16); + Buffer = (UINT16*)Buffer + 1; + } + + while (Size >= sizeof (UINT32)) { + // + // Read as many double words as possible + // + WriteUnaligned32 ((UINT32 *) Buffer, (UINT32) PciExpressRead32 (StartAddress)); + + StartAddress += sizeof (UINT32); + Size -= sizeof (UINT32); + Buffer = (UINT32*)Buffer + 1; + } + + if (Size >= sizeof (UINT16)) { + // + // Read the last remaining word if exist + // + WriteUnaligned16 ((UINT16 *) Buffer, (UINT16) PciExpressRead16 (StartAddress)); + StartAddress += sizeof (UINT16); + Size -= sizeof (UINT16); + Buffer = (UINT16*)Buffer + 1; + } + + if (Size >= sizeof (UINT8)) { + // + // Read the last remaining byte if exist + // + *(volatile UINT8 *)Buffer = PciExpressRead8 (StartAddress); + } + + return ReturnValue; +} + +/** + Copies the data in a caller supplied buffer to a specified range of PCI + configuration space. + + Writes the range of PCI configuration registers specified by StartAddress and + Size from the buffer specified by Buffer. This function only allows the PCI + configuration registers from a single PCI function to be written. Size is + returned. When possible 32-bit PCI configuration write cycles are used to + write from StartAdress to StartAddress + Size. Due to alignment restrictions, + 8-bit and 16-bit PCI configuration write cycles may be used at the beginning + and the end of the range. + + If StartAddress > 0x0FFFFFFF, then ASSERT(). + If ((StartAddress & 0xFFF) + Size) > 0x1000, then ASSERT(). + If Size > 0 and Buffer is NULL, then ASSERT(). + + @param StartAddress The starting address that encodes the PCI Bus, Device, + Function and Register. + @param Size The size in bytes of the transfer. + @param Buffer The pointer to a buffer containing the data to write. + + @return Size written to StartAddress. + +**/ +UINTN +EFIAPI +PciExpressWriteBuffer ( + IN UINTN StartAddress, + IN UINTN Size, + IN VOID *Buffer + ) +{ + UINTN ReturnValue; + + ASSERT_INVALID_PCI_ADDRESS (StartAddress); + ASSERT (((StartAddress & 0xFFF) + Size) <= 0x1000); + + if (Size == 0) { + return 0; + } + + ASSERT (Buffer != NULL); + + // + // Save Size for return + // + ReturnValue = Size; + + if ((StartAddress & 1) != 0) { + // + // Write a byte if StartAddress is byte aligned + // + PciExpressWrite8 (StartAddress, *(UINT8*)Buffer); + StartAddress += sizeof (UINT8); + Size -= sizeof (UINT8); + Buffer = (UINT8*)Buffer + 1; + } + + if (Size >= sizeof (UINT16) && (StartAddress & 2) != 0) { + // + // Write a word if StartAddress is word aligned + // + PciExpressWrite16 (StartAddress, ReadUnaligned16 ((UINT16*)Buffer)); + StartAddress += sizeof (UINT16); + Size -= sizeof (UINT16); + Buffer = (UINT16*)Buffer + 1; + } + + while (Size >= sizeof (UINT32)) { + // + // Write as many double words as possible + // + PciExpressWrite32 (StartAddress, ReadUnaligned32 ((UINT32*)Buffer)); + StartAddress += sizeof (UINT32); + Size -= sizeof (UINT32); + Buffer = (UINT32*)Buffer + 1; + } + + if (Size >= sizeof (UINT16)) { + // + // Write the last remaining word if exist + // + PciExpressWrite16 (StartAddress, ReadUnaligned16 ((UINT16*)Buffer)); + StartAddress += sizeof (UINT16); + Size -= sizeof (UINT16); + Buffer = (UINT16*)Buffer + 1; + } + + if (Size >= sizeof (UINT8)) { + // + // Write the last remaining byte if exist + // + PciExpressWrite8 (StartAddress, *(UINT8*)Buffer); + } + + return ReturnValue; +} diff --git a/DasharoPayloadPkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf b/DasharoPayloadPkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf new file mode 100644 index 0000000000..03b719d4bd --- /dev/null +++ b/DasharoPayloadPkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf @@ -0,0 +1,42 @@ +## @file +# Instance of PCI Library based on PCI Express Library. +# +# PCI Library that uses the 256 MB PCI Express MMIO window to perform PCI +# Configuration cycles. Layers on one PCI Express Library instance. +# +# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = BasePciLibPciExpress + MODULE_UNI_FILE = BasePciLibPciExpress.uni + FILE_GUID = 8987081e-daeb-44a9-8bef-a195b22d9417 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = PciLib + CONSTRUCTOR = PciLibInitialize + +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + PciLib.c + +[Packages] + MdePkg/MdePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec + +[Guids] + gUefiAcpiBoardInfoGuid + +[LibraryClasses] + PciExpressLib + PciCf8Lib + BaseLib + HobLib diff --git a/DasharoPayloadPkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.uni b/DasharoPayloadPkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.uni new file mode 100644 index 0000000000..ccc456356c --- /dev/null +++ b/DasharoPayloadPkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.uni @@ -0,0 +1,17 @@ +// /** @file +// Instance of PCI Library based on PCI Express Library. +// +// PCI Library that uses the 256 MB PCI Express MMIO window to perform PCI +// Configuration cycles. Layers on one PCI Express Library instance. +// +// Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Instance of PCI Library based on PCI Express Library" + +#string STR_MODULE_DESCRIPTION #language en-US "PCI Library that uses the 256 MB PCI Express MMIO window to perform PCI Configuration cycles. Layers on an PCI Express Library instance." + diff --git a/DasharoPayloadPkg/Library/BasePciLibPciExpress/PciLib.c b/DasharoPayloadPkg/Library/BasePciLibPciExpress/PciLib.c new file mode 100644 index 0000000000..fba5914462 --- /dev/null +++ b/DasharoPayloadPkg/Library/BasePciLibPciExpress/PciLib.c @@ -0,0 +1,1302 @@ +/** @file + PCI Library functions that use the 256 MB PCI Express MMIO window to perform PCI + Configuration cycles. Layers on PCI Express Library. + + Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#include + +#include +#include +#include + +#include +#include +#include +#include + +#include +#include + +STATIC BOOLEAN mMMCONFEnabled; + +/** + Registers a PCI device so PCI configuration registers may be accessed after + SetVirtualAddressMap(). + + Registers the PCI device specified by Address so all the PCI configuration registers + associated with that PCI device may be accessed after SetVirtualAddressMap() is called. + + If Address > 0x0FFFFFFF, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + + @retval RETURN_SUCCESS The PCI device was registered for runtime access. + @retval RETURN_UNSUPPORTED An attempt was made to call this function + after ExitBootServices(). + @retval RETURN_UNSUPPORTED The resources required to access the PCI device + at runtime could not be mapped. + @retval RETURN_OUT_OF_RESOURCES There are not enough resources available to + complete the registration. + +**/ +RETURN_STATUS +EFIAPI +PciRegisterForRuntimeAccess ( + IN UINTN Address + ) +{ + return PciExpressRegisterForRuntimeAccess (Address); +} + +/** + Performs platform specific initialization required for the CPU to access + the MMCONF space. This function does not initialize the MMCONF itself. + + @retval RETURN_SUCCESS The platform specific initialization succeeded. + @retval RETURN_DEVICE_ERROR The platform specific initialization could not be completed. + +**/ +RETURN_STATUS +EFIAPI +PciLibInitialize ( + VOID + ) +{ + EFI_HOB_GUID_TYPE *GuidHob; + ACPI_BOARD_INFO *AcpiBoardInfoPtr; + + // + // Find the acpi board information guid hob + // + GuidHob = GetFirstGuidHob (&gUefiAcpiBoardInfoGuid); + if (GuidHob == NULL) { + return EFI_SUCCESS; + } + AcpiBoardInfoPtr = (ACPI_BOARD_INFO *)GET_GUID_HOB_DATA (GuidHob); + + mMMCONFEnabled = AcpiBoardInfoPtr->PcieBaseAddress != 0 && + AcpiBoardInfoPtr->PcieBaseSize != 0; + return EFI_SUCCESS; +} + +/** + Reads an 8-bit PCI configuration register. + + Reads and returns the 8-bit PCI configuration register specified by Address. + This function must guarantee that all PCI read and write operations are + serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + + @return The read value from the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciRead8 ( + IN UINTN Address + ) +{ + if (mMMCONFEnabled) { + return PciExpressRead8 (Address); + } else { + return PciCf8Read8 (Address); + } +} + +/** + Writes an 8-bit PCI configuration register. + + Writes the 8-bit PCI configuration register specified by Address with the + value specified by Value. Value is returned. This function must guarantee + that all PCI read and write operations are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param Value The value to write. + + @return The value written to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciWrite8 ( + IN UINTN Address, + IN UINT8 Value + ) +{ + if (mMMCONFEnabled) { + return PciExpressWrite8 (Address, Value); + } else { + return PciCf8Write8 (Address, Value); + } +} + +/** + Performs a bitwise OR of an 8-bit PCI configuration register with + an 8-bit value. + + Reads the 8-bit PCI configuration register specified by Address, performs a + bitwise OR between the read result and the value specified by + OrData, and writes the result to the 8-bit PCI configuration register + specified by Address. The value written to the PCI configuration register is + returned. This function must guarantee that all PCI read and write operations + are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param OrData The value to OR with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciOr8 ( + IN UINTN Address, + IN UINT8 OrData + ) +{ + if (mMMCONFEnabled) { + return PciExpressOr8 (Address, OrData); + } else { + return PciCf8Or8 (Address, OrData); + } +} + +/** + Performs a bitwise AND of an 8-bit PCI configuration register with an 8-bit + value. + + Reads the 8-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, and + writes the result to the 8-bit PCI configuration register specified by + Address. The value written to the PCI configuration register is returned. + This function must guarantee that all PCI read and write operations are + serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param AndData The value to AND with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciAnd8 ( + IN UINTN Address, + IN UINT8 AndData + ) +{ + if (mMMCONFEnabled) { + return PciExpressAnd8 (Address, AndData); + } else { + return PciCf8And8 (Address, AndData); + } +} + +/** + Performs a bitwise AND of an 8-bit PCI configuration register with an 8-bit + value, followed a bitwise OR with another 8-bit value. + + Reads the 8-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, + performs a bitwise OR between the result of the AND operation and + the value specified by OrData, and writes the result to the 8-bit PCI + configuration register specified by Address. The value written to the PCI + configuration register is returned. This function must guarantee that all PCI + read and write operations are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param AndData The value to AND with the PCI configuration register. + @param OrData The value to OR with the result of the AND operation. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciAndThenOr8 ( + IN UINTN Address, + IN UINT8 AndData, + IN UINT8 OrData + ) +{ + if (mMMCONFEnabled) { + return PciExpressAndThenOr8 (Address, AndData, OrData); + } else { + return PciCf8AndThenOr8 (Address, AndData, OrData); + } +} + +/** + Reads a bit field of a PCI configuration register. + + Reads the bit field in an 8-bit PCI configuration register. The bit field is + specified by the StartBit and the EndBit. The value of the bit field is + returned. + + If Address > 0x0FFFFFFF, then ASSERT(). + If StartBit is greater than 7, then ASSERT(). + If EndBit is greater than 7, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + + @param Address The PCI configuration register to read. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..7. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..7. + + @return The value of the bit field read from the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciBitFieldRead8 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldRead8 (Address, StartBit, EndBit); + } else { + return PciCf8BitFieldRead8 (Address, StartBit, EndBit); + } +} + +/** + Writes a bit field to a PCI configuration register. + + Writes Value to the bit field of the PCI configuration register. The bit + field is specified by the StartBit and the EndBit. All other bits in the + destination PCI configuration register are preserved. The new value of the + 8-bit register is returned. + + If Address > 0x0FFFFFFF, then ASSERT(). + If StartBit is greater than 7, then ASSERT(). + If EndBit is greater than 7, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If Value is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..7. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..7. + @param Value The new value of the bit field. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciBitFieldWrite8 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT8 Value + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldWrite8 (Address, StartBit, EndBit, Value); + } else { + return PciCf8BitFieldWrite8 (Address, StartBit, EndBit, Value); + } +} + +/** + Reads a bit field in an 8-bit PCI configuration, performs a bitwise OR, and + writes the result back to the bit field in the 8-bit port. + + Reads the 8-bit PCI configuration register specified by Address, performs a + bitwise OR between the read result and the value specified by + OrData, and writes the result to the 8-bit PCI configuration register + specified by Address. The value written to the PCI configuration register is + returned. This function must guarantee that all PCI read and write operations + are serialized. Extra left bits in OrData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If StartBit is greater than 7, then ASSERT(). + If EndBit is greater than 7, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If OrData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..7. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..7. + @param OrData The value to OR with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciBitFieldOr8 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT8 OrData + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldOr8 (Address, StartBit, EndBit, OrData); + } else { + return PciCf8BitFieldOr8 (Address, StartBit, EndBit, OrData); + } +} + +/** + Reads a bit field in an 8-bit PCI configuration register, performs a bitwise + AND, and writes the result back to the bit field in the 8-bit register. + + Reads the 8-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, and + writes the result to the 8-bit PCI configuration register specified by + Address. The value written to the PCI configuration register is returned. + This function must guarantee that all PCI read and write operations are + serialized. Extra left bits in AndData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If StartBit is greater than 7, then ASSERT(). + If EndBit is greater than 7, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If AndData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..7. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..7. + @param AndData The value to AND with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciBitFieldAnd8 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT8 AndData + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldAnd8 (Address, StartBit, EndBit, AndData); + } else { + return PciCf8BitFieldAnd8 (Address, StartBit, EndBit, AndData); + } +} + +/** + Reads a bit field in an 8-bit port, performs a bitwise AND followed by a + bitwise OR, and writes the result back to the bit field in the + 8-bit port. + + Reads the 8-bit PCI configuration register specified by Address, performs a + bitwise AND followed by a bitwise OR between the read result and + the value specified by AndData, and writes the result to the 8-bit PCI + configuration register specified by Address. The value written to the PCI + configuration register is returned. This function must guarantee that all PCI + read and write operations are serialized. Extra left bits in both AndData and + OrData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If StartBit is greater than 7, then ASSERT(). + If EndBit is greater than 7, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If AndData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + If OrData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..7. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..7. + @param AndData The value to AND with the PCI configuration register. + @param OrData The value to OR with the result of the AND operation. + + @return The value written back to the PCI configuration register. + +**/ +UINT8 +EFIAPI +PciBitFieldAndThenOr8 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT8 AndData, + IN UINT8 OrData + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldAndThenOr8 (Address, StartBit, EndBit, AndData, OrData); + } else { + return PciCf8BitFieldAndThenOr8 (Address, StartBit, EndBit, AndData, OrData); + } +} + +/** + Reads a 16-bit PCI configuration register. + + Reads and returns the 16-bit PCI configuration register specified by Address. + This function must guarantee that all PCI read and write operations are + serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + + @return The read value from the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciRead16 ( + IN UINTN Address + ) +{ + if (mMMCONFEnabled) { + return PciExpressRead16 (Address); + } else { + return PciCf8Read16 (Address); + } +} + +/** + Writes a 16-bit PCI configuration register. + + Writes the 16-bit PCI configuration register specified by Address with the + value specified by Value. Value is returned. This function must guarantee + that all PCI read and write operations are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param Value The value to write. + + @return The value written to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciWrite16 ( + IN UINTN Address, + IN UINT16 Value + ) +{ + if (mMMCONFEnabled) { + return PciExpressWrite16 (Address, Value); + } else { + return PciCf8Write16 (Address, Value); + } +} + +/** + Performs a bitwise OR of a 16-bit PCI configuration register with + a 16-bit value. + + Reads the 16-bit PCI configuration register specified by Address, performs a + bitwise OR between the read result and the value specified by + OrData, and writes the result to the 16-bit PCI configuration register + specified by Address. The value written to the PCI configuration register is + returned. This function must guarantee that all PCI read and write operations + are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param OrData The value to OR with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciOr16 ( + IN UINTN Address, + IN UINT16 OrData + ) +{ + if (mMMCONFEnabled) { + return PciExpressOr16 (Address, OrData); + } else { + return PciCf8Or16 (Address, OrData); + } +} + +/** + Performs a bitwise AND of a 16-bit PCI configuration register with a 16-bit + value. + + Reads the 16-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, and + writes the result to the 16-bit PCI configuration register specified by + Address. The value written to the PCI configuration register is returned. + This function must guarantee that all PCI read and write operations are + serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param AndData The value to AND with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciAnd16 ( + IN UINTN Address, + IN UINT16 AndData + ) +{ + if (mMMCONFEnabled) { + return PciExpressAnd16 (Address, AndData); + } else { + return PciCf8And16 (Address, AndData); + } +} + +/** + Performs a bitwise AND of a 16-bit PCI configuration register with a 16-bit + value, followed a bitwise OR with another 16-bit value. + + Reads the 16-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, + performs a bitwise OR between the result of the AND operation and + the value specified by OrData, and writes the result to the 16-bit PCI + configuration register specified by Address. The value written to the PCI + configuration register is returned. This function must guarantee that all PCI + read and write operations are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param AndData The value to AND with the PCI configuration register. + @param OrData The value to OR with the result of the AND operation. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciAndThenOr16 ( + IN UINTN Address, + IN UINT16 AndData, + IN UINT16 OrData + ) +{ + if (mMMCONFEnabled) { + return PciExpressAndThenOr16 (Address, AndData, OrData); + } else { + return PciCf8AndThenOr16 (Address, AndData, OrData); + } +} + +/** + Reads a bit field of a PCI configuration register. + + Reads the bit field in a 16-bit PCI configuration register. The bit field is + specified by the StartBit and the EndBit. The value of the bit field is + returned. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + If StartBit is greater than 15, then ASSERT(). + If EndBit is greater than 15, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + + @param Address The PCI configuration register to read. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..15. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..15. + + @return The value of the bit field read from the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciBitFieldRead16 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldRead16 (Address, StartBit, EndBit); + } else { + return PciCf8BitFieldRead16 (Address, StartBit, EndBit); + } +} + +/** + Writes a bit field to a PCI configuration register. + + Writes Value to the bit field of the PCI configuration register. The bit + field is specified by the StartBit and the EndBit. All other bits in the + destination PCI configuration register are preserved. The new value of the + 16-bit register is returned. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + If StartBit is greater than 15, then ASSERT(). + If EndBit is greater than 15, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If Value is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..15. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..15. + @param Value The new value of the bit field. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciBitFieldWrite16 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT16 Value + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldWrite16 (Address, StartBit, EndBit, Value); + } else { + return PciCf8BitFieldWrite16 (Address, StartBit, EndBit, Value); + } +} + +/** + Reads a bit field in a 16-bit PCI configuration, performs a bitwise OR, and + writes the result back to the bit field in the 16-bit port. + + Reads the 16-bit PCI configuration register specified by Address, performs a + bitwise OR between the read result and the value specified by + OrData, and writes the result to the 16-bit PCI configuration register + specified by Address. The value written to the PCI configuration register is + returned. This function must guarantee that all PCI read and write operations + are serialized. Extra left bits in OrData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + If StartBit is greater than 15, then ASSERT(). + If EndBit is greater than 15, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If OrData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..15. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..15. + @param OrData The value to OR with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciBitFieldOr16 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT16 OrData + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldOr16 (Address, StartBit, EndBit, OrData); + } else { + return PciCf8BitFieldOr16 (Address, StartBit, EndBit, OrData); + } +} + +/** + Reads a bit field in a 16-bit PCI configuration register, performs a bitwise + AND, and writes the result back to the bit field in the 16-bit register. + + Reads the 16-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, and + writes the result to the 16-bit PCI configuration register specified by + Address. The value written to the PCI configuration register is returned. + This function must guarantee that all PCI read and write operations are + serialized. Extra left bits in AndData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + If StartBit is greater than 15, then ASSERT(). + If EndBit is greater than 15, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If AndData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..15. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..15. + @param AndData The value to AND with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciBitFieldAnd16 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT16 AndData + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldAnd16 (Address, StartBit, EndBit, AndData); + } else { + return PciCf8BitFieldAnd16 (Address, StartBit, EndBit, AndData); + } +} + +/** + Reads a bit field in a 16-bit port, performs a bitwise AND followed by a + bitwise OR, and writes the result back to the bit field in the + 16-bit port. + + Reads the 16-bit PCI configuration register specified by Address, performs a + bitwise AND followed by a bitwise OR between the read result and + the value specified by AndData, and writes the result to the 16-bit PCI + configuration register specified by Address. The value written to the PCI + configuration register is returned. This function must guarantee that all PCI + read and write operations are serialized. Extra left bits in both AndData and + OrData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 16-bit boundary, then ASSERT(). + If StartBit is greater than 15, then ASSERT(). + If EndBit is greater than 15, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If AndData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + If OrData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..15. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..15. + @param AndData The value to AND with the PCI configuration register. + @param OrData The value to OR with the result of the AND operation. + + @return The value written back to the PCI configuration register. + +**/ +UINT16 +EFIAPI +PciBitFieldAndThenOr16 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT16 AndData, + IN UINT16 OrData + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldAndThenOr16 (Address, StartBit, EndBit, AndData, OrData); + } else { + return PciCf8BitFieldAndThenOr16 (Address, StartBit, EndBit, AndData, OrData); + } +} + +/** + Reads a 32-bit PCI configuration register. + + Reads and returns the 32-bit PCI configuration register specified by Address. + This function must guarantee that all PCI read and write operations are + serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + + @return The read value from the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciRead32 ( + IN UINTN Address + ) +{ + if (mMMCONFEnabled) { + return PciExpressRead32 (Address); + } else { + return PciCf8Read32 (Address); + } +} + +/** + Writes a 32-bit PCI configuration register. + + Writes the 32-bit PCI configuration register specified by Address with the + value specified by Value. Value is returned. This function must guarantee + that all PCI read and write operations are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param Value The value to write. + + @return The value written to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciWrite32 ( + IN UINTN Address, + IN UINT32 Value + ) +{ + if (mMMCONFEnabled) { + return PciExpressWrite32 (Address, Value); + } else { + return PciCf8Write32 (Address, Value); + } +} + +/** + Performs a bitwise OR of a 32-bit PCI configuration register with + a 32-bit value. + + Reads the 32-bit PCI configuration register specified by Address, performs a + bitwise OR between the read result and the value specified by + OrData, and writes the result to the 32-bit PCI configuration register + specified by Address. The value written to the PCI configuration register is + returned. This function must guarantee that all PCI read and write operations + are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param OrData The value to OR with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciOr32 ( + IN UINTN Address, + IN UINT32 OrData + ) +{ + if (mMMCONFEnabled) { + return PciExpressOr32 (Address, OrData); + } else { + return PciCf8Or32 (Address, OrData); + } +} + +/** + Performs a bitwise AND of a 32-bit PCI configuration register with a 32-bit + value. + + Reads the 32-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, and + writes the result to the 32-bit PCI configuration register specified by + Address. The value written to the PCI configuration register is returned. + This function must guarantee that all PCI read and write operations are + serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param AndData The value to AND with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciAnd32 ( + IN UINTN Address, + IN UINT32 AndData + ) +{ + if (mMMCONFEnabled) { + return PciExpressAnd32 (Address, AndData); + } else { + return PciCf8And32 (Address, AndData); + } +} + +/** + Performs a bitwise AND of a 32-bit PCI configuration register with a 32-bit + value, followed a bitwise OR with another 32-bit value. + + Reads the 32-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, + performs a bitwise OR between the result of the AND operation and + the value specified by OrData, and writes the result to the 32-bit PCI + configuration register specified by Address. The value written to the PCI + configuration register is returned. This function must guarantee that all PCI + read and write operations are serialized. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + + @param Address The address that encodes the PCI Bus, Device, Function and + Register. + @param AndData The value to AND with the PCI configuration register. + @param OrData The value to OR with the result of the AND operation. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciAndThenOr32 ( + IN UINTN Address, + IN UINT32 AndData, + IN UINT32 OrData + ) +{ + if (mMMCONFEnabled) { + return PciExpressAndThenOr32 (Address, AndData, OrData); + } else { + return PciCf8AndThenOr32 (Address, AndData, OrData); + } +} + +/** + Reads a bit field of a PCI configuration register. + + Reads the bit field in a 32-bit PCI configuration register. The bit field is + specified by the StartBit and the EndBit. The value of the bit field is + returned. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + If StartBit is greater than 31, then ASSERT(). + If EndBit is greater than 31, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + + @param Address The PCI configuration register to read. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..31. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..31. + + @return The value of the bit field read from the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciBitFieldRead32 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldRead32 (Address, StartBit, EndBit); + } else { + return PciCf8BitFieldRead32 (Address, StartBit, EndBit); + } +} + +/** + Writes a bit field to a PCI configuration register. + + Writes Value to the bit field of the PCI configuration register. The bit + field is specified by the StartBit and the EndBit. All other bits in the + destination PCI configuration register are preserved. The new value of the + 32-bit register is returned. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + If StartBit is greater than 31, then ASSERT(). + If EndBit is greater than 31, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If Value is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..31. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..31. + @param Value The new value of the bit field. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciBitFieldWrite32 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT32 Value + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldWrite32 (Address, StartBit, EndBit, Value); + } else { + return PciCf8BitFieldWrite32 (Address, StartBit, EndBit, Value); + } +} + +/** + Reads a bit field in a 32-bit PCI configuration, performs a bitwise OR, and + writes the result back to the bit field in the 32-bit port. + + Reads the 32-bit PCI configuration register specified by Address, performs a + bitwise OR between the read result and the value specified by + OrData, and writes the result to the 32-bit PCI configuration register + specified by Address. The value written to the PCI configuration register is + returned. This function must guarantee that all PCI read and write operations + are serialized. Extra left bits in OrData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + If StartBit is greater than 31, then ASSERT(). + If EndBit is greater than 31, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If OrData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..31. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..31. + @param OrData The value to OR with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciBitFieldOr32 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT32 OrData + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldOr32 (Address, StartBit, EndBit, OrData); + } else { + return PciCf8BitFieldOr32 (Address, StartBit, EndBit, OrData); + } +} + +/** + Reads a bit field in a 32-bit PCI configuration register, performs a bitwise + AND, and writes the result back to the bit field in the 32-bit register. + + Reads the 32-bit PCI configuration register specified by Address, performs a + bitwise AND between the read result and the value specified by AndData, and + writes the result to the 32-bit PCI configuration register specified by + Address. The value written to the PCI configuration register is returned. + This function must guarantee that all PCI read and write operations are + serialized. Extra left bits in AndData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + If StartBit is greater than 31, then ASSERT(). + If EndBit is greater than 31, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If AndData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..31. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..31. + @param AndData The value to AND with the PCI configuration register. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciBitFieldAnd32 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT32 AndData + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldAnd32 (Address, StartBit, EndBit, AndData); + } else { + return PciCf8BitFieldAnd32 (Address, StartBit, EndBit, AndData); + } +} + +/** + Reads a bit field in a 32-bit port, performs a bitwise AND followed by a + bitwise OR, and writes the result back to the bit field in the + 32-bit port. + + Reads the 32-bit PCI configuration register specified by Address, performs a + bitwise AND followed by a bitwise OR between the read result and + the value specified by AndData, and writes the result to the 32-bit PCI + configuration register specified by Address. The value written to the PCI + configuration register is returned. This function must guarantee that all PCI + read and write operations are serialized. Extra left bits in both AndData and + OrData are stripped. + + If Address > 0x0FFFFFFF, then ASSERT(). + If Address is not aligned on a 32-bit boundary, then ASSERT(). + If StartBit is greater than 31, then ASSERT(). + If EndBit is greater than 31, then ASSERT(). + If EndBit is less than StartBit, then ASSERT(). + If AndData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + If OrData is larger than the bitmask value range specified by StartBit and EndBit, then ASSERT(). + + @param Address The PCI configuration register to write. + @param StartBit The ordinal of the least significant bit in the bit field. + Range 0..31. + @param EndBit The ordinal of the most significant bit in the bit field. + Range 0..31. + @param AndData The value to AND with the PCI configuration register. + @param OrData The value to OR with the result of the AND operation. + + @return The value written back to the PCI configuration register. + +**/ +UINT32 +EFIAPI +PciBitFieldAndThenOr32 ( + IN UINTN Address, + IN UINTN StartBit, + IN UINTN EndBit, + IN UINT32 AndData, + IN UINT32 OrData + ) +{ + if (mMMCONFEnabled) { + return PciExpressBitFieldAndThenOr32 (Address, StartBit, EndBit, AndData, OrData); + } else { + return PciCf8BitFieldAndThenOr32 (Address, StartBit, EndBit, AndData, OrData); + } +} + +/** + Reads a range of PCI configuration registers into a caller supplied buffer. + + Reads the range of PCI configuration registers specified by StartAddress and + Size into the buffer specified by Buffer. This function only allows the PCI + configuration registers from a single PCI function to be read. Size is + returned. When possible 32-bit PCI configuration read cycles are used to read + from StartAdress to StartAddress + Size. Due to alignment restrictions, 8-bit + and 16-bit PCI configuration read cycles may be used at the beginning and the + end of the range. + + If StartAddress > 0x0FFFFFFF, then ASSERT(). + If ((StartAddress & 0xFFF) + Size) > 0x1000, then ASSERT(). + If Size > 0 and Buffer is NULL, then ASSERT(). + + @param StartAddress The starting address that encodes the PCI Bus, Device, + Function and Register. + @param Size The size in bytes of the transfer. + @param Buffer The pointer to a buffer receiving the data read. + + @return Size + +**/ +UINTN +EFIAPI +PciReadBuffer ( + IN UINTN StartAddress, + IN UINTN Size, + OUT VOID *Buffer + ) +{ + if (mMMCONFEnabled) { + return PciExpressReadBuffer (StartAddress, Size, Buffer); + } else { + return PciCf8ReadBuffer (StartAddress, Size, Buffer); + } +} + +/** + Copies the data in a caller supplied buffer to a specified range of PCI + configuration space. + + Writes the range of PCI configuration registers specified by StartAddress and + Size from the buffer specified by Buffer. This function only allows the PCI + configuration registers from a single PCI function to be written. Size is + returned. When possible 32-bit PCI configuration write cycles are used to + write from StartAdress to StartAddress + Size. Due to alignment restrictions, + 8-bit and 16-bit PCI configuration write cycles may be used at the beginning + and the end of the range. + + If StartAddress > 0x0FFFFFFF, then ASSERT(). + If ((StartAddress & 0xFFF) + Size) > 0x1000, then ASSERT(). + If Size > 0 and Buffer is NULL, then ASSERT(). + + @param StartAddress The starting address that encodes the PCI Bus, Device, + Function and Register. + @param Size The size in bytes of the transfer. + @param Buffer The pointer to a buffer containing the data to write. + + @return Size written to StartAddress. + +**/ +UINTN +EFIAPI +PciWriteBuffer ( + IN UINTN StartAddress, + IN UINTN Size, + IN VOID *Buffer + ) +{ + if (mMMCONFEnabled) { + return PciExpressWriteBuffer (StartAddress, Size, Buffer); + } else { + return PciCf8WriteBuffer (StartAddress, Size, Buffer); + } +} From c597eb77e22747d8b0a1e27007fb6715b54d523f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 10 May 2021 17:50:38 +0200 Subject: [PATCH 055/357] DasharoPayloadPkg/DasharoPayloadPkgIa32X64.dsc: add config option for timeout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 4b1d0623c1..f7d8982097 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -57,6 +57,8 @@ DEFINE BOOT_MENU_KEY = 0x0016 DEFINE SETUP_MENU_KEY = 0x0017 + DEFINE PLATFORM_BOOT_TIMEOUT = 5 + # # typedef struct { # UINT16 VendorId; ///< Vendor ID to match the PCI device. The value 0xFFFF terminates the list of entries. @@ -455,7 +457,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 - gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|3 + gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|$(PLATFORM_BOOT_TIMEOUT) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable|FALSE ## This PCD defines the video horizontal resolution. From 1a72f1eb4d6577b7ea816157cfffae4e5e569b30 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Mon, 5 Oct 2020 16:29:25 +0200 Subject: [PATCH 056/357] DasharoPayloadPkg,OvmfPkg: support coreboot's TPM PPI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Parse coreboot's TPM PPI handoff buffer --------------------------------------- Read the coreboot table containing the TPM PPI handoff buffer and place it in gEfiTcgPhysicalPresenceInfoHob. coreboot uses the same PPI interface as QEMU does and installs the corresponding ACPI code to provide a full PPI interface to the OS. The OS must reboot in order to execute the requests. The corresponding coreboot patch can be found here: https://review.coreboot.org/c/coreboot/+/45568 The OvmfPkg PhysicalPresence library is used in PlatformBootManager to confirm TPM PPI request. This is necessary as coreboot doesn't have input drivers or a graphical UI that could be used. OvmfPkg: Introduce Tcg2PhysicalPresencePlatformLib -------------------------------------------------- Put the PPI configuration retriveal into an own library. That will allow to reuse the code in the UefipayloadPkg, where the firmware provides the ACPI tables, like QEMU does on OvmfPkg. However one major difference is that the PPI interface in DasharoPayloadPkg is not backed by a MMIO device, but resides in DRAM and is shared with ACPI code. Add an additional parameter to provide the location of the PPI and test if the memory region has the correct attributes. OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu: Add timeout -------------------------------------------------------- Instead of waiting and infinite time, abort the TPM PPI request after 3 minutes. This allow to boot headless platforms where no keyboard is attached or the user didn't made it in time. DasharoPayloadPkg/DasharoPayloadPkg.dsc: do not initialize TPM again -------------------------------------------------------------- Copy Tcg2PhysicalPresenceLibGetManagementFlags to OvmfPkg --------------------------------------------------------- Signed-off-by: Patrick Rudolph Signed-off-by: Michał Żygowski Signed-off-by: Michał Kopeć --- DasharoPayloadPkg/BlSupportPei/BlSupportPei.c | 13 +++ DasharoPayloadPkg/BlSupportPei/BlSupportPei.h | 1 + .../BlSupportPei/BlSupportPei.inf | 1 + DasharoPayloadPkg/DasharoPayloadPkg.dec | 3 +- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 11 +- DasharoPayloadPkg/Include/Coreboot.h | 25 ++++ .../Include/Guid/TcgPhysicalPresenceGuid.h | 30 +++++ .../Include/Library/BlParseLib.h | 16 +++ .../Library/CbParseLib/CbParseLib.c | 49 ++++++++ .../PlatformBootManager.c | 5 + .../PlatformBootManager.h | 1 + .../PlatformBootManagerLib.inf | 2 + .../Library/SblParseLib/SblParseLib.c | 18 +++ .../DxeTcg2PhysicalPresencePlatformLib.c | 80 +++++++++++++ .../DxeTcg2PhysicalPresencePlatformLib.inf | 44 +++++++ OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc | 1 + .../Library/Tcg2PhysicalPresencePlatformLib.h | 29 +++++ .../DxeTcg2PhysicalPresenceLib.c | 110 +++++++++++------- .../DxeTcg2PhysicalPresenceLib.inf | 5 +- .../DxeTcg2PhysicalPresencePlatformLib.c | 56 +++++++++ .../DxeTcg2PhysicalPresencePlatformLib.inf | 36 ++++++ 21 files changed, 489 insertions(+), 47 deletions(-) create mode 100644 DasharoPayloadPkg/Include/Guid/TcgPhysicalPresenceGuid.h create mode 100644 DasharoPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.c create mode 100644 DasharoPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.inf create mode 100644 OvmfPkg/Include/Library/Tcg2PhysicalPresencePlatformLib.h create mode 100644 OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.c create mode 100644 OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c index 2138764a80..3e15c4cc8b 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c @@ -390,6 +390,8 @@ BlPeiEntryPoint ( ACPI_BOARD_INFO *NewAcpiBoardInfo; SMMSTORE_INFO SMMSTOREInfo; SMMSTORE_INFO *NewSMMSTOREInfo; + TCG_PHYSICAL_PRESENCE_INFO PhysicalPresenceInfo; + TCG_PHYSICAL_PRESENCE_INFO *NewPhysicalPresenceInfo; EFI_PEI_GRAPHICS_INFO_HOB GfxInfo; EFI_PEI_GRAPHICS_INFO_HOB *NewGfxInfo; EFI_PEI_GRAPHICS_DEVICE_INFO_HOB GfxDeviceInfo; @@ -551,6 +553,17 @@ BlPeiEntryPoint ( DEBUG ((DEBUG_INFO, "Created SMMSTORE info hob\n")); } + // + // Create guid hob for Tcg Physical Presence Interface + // + Status = ParseTPMPPIInfo (&PhysicalPresenceInfo); + if (!EFI_ERROR (Status)) { + NewPhysicalPresenceInfo = BuildGuidHob (&gEfiTcgPhysicalPresenceInfoHobGuid, sizeof (TCG_PHYSICAL_PRESENCE_INFO)); + ASSERT (NewPhysicalPresenceInfo != NULL); + CopyMem (NewPhysicalPresenceInfo, &PhysicalPresenceInfo, sizeof (TCG_PHYSICAL_PRESENCE_INFO)); + DEBUG ((DEBUG_INFO, "Created Tcg Physical Presence info hob\n")); + } + // // Create guid hob for system tables like acpi table and smbios table // diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h index 705667627d..f1ac54ffda 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h @@ -29,6 +29,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf index f23fc0a723..f63a213a8d 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf @@ -57,6 +57,7 @@ gEfiGraphicsDeviceInfoHobGuid gUefiAcpiBoardInfoGuid gEfiSMMSTOREInfoHobGuid + gEfiTcgPhysicalPresenceInfoHobGuid [Ppis] gEfiPeiMasterBootModePpiGuid diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index b4a33e449d..ef5779722d 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -33,7 +33,8 @@ gUefiAcpiBoardInfoGuid = {0xad3d31b, 0xb3d8, 0x4506, {0xae, 0x71, 0x2e, 0xf1, 0x10, 0x6, 0xd9, 0xf}} gUefiSerialPortInfoGuid = { 0x6c6872fe, 0x56a9, 0x4403, { 0xbb, 0x98, 0x95, 0x8d, 0x62, 0xde, 0x87, 0xf1 } } gLoaderMemoryMapInfoGuid = { 0xa1ff7424, 0x7a1a, 0x478e, { 0xa9, 0xe4, 0x92, 0xf3, 0x57, 0xd1, 0x28, 0x32 } } - gEfiSMMSTOREInfoHobGuid = { 0xf585ca19, 0x881b, 0x44fb, { 0x3f, 0x3d, 0x81, 0x89, 0x7c, 0x57, 0xbb, 0x01 }} + gEfiSMMSTOREInfoHobGuid = { 0xf585ca19, 0x881b, 0x44fb, { 0x3f, 0x3d, 0x81, 0x89, 0x7c, 0x57, 0xbb, 0x01 } } + gEfiTcgPhysicalPresenceInfoHobGuid = { 0xf367be59, 0x5891, 0x40eb, { 0x21, 0x44, 0xed, 0x2e, 0xac, 0x57, 0xfd, 0x14 }} [Ppis] gEfiPayLoadHobBasePpiGuid = { 0xdbe23aa1, 0xa342, 0x4b97, {0x85, 0xb6, 0xb2, 0x26, 0xf1, 0x61, 0x73, 0x89} } diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index f7d8982097..f9b92c5788 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -288,8 +288,13 @@ !if $(TPM_ENABLE) == TRUE Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + Tcg2PhysicalPresencePlatformLib|DasharoPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +!else + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf !endif [LibraryClasses.IA32.SEC] @@ -346,7 +351,6 @@ !if $(TPM_ENABLE) == TRUE Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf - Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf !endif [LibraryClasses.common.DXE_RUNTIME_DRIVER] @@ -477,6 +481,11 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} + # No need to initialize TPM again, coreboot already did that + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|0 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy|0 + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|0 + [PcdsDynamicHii] !if $(TPM_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS diff --git a/DasharoPayloadPkg/Include/Coreboot.h b/DasharoPayloadPkg/Include/Coreboot.h index 0416dd0493..bcf4ff61f3 100644 --- a/DasharoPayloadPkg/Include/Coreboot.h +++ b/DasharoPayloadPkg/Include/Coreboot.h @@ -258,5 +258,30 @@ struct cb_smmstorev2 { (void *)(((UINT8 *) (_rec)) + sizeof(*(_rec)) \ + (sizeof((_rec)->map[0]) * (_idx))) +#define CB_TAG_TPM_PPI_HANDOFF 0x003a + +enum lb_tmp_ppi_tpm_version { + LB_TPM_VERSION_UNSPEC = 0, + LB_TPM_VERSION_TPM_VERSION_1_2, + LB_TPM_VERSION_TPM_VERSION_2, +}; + +/* + * Handoff buffer for TPM Physical Presence Interface. + * * ppi_address Pointer to PPI buffer shared with ACPI + * The layout of the buffer matches the QEMU virtual memory device + * that is generated by QEMU. + * See files 'hw/i386/acpi-build.c' and 'include/hw/acpi/tpm.h' + * for details. + * * tpm_version TPM version: 1 for TPM1.2, 2 for TPM2.0 + * * ppi_version BCD encoded version of TPM PPI interface + */ +struct cb_tpm_physical_presence { + UINT32 tag; + UINT32 size; + UINT32 ppi_address; /* Address of ACPI PPI communication buffer */ + UINT8 tpm_version; /* 1: TPM1.2, 2: TPM2.0 */ + UINT8 ppi_version; /* BCD encoded */ +}; #endif // _COREBOOT_PEI_H_INCLUDED_ diff --git a/DasharoPayloadPkg/Include/Guid/TcgPhysicalPresenceGuid.h b/DasharoPayloadPkg/Include/Guid/TcgPhysicalPresenceGuid.h new file mode 100644 index 0000000000..1f8ca6e3ab --- /dev/null +++ b/DasharoPayloadPkg/Include/Guid/TcgPhysicalPresenceGuid.h @@ -0,0 +1,30 @@ +/** @file + This file defines the hob structure for Tcg Physical Presence Interface. + + Copyright (c) 2020, 9elements Agency GmbH
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG_PHYSICAL_PRESENCE_GUID_H__ +#define __TCG_PHYSICAL_PRESENCE_GUID_H__ + +/// +/// TCG Physical Presence Information GUID +/// +extern EFI_GUID gEfiTcgPhysicalPresenceInfoHobGuid; + +typedef struct { + UINT32 PpiAddress; + UINT8 TpmVersion; + UINT8 PpiVersion; +} TCG_PHYSICAL_PRESENCE_INFO; + +#define UEFIPAYLOAD_TPM_VERSION_UNSPEC 0 +#define UEFIPAYLOAD_TPM_VERSION_1_2 1 +#define UEFIPAYLOAD_TPM_VERSION_2 2 + +#define UEFIPAYLOAD_TPM_PPI_VERSION_NONE 0 +#define UEFIPAYLOAD_TPM_PPI_VERSION_1_30 1 + +#endif diff --git a/DasharoPayloadPkg/Include/Library/BlParseLib.h b/DasharoPayloadPkg/Include/Library/BlParseLib.h index 542c714c55..8d3bddae62 100644 --- a/DasharoPayloadPkg/Include/Library/BlParseLib.h +++ b/DasharoPayloadPkg/Include/Library/BlParseLib.h @@ -13,6 +13,7 @@ #include #include #include +#include #ifndef __BOOTLOADER_PARSE_LIB__ #define __BOOTLOADER_PARSE_LIB__ @@ -133,4 +134,19 @@ ParseSMMSTOREInfo ( OUT SMMSTORE_INFO *SMMSTOREInfo ); +/** + Find the Tcg Physical Presence store information + + @param PPIInfo Pointer to the TCG_PHYSICAL_PRESENCE_INFO structure + + @retval RETURN_SUCCESS Successfully find the SMM store buffer information. + @retval RETURN_NOT_FOUND Failed to find the SMM store buffer information . + +**/ +RETURN_STATUS +EFIAPI +ParseTPMPPIInfo ( + OUT TCG_PHYSICAL_PRESENCE_INFO *PPIInfo + ); + #endif diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c index 2b449f05eb..d0283ba5cd 100644 --- a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c @@ -600,3 +600,52 @@ ParseSMMSTOREInfo ( return RETURN_SUCCESS; } + +/** + Find the Tcg Physical Presence store information + + @param PPIInfo Pointer to the TCG_PHYSICAL_PRESENCE_INFO structure + + @retval RETURN_SUCCESS Successfully find the SMM store buffer information. + @retval RETURN_NOT_FOUND Failed to find the SMM store buffer information . + +**/ +RETURN_STATUS +EFIAPI +ParseTPMPPIInfo ( + OUT TCG_PHYSICAL_PRESENCE_INFO *PPIInfo + ) +{ + struct cb_tpm_physical_presence *CbTPPRec; + UINT8 VersionMajor; + UINT8 VersionMinor; + + if (PPIInfo == NULL) { + return RETURN_INVALID_PARAMETER; + } + + CbTPPRec = FindCbTag (CB_TAG_TPM_PPI_HANDOFF); + if (CbTPPRec == NULL) { + return RETURN_NOT_FOUND; + } + + VersionMajor = CbTPPRec->ppi_version >> 4; + VersionMinor = CbTPPRec->ppi_version & 0xF; + + DEBUG ((DEBUG_INFO, "Found Tcg Physical Presence information\n")); + DEBUG ((DEBUG_INFO, "PpiAddress: 0x%x\n", CbTPPRec->ppi_address)); + DEBUG ((DEBUG_INFO, "TpmVersion: 0x%x\n", CbTPPRec->tpm_version)); + DEBUG ((DEBUG_INFO, "PpiVersion: %x.%x\n", VersionMajor, VersionMinor)); + + PPIInfo->PpiAddress = CbTPPRec->ppi_address; + if (CbTPPRec->tpm_version == LB_TPM_VERSION_TPM_VERSION_1_2) { + PPIInfo->TpmVersion = UEFIPAYLOAD_TPM_VERSION_1_2; + } else if (CbTPPRec->tpm_version == LB_TPM_VERSION_TPM_VERSION_2) { + PPIInfo->TpmVersion = UEFIPAYLOAD_TPM_VERSION_2; + } + if (VersionMajor == 1 && VersionMinor >= 3) { + PPIInfo->PpiVersion = UEFIPAYLOAD_TPM_PPI_VERSION_1_30; + } + + return RETURN_SUCCESS; +} diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 08991a8c1e..ca74024fa7 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -482,6 +482,11 @@ PlatformBootManagerAfterConsole ( EfiBootManagerConnectAll (); EfiBootManagerRefreshAllBootOption (); + // + // Process TPM PPI request + // + Tcg2PhysicalPresenceLibProcessRequest (NULL); + // // Register UEFI Shell // diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h index 2f600c796f..9697d0514a 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h @@ -26,6 +26,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include typedef struct { diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index c28370a24c..2b9dedda55 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -32,6 +32,7 @@ MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec DasharoPayloadPkg/DasharoPayloadPkg.dec + SecurityPkg/SecurityPkg.dec [LibraryClasses] BaseLib @@ -47,6 +48,7 @@ HiiLib PrintLib PlatformHookLib + Tcg2PhysicalPresenceLib [Guids] gEfiEndOfDxeEventGroupGuid diff --git a/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c b/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c index 87e7605a2b..5c6a405daf 100644 --- a/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c +++ b/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c @@ -238,3 +238,21 @@ ParseSMMSTOREInfo ( { return RETURN_NOT_FOUND; } + +/** + Find the Tcg Physical Presence store information + + @param PPIInfo Pointer to the TCG_PHYSICAL_PRESENCE_INFO structure + + @retval RETURN_SUCCESS Successfully find the SMM store buffer information. + @retval RETURN_NOT_FOUND Failed to find the SMM store buffer information . + +**/ +RETURN_STATUS +EFIAPI +ParseTPMPPIInfo ( + OUT TCG_PHYSICAL_PRESENCE_INFO *PPIInfo + ) +{ + return RETURN_NOT_FOUND; +} diff --git a/DasharoPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.c b/DasharoPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.c new file mode 100644 index 0000000000..a35d73c165 --- /dev/null +++ b/DasharoPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.c @@ -0,0 +1,80 @@ +/** @file + Returns the platform specific configuration for the QEMU PPI. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + +Copyright (C) 2018, Red Hat, Inc. +Copyright (c) 2018, IBM Corporation. All rights reserved.
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include + +#include +#include +#include +#include + +#include + +/** + Reads QEMU PPI config from TcgPhysicalPresenceInfoHobGuid. + + @param[out] The Config structure to read to. + @param[out] The PPIinMMIO is True when the PPI is in MMIO memory space + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_PROTOCOL_ERROR Invalid HOB entry. +**/ +EFI_STATUS +TpmPPIPlatformReadConfig ( + OUT QEMU_FWCFG_TPM_CONFIG *Config, + OUT BOOLEAN *PPIinMMIO + ) +{ + EFI_HOB_GUID_TYPE *GuidHob; + TCG_PHYSICAL_PRESENCE_INFO *pPPInfo; + + // + // Find the TPM Physical Presence HOB + // + GuidHob = GetFirstGuidHob (&gEfiTcgPhysicalPresenceInfoHobGuid); + + if (GuidHob == NULL) { + return EFI_NOT_FOUND; + } + + pPPInfo = (TCG_PHYSICAL_PRESENCE_INFO *)GET_GUID_HOB_DATA (GuidHob); + + if (pPPInfo->PpiAddress == 0 || pPPInfo->PpiAddress == ~0) { + return EFI_NOT_FOUND; + } else { + Config->PpiAddress = pPPInfo->PpiAddress; + } + + if (pPPInfo->TpmVersion == UEFIPAYLOAD_TPM_VERSION_1_2) { + Config->TpmVersion = QEMU_TPM_VERSION_1_2; + } else if (pPPInfo->TpmVersion == UEFIPAYLOAD_TPM_VERSION_2) { + Config->TpmVersion = QEMU_TPM_VERSION_2; + } else { + return EFI_UNSUPPORTED; + } + + if (pPPInfo->PpiVersion == UEFIPAYLOAD_TPM_PPI_VERSION_NONE) { + Config->PpiVersion = QEMU_TPM_PPI_VERSION_NONE; + } else if (pPPInfo->PpiVersion == UEFIPAYLOAD_TPM_PPI_VERSION_1_30) { + Config->PpiVersion = QEMU_TPM_PPI_VERSION_1_30; + } else { + return EFI_UNSUPPORTED; + } + + *PPIinMMIO = FALSE; + + return EFI_SUCCESS; +} diff --git a/DasharoPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.inf b/DasharoPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.inf new file mode 100644 index 0000000000..7c6cff56a3 --- /dev/null +++ b/DasharoPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.inf @@ -0,0 +1,44 @@ +## @file +# Returns the platform specific configuration for the QEMU PPI. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (C) 2018, Red Hat, Inc. +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2PhysicalPresencePlatformLibUefipayload + FILE_GUID = F5967F4F-B53F-4669-91A5-A3DA0F30AF22 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tcg2PhysicalPresencePlatformLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec + +[Sources] + DxeTcg2PhysicalPresencePlatformLib.c + +[LibraryClasses] + BlParseLib + HobLib + DebugLib + DxeServicesTableLib + +[Guids] + gEfiTcgPhysicalPresenceInfoHobGuid diff --git a/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc b/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc index b97244695b..31d2f1b9d8 100644 --- a/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc +++ b/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc @@ -9,6 +9,7 @@ !endif Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + Tcg2PhysicalPresencePlatformLib|OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf !else Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf diff --git a/OvmfPkg/Include/Library/Tcg2PhysicalPresencePlatformLib.h b/OvmfPkg/Include/Library/Tcg2PhysicalPresencePlatformLib.h new file mode 100644 index 0000000000..76bfd2a87f --- /dev/null +++ b/OvmfPkg/Include/Library/Tcg2PhysicalPresencePlatformLib.h @@ -0,0 +1,29 @@ +/** @file + Returns the platform specific Physical Presence configuration. + + Copyright (C) 2020 9elements GmbH + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef __TCG2_PHYSICAL_PRESENCE_PLATFORM_LIB_H__ +#define __TCG2_PHYSICAL_PRESENCE_PLATFORM_LIB_H__ + +#include + +/** + Reads the platform specific Physical Presence configuration. + + @param[out] The Config structure to read to. + @param[out] The PPIinMMIO is True when the PPI is in MMIO memory space + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_PROTOCOL_ERROR Invalid fw_cfg entry size. +**/ +EFI_STATUS +TpmPPIPlatformReadConfig ( + OUT QEMU_FWCFG_TPM_CONFIG *Config, + OUT BOOLEAN *PPIinMMIO + ); + +#endif diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c index 4038020251..7332644c2f 100644 --- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c +++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c @@ -26,9 +26,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include -#include #include +#include #include #include #include @@ -38,44 +39,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define CONFIRM_BUFFER_SIZE 4096 +/* Wait 3 minutes for user input */ +#define TIMEOUT (1000 * 1000 * 60 * 3) + EFI_HII_HANDLE mTcg2PpStringPackHandle; #define TPM_PPI_FLAGS (QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ) STATIC volatile QEMU_TPM_PPI *mPpi; -/** - Reads QEMU PPI config from fw_cfg. - - @param[out] The Config structure to read to. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_PROTOCOL_ERROR Invalid fw_cfg entry size. -**/ -STATIC -EFI_STATUS -QemuTpmReadConfig ( - OUT QEMU_FWCFG_TPM_CONFIG *Config - ) -{ - EFI_STATUS Status; - FIRMWARE_CONFIG_ITEM FwCfgItem; - UINTN FwCfgSize; - - Status = QemuFwCfgFindFile ("etc/tpm/config", &FwCfgItem, &FwCfgSize); - if (EFI_ERROR (Status)) { - return Status; - } - - if (FwCfgSize != sizeof (*Config)) { - return EFI_PROTOCOL_ERROR; - } - - QemuFwCfgSelectItem (FwCfgItem); - QemuFwCfgReadBytes (sizeof (*Config), Config); - return EFI_SUCCESS; -} - /** Initializes QEMU PPI memory region. @@ -90,6 +62,7 @@ QemuTpmInitPPI ( { EFI_STATUS Status; QEMU_FWCFG_TPM_CONFIG Config; + BOOLEAN PPIinMMIO; EFI_PHYSICAL_ADDRESS PpiAddress64; EFI_GCD_MEMORY_SPACE_DESCRIPTOR Descriptor; UINTN Idx; @@ -98,7 +71,7 @@ QemuTpmInitPPI ( return EFI_SUCCESS; } - Status = QemuTpmReadConfig (&Config); + Status = TpmPPIPlatformReadConfig (&Config, &PPIinMMIO); if (EFI_ERROR (Status)) { return Status; } @@ -123,15 +96,23 @@ QemuTpmInitPPI ( ASSERT_EFI_ERROR (Status); goto InvalidPpiAddress; } - - if (!EFI_ERROR (Status) && - ((Descriptor.GcdMemoryType != EfiGcdMemoryTypeMemoryMappedIo) && - (Descriptor.GcdMemoryType != EfiGcdMemoryTypeNonExistent))) - { - DEBUG ((DEBUG_ERROR, "[TPM2PP] mPpi has an invalid memory type\n")); - goto InvalidPpiAddress; + if (PPIinMMIO) { + if (!EFI_ERROR (Status) && + (Descriptor.GcdMemoryType != EfiGcdMemoryTypeMemoryMappedIo && + Descriptor.GcdMemoryType != EfiGcdMemoryTypeNonExistent)) { + DEBUG ((DEBUG_ERROR, "[TPM2PP] mPpi has an invalid memory type\n")); + goto InvalidPpiAddress; + } + } else { + if (!EFI_ERROR (Status) && + (Descriptor.GcdMemoryType != EfiGcdMemoryTypeReserved && + Descriptor.GcdMemoryType != EfiGcdMemoryTypeSystemMemory)) { + DEBUG ((DEBUG_ERROR, "[TPM2PP] mPpi has an invalid memory type\n")); + goto InvalidPpiAddress; + } } + for (Idx = 0; Idx < ARRAY_SIZE (mPpi->Func); Idx++) { mPpi->Func[Idx] = 0; } @@ -359,12 +340,16 @@ Tcg2ExecutePhysicalPresence ( STATIC BOOLEAN Tcg2ReadUserKey ( - IN BOOLEAN CautionKey + IN BOOLEAN CautionKey, + IN UINTN Timeout ) { EFI_STATUS Status; EFI_INPUT_KEY Key; UINT16 InputKey; + UINTN Delay; + + Delay = Timeout / 50; InputKey = 0; do { @@ -383,7 +368,13 @@ Tcg2ReadUserKey ( InputKey = Key.ScanCode; } } - } while (InputKey == 0); + gBS->Stall (50); + Delay--; + } while (InputKey == 0 && Delay > 0); + + if (Delay == 0) { + return FALSE; + } if (InputKey != SCAN_ESC) { return TRUE; @@ -652,7 +643,7 @@ Tcg2UserConfirm ( FreePool (ConfirmText); HiiRemovePackages (mTcg2PpStringPackHandle); - if (Tcg2ReadUserKey (CautionKey)) { + if (Tcg2ReadUserKey (CautionKey, TIMEOUT)) { return TRUE; } @@ -926,3 +917,34 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; } + +/** + Return TPM2 ManagementFlags set by PP interface. + + @retval ManagementFlags TPM2 Management Flags. +**/ +UINT32 +EFIAPI +Tcg2PhysicalPresenceLibGetManagementFlags ( + VOID + ) +{ + EFI_STATUS Status; + EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; + UINTN DataSize; + + DEBUG ((EFI_D_INFO, "[TPM2] GetManagementFlags\n")); + + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); + if (EFI_ERROR (Status)) { + PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); + } + return PpiFlags.PPFlags; +} diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf index 5b5417c321..b808e31240 100644 --- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf +++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf @@ -57,16 +57,19 @@ HobLib MemoryAllocationLib PrintLib - QemuFwCfgLib Tpm2CommandLib UefiBootManagerLib UefiBootServicesTableLib UefiLib UefiRuntimeServicesTableLib + Tcg2PhysicalPresencePlatformLib [Protocols] gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOMETIMES_CONSUMES + [Guids] ## SOMETIMES_CONSUMES ## HII gEfiTcg2PhysicalPresenceGuid diff --git a/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.c b/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.c new file mode 100644 index 0000000000..baef59d2ef --- /dev/null +++ b/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.c @@ -0,0 +1,56 @@ +/** @file + Returns the platform specific configuration for the QEMU PPI. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + +Copyright (C) 2018, Red Hat, Inc. +Copyright (c) 2018, IBM Corporation. All rights reserved.
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include + +#include +#include + +/** + Reads QEMU PPI config from fw_cfg. + + @param[out] The Config structure to read to. + @param[out] The PPIinMMIO is True when the PPI is in MMIO memory space + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_PROTOCOL_ERROR Invalid fw_cfg entry size. +**/ +EFI_STATUS +TpmPPIPlatformReadConfig ( + OUT QEMU_FWCFG_TPM_CONFIG *Config, + OUT BOOLEAN *PPIinMMIO + ) +{ + EFI_STATUS Status; + FIRMWARE_CONFIG_ITEM FwCfgItem; + UINTN FwCfgSize; + + Status = QemuFwCfgFindFile ("etc/tpm/config", &FwCfgItem, &FwCfgSize); + if (EFI_ERROR (Status)) { + return Status; + } + + if (FwCfgSize != sizeof (*Config)) { + return EFI_PROTOCOL_ERROR; + } + + QemuFwCfgSelectItem (FwCfgItem); + QemuFwCfgReadBytes (sizeof (*Config), Config); + + *PPIinMMIO = TRUE; + + return EFI_SUCCESS; +} diff --git a/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf b/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf new file mode 100644 index 0000000000..0ea0c08d4c --- /dev/null +++ b/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf @@ -0,0 +1,36 @@ +## @file +# Returns the platform specific configuration for the QEMU PPI. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (C) 2018, Red Hat, Inc. +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2PhysicalPresencePlatformLibQemu + FILE_GUID = 9336E7F0-6CA1-4E6D-A0E9-DFE5F077AA02 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tcg2PhysicalPresencePlatformLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + DxeTcg2PhysicalPresencePlatformLib.c + +[Packages] + OvmfPkg/OvmfPkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + QemuFwCfgLib From 2b700c7ffb0abe8d98732f6f92c507d374a8c757 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Tue, 24 May 2022 19:03:00 +0300 Subject: [PATCH 057/357] DasharoPayloadPkg,MdeModulePkg: inform user via popup if in recovery boot MdeModulePkg changes -------------------- Allow reusing functions by other packages, specifically by DasharoPayloadPkg. * Move GetStringWidth() to CustomizedDisplayLib. * Move CreateMultiStringPopUp() to CustomizedDisplayLib CreateSharedPopUp() is an implementation of it and is moved as well (not used for anything else). DasharoPayloadPkg changes ---------------------- Parse coreboot information about recovery boot and display a dialog using functions moved to CustomizedDisplayLib library of MdeModulePkg. * Add ParseVBootWorkbuf() function Extracts information about vboot recovery from coreboot table. Ignore minor version of cb_vboot_workbuf_v2 while parsing because it doesn't seem to affect data layout and therefore shouldn't be the reason for aborting parsing of the structure. * Inform user via popup if in recovery boot. The popup explains what happened along with possible reasons. It disappears automatically after a timeout of 30 seconds or when user presses Enter. Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/Include/Coreboot.h | 450 ++++++++++++++++++ .../Include/Library/BlParseLib.h | 17 + .../Library/CbParseLib/CbParseLib.c | 222 +++++++++ .../PlatformBootManager.c | 143 +++++- .../PlatformBootManagerLib.inf | 1 + .../Include/Library/CustomizedDisplayLib.h | 39 ++ .../CustomizedDisplayLib.c | 141 +++++- .../CustomizedDisplayLibInternal.c | 105 ++++ .../CustomizedDisplayLibInternal.h | 16 + .../Universal/DisplayEngineDxe/FormDisplay.c | 79 --- .../Universal/DisplayEngineDxe/FormDisplay.h | 54 --- .../DisplayEngineDxe/ProcessOptions.c | 131 ----- 12 files changed, 1113 insertions(+), 285 deletions(-) diff --git a/DasharoPayloadPkg/Include/Coreboot.h b/DasharoPayloadPkg/Include/Coreboot.h index bcf4ff61f3..645562fec6 100644 --- a/DasharoPayloadPkg/Include/Coreboot.h +++ b/DasharoPayloadPkg/Include/Coreboot.h @@ -4,6 +4,8 @@ Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent + Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ SPDX-License-Identifier: BSD-3-Clause **/ /* @@ -249,6 +251,454 @@ struct cb_smmstorev2 { UINT8 unused[3]; /* Set to zero */ }; +#define CB_TAG_VBOOT_WORKBUF 0x0034 + +struct cb_cbmem_entry { + UINT32 tag; + UINT32 size; + + UINT64 address; + UINT32 entry_size; + UINT32 id; +}; + +/* Recovery reason codes */ +enum vb2_nv_recovery { + /**********************************************************************/ + /**** Uncategorized errors ********************************************/ + + /* Recovery not requested. */ + VB2_RECOVERY_NOT_REQUESTED = 0x00, + + /* + * Recovery requested from legacy utility. (Prior to the NV storage + * spec, recovery mode was a single bitfield; this value is reserved so + * that scripts which wrote 1 to the recovery field are distinguishable + * from scripts whch use the recovery reasons listed here. + */ + VB2_RECOVERY_LEGACY = 0x01, + + /* User manually requested recovery via recovery button */ + VB2_RECOVERY_RO_MANUAL = 0x02, + + + + /**********************************************************************/ + /**** Firmware verification (RO) errors (and some EC stuff???) ********/ + + /* Unspecified RW verification error (when none of 0x10-0x1f fit) */ + VB2_RECOVERY_RO_INVALID_RW = 0x03, + + /* S3 resume failed (deprecated) */ + VB2_RECOVERY_DEPRECATED_RO_S3_RESUME = 0x04, + + /* TPM error in read-only firmware (deprecated, see 0x54+) */ + VB2_RECOVERY_DEPRECATED_RO_TPM_ERROR = 0x05, + + /* Shared data error in read-only firmware */ + VB2_RECOVERY_RO_SHARED_DATA = 0x06, + + /* Test error from S3Resume() (deprecated) */ + VB2_RECOVERY_DEPRECATED_RO_TEST_S3 = 0x07, + + /* Test error from LoadFirmwareSetup() (deprecated) */ + VB2_RECOVERY_DEPRECATED_RO_TEST_LFS = 0x08, + + /* Test error from LoadFirmware() (deprecated) */ + VB2_RECOVERY_DEPRECATED_RO_TEST_LF = 0x09, + + /* + * RW firmware failed signature check (neither RW firmware slot was + * valid). Recovery reason is VB2_RECOVERY_DEPRECATED_RW_NOT_DONE + + * the check value for the slot which came closest to validating; see + * VBSD_LF_CHECK_* in vboot_struct.h (deprecated). + */ + VB2_RECOVERY_DEPRECATED_RW_NOT_DONE = 0x10, + + /* Latest tried RW firmware developer flag mismatch */ + VB2_RECOVERY_DEPRECATED_RW_DEV_FLAG_MISMATCH = 0x11, + + /* Latest tried RW firmware recovery flag mismatch */ + VB2_RECOVERY_DEPRECATED_RW_REC_FLAG_MISMATCH = 0x12, + + /* Latest tried RW firmware keyblock verification failed */ + VB2_RECOVERY_FW_KEYBLOCK = 0x13, + + /* Latest tried RW firmware key version too old */ + VB2_RECOVERY_FW_KEY_ROLLBACK = 0x14, + + /* Latest tried RW firmware unable to parse data key */ + VB2_RECOVERY_DEPRECATED_RW_DATA_KEY_PARSE = 0x15, + + /* Latest tried RW firmware preamble verification failed */ + VB2_RECOVERY_FW_PREAMBLE = 0x16, + + /* Latest tried RW firmware version too old */ + VB2_RECOVERY_FW_ROLLBACK = 0x17, + + /* Latest tried RW firmware header valid */ + VB2_RECOVERY_DEPRECATED_FW_HEADER_VALID = 0x18, + + /* Latest tried RW firmware unable to get firmware body */ + VB2_RECOVERY_DEPRECATED_FW_GET_FW_BODY = 0x19, + + /* Latest tried RW firmware hash wrong size */ + VB2_RECOVERY_DEPRECATED_FW_HASH_WRONG_SIZE = 0x1a, + + /* Latest tried RW firmware body verification failed */ + VB2_RECOVERY_FW_BODY = 0x1b, + + /* Latest tried RW firmware valid */ + VB2_RECOVERY_DEPRECATED_FW_VALID = 0x1c, + + /* Latest tried RW firmware RO normal path not supported */ + VB2_RECOVERY_DEPRECATED_FW_NO_RO_NORMAL = 0x1d, + + /* + * Firmware boot failure outside of verified boot (RAM init, missing + * SSD, etc.). + */ + VB2_RECOVERY_RO_FIRMWARE = 0x20, + + /* + * Recovery mode TPM initialization requires a system reboot. The + * system was already in recovery mode for some other reason when this + * happened. + */ + VB2_RECOVERY_RO_TPM_REBOOT = 0x21, + + /* EC software sync - other error */ + VB2_RECOVERY_EC_SOFTWARE_SYNC = 0x22, + + /* EC software sync - unable to determine active EC image */ + VB2_RECOVERY_EC_UNKNOWN_IMAGE = 0x23, + + /* EC software sync - error obtaining EC image hash (deprecated) */ + VB2_RECOVERY_DEPRECATED_EC_HASH = 0x24, + + /* EC software sync - error obtaining expected EC image (deprecated) */ + VB2_RECOVERY_DEPRECATED_EC_EXPECTED_IMAGE = 0x25, + + /* EC software sync - error updating EC */ + VB2_RECOVERY_EC_UPDATE = 0x26, + + /* EC software sync - unable to jump to EC-RW */ + VB2_RECOVERY_EC_JUMP_RW = 0x27, + + /* EC software sync - unable to protect / unprotect EC-RW */ + VB2_RECOVERY_EC_PROTECT = 0x28, + + /* EC software sync - error obtaining expected EC hash */ + VB2_RECOVERY_EC_EXPECTED_HASH = 0x29, + + /* EC software sync - expected EC image doesn't match hash (deprc.) */ + VB2_RECOVERY_DEPRECATED_EC_HASH_MISMATCH = 0x2a, + + /* Firmware secure data initialization error */ + VB2_RECOVERY_SECDATA_FIRMWARE_INIT = 0x2b, + + /* GBB header is bad */ + VB2_RECOVERY_GBB_HEADER = 0x2c, + + /* Unable to clear TPM owner */ + VB2_RECOVERY_TPM_CLEAR_OWNER = 0x2d, + + /* Error determining/updating virtual dev switch */ + VB2_RECOVERY_DEV_SWITCH = 0x2e, + + /* Error determining firmware slot */ + VB2_RECOVERY_FW_SLOT = 0x2f, + + /* Error updating auxiliary firmware */ + VB2_RECOVERY_AUXFW_UPDATE = 0x30, + + /* + * Intel CSE Lite SKU firmware failure; see subcodes defined in coreboot for specific + * reason. + */ + VB2_RECOVERY_INTEL_CSE_LITE_SKU = 0x31, + + /* Unspecified/unknown error in read-only firmware */ + VB2_RECOVERY_RO_UNSPECIFIED = 0x3f, + + + + /**********************************************************************/ + /**** Kernel verification (RW) errors *********************************/ + + /* + * User manually requested recovery by pressing a key at developer + * warning screen (deprecated) + */ + VB2_RECOVERY_DEPRECATED_RW_DEV_SCREEN = 0x41, + + /* No OS kernel detected (deprecated, now 0x5b) */ + VB2_RECOVERY_DEPRECATED_RW_NO_OS = 0x42, + + /* OS kernel failed signature check. Since the kernel corrupts itself + (DMVERROR) on a verity failure, may also indicate corrupt rootfs. */ + VB2_RECOVERY_RW_INVALID_OS = 0x43, + + /* TPM error in rewritable firmware (deprecated, see 0x54+) */ + VB2_RECOVERY_DEPRECATED_RW_TPM_ERROR = 0x44, + + /* RW firmware in dev mode, but dev switch is off (deprecated) */ + VB2_RECOVERY_DEPRECATED_RW_DEV_MISMATCH = 0x45, + + /* Shared data error in rewritable firmware */ + VB2_RECOVERY_RW_SHARED_DATA = 0x46, + + /* Test error from LoadKernel() (deprecated) */ + VB2_RECOVERY_DEPRECATED_RW_TEST_LK = 0x47, + + /* No bootable disk found (deprecated, see 0x5a) */ + VB2_RECOVERY_DEPRECATED_RW_NO_DISK = 0x48, + + /* Rebooting did not correct TPM_E_FAIL or TPM_E_FAILEDSELFTEST */ + VB2_RECOVERY_TPM_E_FAIL = 0x49, + + /* TPM setup error in read-only firmware */ + VB2_RECOVERY_RO_TPM_S_ERROR = 0x50, + + /* TPM write error in read-only firmware */ + VB2_RECOVERY_RO_TPM_W_ERROR = 0x51, + + /* TPM lock error in read-only firmware */ + VB2_RECOVERY_RO_TPM_L_ERROR = 0x52, + + /* TPM update error in read-only firmware */ + VB2_RECOVERY_RO_TPM_U_ERROR = 0x53, + + /* TPM read error in rewritable firmware */ + VB2_RECOVERY_RW_TPM_R_ERROR = 0x54, + + /* TPM write error in rewritable firmware */ + VB2_RECOVERY_RW_TPM_W_ERROR = 0x55, + + /* TPM lock error in rewritable firmware */ + VB2_RECOVERY_RW_TPM_L_ERROR = 0x56, + + /* EC software sync unable to get EC image hash */ + VB2_RECOVERY_EC_HASH_FAILED = 0x57, + + /* EC software sync invalid image hash size */ + VB2_RECOVERY_EC_HASH_SIZE = 0x58, + + /* Unspecified error while trying to load kernel */ + VB2_RECOVERY_LK_UNSPECIFIED = 0x59, + + /* No bootable storage device in system */ + VB2_RECOVERY_RW_NO_DISK = 0x5a, + + /* No bootable kernel found on disk */ + VB2_RECOVERY_RW_NO_KERNEL = 0x5b, + + /* BCB related error in RW firmware (deprecated) */ + VB2_RECOVERY_DEPRECATED_RW_BCB_ERROR = 0x5c, + + /* Kernel secure data initialization error */ + VB2_RECOVERY_SECDATA_KERNEL_INIT = 0x5d, + + /* Fastboot mode requested in firmware (deprecated) */ + VB2_RECOVERY_DEPRECATED_FW_FASTBOOT = 0x5e, + + /* Recovery hash space lock error in RO firmware */ + VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR = 0x5f, + + /* Failed to disable the TPM [prior to running untrusted code] */ + VB2_RECOVERY_TPM_DISABLE_FAILED = 0x60, + + /* Verification of altfw payload failed (deprecated) */ + VB2_RECOVERY_ALTFW_HASH_MISMATCH = 0x61, + + /* FWMP secure data initialization error */ + VB2_RECOVERY_SECDATA_FWMP_INIT = 0x62, + + /* Failed to get boot mode from TPM/Cr50 */ + VB2_RECOVERY_CR50_BOOT_MODE = 0x63, + + /* Attempt to escape from NO_BOOT mode was detected */ + VB2_RECOVERY_ESCAPE_NO_BOOT = 0x64, + + /* Unspecified/unknown error in rewritable firmware */ + VB2_RECOVERY_RW_UNSPECIFIED = 0x7f, + + + + /**********************************************************************/ + /**** OS level (kernel) errors (deprecated) ***************************/ + + /* + * Note: we want to avoid having the kernel touch vboot NVRAM directly + * in the future, so this whole range is essentially deprecated until + * further notice. + */ + + /* DM-verity error (deprecated) */ + VB2_RECOVERY_DEPRECATED_KE_DM_VERITY = 0x81, + + /* Unspecified/unknown error in kernel (deprecated) */ + VB2_RECOVERY_DEPRECATED_KE_UNSPECIFIED = 0xbf, + + + + /**********************************************************************/ + /**** OS level (userspace) errors *************************************/ + + /* Recovery mode test from user-mode */ + VB2_RECOVERY_US_TEST = 0xc1, + + /* Recovery requested by user-mode via BCB (deprecated) */ + VB2_RECOVERY_DEPRECATED_BCB_USER_MODE = 0xc2, + + /* Fastboot mode requested by user-mode (deprecated) */ + VB2_RECOVERY_DEPRECATED_US_FASTBOOT = 0xc3, + + /* User requested recovery for training memory and rebooting. */ + VB2_RECOVERY_TRAIN_AND_REBOOT = 0xc4, + + /* Unspecified/unknown error in user-mode */ + VB2_RECOVERY_US_UNSPECIFIED = 0xff, +}; + +/* MAX_SIZE should not be changed without bumping up DATA_VERSION_MAJOR. */ +#define VB2_CONTEXT_MAX_SIZE 384 + +/* Current version of vb2_shared_data struct */ +#define VB2_SHARED_DATA_VERSION_MAJOR 3 + +#define VB2_SHARED_DATA_MAGIC 0x44533256 + +struct cb_vboot_workbuf_v2 { + /* Magic number for struct (VB2_SHARED_DATA_MAGIC) */ + UINT32 magic; + + /* Version of this structure */ + UINT16 struct_version_major; + UINT16 struct_version_minor; + + /* Public fields are stored in the context object */ + UINT8 ctx[VB2_CONTEXT_MAX_SIZE]; + + /* Work buffer length in bytes. */ + UINT32 workbuf_size; + + /* + * Amount of work buffer used so far. Verified boot sub-calls use + * this to know where the unused work area starts. + */ + UINT32 workbuf_used; + + /* Flags; see enum vb2_shared_data_flags */ + UINT32 flags; + + /* + * Reason we are in recovery mode this boot (enum vb2_nv_recovery), or + * 0 if we aren't. + */ + UINT32 recovery_reason; + + /* Firmware slot used last boot (0=A, 1=B) */ + UINT32 last_fw_slot; + + /* Result of last boot (enum vb2_fw_result) */ + UINT32 last_fw_result; + + /* Firmware slot used this boot */ + UINT32 fw_slot; + + /* + * Version for this slot (top 16 bits = key, lower 16 bits = firmware). + */ + UINT32 fw_version; + + /* Version from secdata_firmware (must be <= fw_version to boot). */ + UINT32 fw_version_secdata; + + /* + * Status flags for this boot; see enum vb2_shared_data_status. Status + * is "what we've done"; flags above are "decisions we've made". + */ + UINT32 status; + + /* Offset from start of this struct to GBB header */ + UINT32 gbb_offset; + + /********************************************************************** + * Data from kernel verification stage. + */ + + /* + * Version for the current kernel (top 16 bits = key, lower 16 bits = + * kernel preamble). + */ + UINT32 kernel_version; + + /* Version from secdata_kernel (must be <= kernel_version to boot) */ + UINT32 kernel_version_secdata; + + /********************************************************************** + * Temporary variables used during firmware verification. These don't + * really need to persist through to the OS, but there's nowhere else + * we can put them. + */ + + /* Offset of preamble from start of vblock */ + UINT32 vblock_preamble_offset; + + /* + * Offset and size of packed data key in work buffer. Size is 0 if + * data key is not stored in the work buffer. + */ + UINT32 data_key_offset; + UINT32 data_key_size; + + /* + * Offset and size of firmware preamble in work buffer. Size is 0 if + * preamble is not stored in the work buffer. + */ + UINT32 preamble_offset; + UINT32 preamble_size; + + /* + * Offset and size of hash context in work buffer. Size is 0 if + * hash context is not stored in the work buffer. + */ + UINT32 hash_offset; + UINT32 hash_size; + + /* + * Current tag we're hashing + * + * For new structs, this is the offset of the vb2_signature struct + * in the work buffer. + */ + UINT32 hash_tag; + + /* Amount of data we still expect to hash */ + UINT32 hash_remaining_size; + + /********************************************************************** + * Temporary variables used during kernel verification. These don't + * really need to persist through to the OS, but there's nowhere else + * we can put them. + */ + + /* + * Formerly a pointer to vboot1 shared data header ("VBSD"). Caller + * may now export a copy of VBSD via vb2api_export_vbsd(). + */ + UINTN reserved0; + + /* + * Offset and size of packed kernel key in work buffer. Size is 0 if + * subkey is not stored in the work buffer. Note that kernel key may + * be inside the firmware preamble. + */ + UINT32 kernel_key_offset; + UINT32 kernel_key_size; +} __attribute__((packed)); + /* Helpful macros */ #define MEM_RANGE_COUNT(_rec) \ diff --git a/DasharoPayloadPkg/Include/Library/BlParseLib.h b/DasharoPayloadPkg/Include/Library/BlParseLib.h index 8d3bddae62..48cfd4e496 100644 --- a/DasharoPayloadPkg/Include/Library/BlParseLib.h +++ b/DasharoPayloadPkg/Include/Library/BlParseLib.h @@ -149,4 +149,21 @@ ParseTPMPPIInfo ( OUT TCG_PHYSICAL_PRESENCE_INFO *PPIInfo ); +/** + Acquire Vboot recovery information from coreboot + + @param RecoveryCode Recovery reason code, zero if not in recovery mode. + @param RecoveryReason Why are we in recovery boot as a string. + + @retval RETURN_SUCCESS Successfully found VBoot data. + @retval RETURN_NOT_FOUND Failed to find VBoot data. + +**/ +RETURN_STATUS +EFIAPI +ParseVBootWorkbuf ( + OUT UINT8 *RecoveryCode, + OUT CONST CHAR8 **RecoveryReason + ); + #endif diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c index d0283ba5cd..8852d06b64 100644 --- a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c @@ -5,6 +5,8 @@ Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent + Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ SPDX-License-Identifier: BSD-3-Clause **/ #include @@ -649,3 +651,223 @@ ParseTPMPPIInfo ( return RETURN_SUCCESS; } + +STATIC +CONST CHAR8 * +GetRecoveryReasonString( + IN UINT8 code + ) +{ + switch ((enum vb2_nv_recovery)code) { + case VB2_RECOVERY_NOT_REQUESTED: /* 0x00 */ + return "recovery not requested"; + case VB2_RECOVERY_LEGACY: /* 0x01 */ + return "recovery requested from legacy utility"; + case VB2_RECOVERY_RO_MANUAL: /* 0x02 */ + return "recovery button pressed"; + case VB2_RECOVERY_RO_INVALID_RW: /* 0x03 */ + return "RW firmware failed signature check"; + case VB2_RECOVERY_DEPRECATED_RO_S3_RESUME: /* 0x04 */ + return "S3 resume failed"; + case VB2_RECOVERY_DEPRECATED_RO_TPM_ERROR: /* 0x05 */ + return "TPM error in read-only firmware"; + case VB2_RECOVERY_RO_SHARED_DATA: /* 0x06 */ + return "shared data error in read-only firmware"; + case VB2_RECOVERY_DEPRECATED_RO_TEST_S3: /* 0x07 */ + return "test error from S3Resume()"; + case VB2_RECOVERY_DEPRECATED_RO_TEST_LFS: /* 0x08 */ + return "test error from LoadFirmwareSetup()"; + case VB2_RECOVERY_DEPRECATED_RO_TEST_LF: /* 0x09 */ + return "test error from LoadFirmware()"; + case VB2_RECOVERY_DEPRECATED_RW_NOT_DONE: /* 0x10 */ + return "RW firmware check not done"; + case VB2_RECOVERY_DEPRECATED_RW_DEV_FLAG_MISMATCH: /* 0x11 */ + return "RW firmware developer flag mismatch"; + case VB2_RECOVERY_DEPRECATED_RW_REC_FLAG_MISMATCH: /* 0x12 */ + return "RW firmware recovery flag mismatch"; + case VB2_RECOVERY_FW_KEYBLOCK: /* 0x13 */ + return "RW firmware unable to verify keyblock"; + case VB2_RECOVERY_FW_KEY_ROLLBACK: /* 0x14 */ + return "RW firmware key version rollback detected"; + case VB2_RECOVERY_DEPRECATED_RW_DATA_KEY_PARSE: /* 0x15 */ + return "RW firmware unable to parse data key"; + case VB2_RECOVERY_FW_PREAMBLE: /* 0x16 */ + return "RW firmware unable to verify preamble"; + case VB2_RECOVERY_FW_ROLLBACK: /* 0x17 */ + return "RW firmware version rollback detected"; + case VB2_RECOVERY_DEPRECATED_FW_HEADER_VALID: /* 0x18 */ + return "RW firmware header is valid"; + case VB2_RECOVERY_DEPRECATED_FW_GET_FW_BODY: /* 0x19 */ + return "RW firmware unable to get firmware body"; + case VB2_RECOVERY_DEPRECATED_FW_HASH_WRONG_SIZE: /* 0x1a */ + return "RW firmware hash is wrong size"; + case VB2_RECOVERY_FW_BODY: /* 0x1b */ + return "RW firmware unable to verify firmware body"; + case VB2_RECOVERY_DEPRECATED_FW_VALID: /* 0x1c */ + return "RW firmware is valid"; + case VB2_RECOVERY_DEPRECATED_FW_NO_RO_NORMAL: /* 0x1d */ + return "RW firmware read-only normal path is not supported"; + case VB2_RECOVERY_RO_FIRMWARE: /* 0x20 */ + return "firmware problem outside of verified boot"; + case VB2_RECOVERY_RO_TPM_REBOOT: /* 0x21 */ + return "TPM requires a system reboot (should be transient)"; + case VB2_RECOVERY_EC_SOFTWARE_SYNC: /* 0x22 */ + return "EC software sync error"; + case VB2_RECOVERY_EC_UNKNOWN_IMAGE: /* 0x23 */ + return "EC software sync unable to determine active EC image"; + case VB2_RECOVERY_DEPRECATED_EC_HASH: /* 0x24 */ + return "EC software sync error obtaining EC image hash"; + case VB2_RECOVERY_DEPRECATED_EC_EXPECTED_IMAGE: /* 0x25 */ + return "EC software sync error obtaining expected EC image from BIOS"; + case VB2_RECOVERY_EC_UPDATE: /* 0x26 */ + return "EC software sync error updating EC"; + case VB2_RECOVERY_EC_JUMP_RW: /* 0x27 */ + return "EC software sync unable to jump to EC-RW"; + case VB2_RECOVERY_EC_PROTECT: /* 0x28 */ + return "EC software sync protection error"; + case VB2_RECOVERY_EC_EXPECTED_HASH: /* 0x29 */ + return "EC software sync error obtaining expected EC hash from BIOS"; + case VB2_RECOVERY_DEPRECATED_EC_HASH_MISMATCH: /* 0x2a */ + return "EC software sync error comparing expected EC hash and image"; + case VB2_RECOVERY_SECDATA_FIRMWARE_INIT: /* 0x2b */ + return "firmware secure NVRAM (TPM) initialization error"; + case VB2_RECOVERY_GBB_HEADER: /* 0x2c */ + return "error parsing GBB header"; + case VB2_RECOVERY_TPM_CLEAR_OWNER: /* 0x2d */ + return "error trying to clear TPM owner"; + case VB2_RECOVERY_DEV_SWITCH: /* 0x2e */ + return "error reading or updating developer switch"; + case VB2_RECOVERY_FW_SLOT: /* 0x2f */ + return "error selecting RW firmware slot"; + case VB2_RECOVERY_AUXFW_UPDATE: /* 0x30 */ + return "error updating auxiliary firmware"; + case VB2_RECOVERY_INTEL_CSE_LITE_SKU: /* 0x31 */ + return "Intel CSE Lite SKU firmware failure"; + case VB2_RECOVERY_RO_UNSPECIFIED: /* 0x3f */ + return "unspecified/unknown error in RO firmware"; + case VB2_RECOVERY_DEPRECATED_RW_DEV_SCREEN: /* 0x41 */ + return "user requested recovery from dev-mode warning screen"; + case VB2_RECOVERY_DEPRECATED_RW_NO_OS: /* 0x42 */ + return "no OS kernel detected (or kernel rollback attempt?)"; + case VB2_RECOVERY_RW_INVALID_OS: /* 0x43 */ + return "OS kernel or rootfs failed signature check"; + case VB2_RECOVERY_DEPRECATED_RW_TPM_ERROR: /* 0x44 */ + return "TPM error in rewritable firmware"; + case VB2_RECOVERY_DEPRECATED_RW_DEV_MISMATCH: /* 0x45 */ + return "RW firmware in dev mode, but dev switch is off"; + case VB2_RECOVERY_RW_SHARED_DATA: /* 0x46 */ + return "shared data error in rewritable firmware"; + case VB2_RECOVERY_DEPRECATED_RW_TEST_LK: /* 0x47 */ + return "test error from LoadKernel()"; + case VB2_RECOVERY_DEPRECATED_RW_NO_DISK: /* 0x48 */ + return "no bootable storage device in system"; + case VB2_RECOVERY_TPM_E_FAIL: /* 0x49 */ + return "TPM error that was not fixed by reboot"; + case VB2_RECOVERY_RO_TPM_S_ERROR: /* 0x50 */ + return "TPM setup error in read-only firmware"; + case VB2_RECOVERY_RO_TPM_W_ERROR: /* 0x51 */ + return "TPM write error in read-only firmware"; + case VB2_RECOVERY_RO_TPM_L_ERROR: /* 0x52 */ + return "TPM lock error in read-only firmware"; + case VB2_RECOVERY_RO_TPM_U_ERROR: /* 0x53 */ + return "TPM update error in read-only firmware"; + case VB2_RECOVERY_RW_TPM_R_ERROR: /* 0x54 */ + return "TPM read error in rewritable firmware"; + case VB2_RECOVERY_RW_TPM_W_ERROR: /* 0x55 */ + return "TPM write error in rewritable firmware"; + case VB2_RECOVERY_RW_TPM_L_ERROR: /* 0x56 */ + return "TPM lock error in rewritable firmware"; + case VB2_RECOVERY_EC_HASH_FAILED: /* 0x57 */ + return "EC software sync unable to get EC image hash"; + case VB2_RECOVERY_EC_HASH_SIZE: /* 0x58 */ + return "EC software sync invalid image hash size"; + case VB2_RECOVERY_LK_UNSPECIFIED: /* 0x59 */ + return "unspecified error while trying to load kernel"; + case VB2_RECOVERY_RW_NO_DISK: /* 0x5a */ + return "no bootable storage device in system"; + case VB2_RECOVERY_RW_NO_KERNEL: /* 0x5b */ + return "no bootable kernel found on disk"; + case VB2_RECOVERY_DEPRECATED_RW_BCB_ERROR: /* 0x5c */ + return "BCB partition error on disk"; + case VB2_RECOVERY_SECDATA_KERNEL_INIT: /* 0x5d */ + return "kernel secure NVRAM (TPM) initialization error"; + case VB2_RECOVERY_DEPRECATED_FW_FASTBOOT: /* 0x5e */ + return "fastboot-mode requested in firmware"; + case VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR: /* 0x5f */ + return "recovery hash space lock error in RO firmware"; + case VB2_RECOVERY_TPM_DISABLE_FAILED: /* 0x60 */ + return "failed to disable TPM before running untrusted code"; + case VB2_RECOVERY_ALTFW_HASH_MISMATCH: /* 0x61 */ + return "verification of alternate bootloader payload failed"; + case VB2_RECOVERY_SECDATA_FWMP_INIT: /* 0x62 */ + return "FWMP secure NVRAM (TPM) initialization error"; + case VB2_RECOVERY_CR50_BOOT_MODE: /* 0x63 */ + return "failed to get boot mode from Cr50"; + case VB2_RECOVERY_ESCAPE_NO_BOOT: /* 0x64 */ + return "attempt to escape from NO_BOOT mode was detected"; + case VB2_RECOVERY_RW_UNSPECIFIED: /* 0x7f */ + return "unspecified/unknown error in RW firmware"; + case VB2_RECOVERY_DEPRECATED_KE_DM_VERITY: /* 0x81 */ + return "DM-verity error"; + case VB2_RECOVERY_DEPRECATED_KE_UNSPECIFIED: /* 0xbf */ + return "unspecified/unknown error in kernel"; + case VB2_RECOVERY_US_TEST: /* 0xc1 */ + return "recovery mode test from user-mode"; + case VB2_RECOVERY_DEPRECATED_BCB_USER_MODE: /* 0xc2 */ + return "user-mode requested recovery via BCB"; + case VB2_RECOVERY_DEPRECATED_US_FASTBOOT: /* 0xc3 */ + return "user-mode requested fastboot mode"; + case VB2_RECOVERY_TRAIN_AND_REBOOT: /* 0xc4 */ + return "user-mode requested DRAM train and reboot"; + case VB2_RECOVERY_US_UNSPECIFIED: /* 0xff */ + return "unspecified/unknown error in user-mode"; + } + return "unknown error code"; +} + +/** + Acquire Vboot recovery information from coreboot + + @param RecoveryCode Recovery reason code, zero if not in recovery mode. + @param RecoveryReason Why are we in recovery boot as a string. + + @retval RETURN_SUCCESS Successfully found VBoot data. + @retval RETURN_NOT_FOUND Failed to find VBoot data. + +**/ +RETURN_STATUS +EFIAPI +ParseVBootWorkbuf ( + OUT UINT8 *RecoveryCode, + OUT CONST CHAR8 **RecoveryReason + ) +{ + struct cb_cbmem_entry *CbmemEntry; + struct cb_vboot_workbuf_v2 *Workbuf; + + if (RecoveryCode == NULL || RecoveryReason == NULL) { + return RETURN_INVALID_PARAMETER; + } + + CbmemEntry = FindCbTag (CB_TAG_VBOOT_WORKBUF); + if (CbmemEntry == NULL) { + DEBUG ((DEBUG_INFO, "Did not find VBootWorkbuf tag\n")); + return RETURN_NOT_FOUND; + } + + Workbuf = (struct cb_vboot_workbuf_v2 *)(UINTN)CbmemEntry->address; + if (Workbuf->magic != VB2_SHARED_DATA_MAGIC) { + DEBUG ((DEBUG_INFO, "VBootWorkbuf tag data is wrong\n")); + return RETURN_NOT_FOUND; + } + + if (Workbuf->struct_version_major != VB2_SHARED_DATA_VERSION_MAJOR) { + DEBUG ((DEBUG_INFO, "VBootWorkbuf tag data is of wrong major version\n")); + return RETURN_NOT_FOUND; + } + + *RecoveryCode = Workbuf->recovery_reason; + *RecoveryReason = GetRecoveryReasonString(Workbuf->recovery_reason); + + return RETURN_SUCCESS; +} diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index ca74024fa7..240908daeb 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -12,6 +12,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include +#include EFI_GUID mBootMenuFile = { 0xEEC25BDC, 0x67F2, 0x4D95, { 0xB1, 0xD5, 0xF8, 0x1B, 0x20, 0x39, 0xD1, 0x1D } @@ -449,6 +451,135 @@ GetKeyStringFromScanCode ( } } +STATIC +VOID +DrainInput ( + VOID +) +{ + EFI_INPUT_KEY Key; + + // + // Drain any queued keys. + // + while (!EFI_ERROR (gST->ConIn->ReadKeyStroke (gST->ConIn, &Key))) { + // + // just throw away Key + // + } +} + +STATIC +VOID +WarnIfRecoveryBoot ( + VOID +) +{ + EFI_STATUS Status; + EFI_EVENT TimerEvent; + EFI_EVENT Events[2]; + UINTN Index; + EFI_INPUT_KEY Key; + RETURN_STATUS RetStatus; + UINT8 RecoveryCode; + CONST CHAR8 *RecoveryReason; + CHAR16 RecoveryCodeLine[81]; + CHAR16 RecoveryMsgLine[81]; + CHAR16 DelayLine[81]; + BOOLEAN CursorVisible; + UINTN CurrentAttribute; + UINTN SecondsLeft; + + RetStatus = ParseVBootWorkbuf (&RecoveryCode, &RecoveryReason); + + if (RetStatus != RETURN_SUCCESS || RecoveryCode == 0) { + return; + } + + Status = gBS->CreateEvent ( + EVT_TIMER, + TPL_CALLBACK, + NULL, + NULL, + &TimerEvent + ); + ASSERT_EFI_ERROR (Status); + + UnicodeSPrint ( + RecoveryCodeLine, + sizeof (RecoveryCodeLine), + L"Recovery reason code: 0x%02x", + RecoveryCode + ); + UnicodeSPrint ( + RecoveryMsgLine, + sizeof (RecoveryMsgLine), + L"Recovery reason: %a", + RecoveryReason + ); + + CurrentAttribute = gST->ConOut->Mode->Attribute; + CursorVisible = gST->ConOut->Mode->CursorVisible; + + gST->ConOut->EnableCursor (gST->ConOut, FALSE); + + DrainInput (); + gBS->SetTimer (TimerEvent, TimerPeriodic, 1 * 1000 * 1000 * 10); + + Events[0] = gST->ConIn->WaitForKey; + Events[1] = TimerEvent; + + SecondsLeft = 30; + while (SecondsLeft > 0) { + UnicodeSPrint ( + DelayLine, + sizeof (DelayLine), + L"(The boot process will continue automatically in %d second%a.)", + SecondsLeft, + SecondsLeft == 1 ? "" : "s" + ); + + CreateMultiStringPopUp ( + 78, + 12, + L"!!! WARNING !!!", + L"", + L"This message is displayed because the platform has booted from the recovery", + L"firmware partition. If you have just updated firmware, it is likely that", + L"the signature verification process failed. Please verify again that the", + L"firmware was downloaded from the proper source and try updating again.", + L"", + RecoveryCodeLine, + RecoveryMsgLine, + L"", + L"Press ENTER key to continue.", + DelayLine + ); + + Status = gBS->WaitForEvent (2, Events, &Index); + ASSERT_EFI_ERROR (Status); + + if (Index == 0) { + Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); + ASSERT_EFI_ERROR (Status); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + break; + } + } else { + SecondsLeft--; + } + } + + Status = gBS->CloseEvent (TimerEvent); + ASSERT_EFI_ERROR (Status); + + gST->ConOut->EnableCursor (gST->ConOut, CursorVisible); + gST->ConOut->SetAttribute (gST->ConOut, CurrentAttribute); + + gST->ConOut->ClearScreen (gST->ConOut); +} + /** Do the platform specific action after the console is connected. @@ -482,6 +613,8 @@ PlatformBootManagerAfterConsole ( EfiBootManagerConnectAll (); EfiBootManagerRefreshAllBootOption (); + WarnIfRecoveryBoot (); + // // Process TPM PPI request // @@ -550,7 +683,6 @@ PlatformBootManagerUnableToBoot ( ) { EFI_STATUS Status; - EFI_INPUT_KEY Key; EFI_BOOT_MANAGER_LOAD_OPTION BootManagerMenu; UINTN Index; @@ -582,14 +714,7 @@ PlatformBootManagerUnableToBoot ( ASSERT_EFI_ERROR (Status); ASSERT (Index == 0); - // - // Drain any queued keys. - // - while (!EFI_ERROR (gST->ConIn->ReadKeyStroke (gST->ConIn, &Key))) { - // - // just throw away Key - // - } + DrainInput (); } for (;;) { diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 2b9dedda55..c094fe1663 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -49,6 +49,7 @@ PrintLib PlatformHookLib Tcg2PhysicalPresenceLib + CustomizedDisplayLib [Guids] gEfiEndOfDxeEventGroupGuid diff --git a/MdeModulePkg/Include/Library/CustomizedDisplayLib.h b/MdeModulePkg/Include/Library/CustomizedDisplayLib.h index 0607dd1a61..1441bf6c10 100644 --- a/MdeModulePkg/Include/Library/CustomizedDisplayLib.h +++ b/MdeModulePkg/Include/Library/CustomizedDisplayLib.h @@ -348,4 +348,43 @@ GetSubTitleTextColor ( VOID ); +/** + Count the storage space of a Unicode string. + + This function handles the Unicode string with NARROW_CHAR + and WIDE_CHAR control characters. NARROW_HCAR and WIDE_CHAR + does not count in the resultant output. If a WIDE_CHAR is + hit, then 2 Unicode character will consume an output storage + space with size of CHAR16 till a NARROW_CHAR is hit. + + If String is NULL, then ASSERT (). + + @param String The input string to be counted. + + @return Storage space for the input string. + +**/ +UINTN +EFIAPI +GetStringWidth ( + IN CHAR16 *String + ); + +/** + Draw a pop up windows based on the dimension, number of lines and + strings specified. + + @param RequestedWidth The width of the pop-up. + @param NumberOfLines The number of lines. + @param ... A series of text strings that displayed in the pop-up. + +**/ +VOID +EFIAPI +CreateMultiStringPopUp ( + IN UINTN RequestedWidth, + IN UINTN NumberOfLines, + ... + ); + #endif diff --git a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.c b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.c index b3da13d0a3..77e217539f 100644 --- a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.c +++ b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.c @@ -410,6 +410,26 @@ UpdateStatusBar ( } } +// +// If screen dimension info is not ready, get it from console. +// +STATIC +VOID +FillScreenDimentions ( + IN OUT EFI_SCREEN_DESCRIPTOR *ScreenDimensions + ) +{ + if (ScreenDimensions->RightColumn == 0 || ScreenDimensions->BottomRow == 0) { + ZeroMem (ScreenDimensions, sizeof (EFI_SCREEN_DESCRIPTOR)); + gST->ConOut->QueryMode ( + gST->ConOut, + gST->ConOut->Mode->Mode, + &ScreenDimensions->RightColumn, + &ScreenDimensions->BottomRow + ); + } +} + /** Create popup window. It will replace CreateDialog(). @@ -444,18 +464,7 @@ CreateDialog ( UINTN CurrentAttribute; BOOLEAN CursorVisible; - // - // If screen dimension info is not ready, get it from console. - // - if ((gScreenDimensions.RightColumn == 0) || (gScreenDimensions.BottomRow == 0)) { - ZeroMem (&gScreenDimensions, sizeof (EFI_SCREEN_DESCRIPTOR)); - gST->ConOut->QueryMode ( - gST->ConOut, - gST->ConOut->Mode->Mode, - &gScreenDimensions.RightColumn, - &gScreenDimensions.BottomRow - ); - } + FillScreenDimentions (&gScreenDimensions); DimensionsWidth = gScreenDimensions.RightColumn - gScreenDimensions.LeftColumn; DimensionsHeight = gScreenDimensions.BottomRow - gScreenDimensions.TopRow; @@ -924,6 +933,114 @@ ClearDisplayPage ( gLibIsFirstForm = TRUE; } +/** + Count the storage space of a Unicode string. + + This function handles the Unicode string with NARROW_CHAR + and WIDE_CHAR control characters. NARROW_HCAR and WIDE_CHAR + does not count in the resultant output. If a WIDE_CHAR is + hit, then 2 Unicode character will consume an output storage + space with size of CHAR16 till a NARROW_CHAR is hit. + + If String is NULL, then ASSERT (). + + @param String The input string to be counted. + + @return Storage space for the input string. + +**/ +UINTN +EFIAPI +GetStringWidth ( + IN CHAR16 *String + ) +{ + UINTN Index; + UINTN Count; + UINTN IncrementValue; + + ASSERT (String != NULL); + if (String == NULL) { + return 0; + } + + Index = 0; + Count = 0; + IncrementValue = 1; + + do { + // + // Advance to the null-terminator or to the first width directive + // + for ( ; + (String[Index] != NARROW_CHAR) && (String[Index] != WIDE_CHAR) && (String[Index] != 0); + Index++, Count = Count + IncrementValue + ) + { + } + + // + // We hit the null-terminator, we now have a count + // + if (String[Index] == 0) { + break; + } + + // + // We encountered a narrow directive - strip it from the size calculation since it doesn't get printed + // and also set the flag that determines what we increment by.(if narrow, increment by 1, if wide increment by 2) + // + if (String[Index] == NARROW_CHAR) { + // + // Skip to the next character + // + Index++; + IncrementValue = 1; + } else { + // + // Skip to the next character + // + Index++; + IncrementValue = 2; + } + } while (String[Index] != 0); + + // + // Increment by one to include the null-terminator in the size + // + Count++; + + return Count * sizeof (CHAR16); +} + +/** + Draw a pop up windows based on the dimension, number of lines and + strings specified. + + @param RequestedWidth The width of the pop-up. + @param NumberOfLines The number of lines. + @param ... A series of text strings that displayed in the pop-up. + +**/ +VOID +EFIAPI +CreateMultiStringPopUp ( + IN UINTN RequestedWidth, + IN UINTN NumberOfLines, + ... + ) +{ + VA_LIST Marker; + + FillScreenDimentions (&gScreenDimensions); + + VA_START (Marker, NumberOfLines); + + CreateSharedPopUp (RequestedWidth, NumberOfLines, Marker); + + VA_END (Marker); +} + /** Constructor of Customized Display Library Instance. diff --git a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c index 58130d9383..6a80d23bdb 100644 --- a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c +++ b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c @@ -985,3 +985,108 @@ PrintAt ( VA_END (Args); return LengthOfPrinted; } + +/** + Draw a pop up windows based on the dimension, number of lines and + strings specified. + + @param RequestedWidth The width of the pop-up. + @param NumberOfLines The number of lines. + @param Marker The variable argument list for the list of string to be printed. + +**/ +VOID +CreateSharedPopUp ( + IN UINTN RequestedWidth, + IN UINTN NumberOfLines, + IN VA_LIST Marker + ) +{ + UINTN Index; + UINTN Count; + CHAR16 Character; + UINTN Start; + UINTN End; + UINTN Top; + UINTN Bottom; + CHAR16 *String; + UINTN DimensionsWidth; + UINTN DimensionsHeight; + + DimensionsWidth = gScreenDimensions.RightColumn - gScreenDimensions.LeftColumn; + DimensionsHeight = gScreenDimensions.BottomRow - gScreenDimensions.TopRow; + + gST->ConOut->SetAttribute (gST->ConOut, GetPopupColor ()); + + if ((RequestedWidth + 2) > DimensionsWidth) { + RequestedWidth = DimensionsWidth - 2; + } + + // + // Subtract the PopUp width from total Columns, allow for one space extra on + // each end plus a border. + // + Start = (DimensionsWidth - RequestedWidth - 2) / 2 + gScreenDimensions.LeftColumn + 1; + End = Start + RequestedWidth + 1; + + Top = ((DimensionsHeight - NumberOfLines - 2) / 2) + gScreenDimensions.TopRow - 1; + Bottom = Top + NumberOfLines + 2; + + Character = BOXDRAW_DOWN_RIGHT; + PrintCharAt (Start, Top, Character); + Character = BOXDRAW_HORIZONTAL; + for (Index = Start; Index + 2 < End; Index++) { + PrintCharAt ((UINTN)-1, (UINTN)-1, Character); + } + + Character = BOXDRAW_DOWN_LEFT; + PrintCharAt ((UINTN)-1, (UINTN)-1, Character); + Character = BOXDRAW_VERTICAL; + + Count = 0; + for (Index = Top; Index + 2 < Bottom; Index++, Count++) { + String = VA_ARG (Marker, CHAR16 *); + + // + // This will clear the background of the line - we never know who might have been + // here before us. This differs from the next clear in that it used the non-reverse + // video for normal printing. + // + if (GetStringWidth (String) / 2 > 1) { + ClearLines (Start, End, Index + 1, Index + 1, GetPopupColor ()); + } + + // + // Passing in a space results in the assumption that this is where typing will occur + // + if (String[0] == L' ') { + ClearLines (Start + 1, End - 1, Index + 1, Index + 1, GetPopupInverseColor ()); + } + + // + // Passing in a NULL results in a blank space + // + if (String[0] == CHAR_NULL) { + ClearLines (Start, End, Index + 1, Index + 1, GetPopupColor ()); + } + + PrintStringAt ( + ((DimensionsWidth - GetStringWidth (String) / 2) / 2) + gScreenDimensions.LeftColumn + 1, + Index + 1, + String + ); + gST->ConOut->SetAttribute (gST->ConOut, GetPopupColor ()); + PrintCharAt (Start, Index + 1, Character); + PrintCharAt (End - 1, Index + 1, Character); + } + + Character = BOXDRAW_UP_RIGHT; + PrintCharAt (Start, Bottom - 1, Character); + Character = BOXDRAW_HORIZONTAL; + for (Index = Start; Index + 2 < End; Index++) { + PrintCharAt ((UINTN)-1, (UINTN)-1, Character); + } + + Character = BOXDRAW_UP_LEFT; + PrintCharAt ((UINTN)-1, (UINTN)-1, Character); +} diff --git a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.h b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.h index 01213cb059..82bf3b797e 100644 --- a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.h +++ b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.h @@ -284,4 +284,20 @@ ProcessExternedOpcode ( IN FORM_DISPLAY_ENGINE_FORM *FormData ); +/** + Draw a pop up windows based on the dimension, number of lines and + strings specified. + + @param RequestedWidth The width of the pop-up. + @param NumberOfLines The number of lines. + @param Marker The variable argument list for the list of string to be printed. + +**/ +VOID +CreateSharedPopUp ( + IN UINTN RequestedWidth, + IN UINTN NumberOfLines, + IN VA_LIST Marker + ); + #endif diff --git a/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c b/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c index a7b7dc743a..46b9897ae3 100644 --- a/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c +++ b/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c @@ -810,85 +810,6 @@ ConvertStatementToMenu ( } } -/** - Count the storage space of a Unicode string. - - This function handles the Unicode string with NARROW_CHAR - and WIDE_CHAR control characters. NARROW_HCAR and WIDE_CHAR - does not count in the resultant output. If a WIDE_CHAR is - hit, then 2 Unicode character will consume an output storage - space with size of CHAR16 till a NARROW_CHAR is hit. - - If String is NULL, then ASSERT (). - - @param String The input string to be counted. - - @return Storage space for the input string. - -**/ -UINTN -GetStringWidth ( - IN CHAR16 *String - ) -{ - UINTN Index; - UINTN Count; - UINTN IncrementValue; - - ASSERT (String != NULL); - if (String == NULL) { - return 0; - } - - Index = 0; - Count = 0; - IncrementValue = 1; - - do { - // - // Advance to the null-terminator or to the first width directive - // - for ( ; - (String[Index] != NARROW_CHAR) && (String[Index] != WIDE_CHAR) && (String[Index] != 0); - Index++, Count = Count + IncrementValue - ) - { - } - - // - // We hit the null-terminator, we now have a count - // - if (String[Index] == 0) { - break; - } - - // - // We encountered a narrow directive - strip it from the size calculation since it doesn't get printed - // and also set the flag that determines what we increment by.(if narrow, increment by 1, if wide increment by 2) - // - if (String[Index] == NARROW_CHAR) { - // - // Skip to the next character - // - Index++; - IncrementValue = 1; - } else { - // - // Skip to the next character - // - Index++; - IncrementValue = 2; - } - } while (String[Index] != 0); - - // - // Increment by one to include the null-terminator in the size - // - Count++; - - return Count * sizeof (CHAR16); -} - /** Base on the input option string to update the skip value for a menu option. diff --git a/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h b/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h index 6e2670428e..e8771ef353 100644 --- a/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h +++ b/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h @@ -422,23 +422,6 @@ CompareHiiValue ( IN EFI_HII_HANDLE HiiHandle OPTIONAL ); -/** - Draw a pop up windows based on the dimension, number of lines and - strings specified. - - @param RequestedWidth The width of the pop-up. - @param NumberOfLines The number of lines. - @param ... A series of text strings that displayed in the pop-up. - -**/ -VOID -EFIAPI -CreateMultiStringPopUp ( - IN UINTN RequestedWidth, - IN UINTN NumberOfLines, - ... - ); - /** Will copy LineWidth amount of a string in the OutputString buffer and return the number of CHAR16 characters that were copied into the OutputString buffer. @@ -482,27 +465,6 @@ GetToken ( IN EFI_HII_HANDLE HiiHandle ); -/** - Count the storage space of a Unicode string. - - This function handles the Unicode string with NARROW_CHAR - and WIDE_CHAR control characters. NARROW_HCAR and WIDE_CHAR - does not count in the resultant output. If a WIDE_CHAR is - hit, then 2 Unicode character will consume an output storage - space with size of CHAR16 till a NARROW_CHAR is hit. - - If String is NULL, then ASSERT (). - - @param String The input string to be counted. - - @return Storage space for the input string. - -**/ -UINTN -GetStringWidth ( - IN CHAR16 *String - ); - /** This routine reads a numeric value from the user input. @@ -535,22 +497,6 @@ ReadString ( IN OUT CHAR16 *StringPtr ); -/** - Draw a pop up windows based on the dimension, number of lines and - strings specified. - - @param RequestedWidth The width of the pop-up. - @param NumberOfLines The number of lines. - @param Marker The variable argument list for the list of string to be printed. - -**/ -VOID -CreateSharedPopUp ( - IN UINTN RequestedWidth, - IN UINTN NumberOfLines, - IN VA_LIST Marker - ); - /** Wait for a key to be pressed by user. diff --git a/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c b/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c index 0d4cfa4cf0..415a8ffbe8 100644 --- a/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c +++ b/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c @@ -570,137 +570,6 @@ PrintFormattedNumber ( return EFI_SUCCESS; } -/** - Draw a pop up windows based on the dimension, number of lines and - strings specified. - - @param RequestedWidth The width of the pop-up. - @param NumberOfLines The number of lines. - @param Marker The variable argument list for the list of string to be printed. - -**/ -VOID -CreateSharedPopUp ( - IN UINTN RequestedWidth, - IN UINTN NumberOfLines, - IN VA_LIST Marker - ) -{ - UINTN Index; - UINTN Count; - CHAR16 Character; - UINTN Start; - UINTN End; - UINTN Top; - UINTN Bottom; - CHAR16 *String; - UINTN DimensionsWidth; - UINTN DimensionsHeight; - - DimensionsWidth = gStatementDimensions.RightColumn - gStatementDimensions.LeftColumn; - DimensionsHeight = gStatementDimensions.BottomRow - gStatementDimensions.TopRow; - - gST->ConOut->SetAttribute (gST->ConOut, GetPopupColor ()); - - if ((RequestedWidth + 2) > DimensionsWidth) { - RequestedWidth = DimensionsWidth - 2; - } - - // - // Subtract the PopUp width from total Columns, allow for one space extra on - // each end plus a border. - // - Start = (DimensionsWidth - RequestedWidth - 2) / 2 + gStatementDimensions.LeftColumn + 1; - End = Start + RequestedWidth + 1; - - Top = ((DimensionsHeight - NumberOfLines - 2) / 2) + gStatementDimensions.TopRow - 1; - Bottom = Top + NumberOfLines + 2; - - Character = BOXDRAW_DOWN_RIGHT; - PrintCharAt (Start, Top, Character); - Character = BOXDRAW_HORIZONTAL; - for (Index = Start; Index + 2 < End; Index++) { - PrintCharAt ((UINTN)-1, (UINTN)-1, Character); - } - - Character = BOXDRAW_DOWN_LEFT; - PrintCharAt ((UINTN)-1, (UINTN)-1, Character); - Character = BOXDRAW_VERTICAL; - - Count = 0; - for (Index = Top; Index + 2 < Bottom; Index++, Count++) { - String = VA_ARG (Marker, CHAR16 *); - - // - // This will clear the background of the line - we never know who might have been - // here before us. This differs from the next clear in that it used the non-reverse - // video for normal printing. - // - if (GetStringWidth (String) / 2 > 1) { - ClearLines (Start, End, Index + 1, Index + 1, GetPopupColor ()); - } - - // - // Passing in a space results in the assumption that this is where typing will occur - // - if (String[0] == L' ') { - ClearLines (Start + 1, End - 1, Index + 1, Index + 1, GetPopupInverseColor ()); - } - - // - // Passing in a NULL results in a blank space - // - if (String[0] == CHAR_NULL) { - ClearLines (Start, End, Index + 1, Index + 1, GetPopupColor ()); - } - - PrintStringAt ( - ((DimensionsWidth - GetStringWidth (String) / 2) / 2) + gStatementDimensions.LeftColumn + 1, - Index + 1, - String - ); - gST->ConOut->SetAttribute (gST->ConOut, GetPopupColor ()); - PrintCharAt (Start, Index + 1, Character); - PrintCharAt (End - 1, Index + 1, Character); - } - - Character = BOXDRAW_UP_RIGHT; - PrintCharAt (Start, Bottom - 1, Character); - Character = BOXDRAW_HORIZONTAL; - for (Index = Start; Index + 2 < End; Index++) { - PrintCharAt ((UINTN)-1, (UINTN)-1, Character); - } - - Character = BOXDRAW_UP_LEFT; - PrintCharAt ((UINTN)-1, (UINTN)-1, Character); -} - -/** - Draw a pop up windows based on the dimension, number of lines and - strings specified. - - @param RequestedWidth The width of the pop-up. - @param NumberOfLines The number of lines. - @param ... A series of text strings that displayed in the pop-up. - -**/ -VOID -EFIAPI -CreateMultiStringPopUp ( - IN UINTN RequestedWidth, - IN UINTN NumberOfLines, - ... - ) -{ - VA_LIST Marker; - - VA_START (Marker, NumberOfLines); - - CreateSharedPopUp (RequestedWidth, NumberOfLines, Marker); - - VA_END (Marker); -} - /** Process nothing. From 13c44b52c89ff8c3eb17c1585b52565218c2e944 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 30 May 2022 17:37:42 +0200 Subject: [PATCH 058/357] DasharoModulePkg: Add directory --- DasharoModulePkg/LICENSE | 25 +++++++++++++++++++++++++ DasharoModulePkg/README.md | 2 ++ 2 files changed, 27 insertions(+) create mode 100644 DasharoModulePkg/LICENSE create mode 100644 DasharoModulePkg/README.md diff --git a/DasharoModulePkg/LICENSE b/DasharoModulePkg/LICENSE new file mode 100644 index 0000000000..7041a471c1 --- /dev/null +++ b/DasharoModulePkg/LICENSE @@ -0,0 +1,25 @@ +BSD 2-Clause License + +Copyright (c) 2022, Dasharo +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/DasharoModulePkg/README.md b/DasharoModulePkg/README.md new file mode 100644 index 0000000000..6ca6fe1533 --- /dev/null +++ b/DasharoModulePkg/README.md @@ -0,0 +1,2 @@ +# DasharoModulePkg +EDK2 modules for Dasharo systems From ca6d1b4aa95e6347bdeb158b9443c7811de44444 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Thu, 2 Jun 2022 18:03:43 +0300 Subject: [PATCH 059/357] DasharoModulePkg: Add empty package Signed-off-by: Sergii Dmytruk --- .../DasharoModuleComponents.dsc.inc | 10 ++++++++ DasharoModulePkg/DasharoModuleComponents.uni | 15 +++++++++++ DasharoModulePkg/DasharoModulePkg.dec | 24 ++++++++++++++++++ DasharoModulePkg/DasharoModulePkg.dsc | 25 +++++++++++++++++++ 4 files changed, 74 insertions(+) create mode 100644 DasharoModulePkg/DasharoModuleComponents.dsc.inc create mode 100644 DasharoModulePkg/DasharoModuleComponents.uni create mode 100644 DasharoModulePkg/DasharoModulePkg.dec create mode 100644 DasharoModulePkg/DasharoModulePkg.dsc diff --git a/DasharoModulePkg/DasharoModuleComponents.dsc.inc b/DasharoModulePkg/DasharoModuleComponents.dsc.inc new file mode 100644 index 0000000000..52b143860a --- /dev/null +++ b/DasharoModulePkg/DasharoModuleComponents.dsc.inc @@ -0,0 +1,10 @@ +## @file +# Dasharo DSC include file for [Components*] section. +# +# This file can be included to the [Components*] section(s) of a platform DSC file +# by using "!include DasharoModulePkg/DasharoModuleComponents.dsc.inc" to specify the INF files. +# +# Copyright (c) 2022, 3mdeb Sp. z o.o. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause +# +## diff --git a/DasharoModulePkg/DasharoModuleComponents.uni b/DasharoModulePkg/DasharoModuleComponents.uni new file mode 100644 index 0000000000..a7b1e80840 --- /dev/null +++ b/DasharoModulePkg/DasharoModuleComponents.uni @@ -0,0 +1,15 @@ +// /** @file +// Dasharo Module Package +// +// This Package provides cryptographic-related libraries for UEFI security modules. +// It also provides a test application to test libraries. +// +// Copyright (c) 2022, 3mdeb Sp. z o.o. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause +// +// **/ + +#string STR_PACKAGE_ABSTRACT #language en-US "Provides Dasharo-related modules" + +#string STR_PACKAGE_DESCRIPTION #language en-US "This package provides modules that are used in Dasharo firmware." diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec new file mode 100644 index 0000000000..2d3d339bd5 --- /dev/null +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -0,0 +1,24 @@ +## @file +# Dasharo Module Package +# +# Provides libraries specific to Dasharo firmware. +# +# Copyright (c) 2022, 3mdeb Sp. z o.o. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause +# +## + +[Defines] + DEC_SPECIFICATION = 0x00010005 + PACKAGE_NAME = DasharoModulePkg + PACKAGE_GUID = 34B742F3-EB9D-4204-8C9A-E1B47966A61F + PACKAGE_VERSION = 0.1 + PACKAGE_UNI_FILE = DasharoModuleComponents.uni + +[Includes] + +[Guids] + +[Ppis] + +[Protocols] diff --git a/DasharoModulePkg/DasharoModulePkg.dsc b/DasharoModulePkg/DasharoModulePkg.dsc new file mode 100644 index 0000000000..819d117a6a --- /dev/null +++ b/DasharoModulePkg/DasharoModulePkg.dsc @@ -0,0 +1,25 @@ +## @file +# Dasharo Module Package +# +# Copyright (c) 2022, 3mdeb Sp. z o.o. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause +# +## + +[Defines] + PLATFORM_NAME = MdeModule + PLATFORM_GUID = D11BE2F6-8BD9-4099-8C73-2E09220FF8DD + PLATFORM_VERSION = 0.1 + DSC_SPECIFICATION = 0x00010005 + OUTPUT_DIRECTORY = Build/DasharoModulePkg + SUPPORTED_ARCHITECTURES = IA32|X64|EBC + BUILD_TARGETS = DEBUG|RELEASE|NOOPT + SKUID_IDENTIFIER = DEFAULT + +[LibraryClasses] + +[Components] + !include DasharoModulePkg/DasharoModuleComponents.dsc.inc + +[BuildOptions] + *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES From 2505f7a91adc03713cf77184e1e6faf064a6d2c0 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Thu, 2 Jun 2022 18:07:14 +0300 Subject: [PATCH 060/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: add This is a two-screen menu (main and security options menus) with a single vboot lock option. Signed-off-by: Sergii Dmytruk --- .../DasharoModuleComponents.dsc.inc | 2 + DasharoModulePkg/DasharoModulePkg.dec | 1 + .../DasharoSystemFeatures.c | 332 ++++++++++++++++++ .../DasharoSystemFeatures.h | 155 ++++++++ .../DasharoSystemFeaturesHii.h | 26 ++ .../DasharoSystemFeaturesStrings.uni | 24 ++ .../DasharoSystemFeaturesUiLib.inf | 55 +++ .../DasharoSystemFeaturesUiLib.uni | 16 + .../DasharoSystemFeaturesVfr.vfr | 49 +++ 9 files changed, 660 insertions(+) create mode 100644 DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c create mode 100644 DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h create mode 100644 DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h create mode 100644 DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni create mode 100644 DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf create mode 100644 DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.uni create mode 100644 DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr diff --git a/DasharoModulePkg/DasharoModuleComponents.dsc.inc b/DasharoModulePkg/DasharoModuleComponents.dsc.inc index 52b143860a..7ed962b6a4 100644 --- a/DasharoModulePkg/DasharoModuleComponents.dsc.inc +++ b/DasharoModulePkg/DasharoModuleComponents.dsc.inc @@ -8,3 +8,5 @@ # SPDX-License-Identifier: BSD-2-Clause # ## + + DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 2d3d339bd5..55a0482d80 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -18,6 +18,7 @@ [Includes] [Guids] + gDasharoSystemFeaturesFormsetGuid = { 0xd15b327e, 0xff2d, 0x4fc1, {0xab, 0xf6, 0xc1, 0x2b, 0xd0, 0x8c, 0x13, 0x59 } } [Ppis] diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c new file mode 100644 index 0000000000..b39492b377 --- /dev/null +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -0,0 +1,332 @@ +/** @file +The Dasharo system features reference implementation + +Copyright (c) 2022, 3mdeb Sp. z o.o. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause + +**/ + +#include "DasharoSystemFeatures.h" + +STATIC EFI_GUID mDasharoSystemFeaturesGuid = DASHARO_SYSTEM_FEATURES_FORMSET_GUID; +STATIC CHAR16 mVarStoreName[] = L"FeaturesData"; +STATIC CHAR16 mLockBitsEfiVar[] = L"LockBios"; + +STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { + DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, + NULL, + NULL, + { + DasharoSystemFeaturesExtractConfig, + DasharoSystemFeaturesRouteConfig, + DasharoSystemFeaturesCallback + } +}; + +STATIC HII_VENDOR_DEVICE_PATH mDasharoSystemFeaturesHiiVendorDevicePath = { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + DASHARO_SYSTEM_FEATURES_FORMSET_GUID + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + (UINT8) (END_DEVICE_PATH_LENGTH), + (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + } + } +}; + +/** + Install Dasharo System Features Menu driver. + + @param ImageHandle The image handle. + @param SystemTable The system table. + + @retval EFI_SUCEESS Installed Dasharo System Features. + @retval Other Error. + +**/ +EFI_STATUS +EFIAPI +DasharoSystemFeaturesUiLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable +) +{ + EFI_STATUS Status; + UINTN BufferSize; + + mDasharoSystemFeaturesPrivate.DriverHandle = NULL; + Status = gBS->InstallMultipleProtocolInterfaces ( + &mDasharoSystemFeaturesPrivate.DriverHandle, + &gEfiDevicePathProtocolGuid, + &mDasharoSystemFeaturesHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &mDasharoSystemFeaturesPrivate.ConfigAccess, + NULL + ); + ASSERT_EFI_ERROR (Status); + + // Publish our HII data. + mDasharoSystemFeaturesPrivate.HiiHandle = HiiAddPackages ( + &mDasharoSystemFeaturesGuid, + mDasharoSystemFeaturesPrivate.DriverHandle, + DasharoSystemFeaturesVfrBin, + DasharoSystemFeaturesUiLibStrings, + NULL + ); + ASSERT (mDasharoSystemFeaturesPrivate.HiiHandle != NULL); + + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); + Status = gRT->GetVariable ( + mLockBitsEfiVar, + &mDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios + ); + if (Status != EFI_NOT_FOUND) { + return Status; + } + + return EFI_SUCCESS; +} + +/** + Unloads the application and its installed protocol. + + @param ImageHandle Handle that identifies the image to be unloaded. + @param SystemTable The system table. + + @retval EFI_SUCCESS The image has been unloaded. +**/ +EFI_STATUS +EFIAPI +DasharoSystemFeaturesUiLibDestructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable +) +{ + EFI_STATUS Status; + + Status = gBS->UninstallMultipleProtocolInterfaces ( + mDasharoSystemFeaturesPrivate.DriverHandle, + &gEfiDevicePathProtocolGuid, + &mDasharoSystemFeaturesHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &mDasharoSystemFeaturesPrivate.ConfigAccess, + NULL + ); + ASSERT_EFI_ERROR (Status); + + HiiRemovePackages (mDasharoSystemFeaturesPrivate.HiiHandle); + + return EFI_SUCCESS; +} + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Request A null-terminated Unicode string in format. + @param Progress On return, points to a character in the Request string. + Points to the string's null terminator if request was successful. + Points to the most recent '&' before the first failing name/value + pair (or the beginning of the string if the failure is in the + first name/value pair) if the request was not successful. + @param Results A null-terminated Unicode string in format which + has all values filled in for the names in the Request string. + String to be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. + +**/ +EFI_STATUS +EFIAPI +DasharoSystemFeaturesExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ) +{ + EFI_STATUS Status; + DASHARO_SYSTEM_FEATURES_PRIVATE_DATA *Private; + UINTN BufferSize; + EFI_STRING ConfigRequestHdr; + EFI_STRING ConfigRequest; + UINTN Size; + + if (Progress == NULL || Results == NULL) { + return EFI_INVALID_PARAMETER; + } + + *Progress = Request; + if (Request != NULL && + !HiiIsConfigHdrMatch (Request, &mDasharoSystemFeaturesGuid, mVarStoreName)) { + return EFI_NOT_FOUND; + } + + Private = DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_FROM_THIS (This); + + BufferSize = sizeof (DASHARO_FEATURES_DATA); + ConfigRequest = Request; + if (Request == NULL || (StrStr (Request, L"OFFSET") == NULL)) { + // Request has no request element, construct full request string. + // Allocate and fill a buffer large enough to hold the template + // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator. + ConfigRequestHdr = HiiConstructConfigHdr ( + &mDasharoSystemFeaturesGuid, + mVarStoreName, + Private->DriverHandle + ); + Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); + ConfigRequest = AllocateZeroPool (Size); + ASSERT (ConfigRequest != NULL); + UnicodeSPrint ( + ConfigRequest, + Size, + L"%s&OFFSET=0&WIDTH=%016LX", + ConfigRequestHdr, + (UINT64) BufferSize + ); + FreePool (ConfigRequestHdr); + } + + // Convert fields of binary structure to string representation. + Status = gHiiConfigRouting->BlockToConfig ( + gHiiConfigRouting, + ConfigRequest, + (CONST UINT8 *) &Private->DasharoFeaturesData, + BufferSize, + Results, + Progress + ); + ASSERT_EFI_ERROR (Status); + + // Free config request string if it was allocated. + if (ConfigRequest != Request) { + FreePool (ConfigRequest); + } + + if (Request != NULL && StrStr (Request, L"OFFSET") == NULL) { + *Progress = Request + StrLen (Request); + } + + return Status; +} + +/** + This function processes the results of changes in configuration. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Configuration A null-terminated Unicode string in format. + @param Progress A pointer to a string filled in with the offset of the most + recent '&' before the first failing name/value pair (or the + beginning of the string if the failure is in the first + name/value pair) or the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. + +**/ +EFI_STATUS +EFIAPI +DasharoSystemFeaturesRouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + DASHARO_SYSTEM_FEATURES_PRIVATE_DATA *Private; + DASHARO_FEATURES_DATA DasharoFeaturesData; + + if (Progress == NULL) { + return EFI_INVALID_PARAMETER; + } + + *Progress = Configuration; + if (Configuration == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (!HiiIsConfigHdrMatch (Configuration, &mDasharoSystemFeaturesGuid, mVarStoreName)) { + return EFI_NOT_FOUND; + } + + Private = DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_FROM_THIS (This); + + // Construct data structure from configuration string. + BufferSize = sizeof (DasharoFeaturesData); + Status = gHiiConfigRouting->ConfigToBlock ( + gHiiConfigRouting, + Configuration, + (UINT8 *) &DasharoFeaturesData, + &BufferSize, + Progress + ); + ASSERT_EFI_ERROR (Status); + + if (Private->DasharoFeaturesData.LockBios != DasharoFeaturesData.LockBios) { + Status = gRT->SetVariable ( + mLockBitsEfiVar, + &mDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.LockBios), + &DasharoFeaturesData.LockBios + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + + Private->DasharoFeaturesData = DasharoFeaturesData; + return EFI_SUCCESS; +} + +/** + This function is invoked if user selected a interactive opcode from Device Manager's + Formset. If user toggles bios lock, the new value is saved to EFI variable. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Action Specifies the type of action taken by the browser. + @param QuestionId A unique value which is sent to the original exporting driver + so that it can identify the type of data to expect. + @param Type The type of value for the question. + @param Value A pointer to the data being sent to the original exporting driver. + @param ActionRequest On return, points to the action requested by the callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_INVALID_PARAMETER The setup browser call this function with invalid parameters. + +**/ +EFI_STATUS +EFIAPI +DasharoSystemFeaturesCallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ) +{ + return EFI_UNSUPPORTED; +} diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h new file mode 100644 index 0000000000..cb9bf53c8d --- /dev/null +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h @@ -0,0 +1,155 @@ +/** @file +The Dasharo system features implementation + +Copyright (c) 2022, 3mdeb Sp. z o.o. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause + +**/ + +#ifndef _DASHARO_SYSTEM_FEATURES_H_ +#define _DASHARO_SYSTEM_FEATURES_H_ + +#include +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "DasharoSystemFeaturesHii.h" + +// +// These are the VFR compiler generated data representing our VFR data. +// +extern UINT8 DasharoSystemFeaturesVfrBin[]; + +#define DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('D', 'S', 'F', 'p') + +/// +/// HII specific Vendor Device Path definition. +/// +typedef struct { + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; +} HII_VENDOR_DEVICE_PATH; + +typedef struct { + UINTN Signature; + + /// + /// Device Manager HII relative handles + /// + EFI_HII_HANDLE HiiHandle; + + EFI_HANDLE DriverHandle; + + /// + /// Produced protocols + /// + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; + + /// + /// Configuration data + /// + DASHARO_FEATURES_DATA DasharoFeaturesData; +} DASHARO_SYSTEM_FEATURES_PRIVATE_DATA; + +#define DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_FROM_THIS(a) \ + CR (a, \ + DASHARO_SYSTEM_FEATURES_PRIVATE_DATA, \ + ConfigAccess, \ + DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE \ + ) + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Request A null-terminated Unicode string in format. + @param Progress On return, points to a character in the Request string. + Points to the string's null terminator if request was successful. + Points to the most recent '&' before the first failing name/value + pair (or the beginning of the string if the failure is in the + first name/value pair) if the request was not successful. + @param Results A null-terminated Unicode string in format which + has all values filled in for the names in the Request string. + String to be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. + +**/ +EFI_STATUS +EFIAPI +DasharoSystemFeaturesExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ); + +/** + This function processes the results of changes in configuration. + + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Configuration A null-terminated Unicode string in format. + @param Progress A pointer to a string filled in with the offset of the most + recent '&' before the first failing name/value pair (or the + beginning of the string if the failure is in the first + name/value pair) or the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. + +**/ +EFI_STATUS +EFIAPI +DasharoSystemFeaturesRouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ); + +/** + This function is invoked if user selected a interactive opcode from Dasharo System Features' + Formset. If user set VBIOS, the new value is saved to EFI variable. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Action Specifies the type of action taken by the browser. + @param QuestionId A unique value which is sent to the original exporting driver + so that it can identify the type of data to expect. + @param Type The type of value for the question. + @param Value A pointer to the data being sent to the original exporting driver. + @param ActionRequest On return, points to the action requested by the callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_INVALID_PARAMETER The setup browser call this function with invalid parameters. + +**/ +EFI_STATUS +EFIAPI +DasharoSystemFeaturesCallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ); + +#endif diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h new file mode 100644 index 0000000000..71997f7ab8 --- /dev/null +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -0,0 +1,26 @@ +/** @file +The Dasharo system features implementation + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause + +**/ + +#ifndef _DASHARO_SYSTEM_FEATURES_HII_H_ +#define _DASHARO_SYSTEM_FEATURES_HII_H_ + +#define DASHARO_SYSTEM_FEATURES_FORMSET_GUID \ + { 0xd15b327e, 0xff2d, 0x4fc1, {0xab, 0xf6, 0xc1, 0x2b, 0xd0, 0x8c, 0x13, 0x59} } + +#define DASHARO_SYSTEM_FEATURES_FORM_ID 0x1000 +#define DASHARO_SECURITY_OPTIONS_FORM_ID 0x1001 + +#define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 + +typedef struct { + BOOLEAN LockBios; +} DASHARO_FEATURES_DATA; + +#define LOCK_BIOS_QUESTION_ID 0x8000 + +#endif diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni new file mode 100644 index 0000000000..79a042af8a --- /dev/null +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -0,0 +1,24 @@ +///** @file +// +// String definitions for the Dasharo System Features. +// +// Copyright (c) 2022, 3mdeb Sp. z o.o. All rights reserved.
+// SPDX-License-Identifier: BSD-2-Clause +// +//**/ + +/=# + +#langdef en-US "English" + +#string STR_EMPTY_STRING #language en-US "" +#string STR_EXIT_STRING #language en-US "Press ESC to exit." + +#string STR_EDKII_MENU_TITLE #language en-US "Dasharo System Features" +#string STR_EDKII_MENU_HELP #language en-US "This selection will take you to Dasharo System Features Manager" + +#string STR_DASHARO_SECURITY_OPTIONS_TITLE #language en-US "Dasharo Security Options" +#string STR_DASHARO_SECURITY_OPTIONS_HELP #language en-US "Security-related options" + +#string STR_LOCK_BIOS_PROMPT #language en-US "Lock the BIOS boot medium" +#string STR_LOCK_BIOS_HELP #language en-US "Locks the recovery partition of vboot" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf new file mode 100644 index 0000000000..322b00cbd2 --- /dev/null +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -0,0 +1,55 @@ +## @file +# Dasharo System Features Library used by UiApp +# +# Copyright (c) 2022, 3mdeb Sp. z o.o. All rights reserved.
+# SPDX-License-Identifier: GPL-2-only +# +## +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DasharoSystemFeaturesUiLib + MODULE_UNI_FILE = DasharoSystemFeaturesUiLib.uni + FILE_GUID = 12F093F3-B653-4FA3-A2D6-C76BDD33BD52 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL|DXE_DRIVER UEFI_APPLICATION + CONSTRUCTOR = DasharoSystemFeaturesUiLibConstructor + DESTRUCTOR = DasharoSystemFeaturesUiLibDestructor +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + DasharoSystemFeatures.h + DasharoSystemFeaturesHii.h + DasharoSystemFeatures.c + DasharoSystemFeaturesVfr.vfr + DasharoSystemFeaturesStrings.uni + +[Packages] + DasharoModulePkg/DasharoModulePkg.dec + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + DevicePathLib + BaseLib + MemoryAllocationLib + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + BaseMemoryLib + DebugLib + PrintLib + HiiLib + UefiHiiServicesLib + +[Guids] + gEfiHiiPlatformSetupFormsetGuid ## CONSUMES ## GUID (Indicate the formset class guid to be displayed) + gEfiIfrTianoGuid ## CONSUMES ## GUID (Extended IFR Guid Opcode) + gEfiIfrFrontPageGuid ## CONSUMES ## GUID (Indicate the formset in this library need to display in which page) + gDasharoSystemFeaturesFormsetGuid ## PROVIDES + +[Protocols] + gEfiHiiConfigAccessProtocolGuid ## CONSUMES diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.uni new file mode 100644 index 0000000000..c73dec4ef1 --- /dev/null +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.uni @@ -0,0 +1,16 @@ +// /** @file +// Dasharo System Features Library used by UiApp +// +// Copyright (c) 2022, 3mdeb Sp. z o.o. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause +// +// **/ + +#string STR_MODULE_ABSTRACT +#language en-US +"Dasharo System Features Library used by UiApp" + +#string STR_MODULE_DESCRIPTION +#language en-US +"Dasharo System Features Library used by UiApp" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr new file mode 100644 index 0000000000..c033b6f565 --- /dev/null +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -0,0 +1,49 @@ +/** @file +The Dasharo system features implementation + +Copyright (c) 2022, 3mdeb Sp. z o.o. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause + +**/ + +#include "DasharoSystemFeaturesHii.h" + +formset + guid = DASHARO_SYSTEM_FEATURES_FORMSET_GUID, + title = STRING_TOKEN(STR_EDKII_MENU_TITLE), + help = STRING_TOKEN(STR_EDKII_MENU_HELP), + classguid = gEfiIfrFrontPageGuid, + + varstore DASHARO_FEATURES_DATA, + varid = DASHARO_FEATURES_DATA_VARSTORE_ID, + name = FeaturesData, + guid = DASHARO_SYSTEM_FEATURES_FORMSET_GUID; + + form formid = DASHARO_SYSTEM_FEATURES_FORM_ID, + title = STRING_TOKEN(STR_EDKII_MENU_TITLE); + + goto DASHARO_SECURITY_OPTIONS_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_SECURITY_OPTIONS_TITLE), + help = STRING_TOKEN(STR_DASHARO_SECURITY_OPTIONS_HELP); + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EXIT_STRING); + endform; + + form formid = DASHARO_SECURITY_OPTIONS_FORM_ID, + title = STRING_TOKEN(STR_DASHARO_SECURITY_OPTIONS_TITLE); + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + + checkbox varid = FeaturesData.LockBios, + prompt = STRING_TOKEN(STR_LOCK_BIOS_PROMPT), + help = STRING_TOKEN(STR_LOCK_BIOS_HELP), + flags = INTERACTIVE, + endcheckbox; + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EXIT_STRING); + endform; +endformset; From 6867a3bf3a91f1f2703bcfc4525ef0217647ddef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Thu, 23 Jun 2022 15:04:40 +0200 Subject: [PATCH 061/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c: create LockBios var in library constructor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../DasharoSystemFeatures.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index b39492b377..c9e7393e9c 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -11,6 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause STATIC EFI_GUID mDasharoSystemFeaturesGuid = DASHARO_SYSTEM_FEATURES_FORMSET_GUID; STATIC CHAR16 mVarStoreName[] = L"FeaturesData"; STATIC CHAR16 mLockBitsEfiVar[] = L"LockBios"; +STATIC BOOLEAN mLockBiosDefault = TRUE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -94,7 +95,19 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios ); - if (Status != EFI_NOT_FOUND) { + + if (Status == EFI_NOT_FOUND) { + Status = gRT->SetVariable ( + mLockBitsEfiVar, + &mDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mLockBiosDefault), + &mLockBiosDefault + ); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios = mLockBiosDefault; + } + + if (EFI_ERROR(Status)) { return Status; } From e9ee25c9a20a1c35686d0b898011e9f9d8d010bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Fri, 26 Aug 2022 12:58:05 +0200 Subject: [PATCH 062/357] DasharoModulePkg: Add pcd to hide system features menu MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoModulePkg/DasharoModulePkg.dec | 4 ++++ DasharoModulePkg/DasharoModulePkg.dsc | 1 + .../DasharoSystemFeatures.c | 13 +++++++++---- .../DasharoSystemFeaturesUiLib.inf | 4 ++++ 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 55a0482d80..b656ea2c06 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -19,7 +19,11 @@ [Guids] gDasharoSystemFeaturesFormsetGuid = { 0xd15b327e, 0xff2d, 0x4fc1, {0xab, 0xf6, 0xc1, 0x2b, 0xd0, 0x8c, 0x13, 0x59 } } + gDasharoSystemFeaturesTokenSpaceGuid = {0xc7d52e10, 0xadec, 0x4d49, { 0x9e, 0xc5, 0xb8, 0xcf, 0xcd, 0x4b, 0x9d, 0xb9 }} [Ppis] [Protocols] + +[PcdsFixedAtBuild] +gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|FALSE|BOOLEAN|0x00000001 diff --git a/DasharoModulePkg/DasharoModulePkg.dsc b/DasharoModulePkg/DasharoModulePkg.dsc index 819d117a6a..8bdf2eafd4 100644 --- a/DasharoModulePkg/DasharoModulePkg.dsc +++ b/DasharoModulePkg/DasharoModulePkg.dsc @@ -17,6 +17,7 @@ SKUID_IDENTIFIER = DEFAULT [LibraryClasses] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf [Components] !include DasharoModulePkg/DasharoModuleComponents.dsc.inc diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index c9e7393e9c..280a3629fd 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -6,6 +6,7 @@ SPDX-License-Identifier: BSD-2-Clause **/ +#include #include "DasharoSystemFeatures.h" STATIC EFI_GUID mDasharoSystemFeaturesGuid = DASHARO_SYSTEM_FEATURES_FORMSET_GUID; @@ -49,11 +50,12 @@ STATIC HII_VENDOR_DEVICE_PATH mDasharoSystemFeaturesHiiVendorDevicePath = { /** Install Dasharo System Features Menu driver. - @param ImageHandle The image handle. - @param SystemTable The system table. + @param ImageHandle The image handle. + @param SystemTable The system table. - @retval EFI_SUCEESS Installed Dasharo System Features. - @retval Other Error. + @retval EFI_SUCEESS Installed Dasharo System Features. + @retval EFI_NOT_SUPPORTED Dasharo System Features not supported. + @retval Other Error. **/ EFI_STATUS @@ -66,6 +68,9 @@ DasharoSystemFeaturesUiLibConstructor ( EFI_STATUS Status; UINTN BufferSize; + if (!PcdGetBool (PcdShowMenu)) + return EFI_UNSUPPORTED; + mDasharoSystemFeaturesPrivate.DriverHandle = NULL; Status = gBS->InstallMultipleProtocolInterfaces ( &mDasharoSystemFeaturesPrivate.DriverHandle, diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 322b00cbd2..7ae928291b 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -41,6 +41,7 @@ UefiRuntimeServicesTableLib BaseMemoryLib DebugLib + PcdLib PrintLib HiiLib UefiHiiServicesLib @@ -53,3 +54,6 @@ [Protocols] gEfiHiiConfigAccessProtocolGuid ## CONSUMES + +[Pcd] + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu From 0ce1d91e1d23f1ac4c82fc3751d00963f0953be0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 25 Oct 2022 16:40:43 +0200 Subject: [PATCH 063/357] DasharoModulePkg: setup password: initial code import from edk2-platforms MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../Include/Guid/UserAuthentication.h | 45 + .../Include/Library/PlatformPasswordLib.h | 48 ++ .../Include/Library/UserPasswordLib.h | 70 ++ .../Include/Library/UserPasswordUiLib.h | 37 + DasharoModulePkg/Include/PostMemory.fdf | 12 + DasharoModulePkg/Include/PreMemory.fdf | 8 + DasharoModulePkg/Include/UserAuthFeature.dsc | 77 ++ .../PlatformPasswordLibNull.c | 78 ++ .../PlatformPasswordLibNull.inf | 38 + .../PlatformPasswordLibNull.uni | 19 + .../Library/UserPasswordLib/UserPasswordLib.c | 274 ++++++ .../UserPasswordLib/UserPasswordLib.inf | 37 + .../UserPasswordUiLib/UserPasswordUiLib.c | 522 ++++++++++++ .../UserPasswordUiLib/UserPasswordUiLib.inf | 41 + DasharoModulePkg/UserAuthFeaturePkg/Readme.md | 98 +++ .../UserAuthFeaturePkg/UserAuthFeaturePkg.dec | 49 ++ .../UserAuthFeaturePkg/UserAuthFeaturePkg.dsc | 47 ++ .../UserAuthenticationDxeSmm/KeyService.c | 133 +++ .../UserAuthenticationDxeSmm/KeyService.h | 88 ++ .../UserAuthentication2Dxe.c | 484 +++++++++++ .../UserAuthentication2Dxe.h | 55 ++ .../UserAuthentication2Dxe.inf | 52 ++ .../UserAuthenticationDxe.c | 780 ++++++++++++++++++ .../UserAuthenticationDxe.h | 138 ++++ .../UserAuthenticationDxe.inf | 62 ++ .../UserAuthenticationDxeFormset.h | 23 + .../UserAuthenticationDxePassword.c | 319 +++++++ .../UserAuthenticationDxeStrings.uni | 30 + .../UserAuthenticationDxeVfr.vfr | 39 + .../UserAuthenticationSmm.c | 717 ++++++++++++++++ .../UserAuthenticationSmm.h | 52 ++ .../UserAuthenticationSmm.inf | 55 ++ 32 files changed, 4527 insertions(+) create mode 100644 DasharoModulePkg/Include/Guid/UserAuthentication.h create mode 100644 DasharoModulePkg/Include/Library/PlatformPasswordLib.h create mode 100644 DasharoModulePkg/Include/Library/UserPasswordLib.h create mode 100644 DasharoModulePkg/Include/Library/UserPasswordUiLib.h create mode 100644 DasharoModulePkg/Include/PostMemory.fdf create mode 100644 DasharoModulePkg/Include/PreMemory.fdf create mode 100644 DasharoModulePkg/Include/UserAuthFeature.dsc create mode 100644 DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c create mode 100644 DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf create mode 100644 DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni create mode 100644 DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.c create mode 100644 DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.inf create mode 100644 DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.c create mode 100644 DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.inf create mode 100644 DasharoModulePkg/UserAuthFeaturePkg/Readme.md create mode 100644 DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dec create mode 100644 DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dsc create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/KeyService.c create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/KeyService.h create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.c create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.h create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.c create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.h create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeFormset.h create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxePassword.c create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeVfr.vfr create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.h create mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf diff --git a/DasharoModulePkg/Include/Guid/UserAuthentication.h b/DasharoModulePkg/Include/Guid/UserAuthentication.h new file mode 100644 index 0000000000..2a41a46cdc --- /dev/null +++ b/DasharoModulePkg/Include/Guid/UserAuthentication.h @@ -0,0 +1,45 @@ +/** @file + GUID is for UserAuthentication SMM communication. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __USER_AUTHENTICATION_GUID_H__ +#define __USER_AUTHENTICATION_GUID_H__ + +#define PASSWORD_MIN_SIZE 9 // MIN number of chars of password, including NULL. +#define PASSWORD_MAX_SIZE 33 // MAX number of chars of password, including NULL. + +#define USER_AUTHENTICATION_GUID \ + { 0xf06e3ea7, 0x611c, 0x4b6b, { 0xb4, 0x10, 0xc2, 0xbf, 0x94, 0x3f, 0x38, 0xf2 } } + +extern EFI_GUID gUserAuthenticationGuid; + +typedef struct { + UINTN Function; + EFI_STATUS ReturnStatus; +} SMM_PASSWORD_COMMUNICATE_HEADER; + +#define SMM_PASSWORD_FUNCTION_IS_PASSWORD_SET 1 +#define SMM_PASSWORD_FUNCTION_SET_PASSWORD 2 +#define SMM_PASSWORD_FUNCTION_VERIFY_PASSWORD 3 +#define SMM_PASSWORD_FUNCTION_SET_VERIFY_POLICY 4 +#define SMM_PASSWORD_FUNCTION_GET_VERIFY_POLICY 5 +#define SMM_PASSWORD_FUNCTION_WAS_PASSWORD_VERIFIED 6 + +typedef struct { + CHAR8 NewPassword[PASSWORD_MAX_SIZE]; + CHAR8 OldPassword[PASSWORD_MAX_SIZE]; +} SMM_PASSWORD_COMMUNICATE_SET_PASSWORD; + +typedef struct { + CHAR8 Password[PASSWORD_MAX_SIZE]; +} SMM_PASSWORD_COMMUNICATE_VERIFY_PASSWORD; + +typedef struct { + BOOLEAN NeedReVerify; +} SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY; + +#endif diff --git a/DasharoModulePkg/Include/Library/PlatformPasswordLib.h b/DasharoModulePkg/Include/Library/PlatformPasswordLib.h new file mode 100644 index 0000000000..ce27947f6d --- /dev/null +++ b/DasharoModulePkg/Include/Library/PlatformPasswordLib.h @@ -0,0 +1,48 @@ +/** @file + Provides a platform-specific method to return password policy. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __PLATFORM_PASSWORD_LIB_H__ +#define __PLATFORM_PASSWORD_LIB_H__ + +/** + This function is called at password driver entrypoint. + This function should be called only once, to clear the password. + + This function provides a way to reset the password, just in case + the platform owner forgets the password. + The platform should provide a secure way to make sure + only the platform owner is allowed to clear password. + + Once the password is cleared, the platform should provide a way + to set a new password. + + @retval TRUE There is a platform request to clear the password. + @retval FALSE There is no platform request to clear the password. +**/ +BOOLEAN +EFIAPI +IsPasswordCleared ( + VOID + ); + +/** + This function is called if the password driver finds that the password is not enrolled, + when the password is required to input. + + This function should return the action according to platform policy. + + @retval TRUE The caller should force the user to enroll the password. + @retval FALSE The caller may skip the password enroll. +**/ +BOOLEAN +EFIAPI +NeedEnrollPassword ( + VOID + ); + +#endif diff --git a/DasharoModulePkg/Include/Library/UserPasswordLib.h b/DasharoModulePkg/Include/Library/UserPasswordLib.h new file mode 100644 index 0000000000..b6aad224e9 --- /dev/null +++ b/DasharoModulePkg/Include/Library/UserPasswordLib.h @@ -0,0 +1,70 @@ +/** @file + Provides services to set/verify password and return if the password is set. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __USER_PASSWORD_LIB_H__ +#define __USER_PASSWORD_LIB_H__ + +/** + Validate if the password is correct. + + @param[in] Password The user input password. + @param[in] PasswordSize The size of Password in byte. + + @retval EFI_SUCCESS The password is correct. + @retval EFI_SECURITY_VIOLATION The password is incorrect. + @retval EFI_INVALID_PARAMETER The password or size is invalid. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to verify the password. + @retval EFI_ACCESS_DENIED Password retry count reach. +**/ +EFI_STATUS +EFIAPI +VerifyPassword ( + IN CHAR16 *Password, + IN UINTN PasswordSize + ); + +/** + Set a new password. + + @param[in] NewPassword The user input new password. + NULL means clear password. + @param[in] NewPasswordSize The size of NewPassword in byte. + @param[in] OldPassword The user input old password. + NULL means no old password. + @param[in] OldPasswordSize The size of OldPassword in byte. + + @retval EFI_SUCCESS The NewPassword is set successfully. + @retval EFI_SECURITY_VIOLATION The OldPassword is incorrect. + @retval EFI_INVALID_PARAMETER The password or size is invalid. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to set the password. + @retval EFI_ACCESS_DENIED Password retry count reach. + @retval EFI_UNSUPPORTED NewPassword is not strong enough. + @retval EFI_ALREADY_STARTED NewPassword is in history. +**/ +EFI_STATUS +EFIAPI +SetPassword ( + IN CHAR16 *NewPassword, OPTIONAL + IN UINTN NewPasswordSize, + IN CHAR16 *OldPassword, OPTIONAL + IN UINTN OldPasswordSize + ); + +/** + Return if the password is set. + + @retval TRUE The password is set. + @retval FALSE The password is not set. +**/ +BOOLEAN +EFIAPI +IsPasswordInstalled ( + VOID + ); + +#endif diff --git a/DasharoModulePkg/Include/Library/UserPasswordUiLib.h b/DasharoModulePkg/Include/Library/UserPasswordUiLib.h new file mode 100644 index 0000000000..117f480733 --- /dev/null +++ b/DasharoModulePkg/Include/Library/UserPasswordUiLib.h @@ -0,0 +1,37 @@ +/** @file + Provides services to do password authentication. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __USER_PASSWORD_UI_LIB_H__ +#define __USER_PASSWORD_UI_LIB_H__ + +/** + Do password authentication. + + @retval EFI_SUCCESS Password authentication pass. +**/ +EFI_STATUS +EFIAPI +UiDoPasswordAuthentication ( + VOID + ); + +/** + Set password verification policy. + + @param[in] NeedReVerify Need re-verify or not. + + @retval EFI_SUCCESS Set verification policy successfully. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to set verification policy. +**/ +EFI_STATUS +EFIAPI +UiSetPasswordVerificationPolicy ( + IN BOOLEAN NeedReVerify + ); + +#endif diff --git a/DasharoModulePkg/Include/PostMemory.fdf b/DasharoModulePkg/Include/PostMemory.fdf new file mode 100644 index 0000000000..030dcbe763 --- /dev/null +++ b/DasharoModulePkg/Include/PostMemory.fdf @@ -0,0 +1,12 @@ +## @file +# FDF file for post-memory modules that enable User Authentication. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +INF UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf +INF UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf +INF UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf diff --git a/DasharoModulePkg/Include/PreMemory.fdf b/DasharoModulePkg/Include/PreMemory.fdf new file mode 100644 index 0000000000..512d1a2673 --- /dev/null +++ b/DasharoModulePkg/Include/PreMemory.fdf @@ -0,0 +1,8 @@ +## @file +# FDF file for pre-memory modules that enable User Authentication. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## diff --git a/DasharoModulePkg/Include/UserAuthFeature.dsc b/DasharoModulePkg/Include/UserAuthFeature.dsc new file mode 100644 index 0000000000..2f39a5580c --- /dev/null +++ b/DasharoModulePkg/Include/UserAuthFeature.dsc @@ -0,0 +1,77 @@ +## @file +# This is a build description file for the User Authentication advanced feature. +# This file should be included into another package DSC file to build this feature. +# +# The DEC files are used by the utilities that parse DSC and +# INF files to generate AutoGen.c and AutoGen.h files +# for the build infrastructure. +# +# Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +################################################################################ +# +# Defines Section - statements that will be processed to create a Makefile. +# +################################################################################ +[Defines] + !ifndef $(PEI_ARCH) + !error "PEI_ARCH must be specified to build this feature!" + !endif + !ifndef $(DXE_ARCH) + !error "DXE_ARCH must be specified to build this feature!" + !endif + +################################################################################ +# +# Library Class section - list of all Library Classes needed by this feature. +# +################################################################################ + +!include MdePkg/MdeLibs.dsc.inc + +[LibraryClasses] + PlatformPasswordLib|UserAuthFeaturePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf + UserPasswordLib|UserAuthFeaturePkg/Library/UserPasswordLib/UserPasswordLib.inf + +################################################################################################### +# +# Components Section - list of the modules and components that will be processed by compilation +# tools and the EDK II tools to generate PE32/PE32+/Coff image files. +# +# Note: The EDK II DSC file is not used to specify how compiled binary images get placed +# into firmware volume images. This section is just a list of modules to compile from +# source into UEFI-compliant binaries. +# It is the FDF file that contains information on combining binary files into firmware +# volume images, whose concept is beyond UEFI and is described in PI specification. +# Binary modules do not need to be listed in this section, as they should be +# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi), +# Logo (Logo.bmp), and etc. +# There may also be modules listed in this section that are not required in the FDF file, +# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be +# generated for it, but the binary will not be put into any firmware volume. +# +################################################################################################### + +# +# Feature DXE Components +# + +# @todo: Change below line to [Components.$(DXE_ARCH)] after https://bugzilla.tianocore.org/show_bug.cgi?id=2308 +# is completed. +[Components.X64] + ##################################### + # User Authentication Feature Package + ##################################### + + # Add library instances here that are not included in package components and should be tested + # in the package build. + UserAuthFeaturePkg/Library/UserPasswordUiLib/UserPasswordUiLib.inf + + # Add components here that should be included in the package build. + UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf + UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf + UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf diff --git a/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c b/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c new file mode 100644 index 0000000000..08e081aa99 --- /dev/null +++ b/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c @@ -0,0 +1,78 @@ +/** @file + NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared + but returns the PCD value directly. This instance can be used to verify security + related features during platform enabling and development. It should be replaced + by a platform-specific method(e.g. Button pressed) in a real platform for product. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +BOOLEAN mPasswordCleared = FALSE; + +/** + This function is called at password driver entrypoint. + This function should be called only once, to clear the password. + + This function provides a way to reset the password, just in case + the platform owner forgets the password. + The platform should provide a secure way to make sure + only the platform owner is allowed to clear password. + + Once the password is cleared, the platform should provide a way + to set a new password. + + @retval TRUE There is a platform request to clear the password. + @retval FALSE There is no platform request to clear the password. +**/ +BOOLEAN +EFIAPI +IsPasswordCleared ( + VOID + ) +{ + return mPasswordCleared; +} + +/** + This function is called if the password driver finds that the password is not enrolled, + when the password is required to input. + + This function should return the action according to platform policy. + + @retval TRUE The caller should force the user to enroll the password. + @retval FALSE The caller may skip the password enroll. +**/ +BOOLEAN +EFIAPI +NeedEnrollPassword ( + VOID + ) +{ + return FALSE; +} + + +/** + Save password clear state from a PCD to mPasswordCleared. + + @param ImageHandle ImageHandle of the loaded driver. + @param SystemTable Pointer to the EFI System Table. + + @retval EFI_SUCCESS PcdPasswordCleared is got successfully. + +**/ +EFI_STATUS +EFIAPI +PlatformPasswordLibNullConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + + mPasswordCleared = PcdGetBool(PcdPasswordCleared); + + return EFI_SUCCESS; +} + diff --git a/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf b/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf new file mode 100644 index 0000000000..09b2a5d051 --- /dev/null +++ b/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf @@ -0,0 +1,38 @@ +## @file +# NULL platform password library instance that returns the password clear state based upon PCD. +# +# NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared +# but returns the PCD value directly. This instance can be used to verify security +# related features during platform enabling and development. It should be replaced +# by a platform-specific method(e.g. Button pressed) in a real platform for product. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010006 + BASE_NAME = PlatformPasswordLibNull + MODULE_UNI_FILE = PlatformPasswordLibNull.uni + FILE_GUID = 27417BCA-0CCD-4089-9711-AD069A33C555 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = PlatformPasswordLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER UEFI_APPLICATION + CONSTRUCTOR = PlatformPasswordLibNullConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + PlatformPasswordLibNull.c + +[Packages] + MdePkg/MdePkg.dec + UserAuthFeaturePkg/UserAuthFeaturePkg.dec + +[Pcd] + gUserAuthFeaturePkgTokenSpaceGuid.PcdPasswordCleared ## CONSUMES diff --git a/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni b/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni new file mode 100644 index 0000000000..b0255889e0 --- /dev/null +++ b/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni @@ -0,0 +1,19 @@ +// /** @file +// NULL platform password library instance that returns the password clear state based upon PCD. +// +// NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared +// but returns the PCD value directly. This instance can be used to verify security +// related features during platform enabling and development. It should be replaced +// by a platform-specific method(e.g. Button pressed) in a real platform for product. +// +// Copyright (c) 2019, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "NULL platform password library instance that returns the password clear state based upon PCD." + +#string STR_MODULE_DESCRIPTION #language en-US "NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared but returns the PCD value directly. This instance can be used to verify security related features during platform enabling and development. It should be replaced by a platform-specific method(e.g. Button pressed) in a real platform for product." + diff --git a/DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.c b/DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.c new file mode 100644 index 0000000000..cbaf572378 --- /dev/null +++ b/DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.c @@ -0,0 +1,274 @@ +/** @file + UserPasswordLib instance implementation provides services to + set/verify password and return if the password is set. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include + +#include +#include +#include +#include + +/** + Initialize the communicate buffer using DataSize and Function. + + @param[out] DataPtr Points to the data in the communicate buffer. + @param[in] DataSize The data size to send to SMM. + @param[in] Function The function number to initialize the communicate header. + + @return Communicate buffer. +**/ +VOID* +UserPasswordLibInitCommunicateBuffer ( + OUT VOID **DataPtr OPTIONAL, + IN UINTN DataSize, + IN UINTN Function + ) +{ + EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; + SMM_PASSWORD_COMMUNICATE_HEADER *SmmPasswordFunctionHeader; + VOID *Buffer; + EDKII_PI_SMM_COMMUNICATION_REGION_TABLE *SmmCommRegionTable; + EFI_MEMORY_DESCRIPTOR *SmmCommMemRegion; + UINTN Index; + UINTN Size; + EFI_STATUS Status; + + Buffer = NULL; + Status = EfiGetSystemConfigurationTable ( + &gEdkiiPiSmmCommunicationRegionTableGuid, + (VOID **) &SmmCommRegionTable + ); + if (EFI_ERROR (Status)) { + return NULL; + } + ASSERT (SmmCommRegionTable != NULL); + SmmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *) (SmmCommRegionTable + 1); + Size = 0; + for (Index = 0; Index < SmmCommRegionTable->NumberOfEntries; Index++) { + if (SmmCommMemRegion->Type == EfiConventionalMemory) { + Size = EFI_PAGES_TO_SIZE ((UINTN) SmmCommMemRegion->NumberOfPages); + if (Size >= (DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER))) { + break; + } + } + SmmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) SmmCommMemRegion + SmmCommRegionTable->DescriptorSize); + } + ASSERT (Index < SmmCommRegionTable->NumberOfEntries); + + Buffer = (VOID*)(UINTN)SmmCommMemRegion->PhysicalStart; + ASSERT (Buffer != NULL); + SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer; + CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gUserAuthenticationGuid); + SmmCommunicateHeader->MessageLength = DataSize + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); + + SmmPasswordFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *) SmmCommunicateHeader->Data; + ZeroMem (SmmPasswordFunctionHeader, DataSize + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER)); + SmmPasswordFunctionHeader->Function = Function; + if (DataPtr != NULL) { + *DataPtr = SmmPasswordFunctionHeader + 1; + } + + return Buffer; +} + +/** + Send the data in communicate buffer to SMM. + + @param[in] Buffer Points to the data in the communicate buffer. + @param[in] DataSize The data size to send to SMM. + + @retval EFI_SUCCESS Success is returned from the function in SMM. + @retval Others Failure is returned from the function in SMM. + +**/ +EFI_STATUS +UserPasswordLibSendCommunicateBuffer ( + IN VOID *Buffer, + IN UINTN DataSize + ) +{ + EFI_STATUS Status; + UINTN CommSize; + EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; + SMM_PASSWORD_COMMUNICATE_HEADER *SmmPasswordFunctionHeader; + EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; + + // + // Locates SMM Communication protocol. + // + Status = gBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &SmmCommunication); + ASSERT_EFI_ERROR (Status); + + CommSize = DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); + + Status = SmmCommunication->Communicate (SmmCommunication, Buffer, &CommSize); + ASSERT_EFI_ERROR (Status); + + SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer; + SmmPasswordFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *)SmmCommunicateHeader->Data; + return SmmPasswordFunctionHeader->ReturnStatus; +} + +/** + Validate if the password is correct. + + @param[in] Password The user input password. + @param[in] PasswordSize The size of Password in byte. + + @retval EFI_SUCCESS The password is correct. + @retval EFI_SECURITY_VIOLATION The password is incorrect. + @retval EFI_INVALID_PARAMETER The password or size is invalid. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to verify the password. + @retval EFI_ACCESS_DENIED Password retry count reach. +**/ +EFI_STATUS +EFIAPI +VerifyPassword ( + IN CHAR16 *Password, + IN UINTN PasswordSize + ) +{ + EFI_STATUS Status; + VOID *Buffer; + SMM_PASSWORD_COMMUNICATE_VERIFY_PASSWORD *VerifyPassword; + + ASSERT (Password != NULL); + + if (PasswordSize > sizeof(VerifyPassword->Password) * sizeof(CHAR16)) { + return EFI_INVALID_PARAMETER; + } + + Buffer = UserPasswordLibInitCommunicateBuffer ( + (VOID**)&VerifyPassword, + sizeof(*VerifyPassword), + SMM_PASSWORD_FUNCTION_VERIFY_PASSWORD + ); + if (Buffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Status = UnicodeStrToAsciiStrS (Password, VerifyPassword->Password, sizeof(VerifyPassword->Password)); + if (EFI_ERROR(Status)) { + goto EXIT; + } + + Status = UserPasswordLibSendCommunicateBuffer (Buffer, sizeof(*VerifyPassword)); + +EXIT: + ZeroMem (VerifyPassword, sizeof(*VerifyPassword)); + return Status; +} + +/** + Set a new password. + + @param[in] NewPassword The user input new password. + NULL means clear password. + @param[in] NewPasswordSize The size of NewPassword in byte. + @param[in] OldPassword The user input old password. + NULL means no old password. + @param[in] OldPasswordSize The size of OldPassword in byte. + + @retval EFI_SUCCESS The NewPassword is set successfully. + @retval EFI_SECURITY_VIOLATION The OldPassword is incorrect. + @retval EFI_INVALID_PARAMETER The password or size is invalid. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to set the password. + @retval EFI_ACCESS_DENIED Password retry count reach. + @retval EFI_UNSUPPORTED NewPassword is not strong enough. + @retval EFI_ALREADY_STARTED NewPassword is in history. +**/ +EFI_STATUS +EFIAPI +SetPassword ( + IN CHAR16 *NewPassword, OPTIONAL + IN UINTN NewPasswordSize, + IN CHAR16 *OldPassword, OPTIONAL + IN UINTN OldPasswordSize + ) +{ + EFI_STATUS Status; + VOID *Buffer; + SMM_PASSWORD_COMMUNICATE_SET_PASSWORD *SetPassword; + + if (NewPasswordSize > sizeof(SetPassword->NewPassword) * sizeof(CHAR16)) { + return EFI_INVALID_PARAMETER; + } + if (OldPasswordSize > sizeof(SetPassword->OldPassword) * sizeof(CHAR16)) { + return EFI_INVALID_PARAMETER; + } + + Buffer = UserPasswordLibInitCommunicateBuffer ( + (VOID**)&SetPassword, + sizeof(*SetPassword), + SMM_PASSWORD_FUNCTION_SET_PASSWORD + ); + if (Buffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + if (NewPassword != NULL) { + Status = UnicodeStrToAsciiStrS (NewPassword, SetPassword->NewPassword, sizeof(SetPassword->NewPassword)); + if (EFI_ERROR(Status)) { + goto EXIT; + } + } else { + SetPassword->NewPassword[0] = 0; + } + + if (OldPassword != NULL) { + Status = UnicodeStrToAsciiStrS (OldPassword, SetPassword->OldPassword, sizeof(SetPassword->OldPassword)); + if (EFI_ERROR(Status)) { + goto EXIT; + } + } else { + SetPassword->OldPassword[0] = 0; + } + + Status = UserPasswordLibSendCommunicateBuffer (Buffer, sizeof(*SetPassword)); + +EXIT: + ZeroMem (SetPassword, sizeof(*SetPassword)); + return Status; +} + +/** + Return if the password is set. + + @retval TRUE The password is set. + @retval FALSE The password is not set. +**/ +BOOLEAN +EFIAPI +IsPasswordInstalled ( + VOID + ) +{ + EFI_STATUS Status; + VOID *Buffer; + + Buffer = UserPasswordLibInitCommunicateBuffer ( + NULL, + 0, + SMM_PASSWORD_FUNCTION_IS_PASSWORD_SET + ); + if (Buffer == NULL) { + return FALSE; + } + + Status = UserPasswordLibSendCommunicateBuffer (Buffer, 0); + if (EFI_ERROR (Status)) { + return FALSE; + } + + return TRUE; +} + diff --git a/DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.inf b/DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.inf new file mode 100644 index 0000000000..a3124aa443 --- /dev/null +++ b/DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.inf @@ -0,0 +1,37 @@ +## @file +# UserPasswordLib instance provides services to set/verify password +# and return if the password is set. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = UserPasswordLib + FILE_GUID = 422BA58A-F162-4ECC-BD9A-AD84FE940F37 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = UserPasswordLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER UEFI_APPLICATION + +[Sources] + UserPasswordLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UserAuthFeaturePkg/UserAuthFeaturePkg.dec + +[LibraryClasses] + UefiBootServicesTableLib + DebugLib + UefiLib + BaseMemoryLib + +[Guids] + gUserAuthenticationGuid ## CONSUMES ## GUID + gEdkiiPiSmmCommunicationRegionTableGuid ## CONSUMES ## SystemTable + +[Protocols] + gEfiSmmCommunicationProtocolGuid ## CONSUMES diff --git a/DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.c b/DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.c new file mode 100644 index 0000000000..050bfda63a --- /dev/null +++ b/DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.c @@ -0,0 +1,522 @@ +/** @file + UserPasswordUiLib instance provides services to do password authentication. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** + Initialize the communicate buffer using DataSize and Function. + + @param[out] DataPtr Points to the data in the communicate buffer. + @param[in] DataSize The data size to send to SMM. + @param[in] Function The function number to initialize the communicate header. + + @return Communicate buffer. +**/ +VOID* +UserPasswordUiLibInitCommunicateBuffer ( + OUT VOID **DataPtr OPTIONAL, + IN UINTN DataSize, + IN UINTN Function + ) +{ + EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; + SMM_PASSWORD_COMMUNICATE_HEADER *SmmPasswordFunctionHeader; + VOID *Buffer; + EDKII_PI_SMM_COMMUNICATION_REGION_TABLE *SmmCommRegionTable; + EFI_MEMORY_DESCRIPTOR *SmmCommMemRegion; + UINTN Index; + UINTN Size; + EFI_STATUS Status; + + Buffer = NULL; + Status = EfiGetSystemConfigurationTable ( + &gEdkiiPiSmmCommunicationRegionTableGuid, + (VOID **) &SmmCommRegionTable + ); + if (EFI_ERROR (Status)) { + return NULL; + } + ASSERT (SmmCommRegionTable != NULL); + SmmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *) (SmmCommRegionTable + 1); + Size = 0; + for (Index = 0; Index < SmmCommRegionTable->NumberOfEntries; Index++) { + if (SmmCommMemRegion->Type == EfiConventionalMemory) { + Size = EFI_PAGES_TO_SIZE ((UINTN) SmmCommMemRegion->NumberOfPages); + if (Size >= (DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER))) { + break; + } + } + SmmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) SmmCommMemRegion + SmmCommRegionTable->DescriptorSize); + } + ASSERT (Index < SmmCommRegionTable->NumberOfEntries); + + Buffer = (VOID*)(UINTN)SmmCommMemRegion->PhysicalStart; + ASSERT (Buffer != NULL); + SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer; + CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gUserAuthenticationGuid); + SmmCommunicateHeader->MessageLength = DataSize + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); + + SmmPasswordFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *) SmmCommunicateHeader->Data; + ZeroMem (SmmPasswordFunctionHeader, DataSize + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER)); + SmmPasswordFunctionHeader->Function = Function; + if (DataPtr != NULL) { + *DataPtr = SmmPasswordFunctionHeader + 1; + } + + return Buffer; +} + +/** + Send the data in communicate buffer to SMM. + + @param[in] Buffer Points to the data in the communicate buffer. + @param[in] DataSize The data size to send to SMM. + + @retval EFI_SUCCESS Success is returned from the function in SMM. + @retval Others Failure is returned from the function in SMM. + +**/ +EFI_STATUS +UserPasswordUiLibSendCommunicateBuffer ( + IN VOID *Buffer, + IN UINTN DataSize + ) +{ + EFI_STATUS Status; + UINTN CommSize; + EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; + SMM_PASSWORD_COMMUNICATE_HEADER *SmmPasswordFunctionHeader; + EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; + + // + // Locates SMM Communication protocol. + // + Status = gBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &SmmCommunication); + ASSERT_EFI_ERROR (Status); + + CommSize = DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); + + Status = SmmCommunication->Communicate (SmmCommunication, Buffer, &CommSize); + ASSERT_EFI_ERROR (Status); + + SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer; + SmmPasswordFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *)SmmCommunicateHeader->Data; + return SmmPasswordFunctionHeader->ReturnStatus; +} + +/** + Set password verification policy. + + @param[in] NeedReVerify Need re-verify or not. + + @retval EFI_SUCCESS Set verification policy successfully. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to set verification policy. +**/ +EFI_STATUS +EFIAPI +UiSetPasswordVerificationPolicy ( + IN BOOLEAN NeedReVerify + ) +{ + VOID *Buffer; + SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *SetVerifyPolicy; + + Buffer = UserPasswordUiLibInitCommunicateBuffer ( + (VOID**)&SetVerifyPolicy, + sizeof(*SetVerifyPolicy), + SMM_PASSWORD_FUNCTION_SET_VERIFY_POLICY + ); + if (Buffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + SetVerifyPolicy->NeedReVerify = NeedReVerify; + + return UserPasswordUiLibSendCommunicateBuffer (Buffer, sizeof(*SetVerifyPolicy)); +} + +/** + Get a user input string. + + @param[in] PopUpString A popup string to inform user. + @param[in, out] UserInput The user input string + @param[in] UserInputMaxLen The max unicode count of the UserInput without NULL terminator. +**/ +EFI_STATUS +GetUserInput ( + IN CHAR16 *PopUpString, + IN OUT CHAR16 *UserInput, + IN UINTN UserInputMaxLen + ) +{ + EFI_INPUT_KEY InputKey; + UINTN InputLength; + CHAR16 *Mask; + + UserInput[0] = 0; + Mask = AllocateZeroPool ((UserInputMaxLen + 1) * sizeof(CHAR16)); + if (Mask == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + InputLength = 0; + + while (TRUE) { + if (InputLength < UserInputMaxLen) { + Mask[InputLength] = L'_'; + } + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + L"--------------------------------", + Mask, + NULL + ); + if (InputKey.ScanCode == SCAN_NULL) { + // + // Check whether finish inputing password. + // + if (InputKey.UnicodeChar == CHAR_CARRIAGE_RETURN && InputLength > 0) { + // + // Add the null terminator. + // + UserInput[InputLength] = 0; + break; + } else if ((InputKey.UnicodeChar == CHAR_NULL) || + (InputKey.UnicodeChar == CHAR_LINEFEED) || + (InputKey.UnicodeChar == CHAR_CARRIAGE_RETURN) + ) { + continue; + } else { + // + // delete last key entered + // + if (InputKey.UnicodeChar == CHAR_BACKSPACE) { + if (InputLength > 0) { + UserInput[InputLength] = 0; + Mask[InputLength] = 0; + InputLength--; + } + } else { + if (InputLength == UserInputMaxLen) { + Mask[InputLength] = 0; + continue; + } + // + // add Next key entry + // + UserInput[InputLength] = InputKey.UnicodeChar; + Mask[InputLength] = L'*'; + InputLength++; + } + } + } + } + FreePool (Mask); + return EFI_SUCCESS; +} + +/** + Display a message box to end user. + + @param[in] DisplayString The string in message box. +**/ +VOID +MessageBox ( + IN CHAR16 *DisplayString + ) +{ + EFI_INPUT_KEY Key; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"", + DisplayString, + L"Press ENTER to continue ...", + L"", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); +} + +/** + Force system reset. +**/ +VOID +ForceSystemReset ( + VOID + ) +{ + MessageBox (L"Password retry count reach, reset system!"); + gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); + CpuDeadLoop(); +} + +/** + Display message for set password. + + @param[in] ReturnStatus The return status for set password. +**/ +VOID +PrintSetPasswordStatus ( + IN EFI_STATUS ReturnStatus + ) +{ + CHAR16 *DisplayString; + CHAR16 *DisplayString2; + + EFI_INPUT_KEY Key; + + if (ReturnStatus == EFI_UNSUPPORTED) { + DisplayString = L"New password is not strong enough!"; + DisplayString2 = L"Password must at least 8 chars and include lowercase, uppercase alphabetic, number and symbol"; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"", + DisplayString, + DisplayString2, + L"Press ENTER to continue ...", + L"", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } else { + if (ReturnStatus == EFI_SUCCESS) { + DisplayString = L"New password is updated successfully!"; + } else if (ReturnStatus == EFI_ALREADY_STARTED) { + DisplayString = L"New password is found in the history passwords!"; + } else { + DisplayString = L"New password update fails!"; + } + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"", + DisplayString, + L"Press ENTER to continue ...", + L"", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } +} + +/** + Get password verification policy. + + @param[out] VerifyPolicy Verification policy. + + @retval EFI_SUCCESS Get verification policy successfully. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to get verification policy. +**/ +EFI_STATUS +GetPasswordVerificationPolicy ( + OUT SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *VerifyPolicy + ) +{ + EFI_STATUS Status; + VOID *Buffer; + SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *TempVerifyPolicy; + + Buffer = UserPasswordUiLibInitCommunicateBuffer ( + (VOID**)&TempVerifyPolicy, + sizeof(*TempVerifyPolicy), + SMM_PASSWORD_FUNCTION_GET_VERIFY_POLICY + ); + if (Buffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Status = UserPasswordUiLibSendCommunicateBuffer (Buffer, sizeof(*TempVerifyPolicy)); + if (!EFI_ERROR (Status)) { + CopyMem (VerifyPolicy, TempVerifyPolicy, sizeof (SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY)); + } + + return Status; +} + +/** + Return if the password was verified. + + @retval TRUE The password was verified. + @retval FALSE The password was not verified. +**/ +BOOLEAN +WasPasswordVerified ( + VOID + ) +{ + EFI_STATUS Status; + VOID *Buffer; + + Buffer = UserPasswordUiLibInitCommunicateBuffer ( + NULL, + 0, + SMM_PASSWORD_FUNCTION_WAS_PASSWORD_VERIFIED + ); + if (Buffer == NULL) { + return FALSE; + } + + Status = UserPasswordUiLibSendCommunicateBuffer (Buffer, 0); + if (EFI_ERROR (Status)) { + return FALSE; + } + + return TRUE; +} + +/** + Require user input password. + + @retval TRUE User input correct password successfully. + @retval FALSE The password is not set. +**/ +BOOLEAN +RequireUserPassword ( + VOID + ) +{ + EFI_STATUS Status; + CHAR16 UserInputPw[PASSWORD_MAX_SIZE]; + CHAR16 *PopUpString; + SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY VerifyPolicy; + + Status = EFI_SUCCESS; + ZeroMem(UserInputPw, sizeof(UserInputPw)); + + if (!IsPasswordInstalled ()) { + return FALSE; + } + + Status = GetPasswordVerificationPolicy (&VerifyPolicy); + if (!EFI_ERROR (Status)) { + if (WasPasswordVerified() && (!VerifyPolicy.NeedReVerify)) { + DEBUG ((DEBUG_INFO, "Password was verified and Re-verify is not needed\n")); + return TRUE; + } + } + + PopUpString = L"Please input admin password"; + + while (TRUE) { + gST->ConOut->ClearScreen(gST->ConOut); + GetUserInput (PopUpString, UserInputPw, PASSWORD_MAX_SIZE - 1); + + Status = VerifyPassword (UserInputPw, StrSize(UserInputPw)); + if (!EFI_ERROR(Status)) { + break; + } + if (Status == EFI_ACCESS_DENIED) { + // + // Password retry count reach. + // + ForceSystemReset (); + } + MessageBox (L"Incorrect password!"); + } + + ZeroMem(UserInputPw, sizeof(UserInputPw)); + + gST->ConOut->ClearScreen(gST->ConOut); + + return TRUE; +} + +/** + Set user password. + +**/ +VOID +SetUserPassword ( + VOID + ) +{ + EFI_STATUS Status; + CHAR16 UserInputPw[PASSWORD_MAX_SIZE]; + CHAR16 TmpPassword[PASSWORD_MAX_SIZE]; + CHAR16 *PopUpString; + CHAR16 *PopUpString2; + + ZeroMem(UserInputPw, sizeof(UserInputPw)); + ZeroMem(TmpPassword, sizeof(TmpPassword)); + + PopUpString = L"Please set admin password"; + + while (TRUE) { + gST->ConOut->ClearScreen(gST->ConOut); + GetUserInput (PopUpString, UserInputPw, PASSWORD_MAX_SIZE - 1); + + PopUpString2 = L"Please confirm your new password"; + gST->ConOut->ClearScreen(gST->ConOut); + GetUserInput (PopUpString2, TmpPassword, PASSWORD_MAX_SIZE - 1); + if (StrCmp (TmpPassword, UserInputPw) != 0) { + MessageBox (L"Password are not the same!"); + continue; + } + + Status = SetPassword (UserInputPw, StrSize(UserInputPw), NULL, 0); + PrintSetPasswordStatus (Status); + if (!EFI_ERROR(Status)) { + break; + } + } + + ZeroMem(UserInputPw, sizeof(UserInputPw)); + ZeroMem(TmpPassword, sizeof(TmpPassword)); + + gST->ConOut->ClearScreen(gST->ConOut); +} + +/** + Do password authentication. + + @retval EFI_SUCCESS Password authentication pass. +**/ +EFI_STATUS +EFIAPI +UiDoPasswordAuthentication ( + VOID + ) +{ + BOOLEAN PasswordSet; + + PasswordSet = RequireUserPassword (); + if (PasswordSet) { + DEBUG ((DEBUG_INFO, "Welcome Admin!\n")); + } else { + DEBUG ((DEBUG_INFO, "Admin password is not set!\n")); + if (NeedEnrollPassword()) { + SetUserPassword (); + } + } + + return EFI_SUCCESS; +} + diff --git a/DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.inf b/DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.inf new file mode 100644 index 0000000000..8f6a693d76 --- /dev/null +++ b/DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.inf @@ -0,0 +1,41 @@ +## @file +# UserPasswordUiLib instance provides services to do password authentication. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = UserPasswordUiLib + FILE_GUID = E2E92636-F511-46BC-A08B-02F815AFA884 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = UserPasswordUiLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER UEFI_APPLICATION + +[Sources] + UserPasswordUiLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UserAuthFeaturePkg/UserAuthFeaturePkg.dec + +[LibraryClasses] + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + DebugLib + UefiLib + MemoryAllocationLib + BaseMemoryLib + PrintLib + PlatformPasswordLib + UserPasswordLib + +[Guids] + gUserAuthenticationGuid ## CONSUMES ## GUID + gEdkiiPiSmmCommunicationRegionTableGuid ## CONSUMES ## SystemTable + +[Protocols] + gEfiSmmCommunicationProtocolGuid ## CONSUMES diff --git a/DasharoModulePkg/UserAuthFeaturePkg/Readme.md b/DasharoModulePkg/UserAuthFeaturePkg/Readme.md new file mode 100644 index 0000000000..b236d2ad30 --- /dev/null +++ b/DasharoModulePkg/UserAuthFeaturePkg/Readme.md @@ -0,0 +1,98 @@ +# Overview +* **Feature Name:** User Authentication +* **PI Phase(s) Supported:** DXE +* **SMM Required?** Yes + +## Purpose +This feature provides a user authentication service which includes: +1. An HII form to present a user password prompt. +2. A DXE driver to manage the state of the UI and use the SMM Communicate protocol to manage password data with + the SMM driver. +3. A SMM driver to perform password authentication in an isolated execution environment and manage the password hash + on non-volatile storage in the form of a UEFI variable. + +# High-Level Theory of Operation +*_TODO_* +A description of how the device works at a high-level. + +The description should not be constrained to implementation details but provide a simple mental model of how the +feature is supposed to work. + +## Firmware Volumes +*_TODO_* +A bulleted list of the firmware volumes that feature module(s) are placed in. + +## Modules +*_TODO_* +A bulleted list of the modules that make up the feature. + +## +*_TODO_* +Each module in the feature should have a section that describes the module in a level of detail that is useful +to better understand the module source code. + +## +*_TODO_* +Each library in the feature should have a section that describes the library in a level of detail that is useful +to better understand the library source code. + +## Key Functions +*_TODO_* +A bulleted list of key functions for interacting with the feature. + +Not all features need to be listed. Only functions exposed through external interfaces that are important for feature +users to be aware of. + +## Configuration +*_TODO_* +Information that is useful for configuring the feature. + +Not all configuration options need to be listed. This section is used to provide more background on configuration +options than possible elsewhere. + +## Data Flows +*_TODO_* +Architecturally defined data structures and flows for the feature. + +## Control Flows +*_TODO_* +Key control flows for the feature. + +## Build Flows +*_TODO_* +Any special build flows should be described in this section. + +This is particularly useful for features that use custom build tools or require non-standard tool configuration. If the +standard flow in the feature package template is used, this section may be empty. + +## Test Point Results +*_TODO_* +The test(s) that can verify porting is complete for the feature. + +Each feature must describe at least one test point to verify the feature is successful. If the test point is not +implemented, this should be stated. + +## Functional Exit Criteria +*_TODO_* +The testable functionality for the feature. + +This section should provide an ordered list of criteria that a board integrator can reference to ensure the feature is +functional on their board. + +## Feature Enabling Checklist +*_TODO_* +An ordered list of required activities to achieve desired functionality for the feature. + +## Performance Impact +A general expectation for the impact on overall boot performance due to using this feature. + +This section is expected to provide guidance on: +* How to estimate performance impact due to the feature +* How to measure performance impact of the feature +* How to manage performance impact of the feature + +## Common Optimizations +*_TODO_* +Common size or performance tuning options for this feature. + +This section is recommended but not required. If not used, the contents should be left empty. diff --git a/DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dec b/DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dec new file mode 100644 index 0000000000..a9174edd54 --- /dev/null +++ b/DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dec @@ -0,0 +1,49 @@ +## @file +# This package provides advanced feature functionality for User Authentication support. +# This package should only depend on EDK II Core packages, IntelSiliconPkg, and MinPlatformPkg. +# +# The DEC files are used by the utilities that parse DSC and +# INF files to generate AutoGen.c and AutoGen.h files +# for the build infrastructure. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + DEC_SPECIFICATION = 0x00010017 + PACKAGE_NAME = UserAuthFeaturePkg + PACKAGE_GUID = 08737161-3956-422A-9ABD-FCE3C8DBA3D4 + PACKAGE_VERSION = 0.1 + +[Includes] + Include + +[LibraryClasses] + ## @libraryclass Provides a platform-specific method to return the password policy. + PlatformPasswordLib|Include/Library/PlatformPasswordLib.h + + ## @libraryclass Provides services to set/verify the password and return if the password is set. + UserPasswordLib|Include/Library/UserPasswordLib.h + + ## @libraryclass Provides services to perform password authentication. + UserPasswordUiLib|Include/Library/UserPasswordUiLib.h + +[Guids] + gUserAuthFeaturePkgTokenSpaceGuid = {0xa2793a6e, 0x6af1, 0x45c4, {0x88, 0x4d, 0x3d, 0x0c, 0x7a, 0xfe, 0x91, 0xc6}} + + ## Include Include/Guid/UserAuthentication.h + gUserAuthenticationGuid = { 0xee24a7f7, 0x606b, 0x4724, { 0xb3, 0xc9, 0xf5, 0xae, 0x4a, 0x3b, 0x81, 0x65}} + +[PcdsFeatureFlag] + ## This PCD specifies whether StatusCode is reported via USB3 Serial port. + gUserAuthFeaturePkgTokenSpaceGuid.PcdUserAuthenticationFeatureEnable|FALSE|BOOLEAN|0xA0000001 + +[PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] + ## Indicate whether the password is cleared. + # When it is configured to Dynamic or DynamicEx, it can be set through detection using + # a platform-specific method (e.g. Board Jumper set) in a actual platform in early boot phase.

+ # @Prompt The password clear status + gUserAuthFeaturePkgTokenSpaceGuid.PcdPasswordCleared|FALSE|BOOLEAN|0xF0000001 diff --git a/DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dsc b/DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dsc new file mode 100644 index 0000000000..8af4dd4cd9 --- /dev/null +++ b/DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dsc @@ -0,0 +1,47 @@ +## @file +# This is a build description file for the User Authentication advanced feature. +# This package should only depend on EDK II Core packages, IntelSiliconPkg, and MinPlatformPkg. +# +# The DEC files are used by the utilities that parse DSC and +# INF files to generate AutoGen.c and AutoGen.h files +# for the build infrastructure. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + PLATFORM_NAME = UserAuthFeaturePkg + PLATFORM_GUID = E859E721-41C7-46A9-98DE-8C2F29097880 + PLATFORM_VERSION = 0.1 + DSC_SPECIFICATION = 0x00010005 + OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME) + SUPPORTED_ARCHITECTURES = IA32|X64 + BUILD_TARGETS = DEBUG|RELEASE|NOOPT + SKUID_IDENTIFIER = DEFAULT + PEI_ARCH = IA32 + DXE_ARCH = X64 + +[Packages] + MinPlatformPkg/MinPlatformPkg.dec + +# +# MinPlatform common include for required feature PCD +# These PCD must be set before the core include files, CoreCommonLib, +# CorePeiLib, and CoreDxeLib. +# +!include MinPlatformPkg/Include/Dsc/MinPlatformFeaturesPcd.dsc.inc + +# +# Include common libraries +# +!include MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc +!include MinPlatformPkg/Include/Dsc/CorePeiLib.dsc +!include MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc + +# +# This package always builds the feature. +# +!include Include/UserAuthFeature.dsc diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/KeyService.c b/DasharoModulePkg/UserAuthenticationDxeSmm/KeyService.c new file mode 100644 index 0000000000..8b06e58ca5 --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/KeyService.c @@ -0,0 +1,133 @@ +/** @file + Password key service. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include "KeyService.h" + +/** + Compares the contents of two buffers with slow algorithm + + This function compares Length bytes of SourceBuffer to Length bytes of DestinationBuffer. + If all Length bytes of the two buffers are identical, then 0 is returned. Otherwise, the + value returned is the first mismatched byte in SourceBuffer subtracted from the first + mismatched byte in DestinationBuffer. + + If Length > 0 and DestinationBuffer is NULL, then ASSERT(). + If Length > 0 and SourceBuffer is NULL, then ASSERT(). + If Length is greater than (MAX_ADDRESS - DestinationBuffer + 1), then ASSERT(). + If Length is greater than (MAX_ADDRESS - SourceBuffer + 1), then ASSERT(). + + @param DestinationBuffer The pointer to the destination buffer to compare. + @param SourceBuffer The pointer to the source buffer to compare. + @param Length The number of bytes to compare. + + @return 0 All Length bytes of the two buffers are identical. + @retval -1 The SourceBuffer is not identical to DestinationBuffer. + +**/ +INTN +EFIAPI +KeyLibSlowCompareMem ( + IN CONST VOID *DestinationBuffer, + IN CONST VOID *SourceBuffer, + IN UINTN Length + ) +{ + UINT8 Delta; + UINTN Index; + UINT8 *Destination; + UINT8 *Source; + + Destination = (UINT8 *)DestinationBuffer; + Source = (UINT8 *)SourceBuffer; + Delta = 0; + for (Index = 0; Index < Length; Index++) { + Delta |= Destination[Index] ^ Source[Index]; + } + if (Delta == 0) { + return 0; + } else { + return -1; + } +} + +/** + Generate Salt value. + + @param[in, out] SaltValue Points to the salt buffer + @param[in] SaltSize Size of the salt buffer + + @retval TRUE Salt is generated. + @retval FALSE Salt is not generated. +**/ +BOOLEAN +EFIAPI +KeyLibGenerateSalt ( + IN OUT UINT8 *SaltValue, + IN UINTN SaltSize + ) +{ + if (SaltValue == NULL) { + return FALSE; + } + RandomSeed(NULL, 0); + RandomBytes(SaltValue, SaltSize); + return TRUE; +} + +/** + Hash the password with PBKDF2. + + @param[in] HashType Hash type + @param[in] Key Points to the key buffer + @param[in] KeySize Key buffer size + @param[in] SaltValue Points to the salt buffer + @param[in] SaltSize Size of the salt buffer + @param[out] KeyHash Points to the hashed result + @param[in] KeyHashSize Size of the hash buffer + + @retval TRUE Hash the data successfully. + @retval FALSE Failed to hash the data. + +**/ +BOOLEAN +EFIAPI +KeyLibGeneratePBKDF2Hash ( + IN UINT32 HashType, + IN VOID *Key, + IN UINTN KeySize, + IN UINT8 *SaltValue, + IN UINTN SaltSize, + OUT UINT8 *KeyHash, + IN UINTN KeyHashSize + ) +{ + BOOLEAN Result; + + if (HashType != HASH_TYPE_SHA256) { + return FALSE; + } + if (KeyHashSize != SHA256_DIGEST_SIZE) { + return FALSE; + } + + Result = Pkcs5HashPassword ( + KeySize, + Key, + SaltSize, + SaltValue, + DEFAULT_PBKDF2_ITERATION_COUNT, + SHA256_DIGEST_SIZE, + KeyHashSize, + KeyHash + ); + return Result; +} diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/KeyService.h b/DasharoModulePkg/UserAuthenticationDxeSmm/KeyService.h new file mode 100644 index 0000000000..d0b20851fa --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/KeyService.h @@ -0,0 +1,88 @@ +/** @file + Header file for key service. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __KEY_LIB_H__ +#define __KEY_LIB_H__ + +/** + Compares the contents of two buffers with slow algorithm + + This function compares Length bytes of SourceBuffer to Length bytes of DestinationBuffer. + If all Length bytes of the two buffers are identical, then 0 is returned. Otherwise, the + value returned is the first mismatched byte in SourceBuffer subtracted from the first + mismatched byte in DestinationBuffer. + + If Length > 0 and DestinationBuffer is NULL, then ASSERT(). + If Length > 0 and SourceBuffer is NULL, then ASSERT(). + If Length is greater than (MAX_ADDRESS - DestinationBuffer + 1), then ASSERT(). + If Length is greater than (MAX_ADDRESS - SourceBuffer + 1), then ASSERT(). + + @param DestinationBuffer The pointer to the destination buffer to compare. + @param SourceBuffer The pointer to the source buffer to compare. + @param Length The number of bytes to compare. + + @return 0 All Length bytes of the two buffers are identical. + @retval -1 The SourceBuffer is not identical to DestinationBuffer. + +**/ +INTN +EFIAPI +KeyLibSlowCompareMem ( + IN CONST VOID *DestinationBuffer, + IN CONST VOID *SourceBuffer, + IN UINTN Length + ); + +/** + Generate Salt value. + + @param[in, out] SaltValue Points to the salt buffer + @param[in] SaltSize Size of the salt buffer + + @retval TRUE Salt is generated. + @retval FALSE Salt is not generated. +**/ +BOOLEAN +EFIAPI +KeyLibGenerateSalt( + IN OUT UINT8 *SaltValue, + IN UINTN SaltSize + ); + +#define HASH_TYPE_SHA256 0x000B +#define DEFAULT_PBKDF2_ITERATION_COUNT 1000 + +/** + Hash the password with PBKDF2. + + @param[in] HashType Hash type + @param[in] Key Points to the key buffer + @param[in] KeySize Key buffer size + @param[in] SaltValue Points to the salt buffer + @param[in] SaltSize Size of the salt buffer + @param[out] KeyHash Points to the hashed result + @param[in] KeyHashSize Size of the hash buffer + + @retval TRUE Hash the data successfully. + @retval FALSE Failed to hash the data. + +**/ +BOOLEAN +EFIAPI +KeyLibGeneratePBKDF2Hash ( + IN UINT32 HashType, + IN VOID *Key, + IN UINTN KeySize, + IN UINT8 *SaltValue, + IN UINTN SaltSize, + OUT UINT8 *KeyHash, + IN UINTN KeyHashSize + ); + +#endif + diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.c b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.c new file mode 100644 index 0000000000..b4326d380f --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.c @@ -0,0 +1,484 @@ +/** @file + This Driver mainly provides Setup Form to change password. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "UserAuthentication2Dxe.h" + +USER_AUTHENTICATION_PRIVATE_DATA *mUserAuthenticationData = NULL; + +EFI_GUID mUserAuthenticationVendorGuid = USER_AUTHENTICATION_FORMSET_GUID; +HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + USER_AUTHENTICATION_FORMSET_GUID + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + (UINT8) (END_DEVICE_PATH_LENGTH), + (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + } + } +}; + +/** + Display a message box to end user. + + @param[in] DisplayString The string in message box. +**/ +VOID +MessageBox ( + IN CHAR16 *DisplayString + ) +{ + EFI_INPUT_KEY Key; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"", + DisplayString, + L"Press ENTER to continue ...", + L"", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); +} + +/** + Force system reset. +**/ +VOID +ForceSystemReset ( + VOID + ) +{ + MessageBox (L"Password retry count reach, reset system!"); + gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); + CpuDeadLoop(); +} + +/** + Display message for set password. + + @param[in] ReturnStatus The return status for set password. +**/ +VOID +PrintSetPasswordStatus ( + IN EFI_STATUS ReturnStatus + ) +{ + CHAR16 *DisplayString; + CHAR16 *DisplayString2; + + EFI_INPUT_KEY Key; + + if (ReturnStatus == EFI_UNSUPPORTED) { + DisplayString = L"New password is not strong enough!"; + DisplayString2 = L"Password must at least 8 chars and include lowercase, uppercase alphabetic, number and symbol"; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"", + DisplayString, + DisplayString2, + L"Press ENTER to continue ...", + L"", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } else { + if (ReturnStatus == EFI_SUCCESS) { + DisplayString = L"New password is updated successfully!"; + } else if (ReturnStatus == EFI_ALREADY_STARTED) { + DisplayString = L"New password is found in the history passwords!"; + } else { + DisplayString = L"New password update fails!"; + } + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"", + DisplayString, + L"Press ENTER to continue ...", + L"", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } +} + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Request A null-terminated Unicode string in + format. + @param Progress On return, points to a character in the Request + string. Points to the string's null terminator if + request was successful. Points to the most recent + '&' before the first failing name/value pair (or + the beginning of the string if the failure is in + the first name/value pair) if the request was not + successful. + @param Results A null-terminated Unicode string in + format which has all values filled + in for the names in the Request string. String to + be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +ExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ) +{ + if (Progress == NULL || Results == NULL) { + return EFI_INVALID_PARAMETER; + } + *Progress = Request; + return EFI_NOT_FOUND; +} + + +/** + This function processes the results of changes in configuration. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Configuration A null-terminated Unicode string in + format. + @param Progress A pointer to a string filled in with the offset of + the most recent '&' before the first failing + name/value pair (or the beginning of the string if + the failure is in the first name/value pair) or + the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +RouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ) +{ + if (Configuration == NULL || Progress == NULL) { + return EFI_INVALID_PARAMETER; + } + + *Progress = Configuration; + + return EFI_NOT_FOUND; +} + +/** + HII update Admin Password status. + +**/ +VOID +HiiUpdateAdminPasswordStatus ( + VOID + ) +{ + if (IsPasswordInstalled ()) { + HiiSetString ( + mUserAuthenticationData->HiiHandle, + STRING_TOKEN (STR_ADMIN_PASSWORD_STS_CONTENT), + L"Installed", + NULL + ); + } else { + HiiSetString ( + mUserAuthenticationData->HiiHandle, + STRING_TOKEN (STR_ADMIN_PASSWORD_STS_CONTENT), + L"Not Installed", + NULL + ); + } +} + +/** + This function processes the results of changes in configuration. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Action Specifies the type of action taken by the browser. + @param QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param Type The type of value for the question. + @param Value A pointer to the data being sent to the original + exporting driver. + @param ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback. + +**/ +EFI_STATUS +EFIAPI +UserAuthenticationCallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ) +{ + EFI_STATUS Status; + CHAR16 *UserInputPassword; + + Status = EFI_SUCCESS; + + if (((Value == NULL) && (Action != EFI_BROWSER_ACTION_FORM_OPEN) && (Action != EFI_BROWSER_ACTION_FORM_CLOSE)) || + (ActionRequest == NULL)) { + return EFI_INVALID_PARAMETER; + } + + switch (Action) { + case EFI_BROWSER_ACTION_FORM_OPEN: + { + switch (QuestionId) { + case ADMIN_PASSWORD_KEY_ID: + HiiUpdateAdminPasswordStatus (); + default: + break; + } + } + break; + case EFI_BROWSER_ACTION_CHANGING: + { + switch (QuestionId) { + case ADMIN_PASSWORD_KEY_ID: + if ((Type == EFI_IFR_TYPE_STRING) && (Value->string == 0) && + (mUserAuthenticationData->PasswordState == BROWSER_STATE_SET_PASSWORD)) { + mUserAuthenticationData->PasswordState = BROWSER_STATE_VALIDATE_PASSWORD; + ZeroMem (mUserAuthenticationData->OldPassword, sizeof(mUserAuthenticationData->OldPassword)); + return EFI_INVALID_PARAMETER; + } + // + // The Callback is responsible for validating old password input by user, + // If Callback return EFI_SUCCESS, it indicates validation pass. + // + switch (mUserAuthenticationData->PasswordState) { + case BROWSER_STATE_VALIDATE_PASSWORD: + UserInputPassword = HiiGetString (mUserAuthenticationData->HiiHandle, Value->string, NULL); + if (UserInputPassword == NULL) { + return EFI_UNSUPPORTED; + } + if ((StrLen (UserInputPassword) >= PASSWORD_MAX_SIZE)) { + Status = EFI_NOT_READY; + break; + } + if (UserInputPassword[0] == 0) { + // + // Setup will use an empty password to check whether the old password is set, + // If the validation is successful, means there is no old password, return + // success to set the new password. Or need to return EFI_NOT_READY to + // let user input the old password. + // + Status = VerifyPassword (UserInputPassword, StrSize (UserInputPassword)); + if (Status == EFI_SUCCESS) { + mUserAuthenticationData->PasswordState = BROWSER_STATE_SET_PASSWORD; + } else { + Status = EFI_NOT_READY; + } + break; + } + Status = VerifyPassword (UserInputPassword, StrSize (UserInputPassword)); + if (Status == EFI_SUCCESS) { + mUserAuthenticationData->PasswordState = BROWSER_STATE_SET_PASSWORD; + StrCpyS ( + mUserAuthenticationData->OldPassword, + sizeof(mUserAuthenticationData->OldPassword)/sizeof(CHAR16), + UserInputPassword + ); + } else { + // + // Old password mismatch, return EFI_NOT_READY to prompt for error message. + // + if (Status == EFI_ACCESS_DENIED) { + // + // Password retry count reach. + // + ForceSystemReset (); + } + Status = EFI_NOT_READY; + } + break; + + case BROWSER_STATE_SET_PASSWORD: + UserInputPassword = HiiGetString (mUserAuthenticationData->HiiHandle, Value->string, NULL); + if (UserInputPassword == NULL) { + return EFI_UNSUPPORTED; + } + if ((StrLen (UserInputPassword) >= PASSWORD_MAX_SIZE)) { + Status = EFI_NOT_READY; + break; + } + Status = SetPassword (UserInputPassword, StrSize (UserInputPassword), mUserAuthenticationData->OldPassword, StrSize(mUserAuthenticationData->OldPassword)); + PrintSetPasswordStatus (Status); + ZeroMem (mUserAuthenticationData->OldPassword, sizeof(mUserAuthenticationData->OldPassword)); + mUserAuthenticationData->PasswordState = BROWSER_STATE_VALIDATE_PASSWORD; + HiiUpdateAdminPasswordStatus (); + break; + + default: + break; + } + default: + break; + } + } + break; + default: + break; + } + return Status; +} + +/** + User Authentication entry point. + + @param ImageHandle The image handle. + @param SystemTable The system table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @return other Contain some other errors. + +**/ +EFI_STATUS +EFIAPI +UserAuthentication2Entry ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE DriverHandle; + EFI_HII_HANDLE HiiHandle; + + DriverHandle = NULL; + + mUserAuthenticationData = AllocateZeroPool (sizeof (USER_AUTHENTICATION_PRIVATE_DATA)); + if (mUserAuthenticationData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + mUserAuthenticationData->ConfigAccess.ExtractConfig = ExtractConfig; + mUserAuthenticationData->ConfigAccess.RouteConfig = RouteConfig; + mUserAuthenticationData->ConfigAccess.Callback = UserAuthenticationCallback; + mUserAuthenticationData->PasswordState = BROWSER_STATE_VALIDATE_PASSWORD; + + // + // Install Config Access protocol to driver handle. + // + Status = gBS->InstallMultipleProtocolInterfaces ( + &DriverHandle, + &gEfiDevicePathProtocolGuid, + &mHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &mUserAuthenticationData->ConfigAccess, + NULL + ); + ASSERT_EFI_ERROR (Status); + mUserAuthenticationData->DriverHandle = DriverHandle; + + // + // Add HII data to database. + // + HiiHandle = HiiAddPackages ( + &mUserAuthenticationVendorGuid, + DriverHandle, + UserAuthentication2DxeStrings, + UserAuthenticationDxeVfrBin, + NULL + ); + if (HiiHandle == NULL) { + return EFI_OUT_OF_RESOURCES; + } + mUserAuthenticationData->HiiHandle = HiiHandle; + + return EFI_SUCCESS; +} + +/** + Unloads the application and its installed protocol. + + @param[in] ImageHandle Handle that identifies the image to be unloaded. + + @retval EFI_SUCCESS The image has been unloaded. +**/ +EFI_STATUS +EFIAPI +UserAuthentication2Unload ( + IN EFI_HANDLE ImageHandle + ) +{ + ASSERT (mUserAuthenticationData != NULL); + + // + // Uninstall Config Access Protocol. + // + if (mUserAuthenticationData->DriverHandle != NULL) { + gBS->UninstallMultipleProtocolInterfaces ( + mUserAuthenticationData->DriverHandle, + &gEfiDevicePathProtocolGuid, + &mHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &mUserAuthenticationData->ConfigAccess, + NULL + ); + mUserAuthenticationData->DriverHandle = NULL; + } + + // + // Remove Hii Data. + // + if (mUserAuthenticationData->HiiHandle != NULL) { + HiiRemovePackages (mUserAuthenticationData->HiiHandle); + } + + FreePool (mUserAuthenticationData); + mUserAuthenticationData = NULL; + + return EFI_SUCCESS; +} + diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.h b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.h new file mode 100644 index 0000000000..3b7fba026d --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.h @@ -0,0 +1,55 @@ +/** @file + Header file for UserAuthentication2Dxe. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _USER_AUTHENTICATION_DXE_H_ +#define _USER_AUTHENTICATION_DXE_H_ + + +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "UserAuthenticationDxeFormset.h" + +extern UINT8 UserAuthenticationDxeVfrBin[]; +extern UINT8 UserAuthentication2DxeStrings[]; + +typedef struct { + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; + EFI_HANDLE DriverHandle; + EFI_HII_HANDLE HiiHandle; + UINT8 PasswordState; + CHAR16 OldPassword[PASSWORD_MAX_SIZE]; +} USER_AUTHENTICATION_PRIVATE_DATA; + +#pragma pack(1) +/// +/// HII specific Vendor Device Path definition. +/// +typedef struct { + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; +} HII_VENDOR_DEVICE_PATH; +#pragma pack() + +#endif diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf new file mode 100644 index 0000000000..c47e20f052 --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf @@ -0,0 +1,52 @@ +## @file +# User Authentication 2 Dxe Driver. +# +# This Driver mainly provides Setup Form to change password. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = UserAuthentication2Dxe + FILE_GUID = 4EF592F4-C716-40CC-8C07-1E4E3BD71F11 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 2.0 + ENTRY_POINT = UserAuthentication2Entry + UNLOAD_IMAGE = UserAuthentication2Unload +[Sources] + UserAuthentication2Dxe.c + UserAuthentication2Dxe.h + UserAuthenticationDxeFormset.h + UserAuthenticationDxeVfr.vfr + UserAuthenticationDxeStrings.uni + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UserAuthFeaturePkg/UserAuthFeaturePkg.dec + +[LibraryClasses] + BaseLib + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiRuntimeServicesTableLib + BaseMemoryLib + DebugLib + UefiLib + HiiLib + DevicePathLib + MemoryAllocationLib + UserPasswordLib + +[Protocols] + gEfiDevicePathProtocolGuid ## PRODUCES + gEfiHiiConfigAccessProtocolGuid ## PRODUCES + +[Depex] + gEfiSimpleTextOutProtocolGuid AND + gEfiSmmCommunicationProtocolGuid AND + gEfiVariableArchProtocolGuid AND + gEfiVariableWriteArchProtocolGuid diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.c b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.c new file mode 100644 index 0000000000..bba2057a96 --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.c @@ -0,0 +1,780 @@ +/** @file + This Driver mainly provides Setup Form to change password and + does user authentication before entering Setup. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "UserAuthenticationDxe.h" + +EFI_EVENT mExitBootServicesEvent = NULL; +EFI_RSC_HANDLER_PROTOCOL *mRscHandlerProtocol = NULL; +USER_AUTHENTICATION_PRIVATE_DATA *mUserAuthenticationData = NULL; +EFI_SMM_COMMUNICATION_PROTOCOL *mSmmCommunication = NULL; + +EFI_GUID mUserAuthenticationVendorGuid = USER_AUTHENTICATION_FORMSET_GUID; +HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + USER_AUTHENTICATION_FORMSET_GUID + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + (UINT8) (END_DEVICE_PATH_LENGTH), + (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + } + } +}; + +/** + Get a user input string. + + @param[in] PopUpString A popup string to inform user. + @param[in, out] UserInput The user input string + @param[in] UserInputMaxLen The max unicode count of the UserInput without NULL terminator. +**/ +EFI_STATUS +GetUserInput ( + IN CHAR16 *PopUpString, + IN OUT CHAR16 *UserInput, + IN UINTN UserInputMaxLen + ) +{ + EFI_INPUT_KEY InputKey; + UINTN InputLength; + CHAR16 *Mask; + + UserInput[0] = 0; + Mask = AllocateZeroPool ((UserInputMaxLen + 1) * sizeof(CHAR16)); + if (Mask == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + InputLength = 0; + + while (TRUE) { + if (InputLength < UserInputMaxLen) { + Mask[InputLength] = L'_'; + } + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + L"--------------------------------", + Mask, + NULL + ); + if (InputKey.ScanCode == SCAN_NULL) { + // + // Check whether finish inputing password. + // + if (InputKey.UnicodeChar == CHAR_CARRIAGE_RETURN && InputLength > 0) { + // + // Add the null terminator. + // + UserInput[InputLength] = 0; + break; + } else if ((InputKey.UnicodeChar == CHAR_NULL) || + (InputKey.UnicodeChar == CHAR_LINEFEED) || + (InputKey.UnicodeChar == CHAR_CARRIAGE_RETURN) + ) { + continue; + } else { + // + // delete last key entered + // + if (InputKey.UnicodeChar == CHAR_BACKSPACE) { + if (InputLength > 0) { + UserInput[InputLength] = 0; + Mask[InputLength] = 0; + InputLength--; + } + } else { + if (InputLength == UserInputMaxLen) { + Mask[InputLength] = 0; + continue; + } + // + // add Next key entry + // + UserInput[InputLength] = InputKey.UnicodeChar; + Mask[InputLength] = L'*'; + InputLength++; + } + } + } + } + FreePool (Mask); + return EFI_SUCCESS; +} + +/** + Display a message box to end user. + + @param[in] DisplayString The string in message box. +**/ +VOID +MessageBox ( + IN CHAR16 *DisplayString + ) +{ + EFI_INPUT_KEY Key; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"", + DisplayString, + L"Press ENTER to continue ...", + L"", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); +} + +/** + Force system reset. +**/ +VOID +ForceSystemReset ( + VOID + ) +{ + MessageBox (L"Password retry count reach, reset system!"); + gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); + CpuDeadLoop(); +} + +/** + Display message for set password. + + @param[in] ReturnStatus The return status for set password. +**/ +VOID +PrintSetPasswordStatus ( + IN EFI_STATUS ReturnStatus + ) +{ + CHAR16 *DisplayString; + CHAR16 *DisplayString2; + + EFI_INPUT_KEY Key; + + if (ReturnStatus == EFI_UNSUPPORTED) { + DisplayString = L"New password is not strong enough!"; + DisplayString2 = L"Password must at least 8 chars and include lowercase, uppercase alphabetic, number and symbol"; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"", + DisplayString, + DisplayString2, + L"Press ENTER to continue ...", + L"", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } else { + if (ReturnStatus == EFI_SUCCESS) { + DisplayString = L"New password is updated successfully!"; + } else if (ReturnStatus == EFI_ALREADY_STARTED) { + DisplayString = L"New password is found in the history passwords!"; + } else { + DisplayString = L"New password update fails!"; + } + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"", + DisplayString, + L"Press ENTER to continue ...", + L"", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } +} + +/** + Require user input password. + + @retval TRUE User input correct password successfully. + @retval FALSE The password is not set. +**/ +BOOLEAN +RequireUserPassword ( + VOID + ) +{ + EFI_STATUS Status; + CHAR16 UserInputPw[PASSWORD_MAX_SIZE]; + CHAR16 *PopUpString; + SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY VerifyPolicy; + + Status = EFI_SUCCESS; + ZeroMem(UserInputPw, sizeof(UserInputPw)); + + if (!IsPasswordInstalled ()) { + return FALSE; + } + + Status = GetPasswordVerificationPolicy (&VerifyPolicy); + if (!EFI_ERROR (Status)) { + if (WasPasswordVerified() && (!VerifyPolicy.NeedReVerify)) { + DEBUG ((DEBUG_INFO, "Password was verified and Re-verify is not needed\n")); + return TRUE; + } + } + + PopUpString = L"Please input admin password"; + + while (TRUE) { + gST->ConOut->ClearScreen(gST->ConOut); + GetUserInput (PopUpString, UserInputPw, PASSWORD_MAX_SIZE - 1); + + Status = VerifyPassword (UserInputPw, StrSize(UserInputPw)); + if (!EFI_ERROR(Status)) { + break; + } + if (Status == EFI_ACCESS_DENIED) { + // + // Password retry count reach. + // + ForceSystemReset (); + } + MessageBox (L"Incorrect password!"); + } + + ZeroMem(UserInputPw, sizeof(UserInputPw)); + + gST->ConOut->ClearScreen(gST->ConOut); + + return TRUE; +} + +/** + Set user password. + +**/ +VOID +SetUserPassword ( + VOID + ) +{ + EFI_STATUS Status; + CHAR16 UserInputPw[PASSWORD_MAX_SIZE]; + CHAR16 TmpPassword[PASSWORD_MAX_SIZE]; + CHAR16 *PopUpString; + CHAR16 *PopUpString2; + + ZeroMem(UserInputPw, sizeof(UserInputPw)); + ZeroMem(TmpPassword, sizeof(TmpPassword)); + + PopUpString = L"Please set admin password"; + + while (TRUE) { + gST->ConOut->ClearScreen(gST->ConOut); + GetUserInput (PopUpString, UserInputPw, PASSWORD_MAX_SIZE - 1); + + PopUpString2 = L"Please confirm your new password"; + gST->ConOut->ClearScreen(gST->ConOut); + GetUserInput (PopUpString2, TmpPassword, PASSWORD_MAX_SIZE - 1); + if (StrCmp (TmpPassword, UserInputPw) != 0) { + MessageBox (L"Password are not the same!"); + continue; + } + + Status = SetPassword (UserInputPw, StrSize(UserInputPw), NULL, 0); + PrintSetPasswordStatus (Status); + if (!EFI_ERROR(Status)) { + break; + } + } + + ZeroMem(UserInputPw, sizeof(UserInputPw)); + ZeroMem(TmpPassword, sizeof(TmpPassword)); + + gST->ConOut->ClearScreen(gST->ConOut); +} + +/** + Check password before entering into setup. + + @param CodeType Indicates the type of status code being reported. Type EFI_STATUS_CODE_TYPE is defined in "Related Definitions" below. + + @param Value Describes the current status of a hardware or software entity. + This included information about the class and subclass that is used to classify the entity + as well as an operation. For progress codes, the operation is the current activity. + For error codes, it is the exception. For debug codes, it is not defined at this time. + Type EFI_STATUS_CODE_VALUE is defined in "Related Definitions" below. + Specific values are discussed in the Intel? Platform Innovation Framework for EFI Status Code Specification. + + @param Instance The enumeration of a hardware or software entity within the system. + A system may contain multiple entities that match a class/subclass pairing. + The instance differentiates between them. An instance of 0 indicates that instance information is unavailable, + not meaningful, or not relevant. Valid instance numbers start with 1. + + + @param CallerId This optional parameter may be used to identify the caller. + This parameter allows the status code driver to apply different rules to different callers. + Type EFI_GUID is defined in InstallProtocolInterface() in the UEFI 2.0 Specification. + + + @param Data This optional parameter may be used to pass additional data + + @retval EFI_SUCCESS Status code is what we expected. + @retval EFI_UNSUPPORTED Status code not supported. + +**/ +EFI_STATUS +EFIAPI +CheckForPassword ( + IN EFI_STATUS_CODE_TYPE CodeType, + IN EFI_STATUS_CODE_VALUE Value, + IN UINT32 Instance, + IN EFI_GUID *CallerId, OPTIONAL + IN EFI_STATUS_CODE_DATA *Data OPTIONAL + ) +{ + BOOLEAN PasswordSet; + + if (((CodeType & EFI_STATUS_CODE_TYPE_MASK) == EFI_PROGRESS_CODE) && + (Value == (EFI_SOFTWARE_DXE_BS_DRIVER | EFI_SW_PC_USER_SETUP))) { + // + // Check whether enter setup page. + // + PasswordSet = RequireUserPassword (); + if (PasswordSet) { + DEBUG ((DEBUG_INFO, "Welcome Admin!\n")); + } else { + DEBUG ((DEBUG_INFO, "Admin password is not set!\n")); + if (NeedEnrollPassword()) { + SetUserPassword (); + } + } + + return EFI_SUCCESS; + } else{ + return EFI_UNSUPPORTED; + } +} + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Request A null-terminated Unicode string in + format. + @param Progress On return, points to a character in the Request + string. Points to the string's null terminator if + request was successful. Points to the most recent + '&' before the first failing name/value pair (or + the beginning of the string if the failure is in + the first name/value pair) if the request was not + successful. + @param Results A null-terminated Unicode string in + format which has all values filled + in for the names in the Request string. String to + be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +ExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ) +{ + if (Progress == NULL || Results == NULL) { + return EFI_INVALID_PARAMETER; + } + *Progress = Request; + return EFI_NOT_FOUND; +} + + +/** + This function processes the results of changes in configuration. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Configuration A null-terminated Unicode string in + format. + @param Progress A pointer to a string filled in with the offset of + the most recent '&' before the first failing + name/value pair (or the beginning of the string if + the failure is in the first name/value pair) or + the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +RouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ) +{ + if (Configuration == NULL || Progress == NULL) { + return EFI_INVALID_PARAMETER; + } + + *Progress = Configuration; + + return EFI_NOT_FOUND; +} + +/** + HII update Admin Password status. + +**/ +VOID +HiiUpdateAdminPasswordStatus ( + VOID + ) +{ + if (IsPasswordInstalled ()) { + HiiSetString ( + mUserAuthenticationData->HiiHandle, + STRING_TOKEN (STR_ADMIN_PASSWORD_STS_CONTENT), + L"Installed", + NULL + ); + } else { + HiiSetString ( + mUserAuthenticationData->HiiHandle, + STRING_TOKEN (STR_ADMIN_PASSWORD_STS_CONTENT), + L"Not Installed", + NULL + ); + } +} + +/** + This function processes the results of changes in configuration. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Action Specifies the type of action taken by the browser. + @param QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param Type The type of value for the question. + @param Value A pointer to the data being sent to the original + exporting driver. + @param ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback. + +**/ +EFI_STATUS +EFIAPI +UserAuthenticationCallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ) +{ + EFI_STATUS Status; + CHAR16 *UserInputPassword; + + Status = EFI_SUCCESS; + + if (((Value == NULL) && (Action != EFI_BROWSER_ACTION_FORM_OPEN) && (Action != EFI_BROWSER_ACTION_FORM_CLOSE)) || + (ActionRequest == NULL)) { + return EFI_INVALID_PARAMETER; + } + + switch (Action) { + case EFI_BROWSER_ACTION_FORM_OPEN: + { + switch (QuestionId) { + case ADMIN_PASSWORD_KEY_ID: + HiiUpdateAdminPasswordStatus (); + default: + break; + } + } + break; + case EFI_BROWSER_ACTION_CHANGING: + { + switch (QuestionId) { + case ADMIN_PASSWORD_KEY_ID: + if ((Type == EFI_IFR_TYPE_STRING) && (Value->string == 0) && + (mUserAuthenticationData->PasswordState == BROWSER_STATE_SET_PASSWORD)) { + mUserAuthenticationData->PasswordState = BROWSER_STATE_VALIDATE_PASSWORD; + ZeroMem (mUserAuthenticationData->OldPassword, sizeof(mUserAuthenticationData->OldPassword)); + return EFI_INVALID_PARAMETER; + } + // + // The Callback is responsible for validating old password input by user, + // If Callback return EFI_SUCCESS, it indicates validation pass. + // + switch (mUserAuthenticationData->PasswordState) { + case BROWSER_STATE_VALIDATE_PASSWORD: + UserInputPassword = HiiGetString (mUserAuthenticationData->HiiHandle, Value->string, NULL); + if ((StrLen (UserInputPassword) >= PASSWORD_MAX_SIZE)) { + Status = EFI_NOT_READY; + break; + } + if (UserInputPassword[0] == 0) { + // + // Setup will use a NULL password to check whether the old password is set, + // If the validation is successful, means there is no old password, return + // success to set the new password. Or need to return EFI_NOT_READY to + // let user input the old password. + // + Status = VerifyPassword (UserInputPassword, StrSize (UserInputPassword)); + if (Status == EFI_SUCCESS) { + mUserAuthenticationData->PasswordState = BROWSER_STATE_SET_PASSWORD; + } else { + Status = EFI_NOT_READY; + } + break; + } + Status = VerifyPassword (UserInputPassword, StrSize (UserInputPassword)); + if (Status == EFI_SUCCESS) { + mUserAuthenticationData->PasswordState = BROWSER_STATE_SET_PASSWORD; + StrCpyS ( + mUserAuthenticationData->OldPassword, + sizeof(mUserAuthenticationData->OldPassword)/sizeof(CHAR16), + UserInputPassword + ); + } else { + // + // Old password mismatch, return EFI_NOT_READY to prompt for error message. + // + if (Status == EFI_ACCESS_DENIED) { + // + // Password retry count reach. + // + ForceSystemReset (); + } + Status = EFI_NOT_READY; + } + break; + + case BROWSER_STATE_SET_PASSWORD: + UserInputPassword = HiiGetString (mUserAuthenticationData->HiiHandle, Value->string, NULL); + if ((StrLen (UserInputPassword) >= PASSWORD_MAX_SIZE)) { + Status = EFI_NOT_READY; + break; + } + Status = SetPassword (UserInputPassword, StrSize (UserInputPassword), mUserAuthenticationData->OldPassword, StrSize(mUserAuthenticationData->OldPassword)); + PrintSetPasswordStatus (Status); + ZeroMem (mUserAuthenticationData->OldPassword, sizeof(mUserAuthenticationData->OldPassword)); + mUserAuthenticationData->PasswordState = BROWSER_STATE_VALIDATE_PASSWORD; + HiiUpdateAdminPasswordStatus (); + break; + + default: + break; + } + default: + break; + } + } + break; + default: + break; + } + return Status; +} + +/** + Unregister status code callback functions. + + @param Event Event whose notification function is being invoked. + @param Context Pointer to the notification function's context, which is + always zero in current implementation. + +**/ +VOID +EFIAPI +UnregisterBootTimeHandlers ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + mRscHandlerProtocol->Unregister (CheckForPassword); +} + +/** + User Authentication entry point. + + @param ImageHandle The image handle. + @param SystemTable The system table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @return other Contain some other errors. + +**/ +EFI_STATUS +EFIAPI +UserAuthenticationEntry ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE DriverHandle; + EFI_HII_HANDLE HiiHandle; + + DriverHandle = NULL; + + mUserAuthenticationData = AllocateZeroPool (sizeof (USER_AUTHENTICATION_PRIVATE_DATA)); + if (mUserAuthenticationData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + mUserAuthenticationData->ConfigAccess.ExtractConfig = ExtractConfig; + mUserAuthenticationData->ConfigAccess.RouteConfig = RouteConfig; + mUserAuthenticationData->ConfigAccess.Callback = UserAuthenticationCallback; + mUserAuthenticationData->PasswordState = BROWSER_STATE_VALIDATE_PASSWORD; + + // + // Install Config Access protocol to driver handle. + // + Status = gBS->InstallMultipleProtocolInterfaces ( + &DriverHandle, + &gEfiDevicePathProtocolGuid, + &mHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &mUserAuthenticationData->ConfigAccess, + NULL + ); + ASSERT_EFI_ERROR (Status); + mUserAuthenticationData->DriverHandle = DriverHandle; + + // + // Add HII data to database. + // + HiiHandle = HiiAddPackages ( + &mUserAuthenticationVendorGuid, + DriverHandle, + UserAuthenticationDxeStrings, + UserAuthenticationDxeVfrBin, + NULL + ); + if (HiiHandle == NULL) { + return EFI_OUT_OF_RESOURCES; + } + mUserAuthenticationData->HiiHandle = HiiHandle; + + // + // Locate report status code protocol. + // + Status = gBS->LocateProtocol ( + &gEfiRscHandlerProtocolGuid, + NULL, + (VOID **) &mRscHandlerProtocol + ); + ASSERT_EFI_ERROR (Status); + + // + //Register the callback function for ReportStatusCode() notification. + // + mRscHandlerProtocol->Register (CheckForPassword, TPL_HIGH_LEVEL); + + // + // Unregister boot time report status code listener at ExitBootService Event. + // + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + UnregisterBootTimeHandlers, + NULL, + &gEfiEventExitBootServicesGuid, + &mExitBootServicesEvent + ); + ASSERT_EFI_ERROR (Status); + + // + // Locates SMM Communication protocol. + // + Status = gBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &mSmmCommunication); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + +/** + Unloads the application and its installed protocol. + + @param[in] ImageHandle Handle that identifies the image to be unloaded. + + @retval EFI_SUCCESS The image has been unloaded. +**/ +EFI_STATUS +EFIAPI +UserAuthenticationUnload ( + IN EFI_HANDLE ImageHandle + ) +{ + ASSERT (mUserAuthenticationData != NULL); + + // + // Uninstall Config Access Protocol. + // + if (mUserAuthenticationData->DriverHandle != NULL) { + gBS->UninstallMultipleProtocolInterfaces ( + mUserAuthenticationData->DriverHandle, + &gEfiDevicePathProtocolGuid, + &mHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &mUserAuthenticationData->ConfigAccess, + NULL + ); + mUserAuthenticationData->DriverHandle = NULL; + } + + // + // Remove Hii Data. + // + if (mUserAuthenticationData->HiiHandle != NULL) { + HiiRemovePackages (mUserAuthenticationData->HiiHandle); + } + + FreePool (mUserAuthenticationData); + mUserAuthenticationData = NULL; + + return EFI_SUCCESS; +} + diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.h b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.h new file mode 100644 index 0000000000..e183424f35 --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.h @@ -0,0 +1,138 @@ +/** @file + Header file for UserAuthenticationDxe. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _USER_AUTHENTICATION_DXE_H_ +#define _USER_AUTHENTICATION_DXE_H_ + + +#include +#include +#include + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "UserAuthenticationDxeFormset.h" + +extern UINT8 UserAuthenticationDxeVfrBin[]; +extern UINT8 UserAuthenticationDxeStrings[]; +extern EFI_SMM_COMMUNICATION_PROTOCOL *mSmmCommunication; + +typedef struct { + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; + EFI_HANDLE DriverHandle; + EFI_HII_HANDLE HiiHandle; + UINT8 PasswordState; + CHAR16 OldPassword[PASSWORD_MAX_SIZE]; +} USER_AUTHENTICATION_PRIVATE_DATA; + +#pragma pack(1) +/// +/// HII specific Vendor Device Path definition. +/// +typedef struct { + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; +} HII_VENDOR_DEVICE_PATH; +#pragma pack() + +/** + Validate if the password is correct. + + @param[in] Password The user input password. + @param[in] PasswordSize The size of Password in byte. + + @retval EFI_SUCCESS The password is correct. + @retval EFI_SECURITY_VIOLATION The password is incorrect. + @retval EFI_INVALID_PARAMETER The password or size is invalid. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to verify the password. + @retval EFI_ACCESS_DENIED Password retry count reach. +**/ +EFI_STATUS +VerifyPassword ( + IN CHAR16 *Password, + IN UINTN PasswordSize + ); + +/** + Set a new password. + + @param[in] NewPassword The user input new password. + NULL means clear password. + @param[in] NewPasswordSize The size of NewPassword in byte. + @param[in] OldPassword The user input old password. + NULL means no old password. + @param[in] OldPasswordSize The size of OldPassword in byte. + + @retval EFI_SUCCESS The NewPassword is set successfully. + @retval EFI_SECURITY_VIOLATION The OldPassword is incorrect. + @retval EFI_INVALID_PARAMETER The password or size is invalid. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to set the password. + @retval EFI_ACCESS_DENIED Password retry count reach. + @retval EFI_UNSUPPORTED NewPassword is not strong enough. + @retval EFI_ALREADY_STARTED NewPassword is in history. +**/ +EFI_STATUS +SetPassword ( + IN CHAR16 *NewPassword, OPTIONAL + IN UINTN NewPasswordSize, + IN CHAR16 *OldPassword, OPTIONAL + IN UINTN OldPasswordSize + ); + +/** + Return if the password is set. + + @retval TRUE The password is set. + @retval FALSE The password is not set. +**/ +BOOLEAN +IsPasswordInstalled ( + VOID + ); + +/** + Get password verification policy. + + @param[out] VerifyPolicy Verification policy. + + @retval EFI_SUCCESS Get verification policy successfully. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to get verification policy. +**/ +EFI_STATUS +GetPasswordVerificationPolicy ( + OUT SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *VerifyPolicy + ); + +/** + Return if the password was verified. + + @retval TRUE The password was verified. + @retval FALSE The password was not verified. +**/ +BOOLEAN +WasPasswordVerified ( + VOID + ); + +#endif diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf new file mode 100644 index 0000000000..bee46a1af2 --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf @@ -0,0 +1,62 @@ +## @file +# User Authentication Dxe Driver. +# +# This Driver mainly provides Setup Form to change password and +# does user authentication before entering Setup. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = UserAuthenticationDxe + FILE_GUID = 0683FB88-664C-4BA6-9ED4-1C0916EE43A4 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 2.0 + ENTRY_POINT = UserAuthenticationEntry + UNLOAD_IMAGE = UserAuthenticationUnload + +[Sources] + UserAuthenticationDxe.c + UserAuthenticationDxe.h + UserAuthenticationDxePassword.c + UserAuthenticationDxeFormset.h + UserAuthenticationDxeVfr.vfr + UserAuthenticationDxeStrings.uni + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UserAuthFeaturePkg/UserAuthFeaturePkg.dec + +[LibraryClasses] + BaseLib + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiRuntimeServicesTableLib + BaseMemoryLib + DebugLib + UefiLib + HiiLib + DevicePathLib + MemoryAllocationLib + PlatformPasswordLib + PrintLib + +[Guids] + gUserAuthenticationGuid ## CONSUMES ## GUID + gEfiEventExitBootServicesGuid ## CONSUMES ## Event + gEdkiiPiSmmCommunicationRegionTableGuid ## CONSUMES ## SystemTable + +[Protocols] + gEfiRscHandlerProtocolGuid ## CONSUMES + gEfiDevicePathProtocolGuid ## PRODUCES + gEfiHiiConfigAccessProtocolGuid ## PRODUCES + gEfiSmmCommunicationProtocolGuid ## CONSUMES + +[Depex] + gEfiSimpleTextOutProtocolGuid AND + gEfiSmmCommunicationProtocolGuid AND + gEfiVariableArchProtocolGuid AND + gEfiVariableWriteArchProtocolGuid diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeFormset.h b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeFormset.h new file mode 100644 index 0000000000..581849b534 --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeFormset.h @@ -0,0 +1,23 @@ +/** @file + Header file for UserAuthentication formset. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _USER_AUTHENTICATION_DXE_FORMSET_H_ +#define _USER_AUTHENTICATION_DXE_FORMSET_H_ + +// +// Vendor GUID of the formset +// +#define USER_AUTHENTICATION_FORMSET_GUID \ + { 0x760e3022, 0xf149, 0x4560, {0x9c, 0x6f, 0x33, 0xaa, 0x7d, 0x48, 0x75, 0xfa} } + +#define ADMIN_PASSWORD_KEY_ID 0x2001 + +#define MAX_PASSWORD_LEN 32 +#define MIN_PASSWORD_LEN 0 + +#endif diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxePassword.c b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxePassword.c new file mode 100644 index 0000000000..6e1fedfab7 --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxePassword.c @@ -0,0 +1,319 @@ +/** @file + UserAuthentication DXE password wrapper. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "UserAuthenticationDxe.h" + +/** + Initialize the communicate buffer using DataSize and Function. + + @param[out] DataPtr Points to the data in the communicate buffer. + @param[in] DataSize The data size to send to SMM. + @param[in] Function The function number to initialize the communicate header. + + @return Communicate buffer. +**/ +VOID* +InitCommunicateBuffer ( + OUT VOID **DataPtr OPTIONAL, + IN UINTN DataSize, + IN UINTN Function + ) +{ + EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; + SMM_PASSWORD_COMMUNICATE_HEADER *SmmPasswordFunctionHeader; + VOID *Buffer; + EDKII_PI_SMM_COMMUNICATION_REGION_TABLE *SmmCommRegionTable; + EFI_MEMORY_DESCRIPTOR *SmmCommMemRegion; + UINTN Index; + UINTN Size; + EFI_STATUS Status; + + Buffer = NULL; + Status = EfiGetSystemConfigurationTable ( + &gEdkiiPiSmmCommunicationRegionTableGuid, + (VOID **) &SmmCommRegionTable + ); + if (EFI_ERROR (Status)) { + return NULL; + } + ASSERT (SmmCommRegionTable != NULL); + SmmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *) (SmmCommRegionTable + 1); + Size = 0; + for (Index = 0; Index < SmmCommRegionTable->NumberOfEntries; Index++) { + if (SmmCommMemRegion->Type == EfiConventionalMemory) { + Size = EFI_PAGES_TO_SIZE ((UINTN) SmmCommMemRegion->NumberOfPages); + if (Size >= (DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER))) { + break; + } + } + SmmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) SmmCommMemRegion + SmmCommRegionTable->DescriptorSize); + } + ASSERT (Index < SmmCommRegionTable->NumberOfEntries); + + Buffer = (VOID*)(UINTN)SmmCommMemRegion->PhysicalStart; + ASSERT (Buffer != NULL); + SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer; + CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gUserAuthenticationGuid); + SmmCommunicateHeader->MessageLength = DataSize + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); + + SmmPasswordFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *) SmmCommunicateHeader->Data; + ZeroMem (SmmPasswordFunctionHeader, DataSize + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER)); + SmmPasswordFunctionHeader->Function = Function; + if (DataPtr != NULL) { + *DataPtr = SmmPasswordFunctionHeader + 1; + } + + return Buffer; +} + +/** + Send the data in communicate buffer to SMM. + + @param[in] Buffer Points to the data in the communicate buffer. + @param[in] DataSize The data size to send to SMM. + + @retval EFI_SUCCESS Success is returned from the function in SMM. + @retval Others Failure is returned from the function in SMM. + +**/ +EFI_STATUS +SendCommunicateBuffer ( + IN VOID *Buffer, + IN UINTN DataSize + ) +{ + EFI_STATUS Status; + UINTN CommSize; + EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; + SMM_PASSWORD_COMMUNICATE_HEADER *SmmPasswordFunctionHeader; + + CommSize = DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); + + Status = mSmmCommunication->Communicate (mSmmCommunication, Buffer, &CommSize); + ASSERT_EFI_ERROR (Status); + + SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer; + SmmPasswordFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *)SmmCommunicateHeader->Data; + return SmmPasswordFunctionHeader->ReturnStatus; +} + +/** + Validate if the password is correct. + + @param[in] Password The user input password. + @param[in] PasswordSize The size of Password in byte. + + @retval EFI_SUCCESS The password is correct. + @retval EFI_SECURITY_VIOLATION The password is incorrect. + @retval EFI_INVALID_PARAMETER The password or size is invalid. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to verify the password. + @retval EFI_ACCESS_DENIED Password retry count reach. +**/ +EFI_STATUS +VerifyPassword ( + IN CHAR16 *Password, + IN UINTN PasswordSize + ) +{ + EFI_STATUS Status; + VOID *Buffer; + SMM_PASSWORD_COMMUNICATE_VERIFY_PASSWORD *VerifyPassword; + + ASSERT (Password != NULL); + + if (PasswordSize > sizeof(VerifyPassword->Password) * sizeof(CHAR16)) { + return EFI_INVALID_PARAMETER; + } + + Buffer = InitCommunicateBuffer ( + (VOID**)&VerifyPassword, + sizeof(*VerifyPassword), + SMM_PASSWORD_FUNCTION_VERIFY_PASSWORD + ); + if (Buffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Status = UnicodeStrToAsciiStrS (Password, VerifyPassword->Password, sizeof(VerifyPassword->Password)); + if (EFI_ERROR(Status)) { + goto EXIT; + } + + Status = SendCommunicateBuffer (Buffer, sizeof(*VerifyPassword)); + +EXIT: + ZeroMem (VerifyPassword, sizeof(*VerifyPassword)); + return Status; +} + +/** + Set a new password. + + @param[in] NewPassword The user input new password. + NULL means clear password. + @param[in] NewPasswordSize The size of NewPassword in byte. + @param[in] OldPassword The user input old password. + NULL means no old password. + @param[in] OldPasswordSize The size of OldPassword in byte. + + @retval EFI_SUCCESS The NewPassword is set successfully. + @retval EFI_SECURITY_VIOLATION The OldPassword is incorrect. + @retval EFI_INVALID_PARAMETER The password or size is invalid. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to set the password. + @retval EFI_ACCESS_DENIED Password retry count reach. + @retval EFI_UNSUPPORTED NewPassword is not strong enough. + @retval EFI_ALREADY_STARTED NewPassword is in history. +**/ +EFI_STATUS +SetPassword ( + IN CHAR16 *NewPassword, OPTIONAL + IN UINTN NewPasswordSize, + IN CHAR16 *OldPassword, OPTIONAL + IN UINTN OldPasswordSize + ) +{ + EFI_STATUS Status; + VOID *Buffer; + SMM_PASSWORD_COMMUNICATE_SET_PASSWORD *SetPassword; + + if (NewPasswordSize > sizeof(SetPassword->NewPassword) * sizeof(CHAR16)) { + return EFI_INVALID_PARAMETER; + } + if (OldPasswordSize > sizeof(SetPassword->OldPassword) * sizeof(CHAR16)) { + return EFI_INVALID_PARAMETER; + } + + Buffer = InitCommunicateBuffer ( + (VOID**)&SetPassword, + sizeof(*SetPassword), + SMM_PASSWORD_FUNCTION_SET_PASSWORD + ); + if (Buffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + if (NewPassword != NULL) { + Status = UnicodeStrToAsciiStrS (NewPassword, SetPassword->NewPassword, sizeof(SetPassword->NewPassword)); + if (EFI_ERROR(Status)) { + goto EXIT; + } + } else { + SetPassword->NewPassword[0] = 0; + } + + if (OldPassword != NULL) { + Status = UnicodeStrToAsciiStrS (OldPassword, SetPassword->OldPassword, sizeof(SetPassword->OldPassword)); + if (EFI_ERROR(Status)) { + goto EXIT; + } + } else { + SetPassword->OldPassword[0] = 0; + } + + Status = SendCommunicateBuffer (Buffer, sizeof(*SetPassword)); + +EXIT: + ZeroMem (SetPassword, sizeof(*SetPassword)); + return Status; +} + +/** + Return if the password is set. + + @retval TRUE The password is set. + @retval FALSE The password is not set. +**/ +BOOLEAN +IsPasswordInstalled ( + VOID + ) +{ + EFI_STATUS Status; + VOID *Buffer; + + Buffer = InitCommunicateBuffer ( + NULL, + 0, + SMM_PASSWORD_FUNCTION_IS_PASSWORD_SET + ); + if (Buffer == NULL) { + return FALSE; + } + + Status = SendCommunicateBuffer (Buffer, 0); + if (EFI_ERROR (Status)) { + return FALSE; + } + + return TRUE; +} + +/** + Get password verification policy. + + @param[out] VerifyPolicy Verification policy. + + @retval EFI_SUCCESS Get verification policy successfully. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to get verification policy. +**/ +EFI_STATUS +GetPasswordVerificationPolicy ( + OUT SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *VerifyPolicy + ) +{ + EFI_STATUS Status; + VOID *Buffer; + SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *GetVerifyPolicy; + + Buffer = InitCommunicateBuffer ( + (VOID**)&GetVerifyPolicy, + sizeof(*GetVerifyPolicy), + SMM_PASSWORD_FUNCTION_GET_VERIFY_POLICY + ); + if (Buffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Status = SendCommunicateBuffer (Buffer, sizeof(*GetVerifyPolicy)); + if (!EFI_ERROR (Status)) { + CopyMem (VerifyPolicy, GetVerifyPolicy, sizeof (SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY)); + } + + return Status; +} + +/** + Return if the password was verified. + + @retval TRUE The password was verified. + @retval FALSE The password was not verified. +**/ +BOOLEAN +WasPasswordVerified ( + VOID + ) +{ + EFI_STATUS Status; + VOID *Buffer; + + Buffer = InitCommunicateBuffer ( + NULL, + 0, + SMM_PASSWORD_FUNCTION_WAS_PASSWORD_VERIFIED + ); + if (Buffer == NULL) { + return FALSE; + } + + Status = SendCommunicateBuffer (Buffer, 0); + if (EFI_ERROR (Status)) { + return FALSE; + } + + return TRUE; +} diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni new file mode 100644 index 0000000000..1e3a179677 --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni @@ -0,0 +1,30 @@ +/** @file +// String definitions for User Authentication formset. +// +// Copyright (c) 2019, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +**/ + +#langdef en-US "English" +#langdef fr-FR "Francais" + + +#string STR_FORM_SET_TITLE #language en-US "User Password Management" + #language fr-FR "User Password Management" +#string STR_FORM_SET_TITLE_HELP #language en-US "This Driver mainly handle user's password" + #language fr-FR "This Driver mainly handle user's password" +#string STR_FORM_TITLE #language en-US "Password Management Form" + #language fr-FR "Password Management Form" +#string STR_ADMIN_PASSWORD_PROMPT #language en-US "Change Admin Password" + #language fr-FR "Change Admin Password" +#string STR_ADMIN_PASSWORD_HELP #language en-US "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, and symbol. Input an empty password can clean old admin password, then no need input password to enter UI." + #language fr-FR "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, and symbol. Input an empty password can clean old admin password, then no need input password to enter UI." +#string STR_ADMIN_PASSWORD_STS_HELP #language en-US "Current Admin Password status: Installed or Not Installed." + #language fr-FR "Current Admin Password status: Installed or Not Installed." +#string STR_ADMIN_PASSWORD_STS_PROMPT #language en-US "Admin Password Status" + #language fr-FR "Admin Password Status" +#string STR_ADMIN_PASSWORD_STS_CONTENT #language en-US "" + #language fr-FR "" + diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeVfr.vfr b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeVfr.vfr new file mode 100644 index 0000000000..ca1d5ddec1 --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeVfr.vfr @@ -0,0 +1,39 @@ +///** @file +// UserAuthentication formset. +// +// Copyright (c) 2019, Intel Corporation. All rights reserved.
+// SPDX-License-Identifier: BSD-2-Clause-Patent +// +//**/ + +#include +#include "UserAuthenticationDxeFormset.h" + +formset + guid = USER_AUTHENTICATION_FORMSET_GUID, + title = STRING_TOKEN(STR_FORM_SET_TITLE), + help = STRING_TOKEN(STR_FORM_SET_TITLE_HELP), + classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, + + form formid = 1, + title = STRING_TOKEN(STR_FORM_TITLE); + + grayoutif TRUE; + text + help = STRING_TOKEN(STR_ADMIN_PASSWORD_STS_HELP), + text = STRING_TOKEN(STR_ADMIN_PASSWORD_STS_PROMPT), + text = STRING_TOKEN(STR_ADMIN_PASSWORD_STS_CONTENT); + endif; + + password + prompt = STRING_TOKEN(STR_ADMIN_PASSWORD_PROMPT), + help = STRING_TOKEN(STR_ADMIN_PASSWORD_HELP), + flags = INTERACTIVE, + key = ADMIN_PASSWORD_KEY_ID, + minsize = MIN_PASSWORD_LEN, + maxsize = MAX_PASSWORD_LEN, + endpassword; + + endform; + +endformset; diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c new file mode 100644 index 0000000000..16e3405a82 --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c @@ -0,0 +1,717 @@ +/** @file + + Copyright (c) 2019 - 2021, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "UserAuthenticationSmm.h" + +EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable; + +UINTN mAdminPasswordTryCount = 0; + +BOOLEAN mNeedReVerify = TRUE; +BOOLEAN mPasswordVerified = FALSE; +EFI_HANDLE mSmmHandle = NULL; + +/** + Verify if the password is correct. + + @param[in] Password The user input password. + @param[in] PasswordSize The size of Password in byte. + @param[in] UserPasswordVarStruct The storage of password in variable. + + @retval EFI_SUCCESS The password is correct. + @retval EFI_SECURITY_VIOLATION The password is incorrect. +**/ +EFI_STATUS +VerifyPassword ( + IN CHAR8 *Password, + IN UINTN PasswordSize, + IN USER_PASSWORD_VAR_STRUCT *UserPasswordVarStruct + ) +{ + BOOLEAN HashOk; + UINT8 HashData[PASSWORD_HASH_SIZE]; + + HashOk = KeyLibGeneratePBKDF2Hash ( + HASH_TYPE_SHA256, + (UINT8 *)Password, + PasswordSize, + UserPasswordVarStruct->PasswordSalt, + sizeof(UserPasswordVarStruct->PasswordSalt), + HashData, + sizeof(HashData) + ); + if (!HashOk) { + return EFI_DEVICE_ERROR; + } + if (KeyLibSlowCompareMem (UserPasswordVarStruct->PasswordHash, HashData, PASSWORD_HASH_SIZE) == 0) { + return EFI_SUCCESS; + } else { + return EFI_SECURITY_VIOLATION; + } +} + +/** + Get hash data of password from non-volatile variable region. + + @param[in] UserGuid The user GUID of the password variable. + @param[in] Index The index of the password. + 0 means current password. + Non-0 means the password history. + @param[out] UserPasswordVarStruct The storage of password in variable. + + @retval EFI_SUCCESS The password hash is returned successfully. + @retval EFI_NOT_FOUND The password hash is not found. +**/ +EFI_STATUS +GetPasswordHashFromVariable ( + IN EFI_GUID *UserGuid, + IN UINTN Index, + OUT USER_PASSWORD_VAR_STRUCT *UserPasswordVarStruct + ) +{ + UINTN DataSize; + CHAR16 PasswordName[sizeof(USER_AUTHENTICATION_VAR_NAME)/sizeof(CHAR16) + 5]; + + if (Index != 0) { + UnicodeSPrint (PasswordName, sizeof (PasswordName), L"%s%04x", USER_AUTHENTICATION_VAR_NAME, Index); + } else { + UnicodeSPrint (PasswordName, sizeof (PasswordName), L"%s", USER_AUTHENTICATION_VAR_NAME); + } + + DataSize = sizeof(*UserPasswordVarStruct); + return mSmmVariable->SmmGetVariable ( + PasswordName, + UserGuid, + NULL, + &DataSize, + UserPasswordVarStruct + ); +} + +/** + Save password hash data to non-volatile variable region. + + @param[in] UserGuid The user GUID of the password variable. + @param[in] UserPasswordVarStruct The storage of password in variable. + + @retval EFI_SUCCESS The password hash is saved successfully. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to save the password hash. +**/ +EFI_STATUS +SavePasswordHashToVariable ( + IN EFI_GUID *UserGuid, + IN USER_PASSWORD_VAR_STRUCT *UserPasswordVarStruct + ) +{ + EFI_STATUS Status; + + if (UserPasswordVarStruct == NULL) { + Status = mSmmVariable->SmmSetVariable ( + USER_AUTHENTICATION_VAR_NAME, + UserGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + 0, + NULL + ); + } else { + Status = mSmmVariable->SmmSetVariable ( + USER_AUTHENTICATION_VAR_NAME, + UserGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof(*UserPasswordVarStruct), + UserPasswordVarStruct + ); + } + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "SavePasswordHashToVariable fails with %r\n", Status)); + } + + return Status; +} + +/** + Save old password hash data to non-volatile variable region as history. + + The number of password history variable is limited. + If all the password history variables are used, the new password history + will override the oldest one. + + @param[in] UserGuid The user GUID of the password variable. + @param[in] UserPasswordVarStruct The storage of password in variable. + + @retval EFI_SUCCESS The password hash is saved successfully. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to save the password hash. +**/ +EFI_STATUS +SaveOldPasswordToHistory ( + IN EFI_GUID *UserGuid, + IN USER_PASSWORD_VAR_STRUCT *UserPasswordVarStruct + ) +{ + EFI_STATUS Status; + UINTN DataSize; + UINT32 LastIndex; + CHAR16 PasswordName[sizeof(USER_AUTHENTICATION_VAR_NAME)/sizeof(CHAR16) + 5]; + + DEBUG ((DEBUG_INFO, "SaveOldPasswordToHistory\n")); + + DataSize = sizeof(LastIndex); + Status = mSmmVariable->SmmGetVariable ( + USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME, + UserGuid, + NULL, + &DataSize, + &LastIndex + ); + if (EFI_ERROR(Status)) { + LastIndex = 0; + } + if (LastIndex >= PASSWORD_HISTORY_CHECK_COUNT) { + LastIndex = 0; + } + + LastIndex ++; + UnicodeSPrint (PasswordName, sizeof (PasswordName), L"%s%04x", USER_AUTHENTICATION_VAR_NAME, LastIndex); + + + Status = mSmmVariable->SmmSetVariable ( + PasswordName, + UserGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof(*UserPasswordVarStruct), + UserPasswordVarStruct + ); + DEBUG ((DEBUG_INFO, " -- to %s, %r\n", PasswordName, Status)); + if (!EFI_ERROR(Status)) { + Status = mSmmVariable->SmmSetVariable ( + USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME, + UserGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof(LastIndex), + &LastIndex + ); + DEBUG ((DEBUG_INFO, " LastIndex - 0x%04x, %r\n", LastIndex, Status)); + } + + return Status; +} + +/** + Calculate password hash data and save it to non-volatile variable region. + + @param[in] UserGuid The user GUID of the password variable. + @param[in] Password The user input password. + NULL means delete the password variable. + @param[in] PasswordSize The size of Password in byte. + + @retval EFI_SUCCESS The password hash is calculated and saved. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to save the password hash. +**/ +EFI_STATUS +SavePasswordToVariable ( + IN EFI_GUID *UserGuid, + IN CHAR8 *Password, OPTIONAL + IN UINTN PasswordSize + ) +{ + EFI_STATUS Status; + USER_PASSWORD_VAR_STRUCT UserPasswordVarStruct; + BOOLEAN HashOk; + + // + // If password is NULL, it means we want to clean password field saved in variable region. + // + if (Password != NULL) { + KeyLibGenerateSalt (UserPasswordVarStruct.PasswordSalt, sizeof(UserPasswordVarStruct.PasswordSalt)); + HashOk = KeyLibGeneratePBKDF2Hash ( + HASH_TYPE_SHA256, + (UINT8 *)Password, + PasswordSize, + UserPasswordVarStruct.PasswordSalt, + sizeof(UserPasswordVarStruct.PasswordSalt), + UserPasswordVarStruct.PasswordHash, + sizeof(UserPasswordVarStruct.PasswordHash) + ); + if (!HashOk) { + return EFI_DEVICE_ERROR; + } + Status = SavePasswordHashToVariable (UserGuid, &UserPasswordVarStruct); + // + // Save Password data to history variable + // + if (!EFI_ERROR(Status)) { + SaveOldPasswordToHistory (UserGuid, &UserPasswordVarStruct); + } + } else { + Status = SavePasswordHashToVariable (UserGuid, NULL); + } + + return Status; +} + +/** + Verify the password. + If the password variable does not exist, it passes the verification. + If the password variable exists, it does verification based upon password variable. + + @param[in] UserGuid The user GUID of the password variable. + @param[in] Password The user input password. + @param[in] PasswordSize The size of Password in byte. + + @retval TRUE The verification passes. + @retval FALSE The verification fails. +**/ +BOOLEAN +IsPasswordVerified ( + IN EFI_GUID *UserGuid, + IN CHAR8 *Password, + IN UINTN PasswordSize + ) +{ + USER_PASSWORD_VAR_STRUCT UserPasswordVarStruct; + EFI_STATUS Status; + UINTN *PasswordTryCount; + + PasswordTryCount = &mAdminPasswordTryCount; + + Status = GetPasswordHashFromVariable (UserGuid, 0, &UserPasswordVarStruct); + if (EFI_ERROR(Status)) { + return TRUE; + } + + // + // Old password exists + // + Status = VerifyPassword (Password, PasswordSize, &UserPasswordVarStruct); + if (EFI_ERROR(Status)) { + if (Password[0] != 0) { + *PasswordTryCount = *PasswordTryCount + 1; + } + return FALSE; + } + + return TRUE; +} + +/** + Return if the password is set. + + @param[in] UserGuid The user GUID of the password variable. + + @retval TRUE The password is set. + @retval FALSE The password is not set. +**/ +BOOLEAN +IsPasswordSet ( + IN EFI_GUID *UserGuid + ) +{ + USER_PASSWORD_VAR_STRUCT UserPasswordVarStruct; + EFI_STATUS Status; + + Status = GetPasswordHashFromVariable(UserGuid, 0, &UserPasswordVarStruct); + if (EFI_ERROR(Status)) { + return FALSE; + } + return TRUE; +} + +/** + Return if the password is strong. + Criteria: + 1) length >= PASSWORD_MIN_SIZE + 2) include lower case, upper case, number, symbol. + + @param[in] Password The user input password. + @param[in] PasswordSize The size of Password in byte. + + @retval TRUE The password is strong. + @retval FALSE The password is weak. +**/ +BOOLEAN +IsPasswordStrong ( + IN CHAR8 *Password, + IN UINTN PasswordSize + ) +{ + UINTN Index; + BOOLEAN HasLowerCase; + BOOLEAN HasUpperCase; + BOOLEAN HasNumber; + BOOLEAN HasSymbol; + + if (PasswordSize < PASSWORD_MIN_SIZE) { + return FALSE; + } + + HasLowerCase = FALSE; + HasUpperCase = FALSE; + HasNumber = FALSE; + HasSymbol = FALSE; + for (Index = 0; Index < PasswordSize - 1; Index++) { + if (Password[Index] >= 'a' && Password[Index] <= 'z') { + HasLowerCase = TRUE; + } else if (Password[Index] >= 'A' && Password[Index] <= 'Z') { + HasUpperCase = TRUE; + } else if (Password[Index] >= '0' && Password[Index] <= '9') { + HasNumber = TRUE; + } else { + HasSymbol = TRUE; + } + } + if ((!HasLowerCase) || (!HasUpperCase) || (!HasNumber) || (!HasSymbol)) { + return FALSE; + } + return TRUE; +} + +/** + Return if the password is set before in PASSWORD_HISTORY_CHECK_COUNT. + + @param[in] UserGuid The user GUID of the password variable. + @param[in] Password The user input password. + @param[in] PasswordSize The size of Password in byte. + + @retval TRUE The password is set before. + @retval FALSE The password is not set before. +**/ +BOOLEAN +IsPasswordInHistory ( + IN EFI_GUID *UserGuid, + IN CHAR8 *Password, + IN UINTN PasswordSize + ) +{ + EFI_STATUS Status; + USER_PASSWORD_VAR_STRUCT UserPasswordVarStruct; + UINTN Index; + + for (Index = 1; Index <= PASSWORD_HISTORY_CHECK_COUNT; Index++) { + Status = GetPasswordHashFromVariable (UserGuid, Index, &UserPasswordVarStruct); + if (!EFI_ERROR(Status)) { + Status = VerifyPassword (Password, PasswordSize, &UserPasswordVarStruct); + if (!EFI_ERROR(Status)) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Communication service SMI Handler entry. + + This SMI handler provides services for password management. + + @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister(). + @param[in] RegisterContext Points to an optional handler context which was specified when the + handler was registered. + @param[in, out] CommBuffer A pointer to a collection of data in memory that will + be conveyed from a non-SMM environment into an SMM environment. + @param[in, out] CommBufferSize The size of the CommBuffer. + + @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers + should still be called. + @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should + still be called. + @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still + be called. + @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced. +**/ +EFI_STATUS +EFIAPI +SmmPasswordHandler ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *RegisterContext, + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommBufferSize + ) +{ + EFI_STATUS Status; + SMM_PASSWORD_COMMUNICATE_HEADER *SmmFunctionHeader; + UINTN CommBufferPayloadSize; + UINTN TempCommBufferSize; + SMM_PASSWORD_COMMUNICATE_SET_PASSWORD SmmCommunicateSetPassword; + SMM_PASSWORD_COMMUNICATE_VERIFY_PASSWORD SmmCommunicateVerifyPassword; + SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY SmmCommunicateSetVerifyPolicy; + SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *SmmCommunicateGetVerifyPolicy; + UINTN PasswordLen; + EFI_GUID *UserGuid; + UINTN *PasswordTryCount; + + // + // If input is invalid, stop processing this SMI + // + if (CommBuffer == NULL || CommBufferSize == NULL) { + return EFI_SUCCESS; + } + + TempCommBufferSize = *CommBufferSize; + PasswordLen = 0; + + if (TempCommBufferSize < sizeof (SMM_PASSWORD_COMMUNICATE_HEADER)) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: SMM communication buffer size invalid!\n")); + return EFI_SUCCESS; + } + + CommBufferPayloadSize = TempCommBufferSize - sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); + + Status = EFI_SUCCESS; + SmmFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *)CommBuffer; + + UserGuid = &gUserAuthenticationGuid; + PasswordTryCount = &mAdminPasswordTryCount; + + switch (SmmFunctionHeader->Function) { + case SMM_PASSWORD_FUNCTION_IS_PASSWORD_SET: + PasswordTryCount = NULL; + if (CommBufferPayloadSize != 0) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: IS_PASSWORD_SET payload buffer invalid!\n")); + Status = EFI_INVALID_PARAMETER; + goto EXIT; + } + if (IsPasswordSet(UserGuid)) { + Status = EFI_SUCCESS; + } else { + Status = EFI_NOT_FOUND; + } + break; + case SMM_PASSWORD_FUNCTION_SET_PASSWORD: + if (*PasswordTryCount >= PASSWORD_MAX_TRY_COUNT) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: SET_PASSWORD try count reach!\n")); + PasswordTryCount = NULL; + Status = EFI_ACCESS_DENIED; + goto EXIT; + } + if (CommBufferPayloadSize != sizeof(SMM_PASSWORD_COMMUNICATE_SET_PASSWORD)) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: SET_PASSWORD payload buffer invalid!\n")); + Status = EFI_INVALID_PARAMETER; + goto EXIT; + } + CopyMem (&SmmCommunicateSetPassword, SmmFunctionHeader + 1, sizeof(SmmCommunicateSetPassword)); + + PasswordLen = AsciiStrnLenS(SmmCommunicateSetPassword.OldPassword, sizeof(SmmCommunicateSetPassword.OldPassword)); + if (PasswordLen == sizeof(SmmCommunicateSetPassword.OldPassword)) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: OldPassword invalid!\n")); + Status = EFI_INVALID_PARAMETER; + goto EXIT; + } + + if (!IsPasswordVerified (UserGuid, SmmCommunicateSetPassword.OldPassword, PasswordLen + 1)) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: PasswordVerify - FAIL\n")); + if (*PasswordTryCount >= PASSWORD_MAX_TRY_COUNT) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: SET_PASSWORD try count reach!\n")); + Status = EFI_ACCESS_DENIED; + } else { + Status = EFI_SECURITY_VIOLATION; + } + goto EXIT; + } + + PasswordLen = AsciiStrnLenS(SmmCommunicateSetPassword.NewPassword, sizeof(SmmCommunicateSetPassword.NewPassword)); + if (PasswordLen == sizeof(SmmCommunicateSetPassword.NewPassword)) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: NewPassword invalid!\n")); + Status = EFI_INVALID_PARAMETER; + goto EXIT; + } + if (PasswordLen != 0 && !IsPasswordStrong (SmmCommunicateSetPassword.NewPassword, PasswordLen + 1)) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: NewPassword too weak!\n")); + Status = EFI_UNSUPPORTED; + goto EXIT; + } + if (PasswordLen != 0 && IsPasswordInHistory (UserGuid, SmmCommunicateSetPassword.NewPassword, PasswordLen + 1)) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: NewPassword in history!\n")); + Status = EFI_ALREADY_STARTED; + goto EXIT; + } + + if (PasswordLen == 0) { + Status = SavePasswordToVariable (UserGuid, NULL, 0); + } else { + Status = SavePasswordToVariable (UserGuid, SmmCommunicateSetPassword.NewPassword, PasswordLen + 1); + } + break; + + case SMM_PASSWORD_FUNCTION_VERIFY_PASSWORD: + if (*PasswordTryCount >= PASSWORD_MAX_TRY_COUNT) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: VERIFY_PASSWORD try count reach!\n")); + PasswordTryCount = NULL; + Status = EFI_ACCESS_DENIED; + goto EXIT; + } + if (CommBufferPayloadSize != sizeof(SMM_PASSWORD_COMMUNICATE_VERIFY_PASSWORD)) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: VERIFY_PASSWORD payload buffer invalid!\n")); + Status = EFI_INVALID_PARAMETER; + goto EXIT; + } + CopyMem (&SmmCommunicateVerifyPassword, SmmFunctionHeader + 1, sizeof(SmmCommunicateVerifyPassword)); + + PasswordLen = AsciiStrnLenS(SmmCommunicateVerifyPassword.Password, sizeof(SmmCommunicateVerifyPassword.Password)); + if (PasswordLen == sizeof(SmmCommunicateVerifyPassword.Password)) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: Password invalid!\n")); + Status = EFI_INVALID_PARAMETER; + goto EXIT; + } + if (!IsPasswordVerified (UserGuid, SmmCommunicateVerifyPassword.Password, PasswordLen + 1)) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: PasswordVerify - FAIL\n")); + if (*PasswordTryCount >= PASSWORD_MAX_TRY_COUNT) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: VERIFY_PASSWORD try count reach!\n")); + Status = EFI_ACCESS_DENIED; + } else { + Status = EFI_SECURITY_VIOLATION; + } + goto EXIT; + } + mPasswordVerified = TRUE; + Status = EFI_SUCCESS; + break; + + case SMM_PASSWORD_FUNCTION_SET_VERIFY_POLICY: + PasswordTryCount = NULL; + if (CommBufferPayloadSize != sizeof(SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY)) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: SET_VERIFY_POLICY payload buffer invalid!\n")); + Status = EFI_INVALID_PARAMETER; + goto EXIT; + } + CopyMem (&SmmCommunicateSetVerifyPolicy, SmmFunctionHeader + 1, sizeof(SmmCommunicateSetVerifyPolicy)); + mNeedReVerify = SmmCommunicateSetVerifyPolicy.NeedReVerify; + break; + + case SMM_PASSWORD_FUNCTION_GET_VERIFY_POLICY: + PasswordTryCount = NULL; + if (CommBufferPayloadSize != sizeof(SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY)) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: GET_VERIFY_POLICY payload buffer invalid!\n")); + Status = EFI_INVALID_PARAMETER; + goto EXIT; + } + SmmCommunicateGetVerifyPolicy = (SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *) (SmmFunctionHeader + 1); + SmmCommunicateGetVerifyPolicy->NeedReVerify = mNeedReVerify; + break; + case SMM_PASSWORD_FUNCTION_WAS_PASSWORD_VERIFIED: + PasswordTryCount = NULL; + if (CommBufferPayloadSize != 0) { + DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: WAS_PASSWORD_VERIFIED payload buffer invalid!\n")); + Status = EFI_INVALID_PARAMETER; + goto EXIT; + } + if (mPasswordVerified) { + Status = EFI_SUCCESS; + } else { + Status = EFI_NOT_STARTED; + } + break; + + default: + PasswordTryCount = NULL; + Status = EFI_UNSUPPORTED; + break; + } + +EXIT: + if (PasswordTryCount != NULL) { + if (Status == EFI_SUCCESS) { + *PasswordTryCount = 0; + } + } + SmmFunctionHeader->ReturnStatus = Status; + + return EFI_SUCCESS; +} + +/** + Performs Exit Boot Services UserAuthentication actions + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. +**/ +EFI_STATUS +EFIAPI +UaExitBootServices ( + IN CONST EFI_GUID *Protocol, + IN VOID *Interface, + IN EFI_HANDLE Handle + ) +{ + DEBUG ((DEBUG_INFO, "Unregister User Authentication Smi\n")); + + gSmst->SmiHandlerUnRegister(mSmmHandle); + + return EFI_SUCCESS; +} + +/** + Main entry for this driver. + + @param ImageHandle Image handle this driver. + @param SystemTable Pointer to SystemTable. + + @retval EFI_SUCESS This function always complete successfully. + +**/ +EFI_STATUS +EFIAPI +PasswordSmmInit ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; + CHAR16 PasswordHistoryName[sizeof(USER_AUTHENTICATION_VAR_NAME)/sizeof(CHAR16) + 5]; + UINTN Index; + EFI_EVENT ExitBootServicesEvent; + EFI_EVENT LegacyBootEvent; + + ASSERT (PASSWORD_HASH_SIZE == SHA256_DIGEST_SIZE); + ASSERT (PASSWORD_HISTORY_CHECK_COUNT < 0xFFFF); + + Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mSmmVariable); + ASSERT_EFI_ERROR (Status); + + // + // Make password variables read-only for DXE driver for security concern. + // + Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **) &VariableLock); + if (!EFI_ERROR (Status)) { + Status = VariableLock->RequestToLock (VariableLock, USER_AUTHENTICATION_VAR_NAME, &gUserAuthenticationGuid); + ASSERT_EFI_ERROR (Status); + + for (Index = 1; Index <= PASSWORD_HISTORY_CHECK_COUNT; Index++) { + UnicodeSPrint (PasswordHistoryName, sizeof (PasswordHistoryName), L"%s%04x", USER_AUTHENTICATION_VAR_NAME, Index); + Status = VariableLock->RequestToLock (VariableLock, PasswordHistoryName, &gUserAuthenticationGuid); + ASSERT_EFI_ERROR (Status); + } + Status = VariableLock->RequestToLock (VariableLock, USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME, &gUserAuthenticationGuid); + ASSERT_EFI_ERROR (Status); + } + + Status = gSmst->SmiHandlerRegister (SmmPasswordHandler, &gUserAuthenticationGuid, &mSmmHandle); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Register for SmmExitBootServices and SmmLegacyBoot notification. + // + Status = gSmst->SmmRegisterProtocolNotify (&gEdkiiSmmExitBootServicesProtocolGuid, UaExitBootServices, &ExitBootServicesEvent); + ASSERT_EFI_ERROR (Status); + Status = gSmst->SmmRegisterProtocolNotify (&gEdkiiSmmLegacyBootProtocolGuid, UaExitBootServices, &LegacyBootEvent); + ASSERT_EFI_ERROR (Status); + + if (IsPasswordCleared()) { + DEBUG ((DEBUG_INFO, "IsPasswordCleared\n")); + SavePasswordToVariable (&gUserAuthenticationGuid, NULL, 0); + } + + return EFI_SUCCESS; +} + diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.h b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.h new file mode 100644 index 0000000000..47bb95529f --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.h @@ -0,0 +1,52 @@ +/** @file + Header file for UserAuthenticationSmm. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __USER_AUTHENTICATION_SMM_H__ +#define __USER_AUTHENTICATION_SMM_H__ + +#include + +#include +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "KeyService.h" + +#define PASSWORD_SALT_SIZE 32 +#define PASSWORD_HASH_SIZE 32 // SHA256_DIGEST_SIZE + +#define PASSWORD_MAX_TRY_COUNT 3 +#define PASSWORD_HISTORY_CHECK_COUNT 5 + +// +// Name of the variable +// +#define USER_AUTHENTICATION_VAR_NAME L"Password" +#define USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME L"PasswordLast" + +// +// Variable storage +// +typedef struct { + UINT8 PasswordHash[PASSWORD_HASH_SIZE]; + UINT8 PasswordSalt[PASSWORD_SALT_SIZE]; +} USER_PASSWORD_VAR_STRUCT; + +#endif diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf new file mode 100644 index 0000000000..b53f70f0e3 --- /dev/null +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf @@ -0,0 +1,55 @@ +## @file +# User Authentication Smm Driver. +# +# This driver provides SMM services for DXE user authentication module. +# +# Copyright (c) 2019 - 2021, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = UserAuthenticationSmm + FILE_GUID = 8fc6aaaa-4561-4815-8cf7-b87312992dce + MODULE_TYPE = DXE_SMM_DRIVER + VERSION_STRING = 1.0 + PI_SPECIFICATION_VERSION = 0x0001000A + ENTRY_POINT = PasswordSmmInit + +[Sources] + UserAuthenticationSmm.c + UserAuthenticationSmm.h + KeyService.c + KeyService.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + UserAuthFeaturePkg/UserAuthFeaturePkg.dec + +[LibraryClasses] + UefiBootServicesTableLib + UefiDriverEntryPoint + DebugLib + BaseLib + BaseMemoryLib + PrintLib + SmmServicesTableLib + MemoryAllocationLib + UefiLib + BaseCryptLib + PlatformPasswordLib + +[Guids] + gUserAuthenticationGuid ## CONSUMES ## GUID + +[Protocols] + gEdkiiVariableLockProtocolGuid ## CONSUMES + gEfiSmmVariableProtocolGuid ## CONSUMES + gEdkiiSmmExitBootServicesProtocolGuid ## CONSUMES + gEdkiiSmmLegacyBootProtocolGuid ## CONSUMES + +[Depex] + gEfiSmmVariableProtocolGuid AND gEfiVariableWriteArchProtocolGuid From 4a99f83223662ee4a48f9b437d4c7955903f5a46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 25 Oct 2022 17:56:29 +0200 Subject: [PATCH 064/357] DasharoModulePkg: UserAuthenticationDxeSmm: Convert to pure DXE driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove SMM dependency as we can't use it with coreboot Signed-off-by: Michał Kopeć --- .../DasharoModuleComponents.dsc.inc | 1 + DasharoModulePkg/DasharoModulePkg.dec | 15 + DasharoModulePkg/DasharoModulePkg.dsc | 5 +- .../Include/Guid/UserAuthentication.h | 38 +- .../Include/Library/UserPasswordLib.h | 70 -- .../Include/Library/UserPasswordUiLib.h | 37 - DasharoModulePkg/Include/PostMemory.fdf | 2 - DasharoModulePkg/Include/UserAuthFeature.dsc | 30 +- .../DasharoSystemFeatures.c | 8 +- .../PlatformPasswordLibNull.inf | 4 +- .../Library/UserPasswordLib/UserPasswordLib.c | 274 ------- .../UserPasswordLib/UserPasswordLib.inf | 37 - .../UserPasswordUiLib/UserPasswordUiLib.c | 522 ------------- .../UserPasswordUiLib/UserPasswordUiLib.inf | 41 - DasharoModulePkg/UserAuthFeaturePkg/Readme.md | 98 --- .../UserAuthFeaturePkg/UserAuthFeaturePkg.dec | 49 -- .../UserAuthFeaturePkg/UserAuthFeaturePkg.dsc | 47 -- .../UserAuthentication2Dxe.c | 484 ------------ .../UserAuthentication2Dxe.h | 55 -- .../UserAuthentication2Dxe.inf | 52 -- .../UserAuthenticationDxe.c | 9 +- .../UserAuthenticationDxe.h | 6 +- .../UserAuthenticationDxe.inf | 10 +- .../UserAuthenticationDxePassword.c | 646 +++++++++++----- .../UserAuthenticationDxeStrings.uni | 8 +- .../UserAuthenticationDxeVfr.vfr | 2 +- .../UserAuthenticationSmm.c | 717 ------------------ .../UserAuthenticationSmm.h | 52 -- .../UserAuthenticationSmm.inf | 55 -- 29 files changed, 542 insertions(+), 2832 deletions(-) delete mode 100644 DasharoModulePkg/Include/Library/UserPasswordLib.h delete mode 100644 DasharoModulePkg/Include/Library/UserPasswordUiLib.h delete mode 100644 DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.c delete mode 100644 DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.inf delete mode 100644 DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.c delete mode 100644 DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.inf delete mode 100644 DasharoModulePkg/UserAuthFeaturePkg/Readme.md delete mode 100644 DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dec delete mode 100644 DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dsc delete mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.c delete mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.h delete mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf delete mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c delete mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.h delete mode 100644 DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf diff --git a/DasharoModulePkg/DasharoModuleComponents.dsc.inc b/DasharoModulePkg/DasharoModuleComponents.dsc.inc index 7ed962b6a4..01ae17e66f 100644 --- a/DasharoModulePkg/DasharoModuleComponents.dsc.inc +++ b/DasharoModulePkg/DasharoModuleComponents.dsc.inc @@ -10,3 +10,4 @@ ## DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf + DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index b656ea2c06..64c6c2f2ff 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -16,10 +16,18 @@ PACKAGE_UNI_FILE = DasharoModuleComponents.uni [Includes] + Include + +[LibraryClasses] + ## @libraryclass Provides a platform-specific method to return the password policy. + PlatformPasswordLib|Include/Library/PlatformPasswordLib.h [Guids] gDasharoSystemFeaturesFormsetGuid = { 0xd15b327e, 0xff2d, 0x4fc1, {0xab, 0xf6, 0xc1, 0x2b, 0xd0, 0x8c, 0x13, 0x59 } } gDasharoSystemFeaturesTokenSpaceGuid = {0xc7d52e10, 0xadec, 0x4d49, { 0x9e, 0xc5, 0xb8, 0xcf, 0xcd, 0x4b, 0x9d, 0xb9 }} + gUserAuthFeaturePkgTokenSpaceGuid = {0xa2793a6e, 0x6af1, 0x45c4, {0x88, 0x4d, 0x3d, 0x0c, 0x7a, 0xfe, 0x91, 0xc6}} + ## Include Include/Guid/UserAuthentication.h + gUserAuthenticationGuid = { 0xee24a7f7, 0x606b, 0x4724, { 0xb3, 0xc9, 0xf5, 0xae, 0x4a, 0x3b, 0x81, 0x65}} [Ppis] @@ -27,3 +35,10 @@ [PcdsFixedAtBuild] gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|FALSE|BOOLEAN|0x00000001 + +[PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] + ## Indicate whether the password is cleared. + # When it is configured to Dynamic or DynamicEx, it can be set through detection using + # a platform-specific method (e.g. Board Jumper set) in a actual platform in early boot phase.

+ # @Prompt The password clear status + gUserAuthFeaturePkgTokenSpaceGuid.PcdPasswordCleared|FALSE|BOOLEAN|0xF0000001 diff --git a/DasharoModulePkg/DasharoModulePkg.dsc b/DasharoModulePkg/DasharoModulePkg.dsc index 8bdf2eafd4..ec8589dead 100644 --- a/DasharoModulePkg/DasharoModulePkg.dsc +++ b/DasharoModulePkg/DasharoModulePkg.dsc @@ -23,4 +23,7 @@ !include DasharoModulePkg/DasharoModuleComponents.dsc.inc [BuildOptions] - *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES + *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES -Wno-error + +[Packages] + !include DasharoModulePkg/Include/UserAuthFeature.dsc diff --git a/DasharoModulePkg/Include/Guid/UserAuthentication.h b/DasharoModulePkg/Include/Guid/UserAuthentication.h index 2a41a46cdc..762895e24f 100644 --- a/DasharoModulePkg/Include/Guid/UserAuthentication.h +++ b/DasharoModulePkg/Include/Guid/UserAuthentication.h @@ -12,34 +12,42 @@ #define PASSWORD_MIN_SIZE 9 // MIN number of chars of password, including NULL. #define PASSWORD_MAX_SIZE 33 // MAX number of chars of password, including NULL. -#define USER_AUTHENTICATION_GUID \ - { 0xf06e3ea7, 0x611c, 0x4b6b, { 0xb4, 0x10, 0xc2, 0xbf, 0x94, 0x3f, 0x38, 0xf2 } } +#define PASSWORD_SALT_SIZE 32 +#define PASSWORD_HASH_SIZE 32 // SHA256_DIGEST_SIZE -extern EFI_GUID gUserAuthenticationGuid; +#define PASSWORD_MAX_TRY_COUNT 3 +#define PASSWORD_HISTORY_CHECK_COUNT 5 + +// +// Name of the variable +// +#define USER_AUTHENTICATION_VAR_NAME L"Password" +#define USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME L"PasswordLast" +// +// Variable storage +// typedef struct { - UINTN Function; - EFI_STATUS ReturnStatus; -} SMM_PASSWORD_COMMUNICATE_HEADER; + UINT8 PasswordHash[PASSWORD_HASH_SIZE]; + UINT8 PasswordSalt[PASSWORD_SALT_SIZE]; +} USER_PASSWORD_VAR_STRUCT; -#define SMM_PASSWORD_FUNCTION_IS_PASSWORD_SET 1 -#define SMM_PASSWORD_FUNCTION_SET_PASSWORD 2 -#define SMM_PASSWORD_FUNCTION_VERIFY_PASSWORD 3 -#define SMM_PASSWORD_FUNCTION_SET_VERIFY_POLICY 4 -#define SMM_PASSWORD_FUNCTION_GET_VERIFY_POLICY 5 -#define SMM_PASSWORD_FUNCTION_WAS_PASSWORD_VERIFIED 6 +#define USER_AUTHENTICATION_GUID \ + { 0xf06e3ea7, 0x611c, 0x4b6b, { 0xb4, 0x10, 0xc2, 0xbf, 0x94, 0x3f, 0x38, 0xf2 } } + +extern EFI_GUID gUserAuthenticationGuid; typedef struct { CHAR8 NewPassword[PASSWORD_MAX_SIZE]; CHAR8 OldPassword[PASSWORD_MAX_SIZE]; -} SMM_PASSWORD_COMMUNICATE_SET_PASSWORD; +} PASSWORD_COMMUNICATE_SET_PASSWORD; typedef struct { CHAR8 Password[PASSWORD_MAX_SIZE]; -} SMM_PASSWORD_COMMUNICATE_VERIFY_PASSWORD; +} PASSWORD_COMMUNICATE_VERIFY_PASSWORD; typedef struct { BOOLEAN NeedReVerify; -} SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY; +} PASSWORD_COMMUNICATE_VERIFY_POLICY; #endif diff --git a/DasharoModulePkg/Include/Library/UserPasswordLib.h b/DasharoModulePkg/Include/Library/UserPasswordLib.h deleted file mode 100644 index b6aad224e9..0000000000 --- a/DasharoModulePkg/Include/Library/UserPasswordLib.h +++ /dev/null @@ -1,70 +0,0 @@ -/** @file - Provides services to set/verify password and return if the password is set. - - Copyright (c) 2019, Intel Corporation. All rights reserved.
- SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#ifndef __USER_PASSWORD_LIB_H__ -#define __USER_PASSWORD_LIB_H__ - -/** - Validate if the password is correct. - - @param[in] Password The user input password. - @param[in] PasswordSize The size of Password in byte. - - @retval EFI_SUCCESS The password is correct. - @retval EFI_SECURITY_VIOLATION The password is incorrect. - @retval EFI_INVALID_PARAMETER The password or size is invalid. - @retval EFI_OUT_OF_RESOURCES Insufficient resources to verify the password. - @retval EFI_ACCESS_DENIED Password retry count reach. -**/ -EFI_STATUS -EFIAPI -VerifyPassword ( - IN CHAR16 *Password, - IN UINTN PasswordSize - ); - -/** - Set a new password. - - @param[in] NewPassword The user input new password. - NULL means clear password. - @param[in] NewPasswordSize The size of NewPassword in byte. - @param[in] OldPassword The user input old password. - NULL means no old password. - @param[in] OldPasswordSize The size of OldPassword in byte. - - @retval EFI_SUCCESS The NewPassword is set successfully. - @retval EFI_SECURITY_VIOLATION The OldPassword is incorrect. - @retval EFI_INVALID_PARAMETER The password or size is invalid. - @retval EFI_OUT_OF_RESOURCES Insufficient resources to set the password. - @retval EFI_ACCESS_DENIED Password retry count reach. - @retval EFI_UNSUPPORTED NewPassword is not strong enough. - @retval EFI_ALREADY_STARTED NewPassword is in history. -**/ -EFI_STATUS -EFIAPI -SetPassword ( - IN CHAR16 *NewPassword, OPTIONAL - IN UINTN NewPasswordSize, - IN CHAR16 *OldPassword, OPTIONAL - IN UINTN OldPasswordSize - ); - -/** - Return if the password is set. - - @retval TRUE The password is set. - @retval FALSE The password is not set. -**/ -BOOLEAN -EFIAPI -IsPasswordInstalled ( - VOID - ); - -#endif diff --git a/DasharoModulePkg/Include/Library/UserPasswordUiLib.h b/DasharoModulePkg/Include/Library/UserPasswordUiLib.h deleted file mode 100644 index 117f480733..0000000000 --- a/DasharoModulePkg/Include/Library/UserPasswordUiLib.h +++ /dev/null @@ -1,37 +0,0 @@ -/** @file - Provides services to do password authentication. - - Copyright (c) 2019, Intel Corporation. All rights reserved.
- SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#ifndef __USER_PASSWORD_UI_LIB_H__ -#define __USER_PASSWORD_UI_LIB_H__ - -/** - Do password authentication. - - @retval EFI_SUCCESS Password authentication pass. -**/ -EFI_STATUS -EFIAPI -UiDoPasswordAuthentication ( - VOID - ); - -/** - Set password verification policy. - - @param[in] NeedReVerify Need re-verify or not. - - @retval EFI_SUCCESS Set verification policy successfully. - @retval EFI_OUT_OF_RESOURCES Insufficient resources to set verification policy. -**/ -EFI_STATUS -EFIAPI -UiSetPasswordVerificationPolicy ( - IN BOOLEAN NeedReVerify - ); - -#endif diff --git a/DasharoModulePkg/Include/PostMemory.fdf b/DasharoModulePkg/Include/PostMemory.fdf index 030dcbe763..f79bf5993e 100644 --- a/DasharoModulePkg/Include/PostMemory.fdf +++ b/DasharoModulePkg/Include/PostMemory.fdf @@ -8,5 +8,3 @@ ## INF UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf -INF UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf -INF UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf diff --git a/DasharoModulePkg/Include/UserAuthFeature.dsc b/DasharoModulePkg/Include/UserAuthFeature.dsc index 2f39a5580c..3a90b252e9 100644 --- a/DasharoModulePkg/Include/UserAuthFeature.dsc +++ b/DasharoModulePkg/Include/UserAuthFeature.dsc @@ -12,30 +12,16 @@ # ## -################################################################################ -# -# Defines Section - statements that will be processed to create a Makefile. -# -################################################################################ -[Defines] - !ifndef $(PEI_ARCH) - !error "PEI_ARCH must be specified to build this feature!" - !endif - !ifndef $(DXE_ARCH) - !error "DXE_ARCH must be specified to build this feature!" - !endif - ################################################################################ # # Library Class section - list of all Library Classes needed by this feature. # ################################################################################ -!include MdePkg/MdeLibs.dsc.inc +#!include MdePkg/MdeLibs.dsc.inc [LibraryClasses] - PlatformPasswordLib|UserAuthFeaturePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf - UserPasswordLib|UserAuthFeaturePkg/Library/UserPasswordLib/UserPasswordLib.inf + PlatformPasswordLib|DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf ################################################################################################### # @@ -59,19 +45,9 @@ # # Feature DXE Components # - -# @todo: Change below line to [Components.$(DXE_ARCH)] after https://bugzilla.tianocore.org/show_bug.cgi?id=2308 -# is completed. [Components.X64] ##################################### # User Authentication Feature Package ##################################### - - # Add library instances here that are not included in package components and should be tested - # in the package build. - UserAuthFeaturePkg/Library/UserPasswordUiLib/UserPasswordUiLib.inf - # Add components here that should be included in the package build. - UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf - UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf - UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf + DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 280a3629fd..9b7194dafc 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -11,7 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause STATIC EFI_GUID mDasharoSystemFeaturesGuid = DASHARO_SYSTEM_FEATURES_FORMSET_GUID; STATIC CHAR16 mVarStoreName[] = L"FeaturesData"; -STATIC CHAR16 mLockBitsEfiVar[] = L"LockBios"; +STATIC CHAR16 mLockBiosEfiVar[] = L"LockBios"; STATIC BOOLEAN mLockBiosDefault = TRUE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { @@ -94,7 +94,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); Status = gRT->GetVariable ( - mLockBitsEfiVar, + mLockBiosEfiVar, &mDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -103,7 +103,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { Status = gRT->SetVariable ( - mLockBitsEfiVar, + mLockBiosEfiVar, &mDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mLockBiosDefault), @@ -304,7 +304,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.LockBios != DasharoFeaturesData.LockBios) { Status = gRT->SetVariable ( - mLockBitsEfiVar, + mLockBiosEfiVar, &mDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.LockBios), diff --git a/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf b/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf index 09b2a5d051..0e6bfe2e5e 100644 --- a/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf +++ b/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf @@ -18,7 +18,7 @@ FILE_GUID = 27417BCA-0CCD-4089-9711-AD069A33C555 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = PlatformPasswordLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER UEFI_APPLICATION + LIBRARY_CLASS = PlatformPasswordLib|DXE_RUNTIME_DRIVER DXE_DRIVER UEFI_APPLICATION CONSTRUCTOR = PlatformPasswordLibNullConstructor # @@ -32,7 +32,7 @@ [Packages] MdePkg/MdePkg.dec - UserAuthFeaturePkg/UserAuthFeaturePkg.dec + DasharoModulePkg/DasharoModulePkg.dec [Pcd] gUserAuthFeaturePkgTokenSpaceGuid.PcdPasswordCleared ## CONSUMES diff --git a/DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.c b/DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.c deleted file mode 100644 index cbaf572378..0000000000 --- a/DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.c +++ /dev/null @@ -1,274 +0,0 @@ -/** @file - UserPasswordLib instance implementation provides services to - set/verify password and return if the password is set. - - Copyright (c) 2019, Intel Corporation. All rights reserved.
- SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include - -#include -#include - -#include -#include -#include -#include - -/** - Initialize the communicate buffer using DataSize and Function. - - @param[out] DataPtr Points to the data in the communicate buffer. - @param[in] DataSize The data size to send to SMM. - @param[in] Function The function number to initialize the communicate header. - - @return Communicate buffer. -**/ -VOID* -UserPasswordLibInitCommunicateBuffer ( - OUT VOID **DataPtr OPTIONAL, - IN UINTN DataSize, - IN UINTN Function - ) -{ - EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; - SMM_PASSWORD_COMMUNICATE_HEADER *SmmPasswordFunctionHeader; - VOID *Buffer; - EDKII_PI_SMM_COMMUNICATION_REGION_TABLE *SmmCommRegionTable; - EFI_MEMORY_DESCRIPTOR *SmmCommMemRegion; - UINTN Index; - UINTN Size; - EFI_STATUS Status; - - Buffer = NULL; - Status = EfiGetSystemConfigurationTable ( - &gEdkiiPiSmmCommunicationRegionTableGuid, - (VOID **) &SmmCommRegionTable - ); - if (EFI_ERROR (Status)) { - return NULL; - } - ASSERT (SmmCommRegionTable != NULL); - SmmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *) (SmmCommRegionTable + 1); - Size = 0; - for (Index = 0; Index < SmmCommRegionTable->NumberOfEntries; Index++) { - if (SmmCommMemRegion->Type == EfiConventionalMemory) { - Size = EFI_PAGES_TO_SIZE ((UINTN) SmmCommMemRegion->NumberOfPages); - if (Size >= (DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER))) { - break; - } - } - SmmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) SmmCommMemRegion + SmmCommRegionTable->DescriptorSize); - } - ASSERT (Index < SmmCommRegionTable->NumberOfEntries); - - Buffer = (VOID*)(UINTN)SmmCommMemRegion->PhysicalStart; - ASSERT (Buffer != NULL); - SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer; - CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gUserAuthenticationGuid); - SmmCommunicateHeader->MessageLength = DataSize + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); - - SmmPasswordFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *) SmmCommunicateHeader->Data; - ZeroMem (SmmPasswordFunctionHeader, DataSize + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER)); - SmmPasswordFunctionHeader->Function = Function; - if (DataPtr != NULL) { - *DataPtr = SmmPasswordFunctionHeader + 1; - } - - return Buffer; -} - -/** - Send the data in communicate buffer to SMM. - - @param[in] Buffer Points to the data in the communicate buffer. - @param[in] DataSize The data size to send to SMM. - - @retval EFI_SUCCESS Success is returned from the function in SMM. - @retval Others Failure is returned from the function in SMM. - -**/ -EFI_STATUS -UserPasswordLibSendCommunicateBuffer ( - IN VOID *Buffer, - IN UINTN DataSize - ) -{ - EFI_STATUS Status; - UINTN CommSize; - EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; - SMM_PASSWORD_COMMUNICATE_HEADER *SmmPasswordFunctionHeader; - EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; - - // - // Locates SMM Communication protocol. - // - Status = gBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &SmmCommunication); - ASSERT_EFI_ERROR (Status); - - CommSize = DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); - - Status = SmmCommunication->Communicate (SmmCommunication, Buffer, &CommSize); - ASSERT_EFI_ERROR (Status); - - SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer; - SmmPasswordFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *)SmmCommunicateHeader->Data; - return SmmPasswordFunctionHeader->ReturnStatus; -} - -/** - Validate if the password is correct. - - @param[in] Password The user input password. - @param[in] PasswordSize The size of Password in byte. - - @retval EFI_SUCCESS The password is correct. - @retval EFI_SECURITY_VIOLATION The password is incorrect. - @retval EFI_INVALID_PARAMETER The password or size is invalid. - @retval EFI_OUT_OF_RESOURCES Insufficient resources to verify the password. - @retval EFI_ACCESS_DENIED Password retry count reach. -**/ -EFI_STATUS -EFIAPI -VerifyPassword ( - IN CHAR16 *Password, - IN UINTN PasswordSize - ) -{ - EFI_STATUS Status; - VOID *Buffer; - SMM_PASSWORD_COMMUNICATE_VERIFY_PASSWORD *VerifyPassword; - - ASSERT (Password != NULL); - - if (PasswordSize > sizeof(VerifyPassword->Password) * sizeof(CHAR16)) { - return EFI_INVALID_PARAMETER; - } - - Buffer = UserPasswordLibInitCommunicateBuffer ( - (VOID**)&VerifyPassword, - sizeof(*VerifyPassword), - SMM_PASSWORD_FUNCTION_VERIFY_PASSWORD - ); - if (Buffer == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - Status = UnicodeStrToAsciiStrS (Password, VerifyPassword->Password, sizeof(VerifyPassword->Password)); - if (EFI_ERROR(Status)) { - goto EXIT; - } - - Status = UserPasswordLibSendCommunicateBuffer (Buffer, sizeof(*VerifyPassword)); - -EXIT: - ZeroMem (VerifyPassword, sizeof(*VerifyPassword)); - return Status; -} - -/** - Set a new password. - - @param[in] NewPassword The user input new password. - NULL means clear password. - @param[in] NewPasswordSize The size of NewPassword in byte. - @param[in] OldPassword The user input old password. - NULL means no old password. - @param[in] OldPasswordSize The size of OldPassword in byte. - - @retval EFI_SUCCESS The NewPassword is set successfully. - @retval EFI_SECURITY_VIOLATION The OldPassword is incorrect. - @retval EFI_INVALID_PARAMETER The password or size is invalid. - @retval EFI_OUT_OF_RESOURCES Insufficient resources to set the password. - @retval EFI_ACCESS_DENIED Password retry count reach. - @retval EFI_UNSUPPORTED NewPassword is not strong enough. - @retval EFI_ALREADY_STARTED NewPassword is in history. -**/ -EFI_STATUS -EFIAPI -SetPassword ( - IN CHAR16 *NewPassword, OPTIONAL - IN UINTN NewPasswordSize, - IN CHAR16 *OldPassword, OPTIONAL - IN UINTN OldPasswordSize - ) -{ - EFI_STATUS Status; - VOID *Buffer; - SMM_PASSWORD_COMMUNICATE_SET_PASSWORD *SetPassword; - - if (NewPasswordSize > sizeof(SetPassword->NewPassword) * sizeof(CHAR16)) { - return EFI_INVALID_PARAMETER; - } - if (OldPasswordSize > sizeof(SetPassword->OldPassword) * sizeof(CHAR16)) { - return EFI_INVALID_PARAMETER; - } - - Buffer = UserPasswordLibInitCommunicateBuffer ( - (VOID**)&SetPassword, - sizeof(*SetPassword), - SMM_PASSWORD_FUNCTION_SET_PASSWORD - ); - if (Buffer == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - if (NewPassword != NULL) { - Status = UnicodeStrToAsciiStrS (NewPassword, SetPassword->NewPassword, sizeof(SetPassword->NewPassword)); - if (EFI_ERROR(Status)) { - goto EXIT; - } - } else { - SetPassword->NewPassword[0] = 0; - } - - if (OldPassword != NULL) { - Status = UnicodeStrToAsciiStrS (OldPassword, SetPassword->OldPassword, sizeof(SetPassword->OldPassword)); - if (EFI_ERROR(Status)) { - goto EXIT; - } - } else { - SetPassword->OldPassword[0] = 0; - } - - Status = UserPasswordLibSendCommunicateBuffer (Buffer, sizeof(*SetPassword)); - -EXIT: - ZeroMem (SetPassword, sizeof(*SetPassword)); - return Status; -} - -/** - Return if the password is set. - - @retval TRUE The password is set. - @retval FALSE The password is not set. -**/ -BOOLEAN -EFIAPI -IsPasswordInstalled ( - VOID - ) -{ - EFI_STATUS Status; - VOID *Buffer; - - Buffer = UserPasswordLibInitCommunicateBuffer ( - NULL, - 0, - SMM_PASSWORD_FUNCTION_IS_PASSWORD_SET - ); - if (Buffer == NULL) { - return FALSE; - } - - Status = UserPasswordLibSendCommunicateBuffer (Buffer, 0); - if (EFI_ERROR (Status)) { - return FALSE; - } - - return TRUE; -} - diff --git a/DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.inf b/DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.inf deleted file mode 100644 index a3124aa443..0000000000 --- a/DasharoModulePkg/Library/UserPasswordLib/UserPasswordLib.inf +++ /dev/null @@ -1,37 +0,0 @@ -## @file -# UserPasswordLib instance provides services to set/verify password -# and return if the password is set. -# -# Copyright (c) 2019, Intel Corporation. All rights reserved.
-# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = UserPasswordLib - FILE_GUID = 422BA58A-F162-4ECC-BD9A-AD84FE940F37 - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - LIBRARY_CLASS = UserPasswordLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER UEFI_APPLICATION - -[Sources] - UserPasswordLib.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - UserAuthFeaturePkg/UserAuthFeaturePkg.dec - -[LibraryClasses] - UefiBootServicesTableLib - DebugLib - UefiLib - BaseMemoryLib - -[Guids] - gUserAuthenticationGuid ## CONSUMES ## GUID - gEdkiiPiSmmCommunicationRegionTableGuid ## CONSUMES ## SystemTable - -[Protocols] - gEfiSmmCommunicationProtocolGuid ## CONSUMES diff --git a/DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.c b/DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.c deleted file mode 100644 index 050bfda63a..0000000000 --- a/DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.c +++ /dev/null @@ -1,522 +0,0 @@ -/** @file - UserPasswordUiLib instance provides services to do password authentication. - - Copyright (c) 2019, Intel Corporation. All rights reserved.
- SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/** - Initialize the communicate buffer using DataSize and Function. - - @param[out] DataPtr Points to the data in the communicate buffer. - @param[in] DataSize The data size to send to SMM. - @param[in] Function The function number to initialize the communicate header. - - @return Communicate buffer. -**/ -VOID* -UserPasswordUiLibInitCommunicateBuffer ( - OUT VOID **DataPtr OPTIONAL, - IN UINTN DataSize, - IN UINTN Function - ) -{ - EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; - SMM_PASSWORD_COMMUNICATE_HEADER *SmmPasswordFunctionHeader; - VOID *Buffer; - EDKII_PI_SMM_COMMUNICATION_REGION_TABLE *SmmCommRegionTable; - EFI_MEMORY_DESCRIPTOR *SmmCommMemRegion; - UINTN Index; - UINTN Size; - EFI_STATUS Status; - - Buffer = NULL; - Status = EfiGetSystemConfigurationTable ( - &gEdkiiPiSmmCommunicationRegionTableGuid, - (VOID **) &SmmCommRegionTable - ); - if (EFI_ERROR (Status)) { - return NULL; - } - ASSERT (SmmCommRegionTable != NULL); - SmmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *) (SmmCommRegionTable + 1); - Size = 0; - for (Index = 0; Index < SmmCommRegionTable->NumberOfEntries; Index++) { - if (SmmCommMemRegion->Type == EfiConventionalMemory) { - Size = EFI_PAGES_TO_SIZE ((UINTN) SmmCommMemRegion->NumberOfPages); - if (Size >= (DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER))) { - break; - } - } - SmmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) SmmCommMemRegion + SmmCommRegionTable->DescriptorSize); - } - ASSERT (Index < SmmCommRegionTable->NumberOfEntries); - - Buffer = (VOID*)(UINTN)SmmCommMemRegion->PhysicalStart; - ASSERT (Buffer != NULL); - SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer; - CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gUserAuthenticationGuid); - SmmCommunicateHeader->MessageLength = DataSize + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); - - SmmPasswordFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *) SmmCommunicateHeader->Data; - ZeroMem (SmmPasswordFunctionHeader, DataSize + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER)); - SmmPasswordFunctionHeader->Function = Function; - if (DataPtr != NULL) { - *DataPtr = SmmPasswordFunctionHeader + 1; - } - - return Buffer; -} - -/** - Send the data in communicate buffer to SMM. - - @param[in] Buffer Points to the data in the communicate buffer. - @param[in] DataSize The data size to send to SMM. - - @retval EFI_SUCCESS Success is returned from the function in SMM. - @retval Others Failure is returned from the function in SMM. - -**/ -EFI_STATUS -UserPasswordUiLibSendCommunicateBuffer ( - IN VOID *Buffer, - IN UINTN DataSize - ) -{ - EFI_STATUS Status; - UINTN CommSize; - EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; - SMM_PASSWORD_COMMUNICATE_HEADER *SmmPasswordFunctionHeader; - EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; - - // - // Locates SMM Communication protocol. - // - Status = gBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &SmmCommunication); - ASSERT_EFI_ERROR (Status); - - CommSize = DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); - - Status = SmmCommunication->Communicate (SmmCommunication, Buffer, &CommSize); - ASSERT_EFI_ERROR (Status); - - SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer; - SmmPasswordFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *)SmmCommunicateHeader->Data; - return SmmPasswordFunctionHeader->ReturnStatus; -} - -/** - Set password verification policy. - - @param[in] NeedReVerify Need re-verify or not. - - @retval EFI_SUCCESS Set verification policy successfully. - @retval EFI_OUT_OF_RESOURCES Insufficient resources to set verification policy. -**/ -EFI_STATUS -EFIAPI -UiSetPasswordVerificationPolicy ( - IN BOOLEAN NeedReVerify - ) -{ - VOID *Buffer; - SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *SetVerifyPolicy; - - Buffer = UserPasswordUiLibInitCommunicateBuffer ( - (VOID**)&SetVerifyPolicy, - sizeof(*SetVerifyPolicy), - SMM_PASSWORD_FUNCTION_SET_VERIFY_POLICY - ); - if (Buffer == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - SetVerifyPolicy->NeedReVerify = NeedReVerify; - - return UserPasswordUiLibSendCommunicateBuffer (Buffer, sizeof(*SetVerifyPolicy)); -} - -/** - Get a user input string. - - @param[in] PopUpString A popup string to inform user. - @param[in, out] UserInput The user input string - @param[in] UserInputMaxLen The max unicode count of the UserInput without NULL terminator. -**/ -EFI_STATUS -GetUserInput ( - IN CHAR16 *PopUpString, - IN OUT CHAR16 *UserInput, - IN UINTN UserInputMaxLen - ) -{ - EFI_INPUT_KEY InputKey; - UINTN InputLength; - CHAR16 *Mask; - - UserInput[0] = 0; - Mask = AllocateZeroPool ((UserInputMaxLen + 1) * sizeof(CHAR16)); - if (Mask == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - InputLength = 0; - - while (TRUE) { - if (InputLength < UserInputMaxLen) { - Mask[InputLength] = L'_'; - } - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &InputKey, - PopUpString, - L"--------------------------------", - Mask, - NULL - ); - if (InputKey.ScanCode == SCAN_NULL) { - // - // Check whether finish inputing password. - // - if (InputKey.UnicodeChar == CHAR_CARRIAGE_RETURN && InputLength > 0) { - // - // Add the null terminator. - // - UserInput[InputLength] = 0; - break; - } else if ((InputKey.UnicodeChar == CHAR_NULL) || - (InputKey.UnicodeChar == CHAR_LINEFEED) || - (InputKey.UnicodeChar == CHAR_CARRIAGE_RETURN) - ) { - continue; - } else { - // - // delete last key entered - // - if (InputKey.UnicodeChar == CHAR_BACKSPACE) { - if (InputLength > 0) { - UserInput[InputLength] = 0; - Mask[InputLength] = 0; - InputLength--; - } - } else { - if (InputLength == UserInputMaxLen) { - Mask[InputLength] = 0; - continue; - } - // - // add Next key entry - // - UserInput[InputLength] = InputKey.UnicodeChar; - Mask[InputLength] = L'*'; - InputLength++; - } - } - } - } - FreePool (Mask); - return EFI_SUCCESS; -} - -/** - Display a message box to end user. - - @param[in] DisplayString The string in message box. -**/ -VOID -MessageBox ( - IN CHAR16 *DisplayString - ) -{ - EFI_INPUT_KEY Key; - - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"", - DisplayString, - L"Press ENTER to continue ...", - L"", - NULL - ); - } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); -} - -/** - Force system reset. -**/ -VOID -ForceSystemReset ( - VOID - ) -{ - MessageBox (L"Password retry count reach, reset system!"); - gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); - CpuDeadLoop(); -} - -/** - Display message for set password. - - @param[in] ReturnStatus The return status for set password. -**/ -VOID -PrintSetPasswordStatus ( - IN EFI_STATUS ReturnStatus - ) -{ - CHAR16 *DisplayString; - CHAR16 *DisplayString2; - - EFI_INPUT_KEY Key; - - if (ReturnStatus == EFI_UNSUPPORTED) { - DisplayString = L"New password is not strong enough!"; - DisplayString2 = L"Password must at least 8 chars and include lowercase, uppercase alphabetic, number and symbol"; - - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"", - DisplayString, - DisplayString2, - L"Press ENTER to continue ...", - L"", - NULL - ); - } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - } else { - if (ReturnStatus == EFI_SUCCESS) { - DisplayString = L"New password is updated successfully!"; - } else if (ReturnStatus == EFI_ALREADY_STARTED) { - DisplayString = L"New password is found in the history passwords!"; - } else { - DisplayString = L"New password update fails!"; - } - - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"", - DisplayString, - L"Press ENTER to continue ...", - L"", - NULL - ); - } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - } -} - -/** - Get password verification policy. - - @param[out] VerifyPolicy Verification policy. - - @retval EFI_SUCCESS Get verification policy successfully. - @retval EFI_OUT_OF_RESOURCES Insufficient resources to get verification policy. -**/ -EFI_STATUS -GetPasswordVerificationPolicy ( - OUT SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *VerifyPolicy - ) -{ - EFI_STATUS Status; - VOID *Buffer; - SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *TempVerifyPolicy; - - Buffer = UserPasswordUiLibInitCommunicateBuffer ( - (VOID**)&TempVerifyPolicy, - sizeof(*TempVerifyPolicy), - SMM_PASSWORD_FUNCTION_GET_VERIFY_POLICY - ); - if (Buffer == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - Status = UserPasswordUiLibSendCommunicateBuffer (Buffer, sizeof(*TempVerifyPolicy)); - if (!EFI_ERROR (Status)) { - CopyMem (VerifyPolicy, TempVerifyPolicy, sizeof (SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY)); - } - - return Status; -} - -/** - Return if the password was verified. - - @retval TRUE The password was verified. - @retval FALSE The password was not verified. -**/ -BOOLEAN -WasPasswordVerified ( - VOID - ) -{ - EFI_STATUS Status; - VOID *Buffer; - - Buffer = UserPasswordUiLibInitCommunicateBuffer ( - NULL, - 0, - SMM_PASSWORD_FUNCTION_WAS_PASSWORD_VERIFIED - ); - if (Buffer == NULL) { - return FALSE; - } - - Status = UserPasswordUiLibSendCommunicateBuffer (Buffer, 0); - if (EFI_ERROR (Status)) { - return FALSE; - } - - return TRUE; -} - -/** - Require user input password. - - @retval TRUE User input correct password successfully. - @retval FALSE The password is not set. -**/ -BOOLEAN -RequireUserPassword ( - VOID - ) -{ - EFI_STATUS Status; - CHAR16 UserInputPw[PASSWORD_MAX_SIZE]; - CHAR16 *PopUpString; - SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY VerifyPolicy; - - Status = EFI_SUCCESS; - ZeroMem(UserInputPw, sizeof(UserInputPw)); - - if (!IsPasswordInstalled ()) { - return FALSE; - } - - Status = GetPasswordVerificationPolicy (&VerifyPolicy); - if (!EFI_ERROR (Status)) { - if (WasPasswordVerified() && (!VerifyPolicy.NeedReVerify)) { - DEBUG ((DEBUG_INFO, "Password was verified and Re-verify is not needed\n")); - return TRUE; - } - } - - PopUpString = L"Please input admin password"; - - while (TRUE) { - gST->ConOut->ClearScreen(gST->ConOut); - GetUserInput (PopUpString, UserInputPw, PASSWORD_MAX_SIZE - 1); - - Status = VerifyPassword (UserInputPw, StrSize(UserInputPw)); - if (!EFI_ERROR(Status)) { - break; - } - if (Status == EFI_ACCESS_DENIED) { - // - // Password retry count reach. - // - ForceSystemReset (); - } - MessageBox (L"Incorrect password!"); - } - - ZeroMem(UserInputPw, sizeof(UserInputPw)); - - gST->ConOut->ClearScreen(gST->ConOut); - - return TRUE; -} - -/** - Set user password. - -**/ -VOID -SetUserPassword ( - VOID - ) -{ - EFI_STATUS Status; - CHAR16 UserInputPw[PASSWORD_MAX_SIZE]; - CHAR16 TmpPassword[PASSWORD_MAX_SIZE]; - CHAR16 *PopUpString; - CHAR16 *PopUpString2; - - ZeroMem(UserInputPw, sizeof(UserInputPw)); - ZeroMem(TmpPassword, sizeof(TmpPassword)); - - PopUpString = L"Please set admin password"; - - while (TRUE) { - gST->ConOut->ClearScreen(gST->ConOut); - GetUserInput (PopUpString, UserInputPw, PASSWORD_MAX_SIZE - 1); - - PopUpString2 = L"Please confirm your new password"; - gST->ConOut->ClearScreen(gST->ConOut); - GetUserInput (PopUpString2, TmpPassword, PASSWORD_MAX_SIZE - 1); - if (StrCmp (TmpPassword, UserInputPw) != 0) { - MessageBox (L"Password are not the same!"); - continue; - } - - Status = SetPassword (UserInputPw, StrSize(UserInputPw), NULL, 0); - PrintSetPasswordStatus (Status); - if (!EFI_ERROR(Status)) { - break; - } - } - - ZeroMem(UserInputPw, sizeof(UserInputPw)); - ZeroMem(TmpPassword, sizeof(TmpPassword)); - - gST->ConOut->ClearScreen(gST->ConOut); -} - -/** - Do password authentication. - - @retval EFI_SUCCESS Password authentication pass. -**/ -EFI_STATUS -EFIAPI -UiDoPasswordAuthentication ( - VOID - ) -{ - BOOLEAN PasswordSet; - - PasswordSet = RequireUserPassword (); - if (PasswordSet) { - DEBUG ((DEBUG_INFO, "Welcome Admin!\n")); - } else { - DEBUG ((DEBUG_INFO, "Admin password is not set!\n")); - if (NeedEnrollPassword()) { - SetUserPassword (); - } - } - - return EFI_SUCCESS; -} - diff --git a/DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.inf b/DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.inf deleted file mode 100644 index 8f6a693d76..0000000000 --- a/DasharoModulePkg/Library/UserPasswordUiLib/UserPasswordUiLib.inf +++ /dev/null @@ -1,41 +0,0 @@ -## @file -# UserPasswordUiLib instance provides services to do password authentication. -# -# Copyright (c) 2019, Intel Corporation. All rights reserved.
-# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = UserPasswordUiLib - FILE_GUID = E2E92636-F511-46BC-A08B-02F815AFA884 - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - LIBRARY_CLASS = UserPasswordUiLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER UEFI_APPLICATION - -[Sources] - UserPasswordUiLib.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - UserAuthFeaturePkg/UserAuthFeaturePkg.dec - -[LibraryClasses] - UefiBootServicesTableLib - UefiRuntimeServicesTableLib - DebugLib - UefiLib - MemoryAllocationLib - BaseMemoryLib - PrintLib - PlatformPasswordLib - UserPasswordLib - -[Guids] - gUserAuthenticationGuid ## CONSUMES ## GUID - gEdkiiPiSmmCommunicationRegionTableGuid ## CONSUMES ## SystemTable - -[Protocols] - gEfiSmmCommunicationProtocolGuid ## CONSUMES diff --git a/DasharoModulePkg/UserAuthFeaturePkg/Readme.md b/DasharoModulePkg/UserAuthFeaturePkg/Readme.md deleted file mode 100644 index b236d2ad30..0000000000 --- a/DasharoModulePkg/UserAuthFeaturePkg/Readme.md +++ /dev/null @@ -1,98 +0,0 @@ -# Overview -* **Feature Name:** User Authentication -* **PI Phase(s) Supported:** DXE -* **SMM Required?** Yes - -## Purpose -This feature provides a user authentication service which includes: -1. An HII form to present a user password prompt. -2. A DXE driver to manage the state of the UI and use the SMM Communicate protocol to manage password data with - the SMM driver. -3. A SMM driver to perform password authentication in an isolated execution environment and manage the password hash - on non-volatile storage in the form of a UEFI variable. - -# High-Level Theory of Operation -*_TODO_* -A description of how the device works at a high-level. - -The description should not be constrained to implementation details but provide a simple mental model of how the -feature is supposed to work. - -## Firmware Volumes -*_TODO_* -A bulleted list of the firmware volumes that feature module(s) are placed in. - -## Modules -*_TODO_* -A bulleted list of the modules that make up the feature. - -## -*_TODO_* -Each module in the feature should have a section that describes the module in a level of detail that is useful -to better understand the module source code. - -## -*_TODO_* -Each library in the feature should have a section that describes the library in a level of detail that is useful -to better understand the library source code. - -## Key Functions -*_TODO_* -A bulleted list of key functions for interacting with the feature. - -Not all features need to be listed. Only functions exposed through external interfaces that are important for feature -users to be aware of. - -## Configuration -*_TODO_* -Information that is useful for configuring the feature. - -Not all configuration options need to be listed. This section is used to provide more background on configuration -options than possible elsewhere. - -## Data Flows -*_TODO_* -Architecturally defined data structures and flows for the feature. - -## Control Flows -*_TODO_* -Key control flows for the feature. - -## Build Flows -*_TODO_* -Any special build flows should be described in this section. - -This is particularly useful for features that use custom build tools or require non-standard tool configuration. If the -standard flow in the feature package template is used, this section may be empty. - -## Test Point Results -*_TODO_* -The test(s) that can verify porting is complete for the feature. - -Each feature must describe at least one test point to verify the feature is successful. If the test point is not -implemented, this should be stated. - -## Functional Exit Criteria -*_TODO_* -The testable functionality for the feature. - -This section should provide an ordered list of criteria that a board integrator can reference to ensure the feature is -functional on their board. - -## Feature Enabling Checklist -*_TODO_* -An ordered list of required activities to achieve desired functionality for the feature. - -## Performance Impact -A general expectation for the impact on overall boot performance due to using this feature. - -This section is expected to provide guidance on: -* How to estimate performance impact due to the feature -* How to measure performance impact of the feature -* How to manage performance impact of the feature - -## Common Optimizations -*_TODO_* -Common size or performance tuning options for this feature. - -This section is recommended but not required. If not used, the contents should be left empty. diff --git a/DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dec b/DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dec deleted file mode 100644 index a9174edd54..0000000000 --- a/DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dec +++ /dev/null @@ -1,49 +0,0 @@ -## @file -# This package provides advanced feature functionality for User Authentication support. -# This package should only depend on EDK II Core packages, IntelSiliconPkg, and MinPlatformPkg. -# -# The DEC files are used by the utilities that parse DSC and -# INF files to generate AutoGen.c and AutoGen.h files -# for the build infrastructure. -# -# Copyright (c) 2019, Intel Corporation. All rights reserved.
-# -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - DEC_SPECIFICATION = 0x00010017 - PACKAGE_NAME = UserAuthFeaturePkg - PACKAGE_GUID = 08737161-3956-422A-9ABD-FCE3C8DBA3D4 - PACKAGE_VERSION = 0.1 - -[Includes] - Include - -[LibraryClasses] - ## @libraryclass Provides a platform-specific method to return the password policy. - PlatformPasswordLib|Include/Library/PlatformPasswordLib.h - - ## @libraryclass Provides services to set/verify the password and return if the password is set. - UserPasswordLib|Include/Library/UserPasswordLib.h - - ## @libraryclass Provides services to perform password authentication. - UserPasswordUiLib|Include/Library/UserPasswordUiLib.h - -[Guids] - gUserAuthFeaturePkgTokenSpaceGuid = {0xa2793a6e, 0x6af1, 0x45c4, {0x88, 0x4d, 0x3d, 0x0c, 0x7a, 0xfe, 0x91, 0xc6}} - - ## Include Include/Guid/UserAuthentication.h - gUserAuthenticationGuid = { 0xee24a7f7, 0x606b, 0x4724, { 0xb3, 0xc9, 0xf5, 0xae, 0x4a, 0x3b, 0x81, 0x65}} - -[PcdsFeatureFlag] - ## This PCD specifies whether StatusCode is reported via USB3 Serial port. - gUserAuthFeaturePkgTokenSpaceGuid.PcdUserAuthenticationFeatureEnable|FALSE|BOOLEAN|0xA0000001 - -[PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] - ## Indicate whether the password is cleared. - # When it is configured to Dynamic or DynamicEx, it can be set through detection using - # a platform-specific method (e.g. Board Jumper set) in a actual platform in early boot phase.

- # @Prompt The password clear status - gUserAuthFeaturePkgTokenSpaceGuid.PcdPasswordCleared|FALSE|BOOLEAN|0xF0000001 diff --git a/DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dsc b/DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dsc deleted file mode 100644 index 8af4dd4cd9..0000000000 --- a/DasharoModulePkg/UserAuthFeaturePkg/UserAuthFeaturePkg.dsc +++ /dev/null @@ -1,47 +0,0 @@ -## @file -# This is a build description file for the User Authentication advanced feature. -# This package should only depend on EDK II Core packages, IntelSiliconPkg, and MinPlatformPkg. -# -# The DEC files are used by the utilities that parse DSC and -# INF files to generate AutoGen.c and AutoGen.h files -# for the build infrastructure. -# -# Copyright (c) 2019, Intel Corporation. All rights reserved.
-# -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - PLATFORM_NAME = UserAuthFeaturePkg - PLATFORM_GUID = E859E721-41C7-46A9-98DE-8C2F29097880 - PLATFORM_VERSION = 0.1 - DSC_SPECIFICATION = 0x00010005 - OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME) - SUPPORTED_ARCHITECTURES = IA32|X64 - BUILD_TARGETS = DEBUG|RELEASE|NOOPT - SKUID_IDENTIFIER = DEFAULT - PEI_ARCH = IA32 - DXE_ARCH = X64 - -[Packages] - MinPlatformPkg/MinPlatformPkg.dec - -# -# MinPlatform common include for required feature PCD -# These PCD must be set before the core include files, CoreCommonLib, -# CorePeiLib, and CoreDxeLib. -# -!include MinPlatformPkg/Include/Dsc/MinPlatformFeaturesPcd.dsc.inc - -# -# Include common libraries -# -!include MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc -!include MinPlatformPkg/Include/Dsc/CorePeiLib.dsc -!include MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc - -# -# This package always builds the feature. -# -!include Include/UserAuthFeature.dsc diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.c b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.c deleted file mode 100644 index b4326d380f..0000000000 --- a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.c +++ /dev/null @@ -1,484 +0,0 @@ -/** @file - This Driver mainly provides Setup Form to change password. - - Copyright (c) 2019, Intel Corporation. All rights reserved.
- SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "UserAuthentication2Dxe.h" - -USER_AUTHENTICATION_PRIVATE_DATA *mUserAuthenticationData = NULL; - -EFI_GUID mUserAuthenticationVendorGuid = USER_AUTHENTICATION_FORMSET_GUID; -HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { - { - { - HARDWARE_DEVICE_PATH, - HW_VENDOR_DP, - { - (UINT8) (sizeof (VENDOR_DEVICE_PATH)), - (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) - } - }, - USER_AUTHENTICATION_FORMSET_GUID - }, - { - END_DEVICE_PATH_TYPE, - END_ENTIRE_DEVICE_PATH_SUBTYPE, - { - (UINT8) (END_DEVICE_PATH_LENGTH), - (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) - } - } -}; - -/** - Display a message box to end user. - - @param[in] DisplayString The string in message box. -**/ -VOID -MessageBox ( - IN CHAR16 *DisplayString - ) -{ - EFI_INPUT_KEY Key; - - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"", - DisplayString, - L"Press ENTER to continue ...", - L"", - NULL - ); - } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); -} - -/** - Force system reset. -**/ -VOID -ForceSystemReset ( - VOID - ) -{ - MessageBox (L"Password retry count reach, reset system!"); - gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); - CpuDeadLoop(); -} - -/** - Display message for set password. - - @param[in] ReturnStatus The return status for set password. -**/ -VOID -PrintSetPasswordStatus ( - IN EFI_STATUS ReturnStatus - ) -{ - CHAR16 *DisplayString; - CHAR16 *DisplayString2; - - EFI_INPUT_KEY Key; - - if (ReturnStatus == EFI_UNSUPPORTED) { - DisplayString = L"New password is not strong enough!"; - DisplayString2 = L"Password must at least 8 chars and include lowercase, uppercase alphabetic, number and symbol"; - - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"", - DisplayString, - DisplayString2, - L"Press ENTER to continue ...", - L"", - NULL - ); - } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - } else { - if (ReturnStatus == EFI_SUCCESS) { - DisplayString = L"New password is updated successfully!"; - } else if (ReturnStatus == EFI_ALREADY_STARTED) { - DisplayString = L"New password is found in the history passwords!"; - } else { - DisplayString = L"New password update fails!"; - } - - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"", - DisplayString, - L"Press ENTER to continue ...", - L"", - NULL - ); - } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - } -} - -/** - This function allows a caller to extract the current configuration for one - or more named elements from the target driver. - - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. - @param Request A null-terminated Unicode string in - format. - @param Progress On return, points to a character in the Request - string. Points to the string's null terminator if - request was successful. Points to the most recent - '&' before the first failing name/value pair (or - the beginning of the string if the failure is in - the first name/value pair) if the request was not - successful. - @param Results A null-terminated Unicode string in - format which has all values filled - in for the names in the Request string. String to - be allocated by the called function. - - @retval EFI_SUCCESS The Results is filled with the requested values. - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. - @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. - @retval EFI_NOT_FOUND Routing data doesn't match any storage in this - driver. - -**/ -EFI_STATUS -EFIAPI -ExtractConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Request, - OUT EFI_STRING *Progress, - OUT EFI_STRING *Results - ) -{ - if (Progress == NULL || Results == NULL) { - return EFI_INVALID_PARAMETER; - } - *Progress = Request; - return EFI_NOT_FOUND; -} - - -/** - This function processes the results of changes in configuration. - - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. - @param Configuration A null-terminated Unicode string in - format. - @param Progress A pointer to a string filled in with the offset of - the most recent '&' before the first failing - name/value pair (or the beginning of the string if - the failure is in the first name/value pair) or - the terminating NULL if all was successful. - - @retval EFI_SUCCESS The Results is processed successfully. - @retval EFI_INVALID_PARAMETER Configuration is NULL. - @retval EFI_NOT_FOUND Routing data doesn't match any storage in this - driver. - -**/ -EFI_STATUS -EFIAPI -RouteConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Configuration, - OUT EFI_STRING *Progress - ) -{ - if (Configuration == NULL || Progress == NULL) { - return EFI_INVALID_PARAMETER; - } - - *Progress = Configuration; - - return EFI_NOT_FOUND; -} - -/** - HII update Admin Password status. - -**/ -VOID -HiiUpdateAdminPasswordStatus ( - VOID - ) -{ - if (IsPasswordInstalled ()) { - HiiSetString ( - mUserAuthenticationData->HiiHandle, - STRING_TOKEN (STR_ADMIN_PASSWORD_STS_CONTENT), - L"Installed", - NULL - ); - } else { - HiiSetString ( - mUserAuthenticationData->HiiHandle, - STRING_TOKEN (STR_ADMIN_PASSWORD_STS_CONTENT), - L"Not Installed", - NULL - ); - } -} - -/** - This function processes the results of changes in configuration. - - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. - @param Action Specifies the type of action taken by the browser. - @param QuestionId A unique value which is sent to the original - exporting driver so that it can identify the type - of data to expect. - @param Type The type of value for the question. - @param Value A pointer to the data being sent to the original - exporting driver. - @param ActionRequest On return, points to the action requested by the - callback function. - - @retval EFI_SUCCESS The callback successfully handled the action. - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the - variable and its data. - @retval EFI_DEVICE_ERROR The variable could not be saved. - @retval EFI_UNSUPPORTED The specified Action is not supported by the - callback. - -**/ -EFI_STATUS -EFIAPI -UserAuthenticationCallback ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value, - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest - ) -{ - EFI_STATUS Status; - CHAR16 *UserInputPassword; - - Status = EFI_SUCCESS; - - if (((Value == NULL) && (Action != EFI_BROWSER_ACTION_FORM_OPEN) && (Action != EFI_BROWSER_ACTION_FORM_CLOSE)) || - (ActionRequest == NULL)) { - return EFI_INVALID_PARAMETER; - } - - switch (Action) { - case EFI_BROWSER_ACTION_FORM_OPEN: - { - switch (QuestionId) { - case ADMIN_PASSWORD_KEY_ID: - HiiUpdateAdminPasswordStatus (); - default: - break; - } - } - break; - case EFI_BROWSER_ACTION_CHANGING: - { - switch (QuestionId) { - case ADMIN_PASSWORD_KEY_ID: - if ((Type == EFI_IFR_TYPE_STRING) && (Value->string == 0) && - (mUserAuthenticationData->PasswordState == BROWSER_STATE_SET_PASSWORD)) { - mUserAuthenticationData->PasswordState = BROWSER_STATE_VALIDATE_PASSWORD; - ZeroMem (mUserAuthenticationData->OldPassword, sizeof(mUserAuthenticationData->OldPassword)); - return EFI_INVALID_PARAMETER; - } - // - // The Callback is responsible for validating old password input by user, - // If Callback return EFI_SUCCESS, it indicates validation pass. - // - switch (mUserAuthenticationData->PasswordState) { - case BROWSER_STATE_VALIDATE_PASSWORD: - UserInputPassword = HiiGetString (mUserAuthenticationData->HiiHandle, Value->string, NULL); - if (UserInputPassword == NULL) { - return EFI_UNSUPPORTED; - } - if ((StrLen (UserInputPassword) >= PASSWORD_MAX_SIZE)) { - Status = EFI_NOT_READY; - break; - } - if (UserInputPassword[0] == 0) { - // - // Setup will use an empty password to check whether the old password is set, - // If the validation is successful, means there is no old password, return - // success to set the new password. Or need to return EFI_NOT_READY to - // let user input the old password. - // - Status = VerifyPassword (UserInputPassword, StrSize (UserInputPassword)); - if (Status == EFI_SUCCESS) { - mUserAuthenticationData->PasswordState = BROWSER_STATE_SET_PASSWORD; - } else { - Status = EFI_NOT_READY; - } - break; - } - Status = VerifyPassword (UserInputPassword, StrSize (UserInputPassword)); - if (Status == EFI_SUCCESS) { - mUserAuthenticationData->PasswordState = BROWSER_STATE_SET_PASSWORD; - StrCpyS ( - mUserAuthenticationData->OldPassword, - sizeof(mUserAuthenticationData->OldPassword)/sizeof(CHAR16), - UserInputPassword - ); - } else { - // - // Old password mismatch, return EFI_NOT_READY to prompt for error message. - // - if (Status == EFI_ACCESS_DENIED) { - // - // Password retry count reach. - // - ForceSystemReset (); - } - Status = EFI_NOT_READY; - } - break; - - case BROWSER_STATE_SET_PASSWORD: - UserInputPassword = HiiGetString (mUserAuthenticationData->HiiHandle, Value->string, NULL); - if (UserInputPassword == NULL) { - return EFI_UNSUPPORTED; - } - if ((StrLen (UserInputPassword) >= PASSWORD_MAX_SIZE)) { - Status = EFI_NOT_READY; - break; - } - Status = SetPassword (UserInputPassword, StrSize (UserInputPassword), mUserAuthenticationData->OldPassword, StrSize(mUserAuthenticationData->OldPassword)); - PrintSetPasswordStatus (Status); - ZeroMem (mUserAuthenticationData->OldPassword, sizeof(mUserAuthenticationData->OldPassword)); - mUserAuthenticationData->PasswordState = BROWSER_STATE_VALIDATE_PASSWORD; - HiiUpdateAdminPasswordStatus (); - break; - - default: - break; - } - default: - break; - } - } - break; - default: - break; - } - return Status; -} - -/** - User Authentication entry point. - - @param ImageHandle The image handle. - @param SystemTable The system table. - - @retval EFI_SUCCESS The entry point is executed successfully. - @return other Contain some other errors. - -**/ -EFI_STATUS -EFIAPI -UserAuthentication2Entry ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - EFI_STATUS Status; - EFI_HANDLE DriverHandle; - EFI_HII_HANDLE HiiHandle; - - DriverHandle = NULL; - - mUserAuthenticationData = AllocateZeroPool (sizeof (USER_AUTHENTICATION_PRIVATE_DATA)); - if (mUserAuthenticationData == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - mUserAuthenticationData->ConfigAccess.ExtractConfig = ExtractConfig; - mUserAuthenticationData->ConfigAccess.RouteConfig = RouteConfig; - mUserAuthenticationData->ConfigAccess.Callback = UserAuthenticationCallback; - mUserAuthenticationData->PasswordState = BROWSER_STATE_VALIDATE_PASSWORD; - - // - // Install Config Access protocol to driver handle. - // - Status = gBS->InstallMultipleProtocolInterfaces ( - &DriverHandle, - &gEfiDevicePathProtocolGuid, - &mHiiVendorDevicePath, - &gEfiHiiConfigAccessProtocolGuid, - &mUserAuthenticationData->ConfigAccess, - NULL - ); - ASSERT_EFI_ERROR (Status); - mUserAuthenticationData->DriverHandle = DriverHandle; - - // - // Add HII data to database. - // - HiiHandle = HiiAddPackages ( - &mUserAuthenticationVendorGuid, - DriverHandle, - UserAuthentication2DxeStrings, - UserAuthenticationDxeVfrBin, - NULL - ); - if (HiiHandle == NULL) { - return EFI_OUT_OF_RESOURCES; - } - mUserAuthenticationData->HiiHandle = HiiHandle; - - return EFI_SUCCESS; -} - -/** - Unloads the application and its installed protocol. - - @param[in] ImageHandle Handle that identifies the image to be unloaded. - - @retval EFI_SUCCESS The image has been unloaded. -**/ -EFI_STATUS -EFIAPI -UserAuthentication2Unload ( - IN EFI_HANDLE ImageHandle - ) -{ - ASSERT (mUserAuthenticationData != NULL); - - // - // Uninstall Config Access Protocol. - // - if (mUserAuthenticationData->DriverHandle != NULL) { - gBS->UninstallMultipleProtocolInterfaces ( - mUserAuthenticationData->DriverHandle, - &gEfiDevicePathProtocolGuid, - &mHiiVendorDevicePath, - &gEfiHiiConfigAccessProtocolGuid, - &mUserAuthenticationData->ConfigAccess, - NULL - ); - mUserAuthenticationData->DriverHandle = NULL; - } - - // - // Remove Hii Data. - // - if (mUserAuthenticationData->HiiHandle != NULL) { - HiiRemovePackages (mUserAuthenticationData->HiiHandle); - } - - FreePool (mUserAuthenticationData); - mUserAuthenticationData = NULL; - - return EFI_SUCCESS; -} - diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.h b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.h deleted file mode 100644 index 3b7fba026d..0000000000 --- a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.h +++ /dev/null @@ -1,55 +0,0 @@ -/** @file - Header file for UserAuthentication2Dxe. - - Copyright (c) 2019, Intel Corporation. All rights reserved.
- SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#ifndef _USER_AUTHENTICATION_DXE_H_ -#define _USER_AUTHENTICATION_DXE_H_ - - -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "UserAuthenticationDxeFormset.h" - -extern UINT8 UserAuthenticationDxeVfrBin[]; -extern UINT8 UserAuthentication2DxeStrings[]; - -typedef struct { - EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; - EFI_HANDLE DriverHandle; - EFI_HII_HANDLE HiiHandle; - UINT8 PasswordState; - CHAR16 OldPassword[PASSWORD_MAX_SIZE]; -} USER_AUTHENTICATION_PRIVATE_DATA; - -#pragma pack(1) -/// -/// HII specific Vendor Device Path definition. -/// -typedef struct { - VENDOR_DEVICE_PATH VendorDevicePath; - EFI_DEVICE_PATH_PROTOCOL End; -} HII_VENDOR_DEVICE_PATH; -#pragma pack() - -#endif diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf deleted file mode 100644 index c47e20f052..0000000000 --- a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf +++ /dev/null @@ -1,52 +0,0 @@ -## @file -# User Authentication 2 Dxe Driver. -# -# This Driver mainly provides Setup Form to change password. -# -# Copyright (c) 2019, Intel Corporation. All rights reserved.
-# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = UserAuthentication2Dxe - FILE_GUID = 4EF592F4-C716-40CC-8C07-1E4E3BD71F11 - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 2.0 - ENTRY_POINT = UserAuthentication2Entry - UNLOAD_IMAGE = UserAuthentication2Unload -[Sources] - UserAuthentication2Dxe.c - UserAuthentication2Dxe.h - UserAuthenticationDxeFormset.h - UserAuthenticationDxeVfr.vfr - UserAuthenticationDxeStrings.uni - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - UserAuthFeaturePkg/UserAuthFeaturePkg.dec - -[LibraryClasses] - BaseLib - UefiBootServicesTableLib - UefiDriverEntryPoint - UefiRuntimeServicesTableLib - BaseMemoryLib - DebugLib - UefiLib - HiiLib - DevicePathLib - MemoryAllocationLib - UserPasswordLib - -[Protocols] - gEfiDevicePathProtocolGuid ## PRODUCES - gEfiHiiConfigAccessProtocolGuid ## PRODUCES - -[Depex] - gEfiSimpleTextOutProtocolGuid AND - gEfiSmmCommunicationProtocolGuid AND - gEfiVariableArchProtocolGuid AND - gEfiVariableWriteArchProtocolGuid diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.c b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.c index bba2057a96..ba99549e45 100644 --- a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.c +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.c @@ -12,7 +12,6 @@ EFI_EVENT mExitBootServicesEvent = NULL; EFI_RSC_HANDLER_PROTOCOL *mRscHandlerProtocol = NULL; USER_AUTHENTICATION_PRIVATE_DATA *mUserAuthenticationData = NULL; -EFI_SMM_COMMUNICATION_PROTOCOL *mSmmCommunication = NULL; EFI_GUID mUserAuthenticationVendorGuid = USER_AUTHENTICATION_FORMSET_GUID; HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { @@ -225,7 +224,7 @@ RequireUserPassword ( EFI_STATUS Status; CHAR16 UserInputPw[PASSWORD_MAX_SIZE]; CHAR16 *PopUpString; - SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY VerifyPolicy; + PASSWORD_COMMUNICATE_VERIFY_POLICY VerifyPolicy; Status = EFI_SUCCESS; ZeroMem(UserInputPw, sizeof(UserInputPw)); @@ -726,12 +725,6 @@ UserAuthenticationEntry ( ); ASSERT_EFI_ERROR (Status); - // - // Locates SMM Communication protocol. - // - Status = gBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &mSmmCommunication); - ASSERT_EFI_ERROR (Status); - return EFI_SUCCESS; } diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.h b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.h index e183424f35..86694ad15c 100644 --- a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.h +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.h @@ -12,11 +12,9 @@ #include #include -#include #include #include -#include #include #include @@ -33,10 +31,10 @@ #include #include "UserAuthenticationDxeFormset.h" +#include "KeyService.h" extern UINT8 UserAuthenticationDxeVfrBin[]; extern UINT8 UserAuthenticationDxeStrings[]; -extern EFI_SMM_COMMUNICATION_PROTOCOL *mSmmCommunication; typedef struct { EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; @@ -121,7 +119,7 @@ IsPasswordInstalled ( **/ EFI_STATUS GetPasswordVerificationPolicy ( - OUT SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *VerifyPolicy + OUT PASSWORD_COMMUNICATE_VERIFY_POLICY *VerifyPolicy ); /** diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf index bee46a1af2..bc8f97538e 100644 --- a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf @@ -24,11 +24,14 @@ UserAuthenticationDxeFormset.h UserAuthenticationDxeVfr.vfr UserAuthenticationDxeStrings.uni + KeyService.c + KeyService.h [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec - UserAuthFeaturePkg/UserAuthFeaturePkg.dec + CryptoPkg/CryptoPkg.dec + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] BaseLib @@ -38,6 +41,7 @@ BaseMemoryLib DebugLib UefiLib + BaseCryptLib HiiLib DevicePathLib MemoryAllocationLib @@ -47,16 +51,14 @@ [Guids] gUserAuthenticationGuid ## CONSUMES ## GUID gEfiEventExitBootServicesGuid ## CONSUMES ## Event - gEdkiiPiSmmCommunicationRegionTableGuid ## CONSUMES ## SystemTable + gEfiIfrFrontPageGuid ## CONSUMES ## GUID (Indicate the formset in this library need to display in which page) [Protocols] gEfiRscHandlerProtocolGuid ## CONSUMES gEfiDevicePathProtocolGuid ## PRODUCES gEfiHiiConfigAccessProtocolGuid ## PRODUCES - gEfiSmmCommunicationProtocolGuid ## CONSUMES [Depex] gEfiSimpleTextOutProtocolGuid AND - gEfiSmmCommunicationProtocolGuid AND gEfiVariableArchProtocolGuid AND gEfiVariableWriteArchProtocolGuid diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxePassword.c b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxePassword.c index 6e1fedfab7..24fcdeea0f 100644 --- a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxePassword.c +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxePassword.c @@ -8,98 +8,397 @@ #include "UserAuthenticationDxe.h" +UINTN mAdminPasswordTryCount = 0; + +BOOLEAN mNeedReVerify = TRUE; +BOOLEAN mPasswordVerified = FALSE; + /** - Initialize the communicate buffer using DataSize and Function. + Verify if the password is correct. - @param[out] DataPtr Points to the data in the communicate buffer. - @param[in] DataSize The data size to send to SMM. - @param[in] Function The function number to initialize the communicate header. + @param[in] Password The user input password. + @param[in] PasswordSize The size of Password in byte. + @param[in] UserPasswordVarStruct The storage of password in variable. - @return Communicate buffer. + @retval EFI_SUCCESS The password is correct. + @retval EFI_SECURITY_VIOLATION The password is incorrect. **/ -VOID* -InitCommunicateBuffer ( - OUT VOID **DataPtr OPTIONAL, - IN UINTN DataSize, - IN UINTN Function +EFI_STATUS +CheckPassword ( + IN CHAR8 *Password, + IN UINTN PasswordSize, + IN USER_PASSWORD_VAR_STRUCT *UserPasswordVarStruct ) { - EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; - SMM_PASSWORD_COMMUNICATE_HEADER *SmmPasswordFunctionHeader; - VOID *Buffer; - EDKII_PI_SMM_COMMUNICATION_REGION_TABLE *SmmCommRegionTable; - EFI_MEMORY_DESCRIPTOR *SmmCommMemRegion; - UINTN Index; - UINTN Size; - EFI_STATUS Status; - - Buffer = NULL; - Status = EfiGetSystemConfigurationTable ( - &gEdkiiPiSmmCommunicationRegionTableGuid, - (VOID **) &SmmCommRegionTable + BOOLEAN HashOk; + UINT8 HashData[PASSWORD_HASH_SIZE]; + + HashOk = KeyLibGeneratePBKDF2Hash ( + HASH_TYPE_SHA256, + (UINT8 *)Password, + PasswordSize, + UserPasswordVarStruct->PasswordSalt, + sizeof(UserPasswordVarStruct->PasswordSalt), + HashData, + sizeof(HashData) ); + if (!HashOk) { + return EFI_DEVICE_ERROR; + } + if (KeyLibSlowCompareMem (UserPasswordVarStruct->PasswordHash, HashData, PASSWORD_HASH_SIZE) == 0) { + return EFI_SUCCESS; + } else { + return EFI_SECURITY_VIOLATION; + } +} + +/** + Get hash data of password from non-volatile variable region. + + @param[in] UserGuid The user GUID of the password variable. + @param[in] Index The index of the password. + 0 means current password. + Non-0 means the password history. + @param[out] UserPasswordVarStruct The storage of password in variable. + + @retval EFI_SUCCESS The password hash is returned successfully. + @retval EFI_NOT_FOUND The password hash is not found. +**/ +EFI_STATUS +GetPasswordHashFromVariable ( + IN EFI_GUID *UserGuid, + IN UINTN Index, + OUT USER_PASSWORD_VAR_STRUCT *UserPasswordVarStruct + ) +{ + UINTN DataSize; + CHAR16 PasswordName[sizeof(USER_AUTHENTICATION_VAR_NAME)/sizeof(CHAR16) + 5]; + + if (Index != 0) { + UnicodeSPrint (PasswordName, sizeof (PasswordName), L"%s%04x", USER_AUTHENTICATION_VAR_NAME, Index); + } else { + UnicodeSPrint (PasswordName, sizeof (PasswordName), L"%s", USER_AUTHENTICATION_VAR_NAME); + } + + DataSize = sizeof(*UserPasswordVarStruct); + return gRT->GetVariable ( + PasswordName, + UserGuid, + NULL, + &DataSize, + UserPasswordVarStruct + ); +} + +/** + Save password hash data to non-volatile variable region. + + @param[in] UserGuid The user GUID of the password variable. + @param[in] UserPasswordVarStruct The storage of password in variable. + + @retval EFI_SUCCESS The password hash is saved successfully. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to save the password hash. +**/ +EFI_STATUS +SavePasswordHashToVariable ( + IN EFI_GUID *UserGuid, + IN USER_PASSWORD_VAR_STRUCT *UserPasswordVarStruct + ) +{ + EFI_STATUS Status; + + if (UserPasswordVarStruct == NULL) { + Status = gRT->SetVariable ( + USER_AUTHENTICATION_VAR_NAME, + UserGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + 0, + NULL + ); + } else { + Status = gRT->SetVariable ( + USER_AUTHENTICATION_VAR_NAME, + UserGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof(*UserPasswordVarStruct), + UserPasswordVarStruct + ); + } if (EFI_ERROR (Status)) { - return NULL; - } - ASSERT (SmmCommRegionTable != NULL); - SmmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *) (SmmCommRegionTable + 1); - Size = 0; - for (Index = 0; Index < SmmCommRegionTable->NumberOfEntries; Index++) { - if (SmmCommMemRegion->Type == EfiConventionalMemory) { - Size = EFI_PAGES_TO_SIZE ((UINTN) SmmCommMemRegion->NumberOfPages); - if (Size >= (DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER))) { - break; - } + DEBUG ((DEBUG_ERROR, "SavePasswordHashToVariable fails with %r\n", Status)); + } + + return Status; +} + +/** + Save old password hash data to non-volatile variable region as history. + + The number of password history variable is limited. + If all the password history variables are used, the new password history + will override the oldest one. + + @param[in] UserGuid The user GUID of the password variable. + @param[in] UserPasswordVarStruct The storage of password in variable. + + @retval EFI_SUCCESS The password hash is saved successfully. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to save the password hash. +**/ +EFI_STATUS +SaveOldPasswordToHistory ( + IN EFI_GUID *UserGuid, + IN USER_PASSWORD_VAR_STRUCT *UserPasswordVarStruct + ) +{ + EFI_STATUS Status; + UINTN DataSize; + UINT32 LastIndex; + CHAR16 PasswordName[sizeof(USER_AUTHENTICATION_VAR_NAME)/sizeof(CHAR16) + 5]; + + DEBUG ((DEBUG_INFO, "SaveOldPasswordToHistory\n")); + + DataSize = sizeof(LastIndex); + Status = gRT->GetVariable ( + USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME, + UserGuid, + NULL, + &DataSize, + &LastIndex + ); + if (EFI_ERROR(Status)) { + LastIndex = 0; + } + if (LastIndex >= PASSWORD_HISTORY_CHECK_COUNT) { + LastIndex = 0; + } + + LastIndex ++; + UnicodeSPrint (PasswordName, sizeof (PasswordName), L"%s%04x", USER_AUTHENTICATION_VAR_NAME, LastIndex); + + + Status = gRT->SetVariable ( + PasswordName, + UserGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof(*UserPasswordVarStruct), + UserPasswordVarStruct + ); + DEBUG ((DEBUG_INFO, " -- to %s, %r\n", PasswordName, Status)); + if (!EFI_ERROR(Status)) { + Status = gRT->SetVariable ( + USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME, + UserGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof(LastIndex), + &LastIndex + ); + DEBUG ((DEBUG_INFO, " LastIndex - 0x%04x, %r\n", LastIndex, Status)); + } + + return Status; +} + +/** + Calculate password hash data and save it to non-volatile variable region. + + @param[in] UserGuid The user GUID of the password variable. + @param[in] Password The user input password. + NULL means delete the password variable. + @param[in] PasswordSize The size of Password in byte. + + @retval EFI_SUCCESS The password hash is calculated and saved. + @retval EFI_OUT_OF_RESOURCES Insufficient resources to save the password hash. +**/ +EFI_STATUS +SavePasswordToVariable ( + IN EFI_GUID *UserGuid, + IN CHAR8 *Password, OPTIONAL + IN UINTN PasswordSize + ) +{ + EFI_STATUS Status; + USER_PASSWORD_VAR_STRUCT UserPasswordVarStruct; + BOOLEAN HashOk; + + // + // If password is NULL, it means we want to clean password field saved in variable region. + // + if (Password != NULL) { + KeyLibGenerateSalt (UserPasswordVarStruct.PasswordSalt, sizeof(UserPasswordVarStruct.PasswordSalt)); + HashOk = KeyLibGeneratePBKDF2Hash ( + HASH_TYPE_SHA256, + (UINT8 *)Password, + PasswordSize, + UserPasswordVarStruct.PasswordSalt, + sizeof(UserPasswordVarStruct.PasswordSalt), + UserPasswordVarStruct.PasswordHash, + sizeof(UserPasswordVarStruct.PasswordHash) + ); + if (!HashOk) { + return EFI_DEVICE_ERROR; + } + Status = SavePasswordHashToVariable (UserGuid, &UserPasswordVarStruct); + // + // Save Password data to history variable + // + if (!EFI_ERROR(Status)) { + SaveOldPasswordToHistory (UserGuid, &UserPasswordVarStruct); } - SmmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) SmmCommMemRegion + SmmCommRegionTable->DescriptorSize); + } else { + Status = SavePasswordHashToVariable (UserGuid, NULL); } - ASSERT (Index < SmmCommRegionTable->NumberOfEntries); - Buffer = (VOID*)(UINTN)SmmCommMemRegion->PhysicalStart; - ASSERT (Buffer != NULL); - SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer; - CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gUserAuthenticationGuid); - SmmCommunicateHeader->MessageLength = DataSize + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); + return Status; +} - SmmPasswordFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *) SmmCommunicateHeader->Data; - ZeroMem (SmmPasswordFunctionHeader, DataSize + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER)); - SmmPasswordFunctionHeader->Function = Function; - if (DataPtr != NULL) { - *DataPtr = SmmPasswordFunctionHeader + 1; +/** + Verify the password. + If the password variable does not exist, it passes the verification. + If the password variable exists, it does verification based upon password variable. + + @param[in] UserGuid The user GUID of the password variable. + @param[in] Password The user input password. + @param[in] PasswordSize The size of Password in byte. + + @retval TRUE The verification passes. + @retval FALSE The verification fails. +**/ +BOOLEAN +IsPasswordVerified ( + IN EFI_GUID *UserGuid, + IN CHAR8 *Password, + IN UINTN PasswordSize + ) +{ + USER_PASSWORD_VAR_STRUCT UserPasswordVarStruct; + EFI_STATUS Status; + UINTN *PasswordTryCount; + + PasswordTryCount = &mAdminPasswordTryCount; + + Status = GetPasswordHashFromVariable (UserGuid, 0, &UserPasswordVarStruct); + if (EFI_ERROR(Status)) { + return TRUE; } - return Buffer; + // + // Old password exists + // + Status = CheckPassword (Password, PasswordSize, &UserPasswordVarStruct); + if (EFI_ERROR(Status)) { + if (Password[0] != 0) { + *PasswordTryCount = *PasswordTryCount + 1; + } + return FALSE; + } + + return TRUE; } /** - Send the data in communicate buffer to SMM. + Return if the password is set. + + @param[in] UserGuid The user GUID of the password variable. - @param[in] Buffer Points to the data in the communicate buffer. - @param[in] DataSize The data size to send to SMM. + @retval TRUE The password is set. + @retval FALSE The password is not set. +**/ +BOOLEAN +IsPasswordSet ( + IN EFI_GUID *UserGuid + ) +{ + USER_PASSWORD_VAR_STRUCT UserPasswordVarStruct; + EFI_STATUS Status; - @retval EFI_SUCCESS Success is returned from the function in SMM. - @retval Others Failure is returned from the function in SMM. + Status = GetPasswordHashFromVariable(UserGuid, 0, &UserPasswordVarStruct); + if (EFI_ERROR(Status)) { + return FALSE; + } + return TRUE; +} +/** + Return if the password is strong. + Criteria: + 1) length >= PASSWORD_MIN_SIZE + 2) include lower case, upper case, number, symbol. + + @param[in] Password The user input password. + @param[in] PasswordSize The size of Password in byte. + + @retval TRUE The password is strong. + @retval FALSE The password is weak. **/ -EFI_STATUS -SendCommunicateBuffer ( - IN VOID *Buffer, - IN UINTN DataSize +BOOLEAN +IsPasswordStrong ( + IN CHAR8 *Password, + IN UINTN PasswordSize ) { - EFI_STATUS Status; - UINTN CommSize; - EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; - SMM_PASSWORD_COMMUNICATE_HEADER *SmmPasswordFunctionHeader; + UINTN Index; + BOOLEAN HasLowerCase; + BOOLEAN HasUpperCase; + BOOLEAN HasNumber; + BOOLEAN HasSymbol; - CommSize = DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); + if (PasswordSize < PASSWORD_MIN_SIZE) { + return FALSE; + } - Status = mSmmCommunication->Communicate (mSmmCommunication, Buffer, &CommSize); - ASSERT_EFI_ERROR (Status); + HasLowerCase = FALSE; + HasUpperCase = FALSE; + HasNumber = FALSE; + HasSymbol = FALSE; + for (Index = 0; Index < PasswordSize - 1; Index++) { + if (Password[Index] >= 'a' && Password[Index] <= 'z') { + HasLowerCase = TRUE; + } else if (Password[Index] >= 'A' && Password[Index] <= 'Z') { + HasUpperCase = TRUE; + } else if (Password[Index] >= '0' && Password[Index] <= '9') { + HasNumber = TRUE; + } else { + HasSymbol = TRUE; + } + } + if ((!HasLowerCase) || (!HasUpperCase) || (!HasNumber) || (!HasSymbol)) { + return FALSE; + } + return TRUE; +} + +/** + Return if the password is set before in PASSWORD_HISTORY_CHECK_COUNT. - SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer; - SmmPasswordFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *)SmmCommunicateHeader->Data; - return SmmPasswordFunctionHeader->ReturnStatus; + @param[in] UserGuid The user GUID of the password variable. + @param[in] Password The user input password. + @param[in] PasswordSize The size of Password in byte. + + @retval TRUE The password is set before. + @retval FALSE The password is not set before. +**/ +BOOLEAN +IsPasswordInHistory ( + IN EFI_GUID *UserGuid, + IN CHAR8 *Password, + IN UINTN PasswordSize + ) +{ + EFI_STATUS Status; + USER_PASSWORD_VAR_STRUCT UserPasswordVarStruct; + UINTN Index; + + for (Index = 1; Index <= PASSWORD_HISTORY_CHECK_COUNT; Index++) { + Status = GetPasswordHashFromVariable (UserGuid, Index, &UserPasswordVarStruct); + if (!EFI_ERROR(Status)) { + Status = CheckPassword (Password, PasswordSize, &UserPasswordVarStruct); + if (!EFI_ERROR(Status)) { + return TRUE; + } + } + } + + return FALSE; } /** @@ -111,7 +410,6 @@ SendCommunicateBuffer ( @retval EFI_SUCCESS The password is correct. @retval EFI_SECURITY_VIOLATION The password is incorrect. @retval EFI_INVALID_PARAMETER The password or size is invalid. - @retval EFI_OUT_OF_RESOURCES Insufficient resources to verify the password. @retval EFI_ACCESS_DENIED Password retry count reach. **/ EFI_STATUS @@ -120,34 +418,54 @@ VerifyPassword ( IN UINTN PasswordSize ) { - EFI_STATUS Status; - VOID *Buffer; - SMM_PASSWORD_COMMUNICATE_VERIFY_PASSWORD *VerifyPassword; - - ASSERT (Password != NULL); + EFI_STATUS Status; + UINTN *PasswordTryCount; + UINTN PasswordLen; + EFI_GUID *UserGuid; + CHAR8 AsciiPassword[PASSWORD_MAX_SIZE]; - if (PasswordSize > sizeof(VerifyPassword->Password) * sizeof(CHAR16)) { - return EFI_INVALID_PARAMETER; + Status = UnicodeStrToAsciiStrS (Password, AsciiPassword, sizeof(AsciiPassword)); + if (EFI_ERROR(Status)) { + goto EXIT; } - Buffer = InitCommunicateBuffer ( - (VOID**)&VerifyPassword, - sizeof(*VerifyPassword), - SMM_PASSWORD_FUNCTION_VERIFY_PASSWORD - ); - if (Buffer == NULL) { - return EFI_OUT_OF_RESOURCES; - } + PasswordLen = 0; + PasswordTryCount = &mAdminPasswordTryCount; + UserGuid = &gUserAuthenticationGuid; - Status = UnicodeStrToAsciiStrS (Password, VerifyPassword->Password, sizeof(VerifyPassword->Password)); - if (EFI_ERROR(Status)) { + if (*PasswordTryCount >= PASSWORD_MAX_TRY_COUNT) { + DEBUG ((DEBUG_ERROR, "PasswordHandler: VERIFY_PASSWORD try count reach!\n")); + PasswordTryCount = NULL; + Status = EFI_ACCESS_DENIED; goto EXIT; } - Status = SendCommunicateBuffer (Buffer, sizeof(*VerifyPassword)); + PasswordLen = AsciiStrnLenS(AsciiPassword, sizeof(AsciiPassword)); + if (PasswordLen == sizeof(AsciiPassword)) { + DEBUG ((DEBUG_ERROR, "PasswordHandler: Password invalid!\n")); + Status = EFI_INVALID_PARAMETER; + goto EXIT; + } + if (!IsPasswordVerified (UserGuid, AsciiPassword, PasswordLen + 1)) { + DEBUG ((DEBUG_ERROR, "PasswordHandler: PasswordVerify - FAIL\n")); + if (*PasswordTryCount >= PASSWORD_MAX_TRY_COUNT) { + DEBUG ((DEBUG_ERROR, "PasswordHandler: VERIFY_PASSWORD try count reach!\n")); + Status = EFI_ACCESS_DENIED; + } else { + Status = EFI_SECURITY_VIOLATION; + } + goto EXIT; + } + mPasswordVerified = TRUE; + Status = EFI_SUCCESS; EXIT: - ZeroMem (VerifyPassword, sizeof(*VerifyPassword)); + if (PasswordTryCount != NULL) { + if (Status == EFI_SUCCESS) { + *PasswordTryCount = 0; + } + } + return Status; } @@ -164,7 +482,6 @@ VerifyPassword ( @retval EFI_SUCCESS The NewPassword is set successfully. @retval EFI_SECURITY_VIOLATION The OldPassword is incorrect. @retval EFI_INVALID_PARAMETER The password or size is invalid. - @retval EFI_OUT_OF_RESOURCES Insufficient resources to set the password. @retval EFI_ACCESS_DENIED Password retry count reach. @retval EFI_UNSUPPORTED NewPassword is not strong enough. @retval EFI_ALREADY_STARTED NewPassword is in history. @@ -177,48 +494,88 @@ SetPassword ( IN UINTN OldPasswordSize ) { - EFI_STATUS Status; - VOID *Buffer; - SMM_PASSWORD_COMMUNICATE_SET_PASSWORD *SetPassword; + EFI_STATUS Status; + UINTN *PasswordTryCount; + UINTN PasswordLen; + EFI_GUID *UserGuid; + CHAR8 AsciiNewPassword[PASSWORD_MAX_SIZE]; + CHAR8 AsciiOldPassword[PASSWORD_MAX_SIZE]; + + Status = UnicodeStrToAsciiStrS (NewPassword, AsciiNewPassword, sizeof(AsciiNewPassword)); + if (EFI_ERROR(Status)) { + goto EXIT; + } + Status = UnicodeStrToAsciiStrS (OldPassword, AsciiOldPassword, sizeof(AsciiOldPassword)); + if (EFI_ERROR(Status)) { + goto EXIT; + } - if (NewPasswordSize > sizeof(SetPassword->NewPassword) * sizeof(CHAR16)) { + PasswordLen = 0; + PasswordTryCount = &mAdminPasswordTryCount; + UserGuid = &gUserAuthenticationGuid; + + if (NewPasswordSize > sizeof(AsciiNewPassword) * sizeof(CHAR16)) { return EFI_INVALID_PARAMETER; } - if (OldPasswordSize > sizeof(SetPassword->OldPassword) * sizeof(CHAR16)) { + if (OldPasswordSize > sizeof(AsciiOldPassword) * sizeof(CHAR16)) { return EFI_INVALID_PARAMETER; } - Buffer = InitCommunicateBuffer ( - (VOID**)&SetPassword, - sizeof(*SetPassword), - SMM_PASSWORD_FUNCTION_SET_PASSWORD - ); - if (Buffer == NULL) { - return EFI_OUT_OF_RESOURCES; + if (*PasswordTryCount >= PASSWORD_MAX_TRY_COUNT) { + DEBUG ((DEBUG_ERROR, "PasswordHandler: SET_PASSWORD try count reach!\n")); + PasswordTryCount = NULL; + Status = EFI_ACCESS_DENIED; + goto EXIT; } - if (NewPassword != NULL) { - Status = UnicodeStrToAsciiStrS (NewPassword, SetPassword->NewPassword, sizeof(SetPassword->NewPassword)); - if (EFI_ERROR(Status)) { - goto EXIT; - } - } else { - SetPassword->NewPassword[0] = 0; + PasswordLen = AsciiStrnLenS(AsciiOldPassword, sizeof(AsciiOldPassword)); + if (PasswordLen == sizeof(AsciiOldPassword)) { + DEBUG ((DEBUG_ERROR, "PasswordHandler: OldPassword invalid!\n")); + Status = EFI_INVALID_PARAMETER; + goto EXIT; } - if (OldPassword != NULL) { - Status = UnicodeStrToAsciiStrS (OldPassword, SetPassword->OldPassword, sizeof(SetPassword->OldPassword)); - if (EFI_ERROR(Status)) { - goto EXIT; + if (!IsPasswordVerified (UserGuid, AsciiOldPassword, PasswordLen + 1)) { + DEBUG ((DEBUG_ERROR, "PasswordHandler: PasswordVerify - FAIL\n")); + if (*PasswordTryCount >= PASSWORD_MAX_TRY_COUNT) { + DEBUG ((DEBUG_ERROR, "PasswordHandler: SET_PASSWORD try count reach!\n")); + Status = EFI_ACCESS_DENIED; + } else { + Status = EFI_SECURITY_VIOLATION; } - } else { - SetPassword->OldPassword[0] = 0; + goto EXIT; } - Status = SendCommunicateBuffer (Buffer, sizeof(*SetPassword)); + PasswordLen = AsciiStrnLenS(AsciiNewPassword, sizeof(AsciiNewPassword)); + if (PasswordLen == sizeof(AsciiNewPassword)) { + DEBUG ((DEBUG_ERROR, "PasswordHandler: NewPassword invalid!\n")); + Status = EFI_INVALID_PARAMETER; + goto EXIT; + } + if (PasswordLen != 0 && !IsPasswordStrong (AsciiNewPassword, PasswordLen + 1)) { + DEBUG ((DEBUG_ERROR, "PasswordHandler: NewPassword too weak!\n")); + Status = EFI_UNSUPPORTED; + goto EXIT; + } + if (PasswordLen != 0 && IsPasswordInHistory (UserGuid, AsciiNewPassword, PasswordLen + 1)) { + DEBUG ((DEBUG_ERROR, "PasswordHandler: NewPassword in history!\n")); + Status = EFI_ALREADY_STARTED; + goto EXIT; + } + + if (PasswordLen == 0) { + Status = SavePasswordToVariable (UserGuid, NULL, 0); + } else { + Status = SavePasswordToVariable (UserGuid, AsciiNewPassword, PasswordLen + 1); + } EXIT: - ZeroMem (SetPassword, sizeof(*SetPassword)); + if (PasswordTryCount != NULL) { + if (Status == EFI_SUCCESS) { + *PasswordTryCount = 0; + } + } + return Status; } @@ -233,24 +590,7 @@ IsPasswordInstalled ( VOID ) { - EFI_STATUS Status; - VOID *Buffer; - - Buffer = InitCommunicateBuffer ( - NULL, - 0, - SMM_PASSWORD_FUNCTION_IS_PASSWORD_SET - ); - if (Buffer == NULL) { - return FALSE; - } - - Status = SendCommunicateBuffer (Buffer, 0); - if (EFI_ERROR (Status)) { - return FALSE; - } - - return TRUE; + return IsPasswordSet(&gUserAuthenticationGuid); } /** @@ -259,32 +599,15 @@ IsPasswordInstalled ( @param[out] VerifyPolicy Verification policy. @retval EFI_SUCCESS Get verification policy successfully. - @retval EFI_OUT_OF_RESOURCES Insufficient resources to get verification policy. **/ EFI_STATUS GetPasswordVerificationPolicy ( - OUT SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *VerifyPolicy + OUT PASSWORD_COMMUNICATE_VERIFY_POLICY *VerifyPolicy ) { - EFI_STATUS Status; - VOID *Buffer; - SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *GetVerifyPolicy; - - Buffer = InitCommunicateBuffer ( - (VOID**)&GetVerifyPolicy, - sizeof(*GetVerifyPolicy), - SMM_PASSWORD_FUNCTION_GET_VERIFY_POLICY - ); - if (Buffer == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - Status = SendCommunicateBuffer (Buffer, sizeof(*GetVerifyPolicy)); - if (!EFI_ERROR (Status)) { - CopyMem (VerifyPolicy, GetVerifyPolicy, sizeof (SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY)); - } + VerifyPolicy->NeedReVerify = mNeedReVerify; - return Status; + return EFI_SUCCESS; } /** @@ -298,22 +621,5 @@ WasPasswordVerified ( VOID ) { - EFI_STATUS Status; - VOID *Buffer; - - Buffer = InitCommunicateBuffer ( - NULL, - 0, - SMM_PASSWORD_FUNCTION_WAS_PASSWORD_VERIFIED - ); - if (Buffer == NULL) { - return FALSE; - } - - Status = SendCommunicateBuffer (Buffer, 0); - if (EFI_ERROR (Status)) { - return FALSE; - } - - return TRUE; + return mPasswordVerified; } diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni index 1e3a179677..ca86bb9a10 100644 --- a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni @@ -13,10 +13,10 @@ #string STR_FORM_SET_TITLE #language en-US "User Password Management" #language fr-FR "User Password Management" -#string STR_FORM_SET_TITLE_HELP #language en-US "This Driver mainly handle user's password" - #language fr-FR "This Driver mainly handle user's password" -#string STR_FORM_TITLE #language en-US "Password Management Form" - #language fr-FR "Password Management Form" +#string STR_FORM_SET_TITLE_HELP #language en-US "This selection will take you to the password management menu" + #language fr-FR "This selection will take you to the password management menu" +#string STR_FORM_TITLE #language en-US "Password Management" + #language fr-FR "Password Management" #string STR_ADMIN_PASSWORD_PROMPT #language en-US "Change Admin Password" #language fr-FR "Change Admin Password" #string STR_ADMIN_PASSWORD_HELP #language en-US "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, and symbol. Input an empty password can clean old admin password, then no need input password to enter UI." diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeVfr.vfr b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeVfr.vfr index ca1d5ddec1..df8b7edb4c 100644 --- a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeVfr.vfr +++ b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeVfr.vfr @@ -13,7 +13,7 @@ formset guid = USER_AUTHENTICATION_FORMSET_GUID, title = STRING_TOKEN(STR_FORM_SET_TITLE), help = STRING_TOKEN(STR_FORM_SET_TITLE_HELP), - classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, + classguid = gEfiIfrFrontPageGuid, form formid = 1, title = STRING_TOKEN(STR_FORM_TITLE); diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c deleted file mode 100644 index 16e3405a82..0000000000 --- a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c +++ /dev/null @@ -1,717 +0,0 @@ -/** @file - - Copyright (c) 2019 - 2021, Intel Corporation. All rights reserved.
- SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "UserAuthenticationSmm.h" - -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable; - -UINTN mAdminPasswordTryCount = 0; - -BOOLEAN mNeedReVerify = TRUE; -BOOLEAN mPasswordVerified = FALSE; -EFI_HANDLE mSmmHandle = NULL; - -/** - Verify if the password is correct. - - @param[in] Password The user input password. - @param[in] PasswordSize The size of Password in byte. - @param[in] UserPasswordVarStruct The storage of password in variable. - - @retval EFI_SUCCESS The password is correct. - @retval EFI_SECURITY_VIOLATION The password is incorrect. -**/ -EFI_STATUS -VerifyPassword ( - IN CHAR8 *Password, - IN UINTN PasswordSize, - IN USER_PASSWORD_VAR_STRUCT *UserPasswordVarStruct - ) -{ - BOOLEAN HashOk; - UINT8 HashData[PASSWORD_HASH_SIZE]; - - HashOk = KeyLibGeneratePBKDF2Hash ( - HASH_TYPE_SHA256, - (UINT8 *)Password, - PasswordSize, - UserPasswordVarStruct->PasswordSalt, - sizeof(UserPasswordVarStruct->PasswordSalt), - HashData, - sizeof(HashData) - ); - if (!HashOk) { - return EFI_DEVICE_ERROR; - } - if (KeyLibSlowCompareMem (UserPasswordVarStruct->PasswordHash, HashData, PASSWORD_HASH_SIZE) == 0) { - return EFI_SUCCESS; - } else { - return EFI_SECURITY_VIOLATION; - } -} - -/** - Get hash data of password from non-volatile variable region. - - @param[in] UserGuid The user GUID of the password variable. - @param[in] Index The index of the password. - 0 means current password. - Non-0 means the password history. - @param[out] UserPasswordVarStruct The storage of password in variable. - - @retval EFI_SUCCESS The password hash is returned successfully. - @retval EFI_NOT_FOUND The password hash is not found. -**/ -EFI_STATUS -GetPasswordHashFromVariable ( - IN EFI_GUID *UserGuid, - IN UINTN Index, - OUT USER_PASSWORD_VAR_STRUCT *UserPasswordVarStruct - ) -{ - UINTN DataSize; - CHAR16 PasswordName[sizeof(USER_AUTHENTICATION_VAR_NAME)/sizeof(CHAR16) + 5]; - - if (Index != 0) { - UnicodeSPrint (PasswordName, sizeof (PasswordName), L"%s%04x", USER_AUTHENTICATION_VAR_NAME, Index); - } else { - UnicodeSPrint (PasswordName, sizeof (PasswordName), L"%s", USER_AUTHENTICATION_VAR_NAME); - } - - DataSize = sizeof(*UserPasswordVarStruct); - return mSmmVariable->SmmGetVariable ( - PasswordName, - UserGuid, - NULL, - &DataSize, - UserPasswordVarStruct - ); -} - -/** - Save password hash data to non-volatile variable region. - - @param[in] UserGuid The user GUID of the password variable. - @param[in] UserPasswordVarStruct The storage of password in variable. - - @retval EFI_SUCCESS The password hash is saved successfully. - @retval EFI_OUT_OF_RESOURCES Insufficient resources to save the password hash. -**/ -EFI_STATUS -SavePasswordHashToVariable ( - IN EFI_GUID *UserGuid, - IN USER_PASSWORD_VAR_STRUCT *UserPasswordVarStruct - ) -{ - EFI_STATUS Status; - - if (UserPasswordVarStruct == NULL) { - Status = mSmmVariable->SmmSetVariable ( - USER_AUTHENTICATION_VAR_NAME, - UserGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - 0, - NULL - ); - } else { - Status = mSmmVariable->SmmSetVariable ( - USER_AUTHENTICATION_VAR_NAME, - UserGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof(*UserPasswordVarStruct), - UserPasswordVarStruct - ); - } - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "SavePasswordHashToVariable fails with %r\n", Status)); - } - - return Status; -} - -/** - Save old password hash data to non-volatile variable region as history. - - The number of password history variable is limited. - If all the password history variables are used, the new password history - will override the oldest one. - - @param[in] UserGuid The user GUID of the password variable. - @param[in] UserPasswordVarStruct The storage of password in variable. - - @retval EFI_SUCCESS The password hash is saved successfully. - @retval EFI_OUT_OF_RESOURCES Insufficient resources to save the password hash. -**/ -EFI_STATUS -SaveOldPasswordToHistory ( - IN EFI_GUID *UserGuid, - IN USER_PASSWORD_VAR_STRUCT *UserPasswordVarStruct - ) -{ - EFI_STATUS Status; - UINTN DataSize; - UINT32 LastIndex; - CHAR16 PasswordName[sizeof(USER_AUTHENTICATION_VAR_NAME)/sizeof(CHAR16) + 5]; - - DEBUG ((DEBUG_INFO, "SaveOldPasswordToHistory\n")); - - DataSize = sizeof(LastIndex); - Status = mSmmVariable->SmmGetVariable ( - USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME, - UserGuid, - NULL, - &DataSize, - &LastIndex - ); - if (EFI_ERROR(Status)) { - LastIndex = 0; - } - if (LastIndex >= PASSWORD_HISTORY_CHECK_COUNT) { - LastIndex = 0; - } - - LastIndex ++; - UnicodeSPrint (PasswordName, sizeof (PasswordName), L"%s%04x", USER_AUTHENTICATION_VAR_NAME, LastIndex); - - - Status = mSmmVariable->SmmSetVariable ( - PasswordName, - UserGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof(*UserPasswordVarStruct), - UserPasswordVarStruct - ); - DEBUG ((DEBUG_INFO, " -- to %s, %r\n", PasswordName, Status)); - if (!EFI_ERROR(Status)) { - Status = mSmmVariable->SmmSetVariable ( - USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME, - UserGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof(LastIndex), - &LastIndex - ); - DEBUG ((DEBUG_INFO, " LastIndex - 0x%04x, %r\n", LastIndex, Status)); - } - - return Status; -} - -/** - Calculate password hash data and save it to non-volatile variable region. - - @param[in] UserGuid The user GUID of the password variable. - @param[in] Password The user input password. - NULL means delete the password variable. - @param[in] PasswordSize The size of Password in byte. - - @retval EFI_SUCCESS The password hash is calculated and saved. - @retval EFI_OUT_OF_RESOURCES Insufficient resources to save the password hash. -**/ -EFI_STATUS -SavePasswordToVariable ( - IN EFI_GUID *UserGuid, - IN CHAR8 *Password, OPTIONAL - IN UINTN PasswordSize - ) -{ - EFI_STATUS Status; - USER_PASSWORD_VAR_STRUCT UserPasswordVarStruct; - BOOLEAN HashOk; - - // - // If password is NULL, it means we want to clean password field saved in variable region. - // - if (Password != NULL) { - KeyLibGenerateSalt (UserPasswordVarStruct.PasswordSalt, sizeof(UserPasswordVarStruct.PasswordSalt)); - HashOk = KeyLibGeneratePBKDF2Hash ( - HASH_TYPE_SHA256, - (UINT8 *)Password, - PasswordSize, - UserPasswordVarStruct.PasswordSalt, - sizeof(UserPasswordVarStruct.PasswordSalt), - UserPasswordVarStruct.PasswordHash, - sizeof(UserPasswordVarStruct.PasswordHash) - ); - if (!HashOk) { - return EFI_DEVICE_ERROR; - } - Status = SavePasswordHashToVariable (UserGuid, &UserPasswordVarStruct); - // - // Save Password data to history variable - // - if (!EFI_ERROR(Status)) { - SaveOldPasswordToHistory (UserGuid, &UserPasswordVarStruct); - } - } else { - Status = SavePasswordHashToVariable (UserGuid, NULL); - } - - return Status; -} - -/** - Verify the password. - If the password variable does not exist, it passes the verification. - If the password variable exists, it does verification based upon password variable. - - @param[in] UserGuid The user GUID of the password variable. - @param[in] Password The user input password. - @param[in] PasswordSize The size of Password in byte. - - @retval TRUE The verification passes. - @retval FALSE The verification fails. -**/ -BOOLEAN -IsPasswordVerified ( - IN EFI_GUID *UserGuid, - IN CHAR8 *Password, - IN UINTN PasswordSize - ) -{ - USER_PASSWORD_VAR_STRUCT UserPasswordVarStruct; - EFI_STATUS Status; - UINTN *PasswordTryCount; - - PasswordTryCount = &mAdminPasswordTryCount; - - Status = GetPasswordHashFromVariable (UserGuid, 0, &UserPasswordVarStruct); - if (EFI_ERROR(Status)) { - return TRUE; - } - - // - // Old password exists - // - Status = VerifyPassword (Password, PasswordSize, &UserPasswordVarStruct); - if (EFI_ERROR(Status)) { - if (Password[0] != 0) { - *PasswordTryCount = *PasswordTryCount + 1; - } - return FALSE; - } - - return TRUE; -} - -/** - Return if the password is set. - - @param[in] UserGuid The user GUID of the password variable. - - @retval TRUE The password is set. - @retval FALSE The password is not set. -**/ -BOOLEAN -IsPasswordSet ( - IN EFI_GUID *UserGuid - ) -{ - USER_PASSWORD_VAR_STRUCT UserPasswordVarStruct; - EFI_STATUS Status; - - Status = GetPasswordHashFromVariable(UserGuid, 0, &UserPasswordVarStruct); - if (EFI_ERROR(Status)) { - return FALSE; - } - return TRUE; -} - -/** - Return if the password is strong. - Criteria: - 1) length >= PASSWORD_MIN_SIZE - 2) include lower case, upper case, number, symbol. - - @param[in] Password The user input password. - @param[in] PasswordSize The size of Password in byte. - - @retval TRUE The password is strong. - @retval FALSE The password is weak. -**/ -BOOLEAN -IsPasswordStrong ( - IN CHAR8 *Password, - IN UINTN PasswordSize - ) -{ - UINTN Index; - BOOLEAN HasLowerCase; - BOOLEAN HasUpperCase; - BOOLEAN HasNumber; - BOOLEAN HasSymbol; - - if (PasswordSize < PASSWORD_MIN_SIZE) { - return FALSE; - } - - HasLowerCase = FALSE; - HasUpperCase = FALSE; - HasNumber = FALSE; - HasSymbol = FALSE; - for (Index = 0; Index < PasswordSize - 1; Index++) { - if (Password[Index] >= 'a' && Password[Index] <= 'z') { - HasLowerCase = TRUE; - } else if (Password[Index] >= 'A' && Password[Index] <= 'Z') { - HasUpperCase = TRUE; - } else if (Password[Index] >= '0' && Password[Index] <= '9') { - HasNumber = TRUE; - } else { - HasSymbol = TRUE; - } - } - if ((!HasLowerCase) || (!HasUpperCase) || (!HasNumber) || (!HasSymbol)) { - return FALSE; - } - return TRUE; -} - -/** - Return if the password is set before in PASSWORD_HISTORY_CHECK_COUNT. - - @param[in] UserGuid The user GUID of the password variable. - @param[in] Password The user input password. - @param[in] PasswordSize The size of Password in byte. - - @retval TRUE The password is set before. - @retval FALSE The password is not set before. -**/ -BOOLEAN -IsPasswordInHistory ( - IN EFI_GUID *UserGuid, - IN CHAR8 *Password, - IN UINTN PasswordSize - ) -{ - EFI_STATUS Status; - USER_PASSWORD_VAR_STRUCT UserPasswordVarStruct; - UINTN Index; - - for (Index = 1; Index <= PASSWORD_HISTORY_CHECK_COUNT; Index++) { - Status = GetPasswordHashFromVariable (UserGuid, Index, &UserPasswordVarStruct); - if (!EFI_ERROR(Status)) { - Status = VerifyPassword (Password, PasswordSize, &UserPasswordVarStruct); - if (!EFI_ERROR(Status)) { - return TRUE; - } - } - } - - return FALSE; -} - -/** - Communication service SMI Handler entry. - - This SMI handler provides services for password management. - - @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister(). - @param[in] RegisterContext Points to an optional handler context which was specified when the - handler was registered. - @param[in, out] CommBuffer A pointer to a collection of data in memory that will - be conveyed from a non-SMM environment into an SMM environment. - @param[in, out] CommBufferSize The size of the CommBuffer. - - @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers - should still be called. - @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should - still be called. - @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still - be called. - @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced. -**/ -EFI_STATUS -EFIAPI -SmmPasswordHandler ( - IN EFI_HANDLE DispatchHandle, - IN CONST VOID *RegisterContext, - IN OUT VOID *CommBuffer, - IN OUT UINTN *CommBufferSize - ) -{ - EFI_STATUS Status; - SMM_PASSWORD_COMMUNICATE_HEADER *SmmFunctionHeader; - UINTN CommBufferPayloadSize; - UINTN TempCommBufferSize; - SMM_PASSWORD_COMMUNICATE_SET_PASSWORD SmmCommunicateSetPassword; - SMM_PASSWORD_COMMUNICATE_VERIFY_PASSWORD SmmCommunicateVerifyPassword; - SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY SmmCommunicateSetVerifyPolicy; - SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *SmmCommunicateGetVerifyPolicy; - UINTN PasswordLen; - EFI_GUID *UserGuid; - UINTN *PasswordTryCount; - - // - // If input is invalid, stop processing this SMI - // - if (CommBuffer == NULL || CommBufferSize == NULL) { - return EFI_SUCCESS; - } - - TempCommBufferSize = *CommBufferSize; - PasswordLen = 0; - - if (TempCommBufferSize < sizeof (SMM_PASSWORD_COMMUNICATE_HEADER)) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: SMM communication buffer size invalid!\n")); - return EFI_SUCCESS; - } - - CommBufferPayloadSize = TempCommBufferSize - sizeof (SMM_PASSWORD_COMMUNICATE_HEADER); - - Status = EFI_SUCCESS; - SmmFunctionHeader = (SMM_PASSWORD_COMMUNICATE_HEADER *)CommBuffer; - - UserGuid = &gUserAuthenticationGuid; - PasswordTryCount = &mAdminPasswordTryCount; - - switch (SmmFunctionHeader->Function) { - case SMM_PASSWORD_FUNCTION_IS_PASSWORD_SET: - PasswordTryCount = NULL; - if (CommBufferPayloadSize != 0) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: IS_PASSWORD_SET payload buffer invalid!\n")); - Status = EFI_INVALID_PARAMETER; - goto EXIT; - } - if (IsPasswordSet(UserGuid)) { - Status = EFI_SUCCESS; - } else { - Status = EFI_NOT_FOUND; - } - break; - case SMM_PASSWORD_FUNCTION_SET_PASSWORD: - if (*PasswordTryCount >= PASSWORD_MAX_TRY_COUNT) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: SET_PASSWORD try count reach!\n")); - PasswordTryCount = NULL; - Status = EFI_ACCESS_DENIED; - goto EXIT; - } - if (CommBufferPayloadSize != sizeof(SMM_PASSWORD_COMMUNICATE_SET_PASSWORD)) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: SET_PASSWORD payload buffer invalid!\n")); - Status = EFI_INVALID_PARAMETER; - goto EXIT; - } - CopyMem (&SmmCommunicateSetPassword, SmmFunctionHeader + 1, sizeof(SmmCommunicateSetPassword)); - - PasswordLen = AsciiStrnLenS(SmmCommunicateSetPassword.OldPassword, sizeof(SmmCommunicateSetPassword.OldPassword)); - if (PasswordLen == sizeof(SmmCommunicateSetPassword.OldPassword)) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: OldPassword invalid!\n")); - Status = EFI_INVALID_PARAMETER; - goto EXIT; - } - - if (!IsPasswordVerified (UserGuid, SmmCommunicateSetPassword.OldPassword, PasswordLen + 1)) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: PasswordVerify - FAIL\n")); - if (*PasswordTryCount >= PASSWORD_MAX_TRY_COUNT) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: SET_PASSWORD try count reach!\n")); - Status = EFI_ACCESS_DENIED; - } else { - Status = EFI_SECURITY_VIOLATION; - } - goto EXIT; - } - - PasswordLen = AsciiStrnLenS(SmmCommunicateSetPassword.NewPassword, sizeof(SmmCommunicateSetPassword.NewPassword)); - if (PasswordLen == sizeof(SmmCommunicateSetPassword.NewPassword)) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: NewPassword invalid!\n")); - Status = EFI_INVALID_PARAMETER; - goto EXIT; - } - if (PasswordLen != 0 && !IsPasswordStrong (SmmCommunicateSetPassword.NewPassword, PasswordLen + 1)) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: NewPassword too weak!\n")); - Status = EFI_UNSUPPORTED; - goto EXIT; - } - if (PasswordLen != 0 && IsPasswordInHistory (UserGuid, SmmCommunicateSetPassword.NewPassword, PasswordLen + 1)) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: NewPassword in history!\n")); - Status = EFI_ALREADY_STARTED; - goto EXIT; - } - - if (PasswordLen == 0) { - Status = SavePasswordToVariable (UserGuid, NULL, 0); - } else { - Status = SavePasswordToVariable (UserGuid, SmmCommunicateSetPassword.NewPassword, PasswordLen + 1); - } - break; - - case SMM_PASSWORD_FUNCTION_VERIFY_PASSWORD: - if (*PasswordTryCount >= PASSWORD_MAX_TRY_COUNT) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: VERIFY_PASSWORD try count reach!\n")); - PasswordTryCount = NULL; - Status = EFI_ACCESS_DENIED; - goto EXIT; - } - if (CommBufferPayloadSize != sizeof(SMM_PASSWORD_COMMUNICATE_VERIFY_PASSWORD)) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: VERIFY_PASSWORD payload buffer invalid!\n")); - Status = EFI_INVALID_PARAMETER; - goto EXIT; - } - CopyMem (&SmmCommunicateVerifyPassword, SmmFunctionHeader + 1, sizeof(SmmCommunicateVerifyPassword)); - - PasswordLen = AsciiStrnLenS(SmmCommunicateVerifyPassword.Password, sizeof(SmmCommunicateVerifyPassword.Password)); - if (PasswordLen == sizeof(SmmCommunicateVerifyPassword.Password)) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: Password invalid!\n")); - Status = EFI_INVALID_PARAMETER; - goto EXIT; - } - if (!IsPasswordVerified (UserGuid, SmmCommunicateVerifyPassword.Password, PasswordLen + 1)) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: PasswordVerify - FAIL\n")); - if (*PasswordTryCount >= PASSWORD_MAX_TRY_COUNT) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: VERIFY_PASSWORD try count reach!\n")); - Status = EFI_ACCESS_DENIED; - } else { - Status = EFI_SECURITY_VIOLATION; - } - goto EXIT; - } - mPasswordVerified = TRUE; - Status = EFI_SUCCESS; - break; - - case SMM_PASSWORD_FUNCTION_SET_VERIFY_POLICY: - PasswordTryCount = NULL; - if (CommBufferPayloadSize != sizeof(SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY)) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: SET_VERIFY_POLICY payload buffer invalid!\n")); - Status = EFI_INVALID_PARAMETER; - goto EXIT; - } - CopyMem (&SmmCommunicateSetVerifyPolicy, SmmFunctionHeader + 1, sizeof(SmmCommunicateSetVerifyPolicy)); - mNeedReVerify = SmmCommunicateSetVerifyPolicy.NeedReVerify; - break; - - case SMM_PASSWORD_FUNCTION_GET_VERIFY_POLICY: - PasswordTryCount = NULL; - if (CommBufferPayloadSize != sizeof(SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY)) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: GET_VERIFY_POLICY payload buffer invalid!\n")); - Status = EFI_INVALID_PARAMETER; - goto EXIT; - } - SmmCommunicateGetVerifyPolicy = (SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY *) (SmmFunctionHeader + 1); - SmmCommunicateGetVerifyPolicy->NeedReVerify = mNeedReVerify; - break; - case SMM_PASSWORD_FUNCTION_WAS_PASSWORD_VERIFIED: - PasswordTryCount = NULL; - if (CommBufferPayloadSize != 0) { - DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: WAS_PASSWORD_VERIFIED payload buffer invalid!\n")); - Status = EFI_INVALID_PARAMETER; - goto EXIT; - } - if (mPasswordVerified) { - Status = EFI_SUCCESS; - } else { - Status = EFI_NOT_STARTED; - } - break; - - default: - PasswordTryCount = NULL; - Status = EFI_UNSUPPORTED; - break; - } - -EXIT: - if (PasswordTryCount != NULL) { - if (Status == EFI_SUCCESS) { - *PasswordTryCount = 0; - } - } - SmmFunctionHeader->ReturnStatus = Status; - - return EFI_SUCCESS; -} - -/** - Performs Exit Boot Services UserAuthentication actions - - @param[in] Protocol Points to the protocol's unique identifier. - @param[in] Interface Points to the interface instance. - @param[in] Handle The handle on which the interface was installed. - - @retval EFI_SUCCESS Notification runs successfully. -**/ -EFI_STATUS -EFIAPI -UaExitBootServices ( - IN CONST EFI_GUID *Protocol, - IN VOID *Interface, - IN EFI_HANDLE Handle - ) -{ - DEBUG ((DEBUG_INFO, "Unregister User Authentication Smi\n")); - - gSmst->SmiHandlerUnRegister(mSmmHandle); - - return EFI_SUCCESS; -} - -/** - Main entry for this driver. - - @param ImageHandle Image handle this driver. - @param SystemTable Pointer to SystemTable. - - @retval EFI_SUCESS This function always complete successfully. - -**/ -EFI_STATUS -EFIAPI -PasswordSmmInit ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - EFI_STATUS Status; - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; - CHAR16 PasswordHistoryName[sizeof(USER_AUTHENTICATION_VAR_NAME)/sizeof(CHAR16) + 5]; - UINTN Index; - EFI_EVENT ExitBootServicesEvent; - EFI_EVENT LegacyBootEvent; - - ASSERT (PASSWORD_HASH_SIZE == SHA256_DIGEST_SIZE); - ASSERT (PASSWORD_HISTORY_CHECK_COUNT < 0xFFFF); - - Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mSmmVariable); - ASSERT_EFI_ERROR (Status); - - // - // Make password variables read-only for DXE driver for security concern. - // - Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **) &VariableLock); - if (!EFI_ERROR (Status)) { - Status = VariableLock->RequestToLock (VariableLock, USER_AUTHENTICATION_VAR_NAME, &gUserAuthenticationGuid); - ASSERT_EFI_ERROR (Status); - - for (Index = 1; Index <= PASSWORD_HISTORY_CHECK_COUNT; Index++) { - UnicodeSPrint (PasswordHistoryName, sizeof (PasswordHistoryName), L"%s%04x", USER_AUTHENTICATION_VAR_NAME, Index); - Status = VariableLock->RequestToLock (VariableLock, PasswordHistoryName, &gUserAuthenticationGuid); - ASSERT_EFI_ERROR (Status); - } - Status = VariableLock->RequestToLock (VariableLock, USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME, &gUserAuthenticationGuid); - ASSERT_EFI_ERROR (Status); - } - - Status = gSmst->SmiHandlerRegister (SmmPasswordHandler, &gUserAuthenticationGuid, &mSmmHandle); - ASSERT_EFI_ERROR (Status); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Register for SmmExitBootServices and SmmLegacyBoot notification. - // - Status = gSmst->SmmRegisterProtocolNotify (&gEdkiiSmmExitBootServicesProtocolGuid, UaExitBootServices, &ExitBootServicesEvent); - ASSERT_EFI_ERROR (Status); - Status = gSmst->SmmRegisterProtocolNotify (&gEdkiiSmmLegacyBootProtocolGuid, UaExitBootServices, &LegacyBootEvent); - ASSERT_EFI_ERROR (Status); - - if (IsPasswordCleared()) { - DEBUG ((DEBUG_INFO, "IsPasswordCleared\n")); - SavePasswordToVariable (&gUserAuthenticationGuid, NULL, 0); - } - - return EFI_SUCCESS; -} - diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.h b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.h deleted file mode 100644 index 47bb95529f..0000000000 --- a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.h +++ /dev/null @@ -1,52 +0,0 @@ -/** @file - Header file for UserAuthenticationSmm. - - Copyright (c) 2019, Intel Corporation. All rights reserved.
- SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#ifndef __USER_AUTHENTICATION_SMM_H__ -#define __USER_AUTHENTICATION_SMM_H__ - -#include - -#include -#include - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "KeyService.h" - -#define PASSWORD_SALT_SIZE 32 -#define PASSWORD_HASH_SIZE 32 // SHA256_DIGEST_SIZE - -#define PASSWORD_MAX_TRY_COUNT 3 -#define PASSWORD_HISTORY_CHECK_COUNT 5 - -// -// Name of the variable -// -#define USER_AUTHENTICATION_VAR_NAME L"Password" -#define USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME L"PasswordLast" - -// -// Variable storage -// -typedef struct { - UINT8 PasswordHash[PASSWORD_HASH_SIZE]; - UINT8 PasswordSalt[PASSWORD_SALT_SIZE]; -} USER_PASSWORD_VAR_STRUCT; - -#endif diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf b/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf deleted file mode 100644 index b53f70f0e3..0000000000 --- a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf +++ /dev/null @@ -1,55 +0,0 @@ -## @file -# User Authentication Smm Driver. -# -# This driver provides SMM services for DXE user authentication module. -# -# Copyright (c) 2019 - 2021, Intel Corporation. All rights reserved.
-# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = UserAuthenticationSmm - FILE_GUID = 8fc6aaaa-4561-4815-8cf7-b87312992dce - MODULE_TYPE = DXE_SMM_DRIVER - VERSION_STRING = 1.0 - PI_SPECIFICATION_VERSION = 0x0001000A - ENTRY_POINT = PasswordSmmInit - -[Sources] - UserAuthenticationSmm.c - UserAuthenticationSmm.h - KeyService.c - KeyService.h - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - CryptoPkg/CryptoPkg.dec - UserAuthFeaturePkg/UserAuthFeaturePkg.dec - -[LibraryClasses] - UefiBootServicesTableLib - UefiDriverEntryPoint - DebugLib - BaseLib - BaseMemoryLib - PrintLib - SmmServicesTableLib - MemoryAllocationLib - UefiLib - BaseCryptLib - PlatformPasswordLib - -[Guids] - gUserAuthenticationGuid ## CONSUMES ## GUID - -[Protocols] - gEdkiiVariableLockProtocolGuid ## CONSUMES - gEfiSmmVariableProtocolGuid ## CONSUMES - gEdkiiSmmExitBootServicesProtocolGuid ## CONSUMES - gEdkiiSmmLegacyBootProtocolGuid ## CONSUMES - -[Depex] - gEfiSmmVariableProtocolGuid AND gEfiVariableWriteArchProtocolGuid From 6833147f87656235091f67ea33a80ed0f9b1d8b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Fri, 28 Oct 2022 14:31:56 +0200 Subject: [PATCH 065/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: add SMM_BWP option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../DasharoSystemFeatures.c | 39 +++++++++++++++++++ .../DasharoSystemFeaturesHii.h | 1 + .../DasharoSystemFeaturesStrings.uni | 3 ++ .../DasharoSystemFeaturesVfr.vfr | 6 +++ 4 files changed, 49 insertions(+) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 9b7194dafc..39884cb859 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -12,7 +12,9 @@ SPDX-License-Identifier: BSD-2-Clause STATIC EFI_GUID mDasharoSystemFeaturesGuid = DASHARO_SYSTEM_FEATURES_FORMSET_GUID; STATIC CHAR16 mVarStoreName[] = L"FeaturesData"; STATIC CHAR16 mLockBiosEfiVar[] = L"LockBios"; +STATIC CHAR16 mSmmBwpEfiVar[] = L"SmmBwp"; STATIC BOOLEAN mLockBiosDefault = TRUE; +STATIC BOOLEAN mSmmBwpDefault = FALSE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -116,6 +118,30 @@ DasharoSystemFeaturesUiLibConstructor ( return Status; } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp); + Status = gRT->GetVariable ( + mSmmBwpEfiVar, + &mDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp + ); + + if (Status == EFI_NOT_FOUND) { + Status = gRT->SetVariable ( + mSmmBwpEfiVar, + &mDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mSmmBwpDefault), + &mSmmBwpDefault + ); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp = mSmmBwpDefault; + } + + if (EFI_ERROR(Status)) { + return Status; + } + return EFI_SUCCESS; } @@ -315,6 +341,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.SmmBwp != DasharoFeaturesData.SmmBwp) { + Status = gRT->SetVariable ( + mSmmBwpEfiVar, + &mDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.SmmBwp), + &DasharoFeaturesData.SmmBwp + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 71997f7ab8..379ed72c24 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -19,6 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause typedef struct { BOOLEAN LockBios; + BOOLEAN SmmBwp; } DASHARO_FEATURES_DATA; #define LOCK_BIOS_QUESTION_ID 0x8000 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 79a042af8a..0a26984503 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -22,3 +22,6 @@ #string STR_LOCK_BIOS_PROMPT #language en-US "Lock the BIOS boot medium" #string STR_LOCK_BIOS_HELP #language en-US "Locks the recovery partition of vboot" + +#string STR_SMM_BWP_PROMPT #language en-US "Enable SMM BIOS write protection" +#string STR_SMM_BWP_HELP #language en-US "Prevents writing to the boot medium outside of SMM. Recommended to enable if using an admin password. Disable when updating firmware." diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index c033b6f565..49644af94c 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -42,6 +42,12 @@ formset flags = INTERACTIVE, endcheckbox; + checkbox varid = FeaturesData.SmmBwp, + prompt = STRING_TOKEN(STR_SMM_BWP_PROMPT), + help = STRING_TOKEN(STR_SMM_BWP_HELP), + flags = INTERACTIVE, + endcheckbox; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); From 40198c2bf7219dbe6b97c12eec4bd9160cf40578 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Fri, 28 Oct 2022 16:26:51 +0200 Subject: [PATCH 066/357] DasharoModulePkg: UserAuthenticationDxeSmm: rename to UserAuthenticationDxe MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoModulePkg/DasharoModuleComponents.dsc.inc | 2 +- DasharoModulePkg/Include/PostMemory.fdf | 2 +- DasharoModulePkg/Include/UserAuthFeature.dsc | 2 +- .../KeyService.c | 0 .../KeyService.h | 0 .../UserAuthenticationDxe.c | 0 .../UserAuthenticationDxe.h | 0 .../UserAuthenticationDxe.inf | 0 .../UserAuthenticationDxeFormset.h | 0 .../UserAuthenticationDxePassword.c | 0 .../UserAuthenticationDxeStrings.uni | 0 .../UserAuthenticationDxeVfr.vfr | 0 12 files changed, 3 insertions(+), 3 deletions(-) rename DasharoModulePkg/{UserAuthenticationDxeSmm => UserAuthenticationDxe}/KeyService.c (100%) rename DasharoModulePkg/{UserAuthenticationDxeSmm => UserAuthenticationDxe}/KeyService.h (100%) rename DasharoModulePkg/{UserAuthenticationDxeSmm => UserAuthenticationDxe}/UserAuthenticationDxe.c (100%) rename DasharoModulePkg/{UserAuthenticationDxeSmm => UserAuthenticationDxe}/UserAuthenticationDxe.h (100%) rename DasharoModulePkg/{UserAuthenticationDxeSmm => UserAuthenticationDxe}/UserAuthenticationDxe.inf (100%) rename DasharoModulePkg/{UserAuthenticationDxeSmm => UserAuthenticationDxe}/UserAuthenticationDxeFormset.h (100%) rename DasharoModulePkg/{UserAuthenticationDxeSmm => UserAuthenticationDxe}/UserAuthenticationDxePassword.c (100%) rename DasharoModulePkg/{UserAuthenticationDxeSmm => UserAuthenticationDxe}/UserAuthenticationDxeStrings.uni (100%) rename DasharoModulePkg/{UserAuthenticationDxeSmm => UserAuthenticationDxe}/UserAuthenticationDxeVfr.vfr (100%) diff --git a/DasharoModulePkg/DasharoModuleComponents.dsc.inc b/DasharoModulePkg/DasharoModuleComponents.dsc.inc index 01ae17e66f..5b755b6964 100644 --- a/DasharoModulePkg/DasharoModuleComponents.dsc.inc +++ b/DasharoModulePkg/DasharoModuleComponents.dsc.inc @@ -10,4 +10,4 @@ ## DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf - DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf + DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf diff --git a/DasharoModulePkg/Include/PostMemory.fdf b/DasharoModulePkg/Include/PostMemory.fdf index f79bf5993e..b340d32c72 100644 --- a/DasharoModulePkg/Include/PostMemory.fdf +++ b/DasharoModulePkg/Include/PostMemory.fdf @@ -7,4 +7,4 @@ # ## -INF UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf +INF UserAuthFeaturePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf diff --git a/DasharoModulePkg/Include/UserAuthFeature.dsc b/DasharoModulePkg/Include/UserAuthFeature.dsc index 3a90b252e9..6cf980b249 100644 --- a/DasharoModulePkg/Include/UserAuthFeature.dsc +++ b/DasharoModulePkg/Include/UserAuthFeature.dsc @@ -50,4 +50,4 @@ # User Authentication Feature Package ##################################### # Add components here that should be included in the package build. - DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf + DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/KeyService.c b/DasharoModulePkg/UserAuthenticationDxe/KeyService.c similarity index 100% rename from DasharoModulePkg/UserAuthenticationDxeSmm/KeyService.c rename to DasharoModulePkg/UserAuthenticationDxe/KeyService.c diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/KeyService.h b/DasharoModulePkg/UserAuthenticationDxe/KeyService.h similarity index 100% rename from DasharoModulePkg/UserAuthenticationDxeSmm/KeyService.h rename to DasharoModulePkg/UserAuthenticationDxe/KeyService.h diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.c b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c similarity index 100% rename from DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.c rename to DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.h b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.h similarity index 100% rename from DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.h rename to DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.h diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf similarity index 100% rename from DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf rename to DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeFormset.h b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeFormset.h similarity index 100% rename from DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeFormset.h rename to DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeFormset.h diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxePassword.c b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxePassword.c similarity index 100% rename from DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxePassword.c rename to DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxePassword.c diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeStrings.uni similarity index 100% rename from DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni rename to DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeStrings.uni diff --git a/DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeVfr.vfr b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeVfr.vfr similarity index 100% rename from DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeVfr.vfr rename to DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeVfr.vfr From c663b45ac02a752814d86d1409ad8164e8e36c63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sat, 3 Sep 2022 15:13:11 +0200 Subject: [PATCH 067/357] DasharoModulePkg: Add network boot option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoModulePkg/DasharoModulePkg.dec | 3 +- .../DasharoSystemFeatures.c | 63 +++++++++++++--- .../DasharoSystemFeaturesHii.h | 7 +- .../DasharoSystemFeaturesStrings.uni | 6 ++ .../DasharoSystemFeaturesUiLib.inf | 2 +- .../DasharoSystemFeaturesVfr.vfr | 25 ++++++- .../NetworkBootPolicy/NetworkBootPolicy.c | 74 +++++++++++++++++++ .../NetworkBootPolicy/NetworkBootPolicy.h | 29 ++++++++ .../NetworkBootPolicy/NetworkBootPolicy.inf | 44 +++++++++++ 9 files changed, 236 insertions(+), 17 deletions(-) create mode 100644 DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.c create mode 100644 DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.h create mode 100644 DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.inf diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 64c6c2f2ff..db1197a9a1 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -23,7 +23,7 @@ PlatformPasswordLib|Include/Library/PlatformPasswordLib.h [Guids] - gDasharoSystemFeaturesFormsetGuid = { 0xd15b327e, 0xff2d, 0x4fc1, {0xab, 0xf6, 0xc1, 0x2b, 0xd0, 0x8c, 0x13, 0x59 } } + gDasharoSystemFeaturesGuid = { 0xd15b327e, 0xff2d, 0x4fc1, {0xab, 0xf6, 0xc1, 0x2b, 0xd0, 0x8c, 0x13, 0x59 } } gDasharoSystemFeaturesTokenSpaceGuid = {0xc7d52e10, 0xadec, 0x4d49, { 0x9e, 0xc5, 0xb8, 0xcf, 0xcd, 0x4b, 0x9d, 0xb9 }} gUserAuthFeaturePkgTokenSpaceGuid = {0xa2793a6e, 0x6af1, 0x45c4, {0x88, 0x4d, 0x3d, 0x0c, 0x7a, 0xfe, 0x91, 0xc6}} ## Include Include/Guid/UserAuthentication.h @@ -32,6 +32,7 @@ [Ppis] [Protocols] + gDasharoNetworkBootPolicyGuid = { 0xdef83d91, 0x4613, 0x474c, {0xa7, 0xad, 0xf7, 0x79, 0x10, 0x11, 0x43, 0xf2 }} [PcdsFixedAtBuild] gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|FALSE|BOOLEAN|0x00000001 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 39884cb859..0afdc4dc4a 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -9,12 +9,13 @@ SPDX-License-Identifier: BSD-2-Clause #include #include "DasharoSystemFeatures.h" -STATIC EFI_GUID mDasharoSystemFeaturesGuid = DASHARO_SYSTEM_FEATURES_FORMSET_GUID; STATIC CHAR16 mVarStoreName[] = L"FeaturesData"; STATIC CHAR16 mLockBiosEfiVar[] = L"LockBios"; STATIC CHAR16 mSmmBwpEfiVar[] = L"SmmBwp"; STATIC BOOLEAN mLockBiosDefault = TRUE; STATIC BOOLEAN mSmmBwpDefault = FALSE; +STATIC CHAR16 mNetworkBootEfiVar[] = L"NetworkBoot"; +STATIC BOOLEAN mNetworkBootDefault = FALSE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -37,7 +38,7 @@ STATIC HII_VENDOR_DEVICE_PATH mDasharoSystemFeaturesHiiVendorDevicePath = { (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) } }, - DASHARO_SYSTEM_FEATURES_FORMSET_GUID + DASHARO_SYSTEM_FEATURES_GUID }, { END_DEVICE_PATH_TYPE, @@ -86,7 +87,7 @@ DasharoSystemFeaturesUiLibConstructor ( // Publish our HII data. mDasharoSystemFeaturesPrivate.HiiHandle = HiiAddPackages ( - &mDasharoSystemFeaturesGuid, + &gDasharoSystemFeaturesGuid, mDasharoSystemFeaturesPrivate.DriverHandle, DasharoSystemFeaturesVfrBin, DasharoSystemFeaturesUiLibStrings, @@ -97,7 +98,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); Status = gRT->GetVariable ( mLockBiosEfiVar, - &mDasharoSystemFeaturesGuid, + &gDasharoSystemFeaturesGuid, NULL, &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios @@ -106,14 +107,39 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { Status = gRT->SetVariable ( mLockBiosEfiVar, - &mDasharoSystemFeaturesGuid, + &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mLockBiosDefault), &mLockBiosDefault ); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios = mLockBiosDefault; + if (EFI_ERROR(Status)) { + return Status; + } } + + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot); + Status = gRT->GetVariable ( + mNetworkBootEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot + ); + + if (Status == EFI_NOT_FOUND) { + Status = gRT->SetVariable ( + mNetworkBootEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mNetworkBootDefault), + &mNetworkBootDefault + ); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot = mNetworkBootDefault; + } + + if (EFI_ERROR(Status)) { return Status; } @@ -121,7 +147,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp); Status = gRT->GetVariable ( mSmmBwpEfiVar, - &mDasharoSystemFeaturesGuid, + &gDasharoSystemFeaturesGuid, NULL, &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp @@ -130,7 +156,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { Status = gRT->SetVariable ( mSmmBwpEfiVar, - &mDasharoSystemFeaturesGuid, + &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mSmmBwpDefault), &mSmmBwpDefault @@ -221,7 +247,7 @@ DasharoSystemFeaturesExtractConfig ( *Progress = Request; if (Request != NULL && - !HiiIsConfigHdrMatch (Request, &mDasharoSystemFeaturesGuid, mVarStoreName)) { + !HiiIsConfigHdrMatch (Request, &gDasharoSystemFeaturesGuid, mVarStoreName)) { return EFI_NOT_FOUND; } @@ -234,7 +260,7 @@ DasharoSystemFeaturesExtractConfig ( // Allocate and fill a buffer large enough to hold the template // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator. ConfigRequestHdr = HiiConstructConfigHdr ( - &mDasharoSystemFeaturesGuid, + &gDasharoSystemFeaturesGuid, mVarStoreName, Private->DriverHandle ); @@ -311,7 +337,7 @@ DasharoSystemFeaturesRouteConfig ( return EFI_INVALID_PARAMETER; } - if (!HiiIsConfigHdrMatch (Configuration, &mDasharoSystemFeaturesGuid, mVarStoreName)) { + if (!HiiIsConfigHdrMatch (Configuration, &gDasharoSystemFeaturesGuid, mVarStoreName)) { return EFI_NOT_FOUND; } @@ -331,7 +357,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.LockBios != DasharoFeaturesData.LockBios) { Status = gRT->SetVariable ( mLockBiosEfiVar, - &mDasharoSystemFeaturesGuid, + &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.LockBios), &DasharoFeaturesData.LockBios @@ -344,7 +370,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.SmmBwp != DasharoFeaturesData.SmmBwp) { Status = gRT->SetVariable ( mSmmBwpEfiVar, - &mDasharoSystemFeaturesGuid, + &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.SmmBwp), &DasharoFeaturesData.SmmBwp @@ -354,6 +380,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.NetworkBoot != DasharoFeaturesData.NetworkBoot) { + Status = gRT->SetVariable ( + mNetworkBootEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.NetworkBoot), + &DasharoFeaturesData.NetworkBoot + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 379ed72c24..f21dc1ae51 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -9,19 +9,24 @@ SPDX-License-Identifier: BSD-2-Clause #ifndef _DASHARO_SYSTEM_FEATURES_HII_H_ #define _DASHARO_SYSTEM_FEATURES_HII_H_ -#define DASHARO_SYSTEM_FEATURES_FORMSET_GUID \ +#define DASHARO_SYSTEM_FEATURES_GUID \ { 0xd15b327e, 0xff2d, 0x4fc1, {0xab, 0xf6, 0xc1, 0x2b, 0xd0, 0x8c, 0x13, 0x59} } #define DASHARO_SYSTEM_FEATURES_FORM_ID 0x1000 #define DASHARO_SECURITY_OPTIONS_FORM_ID 0x1001 +#define DASHARO_NETWORK_OPTIONS_FORM_ID 0x1002 #define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 typedef struct { BOOLEAN LockBios; BOOLEAN SmmBwp; + BOOLEAN NetworkBoot; } DASHARO_FEATURES_DATA; #define LOCK_BIOS_QUESTION_ID 0x8000 +#define NETWORK_BOOT_QUESTION_ID 0x8001 + +extern EFI_GUID gDasharoSystemFeaturesGuid; #endif diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 0a26984503..be334a7c73 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -20,8 +20,14 @@ #string STR_DASHARO_SECURITY_OPTIONS_TITLE #language en-US "Dasharo Security Options" #string STR_DASHARO_SECURITY_OPTIONS_HELP #language en-US "Security-related options" +#string STR_DASHARO_NETWORKING_OPTIONS_TITLE #language en-US "Networking Options" +#string STR_DASHARO_NETWORKING_OPTIONS_HELP #language en-US "Network-related options" + #string STR_LOCK_BIOS_PROMPT #language en-US "Lock the BIOS boot medium" #string STR_LOCK_BIOS_HELP #language en-US "Locks the recovery partition of vboot" #string STR_SMM_BWP_PROMPT #language en-US "Enable SMM BIOS write protection" #string STR_SMM_BWP_HELP #language en-US "Prevents writing to the boot medium outside of SMM. Recommended to enable if using an admin password. Disable when updating firmware." + +#string STR_NETWORK_BOOT_ENABLE_PROMPT #language en-US "Enable network boot" +#string STR_NETWORK_BOOT_ENABLE_HELP #language en-US "Enables/disables the iPXE network boot and all NIC drivers" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 7ae928291b..e8d89c6b1e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -50,7 +50,7 @@ gEfiHiiPlatformSetupFormsetGuid ## CONSUMES ## GUID (Indicate the formset class guid to be displayed) gEfiIfrTianoGuid ## CONSUMES ## GUID (Extended IFR Guid Opcode) gEfiIfrFrontPageGuid ## CONSUMES ## GUID (Indicate the formset in this library need to display in which page) - gDasharoSystemFeaturesFormsetGuid ## PROVIDES + gDasharoSystemFeaturesGuid ## CONSUMES [Protocols] gEfiHiiConfigAccessProtocolGuid ## CONSUMES diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 49644af94c..aa5c9a4591 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -9,7 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause #include "DasharoSystemFeaturesHii.h" formset - guid = DASHARO_SYSTEM_FEATURES_FORMSET_GUID, + guid = DASHARO_SYSTEM_FEATURES_GUID, title = STRING_TOKEN(STR_EDKII_MENU_TITLE), help = STRING_TOKEN(STR_EDKII_MENU_HELP), classguid = gEfiIfrFrontPageGuid, @@ -17,7 +17,7 @@ formset varstore DASHARO_FEATURES_DATA, varid = DASHARO_FEATURES_DATA_VARSTORE_ID, name = FeaturesData, - guid = DASHARO_SYSTEM_FEATURES_FORMSET_GUID; + guid = DASHARO_SYSTEM_FEATURES_GUID; form formid = DASHARO_SYSTEM_FEATURES_FORM_ID, title = STRING_TOKEN(STR_EDKII_MENU_TITLE); @@ -26,6 +26,11 @@ formset prompt = STRING_TOKEN(STR_DASHARO_SECURITY_OPTIONS_TITLE), help = STRING_TOKEN(STR_DASHARO_SECURITY_OPTIONS_HELP); + goto DASHARO_NETWORK_OPTIONS_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_NETWORKING_OPTIONS_TITLE), + help = STRING_TOKEN(STR_DASHARO_NETWORKING_OPTIONS_HELP); + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); @@ -52,4 +57,20 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); endform; + + form formid = DASHARO_NETWORK_OPTIONS_FORM_ID, + title = STRING_TOKEN(STR_DASHARO_NETWORKING_OPTIONS_TITLE); + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + + checkbox varid = FeaturesData.NetworkBoot, + prompt = STRING_TOKEN(STR_NETWORK_BOOT_ENABLE_PROMPT), + help = STRING_TOKEN(STR_NETWORK_BOOT_ENABLE_HELP), + flags = INTERACTIVE, + endcheckbox; + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EXIT_STRING); + endform; endformset; diff --git a/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.c b/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.c new file mode 100644 index 0000000000..d889dab7c6 --- /dev/null +++ b/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.c @@ -0,0 +1,74 @@ +/*++ +Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved + + SPDX-License-Identifier: BSD-2-Clause-Patent + +--*/ + +/** @file +**/ + +#include +#include +#include +#include "NetworkBootPolicy.h" + +#include +#include + +NETWORK_BOOT_POLICY_PROTOCOL mNetworkBootPolicy; + +/** + Entry point for the Platform GOP Policy Driver. + @param ImageHandle Image handle of this driver. + @param SystemTable Global system service table. + @retval EFI_SUCCESS Initialization complete. + @retval EFI_OUT_OF_RESOURCES Do not have enough resources to initialize the driver. +**/ + +EFI_STATUS +EFIAPI +NetworkBootPolicyEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) + +{ + EFI_STATUS Status = EFI_SUCCESS; + BOOLEAN *NetBootVar = &mNetworkBootPolicy.NetworkBootEnabled; + UINTN VarSize = sizeof(*NetBootVar); + + gBS = SystemTable->BootServices; + gRT = SystemTable->RuntimeServices; + + gBS->SetMem ( + &mNetworkBootPolicy, + sizeof (NETWORK_BOOT_POLICY_PROTOCOL), + 0 + ); + + mNetworkBootPolicy.Revision = NETWORK_BOOT_POLICY_PROTOCOL_REVISION_01; + mNetworkBootPolicy.NetworkBootEnabled = 0; // disable by default + + Status = GetVariable2 ( + L"NetworkBoot", + &gDasharoSystemFeaturesGuid, + (VOID **) &NetBootVar, + &VarSize + ); + + if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*NetBootVar))) { + + mNetworkBootPolicy.NetworkBootEnabled = *NetBootVar; + + if (mNetworkBootPolicy.NetworkBootEnabled) + Status = gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gDasharoNetworkBootPolicyGuid, + &mNetworkBootPolicy, + NULL + ); + } + + return Status; +} \ No newline at end of file diff --git a/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.h b/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.h new file mode 100644 index 0000000000..36c5a76cde --- /dev/null +++ b/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.h @@ -0,0 +1,29 @@ +/*++ +Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved + + SPDX-License-Identifier: BSD-2-Clause-Patent + +--*/ + +/** @file +**/ + +#ifndef _NETWORK_BOOT_POLICY_PROTOCOL_H_ +#define _NETWORK_BOOT_POLICY_PROTOCOL_H_ + +#define EFI_NETWORK_BOOT_POLICY_PROTOCOL_GUID \ + { 0xdef83d91, 0x4613, 0x474c, 0xa7, 0xad, 0xf7, 0x79, 0x10, 0x11, 0x43, 0xf2 } + +#define NETWORK_BOOT_POLICY_PROTOCOL_REVISION_01 0x01 + +typedef struct _NETWORK_BOOT_POLICY_PROTOCOL { + UINT32 Revision; + BOOLEAN NetworkBootEnabled; +} NETWORK_BOOT_POLICY_PROTOCOL; + +// +// Extern the GUID for protocol users. +// +extern EFI_GUID gDasharoNetworkBootPolicyGuid; + +#endif \ No newline at end of file diff --git a/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.inf b/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.inf new file mode 100644 index 0000000000..81d04dc3c8 --- /dev/null +++ b/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.inf @@ -0,0 +1,44 @@ +# +# +# Copyright (c) 1999 - 2019, Intel Corporation. All rights reserved +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = NetworkBootPolicy + FILE_GUID = ca90493e-1a22-4d09-9c78-3894507eb646 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = NetworkBootPolicyEntryPoint + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = X64 +# + +[Sources.common] + NetworkBootPolicy.c + +[Packages] + MdePkg/MdePkg.dec + DasharoModulePkg/DasharoModulePkg.dec + +[LibraryClasses] + BaseLib + DebugLib + UefiLib + UefiDriverEntryPoint + UefiRuntimeServicesTableLib + +[Guids] + gDasharoSystemFeaturesGuid ### CONSUMES + +[Protocols] + gDasharoNetworkBootPolicyGuid ### PROVIDES + +[Depex] + gEfiVariableArchProtocolGuid \ No newline at end of file From d1879902632dd8ed3788f45f3d12397063653c12 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Thu, 2 Jun 2022 18:11:26 +0300 Subject: [PATCH 068/357] DasharoPayloadPkg: add Dasharo System Features menu Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + 1 file changed, 1 insertion(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index f9b92c5788..cbe15f18f4 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -581,6 +581,7 @@ MdeModulePkg/Application/UiApp/UiApp.inf { NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf + NULL|DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerUiLib.inf } From 9ddb3d58756b8ad7422acd70c5a74d5c2a4ce71b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 27 Jun 2022 18:08:20 +0200 Subject: [PATCH 069/357] DasharoPayloadPkg: reorder boot options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit move iPXE above UEFI Shell Signed-off-by: Michał Kopeć --- .../PlatformBootManagerLib/PlatformBootManager.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 240908daeb..26f4f0db94 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -524,7 +524,7 @@ WarnIfRecoveryBoot ( gST->ConOut->EnableCursor (gST->ConOut, FALSE); DrainInput (); - gBS->SetTimer (TimerEvent, TimerPeriodic, 1 * 1000 * 1000 * 10); + gBS->SetTimer (TimerEvent, TimerPeriodic, 1 * 1000 * 1000 * 10); Events[0] = gST->ConIn->WaitForKey; Events[1] = TimerEvent; @@ -620,18 +620,18 @@ PlatformBootManagerAfterConsole ( // Tcg2PhysicalPresenceLibProcessRequest (NULL); - // - // Register UEFI Shell - // - DEBUG((DEBUG_INFO, "Registering UEFI Shell boot option\n")); - PlatformRegisterFvBootOption (PcdGetPtr (PcdShellFile), L"UEFI Shell", LOAD_OPTION_ACTIVE); - // // Register iPXE // DEBUG((DEBUG_INFO, "Registering iPXE boot option\n")); PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), L"iPXE Network boot", LOAD_OPTION_ACTIVE); + // + // Register UEFI Shell + // + DEBUG((DEBUG_INFO, "Registering UEFI Shell boot option\n")); + PlatformRegisterFvBootOption (PcdGetPtr (PcdShellFile), L"UEFI Shell", LOAD_OPTION_ACTIVE); + BootMenuKey = GetKeyStringFromScanCode (FixedPcdGet16(PcdBootMenuKey), L"F12"); SetupMenuKey = GetKeyStringFromScanCode (FixedPcdGet16(PcdSetupMenuKey), L"ESC"); From 4c6a12365f15cf54b649e1a8cd311ddbf66e4918 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 28 Jun 2022 17:47:40 +0200 Subject: [PATCH 070/357] DasharoPayloadPkg: Add PCD for default SecureBoot state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoPayloadPkg/DasharoPayloadPkg.dec | 1 + DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 ++ .../SecureBootEnrollDefaultKeys/SecureBootSetup.c | 7 ++++--- .../SecureBootEnrollDefaultKeys/SecureBootSetup.inf | 5 +++++ 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index ef5779722d..edaec687d8 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -74,6 +74,7 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0xC0|UINT32 gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x80|UINT32|0x00000016 gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|TRUE|BOOLEAN|0x00000017 +gDasharoPayloadPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|TRUE|BOOLEAN|0x00000018 [PcdsFixedAtBuild] ## Specifies the initial value for Register_A in RTC. diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index cbe15f18f4..02a165c440 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -90,6 +90,7 @@ DEFINE SATA_PASSWORD_ENABLE = FALSE DEFINE OPAL_PASSWORD_ENABLE = FALSE DEFINE LOAD_OPTION_ROMS = TRUE + DEFINE SECURE_BOOT_DEFAULT_ENABLE = TRUE # # Network definition # @@ -395,6 +396,7 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey|$(BOOT_MENU_KEY) gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey|$(SETUP_MENU_KEY) gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|$(LOAD_OPTION_ROMS) + gDasharoPayloadPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|$(SECURE_BOOT_DEFAULT_ENABLE) !if $(SOURCE_DEBUG_ENABLE) gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.c b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.c index 8741780899..a246e1cd3f 100644 --- a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.c +++ b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include @@ -539,10 +540,10 @@ InstallSecureBootHook ( ASSERT_EFI_ERROR (Status); } - // FIXME: Force SecureBoot to ON. The AuthService will do this if authenticated variables + // FIXME: Optionally force SecureBoot to ON. The AuthService will do this if authenticated variables // are supported, which aren't as the SMM handler isn't able to verify them. - Settings.SecureBootEnable = SECURE_BOOT_ENABLE; + Settings.SecureBootEnable = PcdGetBool (PcdSecureBootDefaultEnable) ? SECURE_BOOT_ENABLE : SECURE_BOOT_DISABLE; Status = gRT->SetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, sizeof Settings.SecureBootEnable, &Settings.SecureBootEnable); @@ -552,7 +553,7 @@ InstallSecureBootHook ( ASSERT_EFI_ERROR (Status); } - Settings.SecureBoot = SECURE_BOOT_ENABLE; + Settings.SecureBoot = PcdGetBool (PcdSecureBootDefaultEnable) ? SECURE_BOOT_ENABLE : SECURE_BOOT_DISABLE; Status = gRT->SetVariable (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, sizeof Settings.SecureBoot, &Settings.SecureBoot); diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf index 153830f743..12096f9ce3 100644 --- a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf +++ b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf @@ -28,6 +28,7 @@ MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec SecurityPkg/SecurityPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec [Guids] gEfiCertPkcs7Guid @@ -45,10 +46,14 @@ UefiDriverEntryPoint DxeServicesLib UefiBootServicesTableLib + PcdLib [Protocols] gEfiTcgProtocolGuid ##CONSUMES gEfiVariableWriteArchProtocolGuid ## NOTIFY +[Pcd] + gDasharoPayloadPkgTokenSpaceGuid.PcdSecureBootDefaultEnable + [Depex] TRUE From a5134d795d7abebf8494e68cede226ff52f44960 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Fri, 26 Aug 2022 12:58:44 +0200 Subject: [PATCH 071/357] DasharoPayloadPkg: Add config option to hide Dasharo System Features menu MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 02a165c440..675eab8452 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -85,12 +85,13 @@ # # Security options: # - DEFINE SECURE_BOOT_ENABLE = FALSE - DEFINE TPM_ENABLE = TRUE - DEFINE SATA_PASSWORD_ENABLE = FALSE - DEFINE OPAL_PASSWORD_ENABLE = FALSE - DEFINE LOAD_OPTION_ROMS = TRUE - DEFINE SECURE_BOOT_DEFAULT_ENABLE = TRUE + DEFINE SECURE_BOOT_ENABLE = FALSE + DEFINE TPM_ENABLE = TRUE + DEFINE SATA_PASSWORD_ENABLE = FALSE + DEFINE OPAL_PASSWORD_ENABLE = FALSE + DEFINE LOAD_OPTION_ROMS = TRUE + DEFINE SECURE_BOOT_DEFAULT_ENABLE = TRUE + DEFINE DASHARO_SYSTEM_FEATURES_ENABLE = FALSE # # Network definition # @@ -586,6 +587,8 @@ NULL|DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerUiLib.inf + + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|$(DASHARO_SYSTEM_FEATURES_ENABLE) } MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf MdeModulePkg/Application/VariableInfo/VariableInfo.inf From 073c330f24c7a476ceb0a912f806d208be9214c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 17 Oct 2022 14:22:26 +0200 Subject: [PATCH 072/357] MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c: always use standard 80x25 mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c index e2d779c783..adb14a7568 100644 --- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c +++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c @@ -113,8 +113,8 @@ TERMINAL_DEV mTerminalDevTemplate = { TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = { { 80, 25 }, - { 80, 50 }, - { 100, 31 }, +// { 80, 50 }, +// { 100, 31 }, // // New modes can be added here. // From 45f5ea690e744d7c6fd147db705e19c86541b6c5 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Wed, 26 Oct 2022 11:16:54 +0200 Subject: [PATCH 073/357] DasharoPayloadPkg/DasharoPayloadPkg.dsc: add SecureBootVariableLib and SecureBootVariableProvisionLib PlatformPKProtectionLib is a dependency of SecureBootVariableLib. SecureBootVariableLib is a dependency of SecureBootVariableProvisionLib. Signed-off-by: Maciej Pijanowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 675eab8452..f240ad577e 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -274,6 +274,9 @@ !if $(SECURE_BOOT_ENABLE) == TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf + SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf + PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf !else AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif From 15e38b1c5551d7627b1fc302bb57a3fce4297b15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Fri, 28 Oct 2022 17:58:15 +0200 Subject: [PATCH 074/357] DasharoPayloadPkg/SecureBootDefaultKeys: remove source and refresh certs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dec | 1 - DasharoPayloadPkg/DasharoPayloadPkg.dsc | 6 +- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 38 +++++------ .../SecureBootDefaultKeys/DBXUpdate.bin | Bin 0 -> 13778 bytes .../MicCorKEKCA2011_2011-06-24.crt} | Bin .../MicCorUEFCA2011_2011-06-27.crt} | Bin .../MicWinProPCA2011_2011-10-19.crt} | Bin .../keys => SecureBootDefaultKeys}/README | 5 +- .../SecureBootDefaultKeys/pk.crt | Bin 0 -> 1011 bytes .../SecureBootSetup.inf | 59 ------------------ .../SecureBootSetup.uni | 21 ------- .../SecureBootSetupExtra.uni | 17 ----- .../SecureBootEnrollDefaultKeys/keys/crl.bin | Bin 7085 -> 0 bytes .../SecureBootEnrollDefaultKeys/keys/pk.crt | Bin 1053 -> 0 bytes 14 files changed, 24 insertions(+), 123 deletions(-) create mode 100644 DasharoPayloadPkg/SecureBootDefaultKeys/DBXUpdate.bin rename DasharoPayloadPkg/{SecureBootEnrollDefaultKeys/keys/kek.crt => SecureBootDefaultKeys/MicCorKEKCA2011_2011-06-24.crt} (100%) rename DasharoPayloadPkg/{SecureBootEnrollDefaultKeys/keys/db-2.crt => SecureBootDefaultKeys/MicCorUEFCA2011_2011-06-27.crt} (100%) rename DasharoPayloadPkg/{SecureBootEnrollDefaultKeys/keys/db-1.crt => SecureBootDefaultKeys/MicWinProPCA2011_2011-10-19.crt} (100%) rename DasharoPayloadPkg/{SecureBootEnrollDefaultKeys/keys => SecureBootDefaultKeys}/README (55%) create mode 100644 DasharoPayloadPkg/SecureBootDefaultKeys/pk.crt delete mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf delete mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.uni delete mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetupExtra.uni delete mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/crl.bin delete mode 100644 DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/pk.crt diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index edaec687d8..ef5779722d 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -74,7 +74,6 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0xC0|UINT32 gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x80|UINT32|0x00000016 gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|TRUE|BOOLEAN|0x00000017 -gDasharoPayloadPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|TRUE|BOOLEAN|0x00000018 [PcdsFixedAtBuild] ## Specifies the initial value for Register_A in RTC. diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index f240ad577e..ec8c36d967 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -90,7 +90,6 @@ DEFINE SATA_PASSWORD_ENABLE = FALSE DEFINE OPAL_PASSWORD_ENABLE = FALSE DEFINE LOAD_OPTION_ROMS = TRUE - DEFINE SECURE_BOOT_DEFAULT_ENABLE = TRUE DEFINE DASHARO_SYSTEM_FEATURES_ENABLE = FALSE # # Network definition @@ -400,7 +399,6 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey|$(BOOT_MENU_KEY) gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey|$(SETUP_MENU_KEY) gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|$(LOAD_OPTION_ROMS) - gDasharoPayloadPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|$(SECURE_BOOT_DEFAULT_ENABLE) !if $(SOURCE_DEBUG_ENABLE) gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 @@ -576,8 +574,8 @@ !if $(SECURE_BOOT_ENABLE) == TRUE SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf - OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf - DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf + SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf + SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf !endif UefiCpuPkg/CpuDxe/CpuDxe.inf diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index d35926323a..d54be9a638 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -215,33 +215,33 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf # !if $(SECURE_BOOT_ENABLE) == TRUE INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf - INF DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf + INF SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf + INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf - FILE FREEFORM = A23665E3-ACA6-4F6D-80CC-341E7D7B8CC6 { - SECTION RAW = DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek.crt - SECTION UI = "SecureBootKekCert" + # gDefaultKEKFileGuid + FILE FREEFORM = 6F64916E-9F7A-4C35-B952-CD041EFB05A3 { + SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/MicCorKEKCA2011_2011-06-24.crt + SECTION UI = "DefaultKekCert" } - FILE FREEFORM = F8104268-A364-45F5-8E00-ABA3FDEA12BE { - SECTION RAW = DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/pk.crt - SECTION UI = "SecureBootPkCert" + # gDefaultPKFileGuid + FILE FREEFORM = 85254EA7-4759-4FC4-82D4-5EED5FB0A4A0 { + SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/pk.crt + SECTION UI = "DefaultPkCert" } - FILE FREEFORM = 26A517B0-E3FD-46C2-8932-E926BF98941F { - SECTION RAW = DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-1.crt - SECTION UI = "SecureBootDb1Cert" + # gDefaultdbFileGuid + FILE FREEFORM = C491D352-7623-4843-ACCC-2791A7574421 { + SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/MicWinProPCA2011_2011-10-19.crt + SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/MicCorUEFCA2011_2011-06-27.crt + SECTION UI = "DefaultDbCert" } - FILE FREEFORM = 91D2E32B-0134-4306-BA90-54EDCBF349CA { - SECTION RAW = DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-2.crt - SECTION UI = "SecureBootDb2Cert" + # gDefaultdbxFileGuid + FILE FREEFORM = 5740766A-718E-4DC0-9935-C36F7D3F884F { + SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/DBXUpdate.bin + SECTION UI = "DefaultDbxCert" } - - FILE FREEFORM = 74BB6E72-2A56-4D0E-A5B3-5D39FC2EE346 { - SECTION RAW = DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/crl.bin - SECTION UI = "SecureBootDbxCert" - } - !endif # diff --git a/DasharoPayloadPkg/SecureBootDefaultKeys/DBXUpdate.bin b/DasharoPayloadPkg/SecureBootDefaultKeys/DBXUpdate.bin new file mode 100644 index 0000000000000000000000000000000000000000..ab95a63894dceea53ffef1c23d8f182bdb016c09 GIT binary patch literal 13778 zcmd6sbyOX}mhL&YyCk> zzCJT={&?%H^;j$p)&1+Q_o?3X)voGABsfGo90Hhs{#>Cy{RexBnLSl4w`_GJ8&$^b z$M?p(1RRXM2nzynV1Y3ZQH;W5K<04pupk5&Fd8BXQQ?O^E&ap1rPWBxsegomVNZe|a0FykNxlm0z|ibtSmZR!khfmpawNQbLV16(s$4gFbE{?ZPP0pt# z$G78upE`7OUEZ`1|`?M^p4eH=Mk#pV?@STW<(I zdK(t@Y@Mkg*?g8NydLL?!N@XxUtJY78R+{R{W(pESb^GGCC=>_s%Ak%9wIpI>`hYx zkIxk%D(p=(q&n;8Up??X?wfB&&|ZzhJ5qd4VN9O5bOF&@ALXNnmwf5|z2zs*<}hET zT^1`U@d;vrW@&q{UoIKoFnsEIUm($nJ$y%w&@-zxoyTtik$bj%-TA5z_v%%*z&R&8 zjO^5BhkVEW@p$Do7Gx{m71rCi(pShq#&NmAL%}xTHJmF1FBX5g`=9utl`yJLP~jMc zzmPv8wQK&dHF#o)?Artj2Z8|=1cNM|dc*{b|J1u=bnqB|lav_|1P==4QwD*_{vO4I zCxpj$6V58%`|r|>@E>=9N5FeZ z8Ge3V4rXp%J|2E9FvVXP8u({m!a#hJJBiU;k-}k1+$r4!%?h89#wbIu`d@$oUI8oz zmdSmcD;XwkX?bx3Zpx!CY)shZ!Kf4vx+0#InOx>4-geO2K@Z{;>(M0^Q^6s6t|n zu_HGp(>#6Ur38X!i+PUW{M0+@w8c{;Jtguo0x}=`PhQZ_zKJo7m&>+@H`u)@?Cv^o zOR&l!d?yeNW4CgpQmc+%b8+5=CTt?y!Hp>f;vT}DlD_6SY8BDZqi?V9tVh@qz69n zoOD8Xr3~AN`ZyZlqkCY4BI-ZD*QqUHefa~Ee+FwZZ&{?MI4@>oKqe1EI|H%v8dd&Y z*F}x({gvv_X(dVr9E`B@WPlU@W`L;1sFM-@@I5#{XMuy_|DTwOAejH@5k2`H=YN{Y zzxX1hhLyFm8KsJ`v#S@SqOr5BxvQg{v8g$w8U*6{*9f2Nke8F26U@!Q$^X{~dH=1+ z^SAl`gIE7g7TCAb5Y<_!^`hoQ@80&UmbWCVJ`%>F+@>qjRt?sH{r*8f%lcbWPG1}% zWz2Q7l9vRDu>+SYA+;HqEZdh&@v|taYhCcA6=2e3nR7&y46_o|fT2+350qhJ5A3Ts zkHKAsyQ5NX|9dB4Zqz3ds}?sy4H32z%zbhi7*B*f-OU zXrti{V$P!XdgX2AELmbTy{_b<8N_pw1tPMd$;;R!v`p|D%IzkY00{<2i* z#H9V{7IVr=cq7wXaD_=*QFZ~*pT!*C?qee~Egp}X2kG{h@BU|p?r zC))?f`UAl~El~N%0_DNj|KWTDAo!;#8RlQ?@4vLA=l^j5J}f*sIVy}gj2n!})7&lg z;1ig0$vlW z4pz-o&Q%PP|93-rGA?Mt`-j^(Iz!CdO#j1_o>KQIZ=aI(DOdkGADH#&7tHg2=X~s@ z|6+Up{T*BZ!xt|2sWWFnA};Zhp22=&61rtdAVr_cojl!9vnV~vZ*cRDgZac-=>B%k ztEq+0M%4$~>}u8Q4A%0??@|)aj@GdVZ8P*)t)b@yh6uAi1}3b>WaK%U_VuU0mtB|5 zt)55)%nzAAxZi{v1b?d%qjSu%-F=9|noFVB+)kqS%!D2z|H#0I?elxiw`kJ61!2hR z5GyVrtLI@E;%|rLGt({glUp@~A8XU#&HOWjlnbO{@w!}(d*tV5PH#qX!e|P^hl}sE z{b#H#3F7^O&I0f@F`}b{!bA4g$2uf7D_KJlV{Mq<`byrYeF_?4C2d<#TZX~8&JgZ4 zs#)b~D2SLee~wDLUEy2U9UQLovX&jAA3q#&AH&wp-?+WiyRtD#A99=|e#{sh_gYLa zh{SUKkA#l-Fh=`5OoH--n_x*9?VXC4sMiXsGO7)|yMx+cinUKQ*6(nH38|h+b^IWT zTQK}5K3?NRIcpN`d8@-&*m1ig^yzUsYOl)LlXkfL*G6T1NIg`+r}t+&UYtgq^A$zZ z`10Sn=jHePUTN`s-coj}uQ7t7RWzvB|_@;H~cD?xxVu*d~7#c?p%_Fbfa^< zntm-M-YL$I&W{|ypuVSJ*7Z~wgM-rkKXAwYw&4EPlKo%m@23J1J{SZ8dv`T`ODf`h z)_I=GP&4(jV)Oa#bmzy45wysy%#z>@CR-n8q4ttL9N?xn^&hI2U)RwPk%o;WiBQQY z)mzDb5~%knTqSiSZ6@u)Pm4`zd1j2Yozpik#nIz%B#ZLW6*}=P#dsv)PmfC|!g$P* zttXZlovP`!y^m}Bk#j?2+Igq4d!4~GRP>>@+Q!&*GIoR6sE%#o@B|-M3B6HAqQRw! zIg7WMuQBWt*2-1;F z5jK$>_rrze?Lq{fm#tNaF-@EfS_Qs%ff6&cs>;K-HMn9DNKU@JnEQgTuUkPSLA0Vw z><@3E1j7i!Kc;LL@Y6>}#*K##9H(N35yQpy2T%FH`UPu_P7K)l_+s+slgea;YFqZ7 zMcxbVHG7Z3UD4DjZ10yn%fG!hBxX z+7K&B^(Q7s0GmrVhKSj37A53kOD~%cEUXS7Pka#4EN^FCgiBfW#VII74NQe$GCM6K zlb&VE_?8(J5y9BK`Uu`I8e>FgDh7V_Svno$@0`ltdz4^B|RItUL$d~AaG8?DpZrbvgeBU;6B$iwOA6q)Vj^PfYD}(b%AU|Pxz;NZ?s(xz5 z+UfVmHBi9xGc3ml?}3nwh4XZH(;mn(4(zMd3kl>!v&78xi zhsa3+`MBF{OzT-L(HIdTbSusupQlh(=;`Q}8--=3lAVh$6o5Q7q+)OU;9dzV=z0;D z8<@5>5y+efi5+wuqdF%Hv&sVUL`ni^x)KA$NNv-i$_U)#!sGlVmSaiR4VY{+Ws3>u zK%O~${DnAM!UL~ir+hC4J+j@$Re5j7qvS2SZ5+rtogc`vImTOt75{cor6_quQI19C z*q}AQ$yP@5xpcaPS+&{^$iEuP%vlyW$<|P-`D3sV)YEig?<(Np<)j(wh-Wh<;sWHQ zN05!_*AO$pRs?L1S!S@W``_Bz{@|su>Lp=WXL`E~o^?a+HNyf(5v!)2{hY%D%tN1M+<+9Tn1U zmGeImK2bL`J-dCMl=qs2Vz-d6ML&uwqUR3C4-j>i)*dkhkuo%tk|?~J`x>o_PR~GQ z42!hCmC%zC0OY@7aaj;GZ~u9hs)6@4^%Tuz|3$!j9(v1qN9TZL`HyHIZ>FWYfa{sT zhF|&Sikm{M+V&d#k0gwzj@#~u606yq6p)u19IA3d9dDDl<5Tl9!~JQdST!FnG#W+w zRWa1sayb^r2hHCqd}Q+urZcyd4|Zu9F02tb+uf&J$z>#@J;-Yf1M)3QXK72w@R^>2 zt_ic6Bu?maOqB(5KAW#mHaI!{dmrxA?bBTrR&D#y&JCzr~(094<(yIwug>xjLxQuHKQhVL+vPap!bJn9*R1U`6J&MCC4^LE$ao#!Nl#0X~?c|^U`N;FhtBufJ?ootnl;ri% z`z{2h+K@Dj5O2vPO_{Z&TOj}SfCnD&%t15bu^tX%ZU2`B4}tRB0G`j033*>X2nI38p^(NJ`ouXPG)k+rY z=20|iW&e?n{e03lYSaznf9h1fL6$^Ze{Xub5{d=R9mVx{%|w-;gH@y3qqBtz%MFZRR_zpM+Ez~!(5}c46de*wrf+5a@Ya&&Ck1XNkU+!O=4`ZWY|0OWOPW8;OLLWPBks(!{~$oG54JH60)Npx#C%o>(|Is}!UFTBjL z*2T`o$xGk8M&o(&soJ9i!#1WbY|>sG2H6xsLjzY*3K4!x$q9)d z=+ctM?U@UI`1%USqpwiGT>1K68!8?0et_+COn8YZMDs2FKH#|oMp6y>b0D7#pMxpJ zHyBqly)_D6yU2;%{f_wYGkz(c~zk1Q;Z%3w|(N{H!Y_E zEx(M`4)Xd`VYt`g+Uo4CP&G1Xpyum$+CgVUTC9#b4MV0X&omhlcBM=pIEG)pAyxeD z*wKQDr*-*qComD36Sc3}K{YULqDF3WGn=thba zZM{(z5W!Kz=KE@*>wWv*%0{5(_tP+up{9#hNtO7wXwh=kvfl5_589bDSK7oeJ(%Aw z#RK(yz7A`cj$wf)8juZ|TRkQ#rr!0vlG8F0>c%@`+3)uP@;fm6`d={NwSsnFR6Xlk zFY~od90=m6ihXqqZPw@z?}0pN{nEFyA>8qj`ovf~rw8Vgc&rU1D#(HcgC(n-zY8Id z7a5};t~-!?IkHL9Lf>~{xTL2ez-RFzO~F9I`_)yREs(c5dd)fbh16n5B=TqC-VtsR zK}M%kea|4P-=J(pey#+NUz6u}t4Zi2BOD#)QpdVVqPV)xR!&8H&zi-Nb7_D)0pz!P z&;;s(4k9!`2Stp0LG$u&iF=eIUf8NRZXeWtqI(JCmqvtEyD&FuYT?7DopW!bFMA+b z1v+1R=mW{|l`2~MfIO_$qZ1Yr;YMVgYhsr>e935;G2?vcz137>wJAS5hdz)Oh(GzW z$q&U5 zA1P?=-W)lL$q}8aOpF!x*zgqhQhDP6_4Tw7p4)`(@La&NNAB*DC{jMYA}~?4sqs(EWU)J5D|Z}N?tY#VQv~Eu7*0f^f75M|Shjl0MW6N#Z$Tc5ZxMB%-$9+ z59CqZ_Rz>2_X?-aU1{wbln3iY0(5M6xKLVpZIu_?oDG0Hy6RjUq%RRi)?L3eELhx@ z<>8}E;hD4gUOfyBKIeJ~kjE;>&zMjJ&pqf~OzD`LjvkVQi>7=Ud4_GB$iybAngQhT zJ;3$sI1jR~c3~Uo$Wup|A>7k8mx8(L+9Ghna@Ll+w8tV&8S^ApPG$py>t0%nfoi= zu5OAieQBvceb({Vm>@@*$(>axVqvS<1MtF^1%>wJfagEEM?i!X#6X^dn5kb^r7II$ zHyiCY`%-&sANHUEgfNFw|qvlRofbm_87Y49bT1b zkOt)W%;&7TbpJ$)`|#kz2~zRx6lOv~vr$iV4sF6bZHl>p{7ZXly=7J@_Z51%AZ`=|21Yx|A>VUj}vg?=XD(1v@mB9p4T*c$U2my72Yj``UUyj8!Z;qhq zD}il0sc(+E&(H~U(kR4DSf^Cm^KQ3VK>cjpgf2BaQ2ryhv%Sw9!_%Gc;rXC-h-E}N zq1fcrIEt!59;|huvWpHd9ufW*C(U_pzvqcrwwZZ{2nkD2t?Rc-F6|8Qi3PASK-Gt$ zr~~#oO*Khn>u8|j4v@ej8CVPJ-L?+9IN2A&i`EZ7eX-DB3j1>1Qf?p5d}hN8R5!tB=33_=o1DMUFNr}JlD44ZI@NZ%Y!4tW6>h6I zZ#<(bkQ9jI3hS+3|5oO638NSaa-$e~RQN8`eEr(8lMa2ZJJ&YEbpUU)cG)Z{K-&e< zsWqVwanmoiya4J;Ka!Z%iZawvDVd+<05D53&_H)((d9AH@ftwLE z>JInOYL4r}h)4}HI(64$6z|}<%Z%yd6dnrf+)Pe1K zs9JaA?o9pO?tnl;ej2&vb8b^;h9-rP>N~EU-5t}?xu_Og? z4a7kCn|<5fl*s!q^y~Tn*W0@yO2zfH=mc)rjsS7bM6#-u z19|5jNU-mILRxBC3dul~YYaX)!u0-lqkf#&XN#|tUxI%>{J5q_IgF@EeS)7rh3Jg7v53XpH`A%au{@Xm`4qr#{D2{m+neDUy6)jUGjA5J`YJ5d1 zdh+vr;7l8df4k$#b`GA)w@AOxk$!*1!fg9F6a=+j{T@zs4q1zM^AlA!o~aBCClY7s zywzEpcDy;`aX;lTR6QJ%IE!xmT*n;WeRJux{3=uEjap#iCGAXJ@7>o4nQ^H4D$exs zwtv&R@t0jv1ilgFs&lRT_j0Y7p&TqDOri(YHQ@J+H@7J~mKA(So7?n)Q)XjrR;y@8 zCME*CQ5WQb!g;F>#ix?ur*_8b4utSm^u?I&H{X=syDJXwunU%Xd>b0K0rE+Xo_~Ce zQ&Qdw>}F-?Yg_n-MX+2Aef=J3S(wu1eIW$oQ#MqRRHg$Ldrcl=88stuqbNu>wL_;c zB71!D%O+5u@+b9O!;xgd?oRxG=IKQsPjYspln|zgz{!KpSyz!~=sHk8wTKu+QqlzD z{QdlZDoaINhTFY__v*$JBV(YuF-;IuKBSiRx8lrF9JlG)AS@~ov`Vw~4UEb<-x0&< zuTyceZvgev87Q|7-is|($lLkajEeXwB;`6o@fvw$*_u1Gk>w=c z#N^|za*3W(*ol_fLPXB3eulwt0Qt;nW%oJT%h}S@&JIKI%sfT-m1vpXqZs!@)Zh<~ zFQL}sS#&wWU^2r&e*f=o>82~kw!9mZTK6vS4z?4~_&IK*K>h5gr6zU*S3>%;-4%h_ zP`Cn7p{p|ZLa)Lf2n+tyDrG?a3=;s0tdwZ3^~S zfPCSCXH#ECo(9i%+rzbR=&B!ikrPN=#pF6qKWo4Rdo8jD-m$Yji<}4fXbnk$C z^K8R*sE^b;Opve7`uv;9{nSB5%o>Zg!qNir`>IRlK)&S_V!FI|@20 zuU8HpAK|?W?0u=#v7p`;w1F1kxY|s!{7D1tYu=E3jZ!B(V?V}@yNyBHu&|7g)R1E(yv$ydm}e9S{gsxGr`u?Drj(J_JZVs~B(d-}nxnzY-IiSZ<; z{_6fJ|1+K*Y--t9KQR6;68gVK89p)j#?;>hxk&4JY?hxV{I>OVzj%+P=3|(I#s7T$shls(a^cO(7>*SDX!{AYWIP zNZ8)IhT5-KhW%9kF1&1YWp0&pnP=7hTBD73-6#X_x zv%~kxO$B~)|B*}T1Iv(3h}1{6Jg9nRMYSp7p!Ki_{CW`6<_h6MGBpdlu~u_mcT3Os zfZ^*+p#Hl3ol`aye$RTwUPQ=82B~sR2qa)z2~$1OUt^wv7s@}^)8a3p+xrun55vZS z$1EV-__{g6_smGG6Q!9KgPol~{jE?4UVv9R>sRIc3(nL7&Z&hGh|iWW{y?6{o#5!@ z5Rl({d>`6_+^VQ+8~FNi7MVzT&Z~9N!)i-*Li#b2!UAeNe)O)$Le?0iMA>Fw1A7^! zjWIuN1(txYN-&CsA=aM_YQ8v{TRA>E)cnZgb;L`NZc;5so*vJ!j@ERKqyecyb+!b? zb6S6;Du|&WXBC52*%N z+Rr=1CJP$nE3U9vc1j2w z^=bm^8^p4jwua6J2vDDb5b6CGO!gJqkB?4{TXvte9NV`^J|s*B2lm?(IKz0WegMNdC(@MtMtEgL@_?#&JxY@J@ysGE6a+w?t#H_eg1mNm zX@^zge$D=nRyhT-vZk2plp0egX z;wh=|Ya6Jq42yraaTAd`F@*YhcCj8;`o$#g9c{w#1j)m4L4a>-fxr0 zq9ePt5m$!UYCOe^6aez+bCtQX{%TyP4eFIGRbw#a6^p{TuiI7MD&_wQDA<*cTd( z&-f~A&f#-Kx@^Jpak3HpQ1jOYopW`CGnT#_srRRA*psBivBuzwUHW&Q+g{}&n^Z%+ z-`}FK?><6OK=Sn_&Ez*vas`L@tkV6iY9fozW55&GgW`|FzeE<|nfvWH5g z{!KE#dSlvhrrU0@V+Q39mpchR9r}8H-N?!6p-^R-;CVGF7EFF#ms^%M#DVSL2lnR- zEl%9%Ti)#V+zJ+$wCAt^&D)5|ntTSAPR~Q|9lNFOl@%=+%Hc&rZ=THe@Q>Gz@DiOI*({wMijaq?t z!Tta^Ybig@GrkX#-aHO$fSh7q5Z*dcgS|<|Acicb8FN=bH!v@_WtF-7z6U z8EZ*}ipNScAg{2vo`9;#l7+w&E!P^Cl9GuEN^Qi4BUdmhnok=>f$~G$$kR`>Jh{Tp z7CysG2GrjcUSA^Fo&IT_U1)wmP0a)Kz8)q(AsJT-uND_YgvvsMm1e!WDr=+R7lw9z zDi;lJ{yZ?A6{AIzH^eI#55kY!d~6yv0PI2%XBpc3g1AYQr^w^hoCIR;Fr@qt!vfVw-m) z)Ov?OOnrMoF6WuQo^a=?&kN^D_KwNtXFdm>NkmQYY3c_+{llqYO=kz}^23Adop1Vw z3>kBY<$~7FCryXk9=a*Bz61HVs{X$8H?F0!-IFgRP0wqX-xkvq^-|s`Z!ffI7t^Hu EFAdOCwEzGB literal 0 HcmV?d00001 diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek.crt b/DasharoPayloadPkg/SecureBootDefaultKeys/MicCorKEKCA2011_2011-06-24.crt similarity index 100% rename from DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek.crt rename to DasharoPayloadPkg/SecureBootDefaultKeys/MicCorKEKCA2011_2011-06-24.crt diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-2.crt b/DasharoPayloadPkg/SecureBootDefaultKeys/MicCorUEFCA2011_2011-06-27.crt similarity index 100% rename from DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-2.crt rename to DasharoPayloadPkg/SecureBootDefaultKeys/MicCorUEFCA2011_2011-06-27.crt diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-1.crt b/DasharoPayloadPkg/SecureBootDefaultKeys/MicWinProPCA2011_2011-10-19.crt similarity index 100% rename from DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-1.crt rename to DasharoPayloadPkg/SecureBootDefaultKeys/MicWinProPCA2011_2011-10-19.crt diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/README b/DasharoPayloadPkg/SecureBootDefaultKeys/README similarity index 55% rename from DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/README rename to DasharoPayloadPkg/SecureBootDefaultKeys/README index 5182454b97..2f1665aa21 100644 --- a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/README +++ b/DasharoPayloadPkg/SecureBootDefaultKeys/README @@ -1,8 +1,9 @@ # PK certificate generation * Do not save private key for re-usage. -* Generate a RSA 2048 / SHA256 x509 certificate +* Generate a RSA 2048 x509 certificate * Exponent should be 65537 * Microsoft certificates can be found here: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance +* Date of downloading Microsoft certificates and DBX: 28-10-2022 -openssl req -outform DER -newkey rsa:2048 -keyout /dev/null -passout file:<(head -c 40 /dev/urandom) -x509 -days 365 -out pk.crt +openssl req -outform DER -newkey rsa:2048 -keyout /dev/null -passout file:<(head -c 40 /dev/urandom) -x509 -days 1825 -out pk.crt -subj "/C=PL/ST=Pomerania/L=Gdansk/O=3mdeb Sp. z o.o./CN=Dasharo PK/emailAddress=contact@dasharo.com" diff --git a/DasharoPayloadPkg/SecureBootDefaultKeys/pk.crt b/DasharoPayloadPkg/SecureBootDefaultKeys/pk.crt new file mode 100644 index 0000000000000000000000000000000000000000..e0e0156c9907acba253954f3898508f28254167d GIT binary patch literal 1011 zcmXqLVt#MX#B_ZDGZP~dlZfy`kJAQkyHD@9a5BqzUSvndvGw~6c-c6$+C196^D;7W zvoaVowi$98aI!Invaks=1^5^W83=$l96X!>`MIe@iFuichWtQHKrwb6Husdoyy9#_ zNds|^02hydac)X#l0tBSoaD<`9v zaB_ZLNn&z|LkdKRUUGh}ft)z6k&&T+k%ghDsey@M6p(8UI5S-V_sacE@X*u)=@*>aELX@vu}(TYt7$ z<-}6G`r5BnMN^;8VhdR0+ApF0>SwKIPTTeA4F5!Vee4c*T39G##%~Y2zc^s|+>OC! zCnq)hOg|N=!RgPgr?unQ{_XF4|Cqkh zji2uO*t9LV_nWOE&|WI_Y3cnx8TVx`|8!cn%kRs^CO?>wnJ>k~+%uszhW)p)zV3%fFP>#9CO^2;8WnHW+i{Ke^nDxF zrybe8S=kAt_czNamluZYJHA{_e5P6WO7tsvoo}X&zVd zi=&5&bh5e3Nr@Wu(30*h)|7g{+(+74Kojmu~ KCeVJ4SRnv!YlV3L literal 0 HcmV?d00001 diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf deleted file mode 100644 index 12096f9ce3..0000000000 --- a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf +++ /dev/null @@ -1,59 +0,0 @@ -## @file -# This file handels SecureBoot setup. -# -# Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.
-# -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = SecureBootSetup - MODULE_UNI_FILE = SecureBootSetup.uni - FILE_GUID = 14693BD4-D114-4177-979E-37F279BAD620 - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 0.1 - ENTRY_POINT = DriverEntry - -# -# VALID_ARCHITECTURES = IA32 X64 -# - -[Sources] - SecureBootSetup.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - SecurityPkg/SecurityPkg.dec - DasharoPayloadPkg/DasharoPayloadPkg.dec - -[Guids] - gEfiCertPkcs7Guid - gEfiCertX509Guid - gEfiCustomModeEnableGuid - gEfiGlobalVariableGuid - gEfiImageSecurityDatabaseGuid - gEfiSecureBootEnableDisableGuid - -[LibraryClasses] - BaseMemoryLib - DebugLib - MemoryAllocationLib - UefiRuntimeServicesTableLib - UefiDriverEntryPoint - DxeServicesLib - UefiBootServicesTableLib - PcdLib - -[Protocols] - gEfiTcgProtocolGuid ##CONSUMES - gEfiVariableWriteArchProtocolGuid ## NOTIFY - -[Pcd] - gDasharoPayloadPkgTokenSpaceGuid.PcdSecureBootDefaultEnable - -[Depex] - TRUE diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.uni b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.uni deleted file mode 100644 index 0ea5d32872..0000000000 --- a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.uni +++ /dev/null @@ -1,21 +0,0 @@ -// /** @file -// Provides authenticated variable service for IPF platform -// -// This module installs variable arch protocol and variable write arch protocol to provide -// four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo. -// -// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "Provides authenticated variable service for IPF platform" - -#string STR_MODULE_DESCRIPTION #language en-US "This module installs variable arch protocol and variable write arch protocol to provide four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo." diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetupExtra.uni b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetupExtra.uni deleted file mode 100644 index 9811340573..0000000000 --- a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetupExtra.uni +++ /dev/null @@ -1,17 +0,0 @@ -// /** @file -// EsalVariableDxeSal Localized Strings and Content -// -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - -#string STR_PROPERTIES_MODULE_NAME -#language en-US -"9elements Secure Boot DXE" diff --git a/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/crl.bin b/DasharoPayloadPkg/SecureBootEnrollDefaultKeys/keys/crl.bin deleted file mode 100644 index 728316fd8d68052e0252ffc1c58c6b81fa10387f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7085 zcmd7Vc|27A{s(ZgFpPcIVlCM@V_%D`kub;>4Mt-h2BGZxlFCpLA!Lh45h7Vq$X?cb zmA&kH2zPwH_xruw)4jj@$M10;kL%%Ke9n2E_xbpo_j#RT7y+YTW@IJ%^NW#|^c!@A z?m=&&0WLsdbJ=&%vKZ z)6d?~)*a_?H~_*Rd_S)y>3YDzAoOIU?MP@C1VZ*`9I1tIt6_d{5vOM!%wIj_X(hHr zttrxEn4oBb_{8_b$v1jtExvt?D8{SPtv)C(ziAZls*@{R7)Vv3erYm8uC@`pGQK=~ zbYV5c>|x+Io^s|O(; zBO2|fL*#1f?FNRhs*~S7Z(2L1_S2-T z^z2K9=b1sB#VsvIOBV9>TWL;5?6H5VE*Z5Bg~A|Ykeo0GfwUs-01Ih#Ir-s-t4<|C z0f9rpmXMid_hmMl7zGoUYv&Fgo1L2-gL4ar6zGyk z0jR@EM$RlOg_4y*iAdT@%gEZ>*^2=((vo7*a##g11qBBgF|3q=ojgj$UPeyJ0pLC? zc>>M>u!XSL{ZQ}7I-T2&W9qdUGA+LTzB2AIV0;L;;pYL;S+lgVG@{NrdV6~)N=W$n z`ii^#+3n)?csB_T7bm=jmxMjRRf5zsr2Z$hwYu72Q(r#(AqL2bNlJ^8b^{m+O41)q zPL6;;;3fbXF#K~2K%+GNV|@pLx7YuD25*4oaN5ie$N?M*kp0}3q`REdmk_e31eD&b zW5_hVW}UQ*aE(f2ChdGv(O?L5xrhZfVz9~aedH~x&2w?J(da^p;eO{Mb3a;jChPfc zMkiiz`P$ujy?0`XBjLGE1s3EpOAPHS!9k6#|mJqXAW zViXg((g=_OGa!fh0&*DP%gba|djL{;k@flp5eN)}0&xww8uIr?1oCU&Q z-G5{w(iYkCMakpn4Ky+)%0y< z*X)`G)EYrMtUKi`JY7aV?>09dTs>iFFB!ndZa_CdoiERtbhBmSbHvm8X`(Y5FB1Ey zzKp+y7Zd}>$8^>x4DVy}je_4r8rfD$3l6esJdf{tF=en`8og%e*^*I0DKKb^C zW|qf{<0oPhJYM8->d!x!O5b5?9B63&FxxCKmAZH`9yXt_8vm_HcUPT}i8`o4o9Oy! z8Xh~hAqAgffCzg|ZHF@}AMjI2I9}B{s4;l;sl-#*yl9uM*I#8a%|YqCkZ|S?f<^Y+ z6XMdQ40A{ebbj*k`v+G$mh6cQrT(fB{?Wk`=z`e?*AY&)SpSSe15zC70SteoAS(n; zdRmkH6ovmXmX7>&01FgO!-XU>Ci5Y)BU2|+`~5k_Ne@3P69v%!l>_7ej1&j|6nL6f z(CS};%o*$ZFJzoBrBqVnb1ncb{SkPkfH7c{Wss#GrT6zhA_dp4f%kjbc@XeeAN#*T ziPXBJz9ls+saFq^4-g}L12X@=(iyHdvB5pl!m+yTZid zGy_>ZE3@b;1&i4gKG$xO6^Z3uwfyG)qFT<`=sE*-^9yzrihH$HaLli+rZdJIOVe-m z?nusM^8S&QZl_KiJ;@hy*1f>S>y4@!KSYkme%gri#fbT^wkK-*9_cP$_ixh=+~uB{ zN#-sWrb*B{5ENp#zBLf=sOM@m`8)pw`rE|x#{DsTkSqQ54-J~5(nfa`=%;Kh4swv+ zT}R}deU|0BM|ot`^Wyu=s1v!-?Rk6VK_8rOtcgLPtHI1uwDEDu(GhbKoptI{C1Mdt zH=RW+12lHfMWOG+j=%hj9wTG?eqW^lQ}#uwA}6ND;Ry2ROmRSNLs;|$`KJ=JZ&;%7 zdkNyT3Y9a{O`j(_1R|D_&n^kY-_}x73O$A!+*Y@6Xs4~+BO@BD`zYlXp8R2`rt1G$ z%mC>uaMc~XaM$U2Dg9P7dADX`i7`tk_bvc0l9RO^)^$22J?Oa55AAYIrs?Z)bM~jH zakEC5c$EJ}D?=YpCQYbG!6+^J&t;b%x6Wp(ihlF;*k(lvKVCj_B5^0q|6Y?5-HV*# zJme|g+gP5E4K%O4W?}Ggks*xara8vp3K z#jX60mJ*)(IpSPuSDj4orf6QG)D7M(WGP-RTv`aDc+05kCo#Ki>+1=bZq9GV46X;;H>_AiFv1#fRU#kxYIR%e<&%jbk-c2LA`wm2H&PH3yw zsP*$aDAuG^W?aU#% zbyQnSKvHbXv&0O_gLJzhRI~W8UMxH?nO`F!cWDInM=fw9qFGxSs zSQ;`Hxb*VbLgR6+*i&rH4d)Gss>OwB+pepce*Jp0| z>4iKWazfS9LiZB$xQ_G~aOR??-O5#O6kzn#xQPy#NU-0K2+!F`-|Z*T69i9=Ou{s! zd#xf7CtZ~81Qxp=>%0c`Z-xdRMvcD{qbe;D#s`agMbnfwpZI>sw8m3)P%V}lrt;NySP;K~eg7%eAWmn` z_=b~@6S4zdIv_-|6tBDR2iCRMVK!~ndceNheqL}hsK$5&D^?$PAk~s1JQ|gWVcusG z7nNLTpK=3xp_V!Hb7jSc@uGtZ?gf~DCFPwjHT#SXK9^RfSt4{b!2b5`44qTIlxo6h zb{a>?k@8-u&jS1cW0flBdhZbO*3W}I!sZ(Vd8|o%7N&fEfnivg=k0zPdk54dc{VS+ ziV-dUi=S>OFvsGbF17f>_647^LAX!g_KDN4L}XJl4ivgGz@BRC@&zL%%6Y$PH>U1T z{=G_ARKi3io4V*DxV4?rTx32A`-sRP4Y73W@^hr4V;YR{B8KT+>HI2R{++p>2RI z-@4}aE&xj2>mgYo_r|+JM3V3~-+FiQuCYZqrh`5E1x0Er^_D!u%RW^Da%nD=E(JSW zXY%(7I`I>Q!$cae=a7;XIv}@O$V`EqX4Lt#I3@N<{G6K!Lq%8rJ8W;yFY^~k?K*W< zoVYK0xn8e{R)Eqqp^EzDT`je$~nlx4#3D)Rp1bsiRY2z~= z+nd0e1g9JJnze5x$DntC@{n> z?Ton_lO0Sm-GukgC4R|U*BBG+gpU^ENk&ztUb|M+FNq|V$jHk?6MB-qi}$oKg6rd1 z1P?r0N9aD5a*JQDZ-0ypXml9eC{OCBJhg#T^s@nb&(+)bUcPfdCOKMmk58ujc*nrw zOTWSF_;q5azJ1T$2kZ$hrz=h1&cNDtm9)E^uuYGz1r$9VaWKzmvE~P&CmMe7pX)eq zUDgjSK4y&@QyQ%etCuVoEaJRjBjL81EZ9E?_I?7Tsj{Lw%btNHlTYhEtHb$V}-j=IZ{s!zr3#uJnM)XCyBnuUqgucIH%+XcE!Zb+vE=Ork>R@>i?88QsI-hS+ zs&_s}Y3hmYNV8DuP?=?*GslYzUz9Vuj05{v%aq7X_BPI-4+aenwW&SVR`}%Yh7KOQ zR~#QBvZ<7UeO$ke#mb$EjfB#oWNK$yTyg)k824LRNmzCQ?;8uvYOs%Amwui>_I`^M zn%!}m(xDwPucVTtEc43n^4Rr{_8YulpKvofwrd7?9P!x8p$7i8e8pDhUBghVPfR3ZWAws*%2Us|f~}=TS)K*^3|%L7l&zz<>E7)A z24*g1o_qgODV&V^%Imf*MEMJ8u+OVt<(4(=%PytW7O?Plnat&(Gr5yL=;U)=M<>#o zG9T>o*CY%RE|l$;+@}oMzR**HoVT9dTEZ{qi6p%mv(`)i`x3`fUy|KU^?h4&yc9DO z82Ou$e!B|Y_><7L&sfGV(xJgUc3u_w4D2fmxTa<8xl0_$6O^drU`HFO zY1-K-gcXjrIhKx0(wc&O)w17Ec(!h{6t8_!j0{UhlBiTE$IPfl%=s{xbpbP3u&=&G z8B3lHyS(yI&#gj4*1wsmu2|crWN?I7#8>fxWA{e#LoHG6ueog1)^SoXjlVp9Ti6>4 zo-PW99v7@AICegKpf%o#MnI6$7K)ggCN|y;2G6IJUg`>a)y#HyiV1UT$_lmD+^OKf zhcwj_b@eT{$0PAz-|i9_uiBS&@2WX#1+l?M_Z-Hcw4d_GaLhoydy3!w7T9+x?Yy$+ z511`Z*wba(YCgT)c+%)ht%HTxfXt52hH59+54O*x$ZX(5WP=RucDz03WNXci(EaL4 z&_CM=W&6Ii1NL7<`R0@^p6$QH)!4SG-D{yOzxXovS;SF|J9vxnvYuc3-l)5Z(6@-U z-YO-!$41_gRqQuBOWc-Jy&YBjma~84mwel|FEH>EZSDK9`hNQd<8HScCOX=@*Di8_ z=}OuscQ*)lKKotel0D+7dTu(_qMkTH+#|F_M9HN*E*~~NZp3|-U;3wwozqq~A&BXC zQu2-Nebc_w(Cwb1h3+s-q#9bFvBe5p-?Tc7c1opoU&pfWtz6fcO134H#GQ)NqJYOo z7V_;YYQWxi^ay8F-zh&;;44Ypz<6u< zjLN-F{#0Vg-JYi{u_(>xIixTf0rpDJXyel~P2KZH3r@5z7pfHv5?K9vno~o>dYbZN zs|vwB>HgyS#*WdrlxoxJH>J7J zr7quTwl&E7EPTE$Ul79%Xo9`w+jmcVkXx%*4pVBqAV^xtN4hM|pMPM$%f_kI=F#?@mywa1 zmBFBKwjs9xCmVAp3!5;Li>o1z0T+nF!Ncqq6mG~5R1V~^^RPMPCufxA8p;{SfCRXB zL@iTuQgc)DN{SU6(^K=3D;3;xlRON?3`9Wk+&sL_l}V{Z!KulmMVTd)h9U++AaQ0M z?$FenV^Cn-P*Ck9``uch4 zzsw_Pi_;$)ud!PF-TB=Y2}hF{?t@#`3og;x&20bGBb+J9k;Bk`ZB&Z)c`0+xn@zi> z`m(AvMU?r51-?$YaBiNS`h-0vFZ_vmwNz-%cjK?`Oy(}Re6C^F)=w9-Wvdo$DVDmP zeC7Rw3Ey8T`CglL$xOjv!LP|j1>PpuE?J@d{)9x<=DdkKfnA@n=bPQW`KH)I*!A&@ z4}D8@?+0>hUdOg{$=+Du<`c2GehFrm)xR|^v%aYid_wq1hqmTkyy9`CW8RwBcqV2>2FAs~ z27$n2z#J;e$0Eie($q5Va`d?;jqMA0=M{gAovk6Z=YWAcNLrai!a%G6y8?cY0%1nR z|17Kq%s>h`*nz1W80?G;Gd$PZUu!7fiM3gJ@Lp7ScxH?02G{LM5ob*r6gV%|s$R0q zTVA2%e`dzIqpq)0Rqk91Ja?k6^zzafTp3NCzNf`kx9j+>pY`iDkQN3XYa9Xr8%$*C(#)!rNCn zKjr;$y*bHJRE>GhA_nVdm1Ri>!#~ez@w;hbYawHx%Ix;GkWGE*-0xq^H6p~CUYLdV z%(;;w9=7j3pTOP!)pchc_na(gz4vPOo+)0tf;PYI`R#OZ`Wue8^IsJw=_#LIYg#H; e|M$d7pNB%re;RY_75|!39JRH!<;Tx2S9$?qFp2U2 From 3f26844f15c179420c63f96f9850680b81366ad0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Wed, 26 Oct 2022 15:56:02 +0200 Subject: [PATCH 075/357] DasharoPayloadPkg: Add setup menu password driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 10 ++++++++++ DasharoPayloadPkg/DasharoPayloadPkg.fdf | 4 ++++ 2 files changed, 14 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index ec8c36d967..7b675132f6 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -91,6 +91,7 @@ DEFINE OPAL_PASSWORD_ENABLE = FALSE DEFINE LOAD_OPTION_ROMS = TRUE DEFINE DASHARO_SYSTEM_FEATURES_ENABLE = FALSE + DEFINE SETUP_PASSWORD_ENABLE = FALSE # # Network definition # @@ -578,6 +579,15 @@ SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf !endif +!if $(SETUP_PASSWORD_ENABLE) == TRUE +!include DasharoModulePkg/DasharoModuleComponents.dsc.inc +!include DasharoModulePkg/Include/UserAuthFeature.dsc + DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf { + + PlatformPasswordLib|DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf + } +!endif + UefiCpuPkg/CpuDxe/CpuDxe.inf MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index d54be9a638..c027faa571 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -293,6 +293,10 @@ INF SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf INF SecurityPkg/HddPassword/HddPasswordDxe.inf !endif +!if $(SETUP_PASSWORD_ENABLE) == TRUE +INF DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf +!endif + # # Shell # From 4c4d347ef7ee5605754e0ee17e1f482ee79b7e39 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Thu, 10 Feb 2022 14:27:51 -0700 Subject: [PATCH 076/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: Remove broken VGA detection This fixes an issue where the framebuffer provided by coreboot or slimbootloader will only work on the primary VGA device. If the framebuffer corresponds to a different device the screen will stay black. In addition, the code doesn't work for multiple graphic cards, has reference to non existing functions, and is a duplication of common code. Call EfiBootManagerConnectVideoController on every display device found, not only the legacy VGA device. This is the same as OvmfPkg does. Allows to display output on the framebuffer set up by firmware, which might not be the VGA device. Signed-off-by: Patrick Rudolph Reviewed-by: Guo Dong --- .../PlatformBootManagerLib/PlatformConsole.c | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c index a75487a21f..d756206f78 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c @@ -122,7 +122,7 @@ EFI_DEVICE_PATH_PROTOCOL *gPlatformRootBridges[] = { NULL }; -BOOLEAN mDetectVgaOnly; +BOOLEAN mDetectDisplayOnly; /** Add IsaKeyboard to ConIn; add IsaSerial to ConOut, ConIn, ErrOut. @@ -512,7 +512,7 @@ DetectAndPreparePlatformPciDevicePath ( ); ASSERT_EFI_ERROR (Status); - if (!mDetectVgaOnly) { + if (!mDetectDisplayOnly) { // // Here we decide whether it is LPC Bridge // @@ -543,14 +543,14 @@ DetectAndPreparePlatformPciDevicePath ( } // - // Here we decide which VGA device to enable in PCI bus + // Enable all display devices // - if (IS_PCI_VGA (Pci)) { + if (IS_PCI_DISPLAY (Pci)) { // // Add them to ConOut. // - DEBUG ((DEBUG_INFO, "Found PCI VGA device\n")); - PreparePciVgaDevicePath (Handle); + DEBUG ((DEBUG_INFO, "Found PCI Display device\n")); + EfiBootManagerConnectVideoController (Handle); return EFI_SUCCESS; } @@ -561,7 +561,7 @@ DetectAndPreparePlatformPciDevicePath ( /** Do platform specific PCI Device check and add them to ConOut, ConIn, ErrOut - @param[in] DetectVgaOnly - Only detect VGA device if it's TRUE. + @param[in] DetectDisplayOnly - Only detect display device if it's TRUE. @retval EFI_SUCCESS - PCI Device check and Console variable update successfully. @retval EFI_STATUS - PCI Device check or Console variable update fail. @@ -569,10 +569,10 @@ DetectAndPreparePlatformPciDevicePath ( **/ EFI_STATUS DetectAndPreparePlatformPciDevicePaths ( - BOOLEAN DetectVgaOnly -) + BOOLEAN DetectDisplayOnly + ) { - mDetectVgaOnly = DetectVgaOnly; + mDetectDisplayOnly = DetectDisplayOnly; EfiBootManagerUpdateConsoleVariable ( ConIn, From c9c091ecce68a5670c73f4570cb5598dd9400953 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sat, 8 Oct 2022 13:41:10 +0200 Subject: [PATCH 077/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: rewrite connecting devices MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski Signed-off-by: Sergii Dmytruk --- .../PlatformBootManager.c | 311 +++++++++++++----- .../PlatformBootManagerLib/PlatformConsole.c | 219 +----------- 2 files changed, 248 insertions(+), 282 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 26f4f0db94..7d30f56a88 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -152,79 +152,6 @@ PlatformRegisterFvBootOption ( EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); } -STATIC -EFI_STATUS -VisitAllInstancesOfProtocol ( - IN EFI_GUID *Id, - IN PROTOCOL_INSTANCE_CALLBACK CallBackFunction, - IN VOID *Context - ) -{ - EFI_STATUS Status; - UINTN HandleCount; - EFI_HANDLE *HandleBuffer; - UINTN Index; - VOID *Instance; - - // - // Start to check all the PciIo to find all possible device - // - HandleCount = 0; - HandleBuffer = NULL; - Status = gBS->LocateHandleBuffer ( - ByProtocol, - Id, - NULL, - &HandleCount, - &HandleBuffer - ); - if (EFI_ERROR (Status)) { - return Status; - } - - for (Index = 0; Index < HandleCount; Index++) { - Status = gBS->HandleProtocol (HandleBuffer[Index], Id, &Instance); - if (EFI_ERROR (Status)) { - continue; - } - - Status = (*CallBackFunction) ( - HandleBuffer[Index], - Instance, - Context - ); - } - - gBS->FreePool (HandleBuffer); - - return EFI_SUCCESS; -} - -STATIC -EFI_STATUS -EFIAPI -ConnectRootBridge ( - IN EFI_HANDLE RootBridgeHandle, - IN VOID *Instance, - IN VOID *Context - ) -{ - EFI_STATUS Status; - - // - // Make the PCI bus driver connect the root bridge, non-recursively. This - // will produce a number of child handles with PciIo on them. - // - Status = gBS->ConnectController ( - RootBridgeHandle, // ControllerHandle - NULL, // DriverImageHandle - NULL, // RemainingDevicePath -- produce all - // children - FALSE // Recursive - ); - return Status; -} - EFI_DEVICE_PATH * FvFilePath ( EFI_GUID *FileGuid @@ -360,6 +287,207 @@ GetBootManagerMenuAppOption ( return OptionNumber; } + +/** + Check if the handle satisfies a particular condition. + + @param[in] Handle The handle to check. + @param[in] ReportText A caller-allocated string passed in for reporting + purposes. It must never be NULL. + + @retval TRUE The condition is satisfied. + @retval FALSE Otherwise. This includes the case when the condition could not + be fully evaluated due to an error. +**/ +typedef +BOOLEAN +(EFIAPI *FILTER_FUNCTION) ( + IN EFI_HANDLE Handle, + IN CONST CHAR16 *ReportText + ); + + +/** + Process a handle. + + @param[in] Handle The handle to process. + @param[in] ReportText A caller-allocated string passed in for reporting + purposes. It must never be NULL. +**/ +typedef +VOID +(EFIAPI *CALLBACK_FUNCTION) ( + IN EFI_HANDLE Handle, + IN CONST CHAR16 *ReportText + ); + +/** + Locate all handles that carry the specified protocol, filter them with a + callback function, and pass each handle that passes the filter to another + callback. + + @param[in] ProtocolGuid The protocol to look for. + + @param[in] Filter The filter function to pass each handle to. If this + parameter is NULL, then all handles are processed. + + @param[in] Process The callback function to pass each handle to that + clears the filter. +**/ +STATIC +VOID +FilterAndProcess ( + IN EFI_GUID *ProtocolGuid, + IN FILTER_FUNCTION Filter OPTIONAL, + IN CALLBACK_FUNCTION Process + ) +{ + EFI_STATUS Status; + EFI_HANDLE *Handles; + UINTN NoHandles; + UINTN Idx; + + Status = gBS->LocateHandleBuffer (ByProtocol, ProtocolGuid, + NULL /* SearchKey */, &NoHandles, &Handles); + if (EFI_ERROR (Status)) { + // + // This is not an error, just an informative condition. + // + DEBUG ((EFI_D_VERBOSE, "%a: %g: %r\n", __FUNCTION__, ProtocolGuid, + Status)); + return; + } + + ASSERT (NoHandles > 0); + for (Idx = 0; Idx < NoHandles; ++Idx) { + CHAR16 *DevicePathText; + STATIC CHAR16 Fallback[] = L""; + + // + // The ConvertDevicePathToText() function handles NULL input transparently. + // + DevicePathText = ConvertDevicePathToText ( + DevicePathFromHandle (Handles[Idx]), + FALSE, // DisplayOnly + FALSE // AllowShortcuts + ); + if (DevicePathText == NULL) { + DevicePathText = Fallback; + } + + if (Filter == NULL || Filter (Handles[Idx], DevicePathText)) { + Process (Handles[Idx], DevicePathText); + } + + if (DevicePathText != Fallback) { + FreePool (DevicePathText); + } + } + gBS->FreePool (Handles); +} + + +/** + This FILTER_FUNCTION checks if a handle corresponds to a PCI display device. +**/ +STATIC +BOOLEAN +EFIAPI +IsPciDisplay ( + IN EFI_HANDLE Handle, + IN CONST CHAR16 *ReportText + ) +{ + EFI_STATUS Status; + EFI_PCI_IO_PROTOCOL *PciIo; + PCI_TYPE00 Pci; + + Status = gBS->HandleProtocol (Handle, &gEfiPciIoProtocolGuid, + (VOID**)&PciIo); + if (EFI_ERROR (Status)) { + // + // This is not an error worth reporting. + // + return FALSE; + } + + Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint32, 0 /* Offset */, + sizeof Pci / sizeof (UINT32), &Pci); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a: %s: %r\n", __FUNCTION__, ReportText, Status)); + return FALSE; + } + + return IS_PCI_DISPLAY (&Pci); +} + + +/** + This CALLBACK_FUNCTION attempts to connect a handle non-recursively, asking + the matching driver to produce all first-level child handles. +**/ +STATIC +VOID +EFIAPI +Connect ( + IN EFI_HANDLE Handle, + IN CONST CHAR16 *ReportText + ) +{ + EFI_STATUS Status; + + Status = gBS->ConnectController ( + Handle, // ControllerHandle + NULL, // DriverImageHandle + NULL, // RemainingDevicePath -- produce all children + FALSE // Recursive + ); + DEBUG ((EFI_ERROR (Status) ? EFI_D_ERROR : EFI_D_VERBOSE, "%a: %s: %r\n", + __FUNCTION__, ReportText, Status)); +} + + +/** + This CALLBACK_FUNCTION retrieves the EFI_DEVICE_PATH_PROTOCOL from the + handle, and adds it to ConOut and ErrOut. +**/ +STATIC +VOID +EFIAPI +AddOutput ( + IN EFI_HANDLE Handle, + IN CONST CHAR16 *ReportText + ) +{ + EFI_STATUS Status; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + + DevicePath = DevicePathFromHandle (Handle); + if (DevicePath == NULL) { + DEBUG ((EFI_D_ERROR, "%a: %s: handle %p: device path not found\n", + __FUNCTION__, ReportText, Handle)); + return; + } + + Status = EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a: %s: adding to ConOut: %r\n", __FUNCTION__, + ReportText, Status)); + return; + } + + Status = EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a: %s: adding to ErrOut: %r\n", __FUNCTION__, + ReportText, Status)); + return; + } + + DEBUG ((EFI_D_VERBOSE, "%a: %s: added to ConOut and ErrOut\n", __FUNCTION__, + ReportText)); +} + + /** Do the platform specific action before the console is connected. @@ -380,11 +508,6 @@ PlatformBootManagerBeforeConsole ( EFI_BOOT_MANAGER_LOAD_OPTION BootOption; UINTN OptionNumber; - VisitAllInstancesOfProtocol (&gEfiPciRootBridgeIoProtocolGuid, - ConnectRootBridge, NULL); - - PlatformConsoleInit (); - // // Register ENTER as CONTINUE key // @@ -417,6 +540,32 @@ PlatformBootManagerBeforeConsole ( // Dispatch deferred images after EndOfDxe event and ReadyToLock installation. // EfiBootManagerDispatchDeferredImages (); + + // + // Locate the PCI root bridges and make the PCI bus driver connect each, + // non-recursively. This will produce a number of child handles with PciIo on + // them. + // + FilterAndProcess (&gEfiPciRootBridgeIoProtocolGuid, NULL, Connect); + + // + // PCI initialization from above should be sufficient for the discovery and + // processing of consoles. + // + PlatformConsoleInit (); + + // + // Find all display class PCI devices (using the handles from the previous + // step), and connect them non-recursively. This should produce a number of + // child handles with GOPs on them. + // + FilterAndProcess (&gEfiPciIoProtocolGuid, IsPciDisplay, Connect); + + // + // Now add the device path of all handles with GOP on them to ConOut and + // ErrOut. + // + FilterAndProcess (&gEfiGraphicsOutputProtocolGuid, NULL, AddOutput); } CHAR16* @@ -667,6 +816,12 @@ PlatformBootManagerWaitCallback ( (Timeout - TimeoutRemain) * 100 / Timeout, 0 ); + + if (TimeoutRemain == 0) { + gBS->Stall (100 * 1000); + gST->ConOut->ClearScreen (gST->ConOut); + BootLogoEnableLogo (); + } } /** diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c index d756206f78..b793c1ef14 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c @@ -109,19 +109,6 @@ UART_DEVICE_PATH gUartDeviceNode = gUart; VENDOR_DEVICE_PATH gTerminalTypeDeviceNode = gPcAnsiTerminal; VENDOR_DEVICE_PATH gUartDeviceVendorNode = gUartVendor; -// -// Predefined platform root bridge -// -PLATFORM_ROOT_BRIDGE_DEVICE_PATH gPlatformRootBridge0 = { - gPciRootBridge, - gEndEntire -}; - -EFI_DEVICE_PATH_PROTOCOL *gPlatformRootBridges[] = { - (EFI_DEVICE_PATH_PROTOCOL *) &gPlatformRootBridge0, - NULL -}; - BOOLEAN mDetectDisplayOnly; /** @@ -192,130 +179,6 @@ PrepareLpcBridgeDevicePath ( return EFI_SUCCESS; } -/** - Return the GOP device path in the platform. - - @param[in] PciDevicePath - Device path for the PCI graphics device. - @param[out] GopDevicePath - Return the device path with GOP installed. - - @retval EFI_SUCCESS - PCI VGA is added to ConOut. - @retval EFI_INVALID_PARAMETER - The device path parameter is invalid. - @retval EFI_STATUS - No GOP device found. -**/ -EFI_STATUS -GetGopDevicePath ( - IN EFI_DEVICE_PATH_PROTOCOL *PciDevicePath, - OUT EFI_DEVICE_PATH_PROTOCOL **GopDevicePath -) -{ - UINTN Index; - EFI_STATUS Status; - EFI_HANDLE PciDeviceHandle; - EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; - EFI_DEVICE_PATH_PROTOCOL *TempPciDevicePath; - UINTN GopHandleCount; - EFI_HANDLE *GopHandleBuffer; - - if (PciDevicePath == NULL || GopDevicePath == NULL) { - return EFI_INVALID_PARAMETER; - } - - // - // Initialize the GopDevicePath to be PciDevicePath - // - *GopDevicePath = PciDevicePath; - TempPciDevicePath = PciDevicePath; - - Status = gBS->LocateDevicePath ( - &gEfiDevicePathProtocolGuid, - &TempPciDevicePath, - &PciDeviceHandle - ); - if (EFI_ERROR (Status)) { - return Status; - } - - gBS->ConnectController (PciDeviceHandle, NULL, NULL, FALSE); - - Status = gBS->LocateHandleBuffer ( - ByProtocol, - &gEfiGraphicsOutputProtocolGuid, - NULL, - &GopHandleCount, - &GopHandleBuffer - ); - if (!EFI_ERROR (Status)) { - // - // Add all the child handles as possible Console Device - // - for (Index = 0; Index < GopHandleCount; Index++) { - Status = gBS->HandleProtocol (GopHandleBuffer[Index], &gEfiDevicePathProtocolGuid, (VOID*)&TempDevicePath); - if (EFI_ERROR (Status)) { - continue; - } - if (CompareMem ( - PciDevicePath, - TempDevicePath, - GetDevicePathSize (PciDevicePath) - END_DEVICE_PATH_LENGTH - ) == 0) { - // - // In current implementation, we only enable one of the child handles - // as console device, i.e. sotre one of the child handle's device - // path to variable "ConOut" - // In future, we could select all child handles to be console device - // - *GopDevicePath = TempDevicePath; - - // - // Delete the PCI device's path that added by GetPlugInPciVgaDevicePath() - // Add the integrity GOP device path. - // - EfiBootManagerUpdateConsoleVariable (ConOut, NULL, PciDevicePath); - EfiBootManagerUpdateConsoleVariable (ConOut, TempDevicePath, NULL); - } - } - gBS->FreePool (GopHandleBuffer); - } - - return EFI_SUCCESS; -} - -/** - Add PCI VGA to ConOut, ConIn, ErrOut. - - @param[in] DeviceHandle - Handle of PciIo protocol. - - @retval EFI_SUCCESS - PCI VGA is added to ConOut. - @retval EFI_STATUS - No PCI VGA device is added. - -**/ -EFI_STATUS -PreparePciVgaDevicePath ( - IN EFI_HANDLE DeviceHandle -) -{ - EFI_STATUS Status; - EFI_DEVICE_PATH_PROTOCOL *DevicePath; - EFI_DEVICE_PATH_PROTOCOL *GopDevicePath; - - DevicePath = NULL; - Status = gBS->HandleProtocol ( - DeviceHandle, - &gEfiDevicePathProtocolGuid, - (VOID*)&DevicePath - ); - if (EFI_ERROR (Status)) { - return Status; - } - - GetGopDevicePath (DevicePath, &GopDevicePath); - DevicePath = GopDevicePath; - - EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); - - return EFI_SUCCESS; -} - /** Add PCI Serial to ConOut, ConIn, ErrOut. @@ -512,45 +375,28 @@ DetectAndPreparePlatformPciDevicePath ( ); ASSERT_EFI_ERROR (Status); - if (!mDetectDisplayOnly) { - // - // Here we decide whether it is LPC Bridge - // - if ((IS_PCI_LPC (Pci)) || - ((IS_PCI_ISA_PDECODE (Pci)) && - (Pci->Hdr.VendorId == 0x8086) - ) - ) { - // - // Add IsaKeyboard to ConIn, - // add IsaSerial to ConOut, ConIn, ErrOut - // - DEBUG ((DEBUG_INFO, "Found LPC Bridge device\n")); - PrepareLpcBridgeDevicePath (Handle); - return EFI_SUCCESS; - } + // + // Here we decide whether it is LPC Bridge + // + if ((IS_PCI_LPC (Pci)) || + ((IS_PCI_ISA_PDECODE (Pci)) && (Pci->Hdr.VendorId == 0x8086))) { // - // Here we decide which Serial device to enable in PCI bus + // Add IsaKeyboard to ConIn, + // add IsaSerial to ConOut, ConIn, ErrOut // - if (IS_PCI_16550SERIAL (Pci)) { - // - // Add them to ConOut, ConIn, ErrOut. - // - DEBUG ((DEBUG_INFO, "Found PCI 16550 SERIAL device\n")); - PreparePciSerialDevicePath (Handle); - return EFI_SUCCESS; - } + DEBUG ((DEBUG_INFO, "Found LPC Bridge device\n")); + PrepareLpcBridgeDevicePath (Handle); + return EFI_SUCCESS; } - // - // Enable all display devices + // Here we decide which Serial device to enable in PCI bus // - if (IS_PCI_DISPLAY (Pci)) { + if (IS_PCI_16550SERIAL (Pci)) { // - // Add them to ConOut. + // Add them to ConOut, ConIn, ErrOut. // - DEBUG ((DEBUG_INFO, "Found PCI Display device\n")); - EfiBootManagerConnectVideoController (Handle); + DEBUG ((DEBUG_INFO, "Found PCI 16550 SERIAL device\n")); + PreparePciSerialDevicePath (Handle); return EFI_SUCCESS; } @@ -584,39 +430,6 @@ DetectAndPreparePlatformPciDevicePaths ( } -/** - The function will connect root bridge - - @return EFI_SUCCESS Connect RootBridge successfully. - -**/ -EFI_STATUS -ConnectRootBridge ( - VOID -) -{ - EFI_STATUS Status; - EFI_HANDLE RootHandle; - - // - // Make all the PCI_IO protocols on PCI Seg 0 show up - // - Status = gBS->LocateDevicePath ( - &gEfiDevicePathProtocolGuid, - &gPlatformRootBridges[0], - &RootHandle - ); - if (EFI_ERROR (Status)) { - return Status; - } - - Status = gBS->ConnectController (RootHandle, NULL, NULL, FALSE); - if (EFI_ERROR (Status)) { - return Status; - } - - return EFI_SUCCESS; -} /** Platform console init. Include the platform firmware vendor, revision @@ -634,8 +447,6 @@ PlatformConsoleInit ( gUartDeviceNode.Parity = PcdGet8 (PcdUartDefaultParity); gUartDeviceNode.StopBits = PcdGet8 (PcdUartDefaultStopBits); - ConnectRootBridge (); - // // Do platform specific PCI Device check and add them to ConOut, ConIn, ErrOut // From 6d3ace07fafb9ede18e20304b543bbb414dd6363 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sat, 20 Apr 2024 00:33:11 +0300 Subject: [PATCH 078/357] DasharoPayloadPkg/BlSupportPei: add SEC performance report MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/BlSupportPei/BlSupportPei.c | 9 ++++ DasharoPayloadPkg/BlSupportPei/BlSupportPei.h | 1 + .../BlSupportPei/BlSupportPei.inf | 1 + DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 + .../Include/Library/BlParseLib.h | 13 ++++++ .../Library/CbParseLib/CbParseLib.c | 42 +++++++++++++++++++ 6 files changed, 68 insertions(+) diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c index 3e15c4cc8b..773cd59dfb 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c @@ -396,6 +396,7 @@ BlPeiEntryPoint ( EFI_PEI_GRAPHICS_INFO_HOB *NewGfxInfo; EFI_PEI_GRAPHICS_DEVICE_INFO_HOB GfxDeviceInfo; EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *NewGfxDeviceInfo; + FIRMWARE_SEC_PERFORMANCE Performance; // Report lower 640KB of RAM. // Mark memory as reserved to keep coreboot header in place. @@ -589,6 +590,14 @@ BlPeiEntryPoint ( DEBUG ((DEBUG_INFO, "Create acpi board info guid hob\n")); } + // Build SEC Performance Data Hob + Status = ParseTimestampTable(&Performance); + if (!EFI_ERROR (Status)) { + BuildGuidDataHob (&gEfiFirmwarePerformanceGuid, &Performance, sizeof (Performance)); + } else { + DEBUG ((DEBUG_ERROR, "Error when parsing timestamp info, Status = %r\n", Status)); + } + // // Parse platform specific information. // diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h index f1ac54ffda..be5550f5b6 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h @@ -30,6 +30,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf index f63a213a8d..353dfd806b 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf @@ -58,6 +58,7 @@ gUefiAcpiBoardInfoGuid gEfiSMMSTOREInfoHobGuid gEfiTcgPhysicalPresenceInfoHobGuid + gEfiFirmwarePerformanceGuid [Ppis] gEfiPeiMasterBootModePpiGuid diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 7b675132f6..f90cc4323b 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -328,6 +328,7 @@ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf !endif + PerformanceLib|MdeModulePkg/Library/PeiPerformanceLib/PeiPerformanceLib.inf [LibraryClasses.common.DXE_CORE] PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf @@ -386,6 +387,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwarePerformanceDataTableS3Support|FALSE [PcdsFixedAtBuild] # UEFI spec: Minimal value is 0x8000! diff --git a/DasharoPayloadPkg/Include/Library/BlParseLib.h b/DasharoPayloadPkg/Include/Library/BlParseLib.h index 48cfd4e496..bbaf2490ad 100644 --- a/DasharoPayloadPkg/Include/Library/BlParseLib.h +++ b/DasharoPayloadPkg/Include/Library/BlParseLib.h @@ -14,6 +14,7 @@ #include #include #include +#include #ifndef __BOOTLOADER_PARSE_LIB__ #define __BOOTLOADER_PARSE_LIB__ @@ -166,4 +167,16 @@ ParseVBootWorkbuf ( OUT CONST CHAR8 **RecoveryReason ); +/** + Parse the coreboot timestamps + + @retval RETURN_SUCCESS Successfully find the timestamps information. + @retval RETURN_NOT_FOUND Failed to find the tiemstamps information . +**/ +RETURN_STATUS +EFIAPI +ParseTimestampTable ( + OUT FIRMWARE_SEC_PERFORMANCE *Performance + ); + #endif diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c index 8852d06b64..9d1cf84aff 100644 --- a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c @@ -871,3 +871,45 @@ ParseVBootWorkbuf ( return RETURN_SUCCESS; } + +PACKED struct timestamp_entry { + UINT32 entry_id; + UINT64 entry_stamp; +}; + +PACKED struct timestamp_table { + UINT64 base_time; + UINT16 max_entries; + UINT16 tick_freq_mhz; + UINT32 num_entries; + struct timestamp_entry entries[0]; /* Variable number of entries */ +}; + + +/** + Parse the coreboot timestamps + + @retval RETURN_SUCCESS Successfully find the timestamps information. + @retval RETURN_NOT_FOUND Failed to find the tiemstamps information . + +**/ +RETURN_STATUS +EFIAPI +ParseTimestampTable ( + OUT FIRMWARE_SEC_PERFORMANCE *Performance + ) +{ + struct timestamp_table *CbTsRec; + + if (Performance == NULL) { + return RETURN_INVALID_PARAMETER; + } + + CbTsRec = FindCbTag (CB_TAG_TIMESTAMPS); + if (CbTsRec == NULL) { + return RETURN_NOT_FOUND; + } + + Performance->ResetEnd = CbTsRec->base_time; + return RETURN_SUCCESS; +} From 3101da476420b73074d66c36789ccf99e40c3227 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sat, 13 Apr 2024 23:43:21 +0300 Subject: [PATCH 079/357] DasharoPayloadPkg/AcpiPlatformDxe: use platform module for ACPI tables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../AcpiPlatformDxe/AcpiPlatform.c | 491 ++++++++++++++++++ .../AcpiPlatformDxe/AcpiPlatform.uni | 16 + .../AcpiPlatformDxe/AcpiPlatformDxe.inf | 58 +++ .../AcpiPlatformDxe/AcpiPlatformExtra.uni | 14 + DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c | 9 - DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 + DasharoPayloadPkg/DasharoPayloadPkg.fdf | 6 + 7 files changed, 587 insertions(+), 9 deletions(-) create mode 100644 DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c create mode 100644 DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.uni create mode 100644 DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf create mode 100644 DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatformExtra.uni diff --git a/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c b/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c new file mode 100644 index 0000000000..58c6a57d0e --- /dev/null +++ b/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c @@ -0,0 +1,491 @@ +/** @file + Sample ACPI Platform Driver + + Copyright (c) 2008 - 2018, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +EFI_ACPI_TABLE_PROTOCOL *mAcpiProtocol; +EFI_ACPI_SDT_PROTOCOL *mSdtProtocol; +EFI_EVENT mEfiExitBootServicesEvent; + +EFI_STATUS +EFIAPI +InstallTablesFromXsdt ( + IN EFI_ACPI_DESCRIPTION_HEADER *Xsdt, + IN UINTN *TableHandle, + OUT EFI_ACPI_DESCRIPTION_HEADER *DsdtTable + ) +{ + EFI_STATUS Status; + EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *FadtTable; + VOID *CurrentTableEntry; + UINTN CurrentTablePointer; + EFI_ACPI_DESCRIPTION_HEADER *CurrentTable; + UINTN Index; + UINTN NumberOfTableEntries; + + Status = EFI_SUCCESS; + // + // Retrieve the addresses of XSDT and + // calculate the number of its table entries. + // + NumberOfTableEntries = (Xsdt->Length - + sizeof (EFI_ACPI_DESCRIPTION_HEADER)) / + sizeof (UINT64); + // + // Install ACPI tables found in XSDT. + // + for (Index = 0; Index < NumberOfTableEntries; Index++) { + // + // Get the table entry from XSDT + // + CurrentTableEntry = (VOID *) ((UINT8 *) Xsdt + + sizeof (EFI_ACPI_DESCRIPTION_HEADER) + + Index * sizeof (UINT64)); + CurrentTablePointer = (UINTN) *(UINT64 *) CurrentTableEntry; + CurrentTable = (EFI_ACPI_DESCRIPTION_HEADER *) CurrentTablePointer; + + // + // Install the XSDT tables + // + Status = mAcpiProtocol->InstallAcpiTable ( + mAcpiProtocol, + CurrentTable, + CurrentTable->Length, + TableHandle + ); + + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Get the FACS and DSDT table address from the table FADT + // + if (!AsciiStrnCmp ((CHAR8 *) &CurrentTable->Signature, "FACP", 4)) { + FadtTable = (EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *) + (UINTN) CurrentTablePointer; + DsdtTable = (EFI_ACPI_DESCRIPTION_HEADER *) (UINTN) FadtTable->XDsdt; + } + } + + return Status; +} + + +EFI_STATUS +EFIAPI +InstallTablesFromRsdt ( + IN EFI_ACPI_DESCRIPTION_HEADER *Rsdt, + IN UINTN *TableHandle, + OUT EFI_ACPI_DESCRIPTION_HEADER *DsdtTable + ) +{ + EFI_STATUS Status; + EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *FadtTable; + VOID *CurrentTableEntry; + UINTN CurrentTablePointer; + EFI_ACPI_DESCRIPTION_HEADER *CurrentTable; + UINTN Index; + UINTN NumberOfTableEntries; + + Status = EFI_SUCCESS; + // + // Retrieve the addresses of RSDT and + // calculate the number of its table entries. + // + NumberOfTableEntries = (Rsdt->Length - + sizeof (EFI_ACPI_DESCRIPTION_HEADER)) / + sizeof (UINT32); + // + // Install ACPI tables found in RSDT. + // + for (Index = 0; Index < NumberOfTableEntries; Index++) { + // + // Get the table entry from RSDT + // + CurrentTableEntry = (VOID *) ((UINT8 *) Rsdt + + sizeof (EFI_ACPI_DESCRIPTION_HEADER) + + Index * sizeof (UINT32)); + CurrentTablePointer = (UINTN) *(UINT32 *) CurrentTableEntry; + CurrentTable = (EFI_ACPI_DESCRIPTION_HEADER *) CurrentTablePointer; + + // + // Install the RSDT tables + // + Status = mAcpiProtocol->InstallAcpiTable ( + mAcpiProtocol, + CurrentTable, + CurrentTable->Length, + TableHandle + ); + + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Get the FACS and DSDT table address from the table FADT + // + if (!AsciiStrnCmp ((CHAR8 *) &CurrentTable->Signature, "FACP", 4)) { + FadtTable = (EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *) + (UINTN) CurrentTablePointer; + DsdtTable = (EFI_ACPI_DESCRIPTION_HEADER *) (UINTN) FadtTable->Dsdt; + } + } + + return Status; +} + +/** + This function uses the ACPI SDT protocol to locate an ACPI table. + It is really only useful for finding tables that only have a single instance, + e.g. FADT, FACS, MADT, etc. It is not good for locating SSDT, etc. + Matches are determined by finding the table with ACPI table that has + a matching signature. + + @param[in] Signature - Pointer to an ASCII string containing the OEM Table ID from the ACPI table header + @param[in, out] Table - Updated with a pointer to the table + @param[in, out] Handle - AcpiSupport protocol table handle for the table found + @param[in, out] Version - The version of the table desired + + @retval EFI_SUCCESS - The function completed successfully. + @retval EFI_NOT_FOUND - Failed to locate AcpiTable. + @retval EFI_NOT_READY - Not ready to locate AcpiTable. +**/ +EFI_STATUS +EFIAPI +LocateAcpiTableBySignature ( + IN UINT32 Signature, + IN OUT EFI_ACPI_DESCRIPTION_HEADER **Table, + IN OUT UINTN *Handle + ) +{ + EFI_STATUS Status; + INTN Index; + EFI_ACPI_TABLE_VERSION Version; + EFI_ACPI_DESCRIPTION_HEADER *OrgTable; + + /// + /// Locate table with matching ID + /// + Version = 0; + Index = 0; + do { + Status = mSdtProtocol->GetAcpiTable (Index, (EFI_ACPI_SDT_HEADER **)&OrgTable, &Version, Handle); + if (Status == EFI_NOT_FOUND) { + break; + } + ASSERT_EFI_ERROR (Status); + Index++; + } while (OrgTable->Signature != Signature); + + if (Status != EFI_NOT_FOUND) { + *Table = AllocateCopyPool (OrgTable->Length, OrgTable); + ASSERT (*Table); + } + + /// + /// If we found the table, there will be no error. + /// + return Status; +} + + +/** + This function calculates RCR based on PCI Device ID and Vendor ID from the devices + available on the platform. + It also includes other instances of BIOS change to calculate CRC and provides as + HWSignature filed in FADT table. +**/ +VOID +IsHardwareChange ( + VOID + ) +{ + EFI_STATUS Status; + UINTN Index; + UINTN HandleCount; + EFI_HANDLE *HandleBuffer; + EFI_PCI_IO_PROTOCOL *PciIo; + UINT32 CRC; + UINT32 *HWChange; + UINTN HWChangeSize; + UINT32 PciId; + UINTN Handle; + EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE *FacsPtr; + EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *pFADT; + + HandleCount = 0; + HandleBuffer = NULL; + + Status = gBS->LocateHandleBuffer ( + ByProtocol, + &gEfiPciIoProtocolGuid, + NULL, + &HandleCount, + &HandleBuffer + ); + if (EFI_ERROR (Status)) { + return; // PciIO protocol not installed yet! + } + + // + // Allocate memory for HWChange and add additional entrie for + // pFADT->XDsdt + // + HWChangeSize = HandleCount + 1; + HWChange = AllocateZeroPool (sizeof(UINT32) * HWChangeSize); + ASSERT(HWChange != NULL); + + if (HWChange == NULL) return; + + // + // add HWChange inputs: PCI devices + // + for (Index = 0; HandleCount > 0; HandleCount--) { + PciId = 0; + Status = gBS->HandleProtocol (HandleBuffer[Index], &gEfiPciIoProtocolGuid, (VOID **) &PciIo); + if (!EFI_ERROR (Status)) { + Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint32, 0, 1, &PciId); + if (EFI_ERROR (Status)) { + continue; + } + HWChange[Index++] = PciId; + } + } + + // + // Locate FACP Table + // + Handle = 0; + Status = LocateAcpiTableBySignature ( + EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE, + (EFI_ACPI_DESCRIPTION_HEADER **) &pFADT, + &Handle + ); + if (EFI_ERROR (Status) || (pFADT == NULL)) { + return; //Table not found or out of memory resource for pFADT table + } + + // + // add HWChange inputs: others + // + HWChange[Index++] = (UINT32)pFADT->XDsdt; + + // + // Calculate CRC value with HWChange data. + // + Status = gBS->CalculateCrc32(HWChange, HWChangeSize, &CRC); + DEBUG ((DEBUG_INFO, "CRC = %x and Status = %r\n", CRC, Status)); + + // + // Set HardwareSignature value based on CRC value. + // + FacsPtr = (EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE *)(UINTN)pFADT->FirmwareCtrl; + FacsPtr->HardwareSignature = CRC; + FreePool (HWChange); +} + +VOID +EFIAPI +AcpiEndOfDxeEvent ( + EFI_EVENT Event, + VOID *ParentImageHandle + ) +{ + if (Event != NULL) { + gBS->CloseEvent (Event); + } + + // + // Calculate Hardware Signature value based on current platform configurations + // + IsHardwareChange (); +} + +/** On exiting boot services we must make sure the new RSDP is in the legacy + segment where coreboot expects it. +**/ +STATIC +VOID +EFIAPI +AcpiExitBootServicesEventNotify ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + UINTN Ptr; + EFI_STATUS Status; + EFI_ACPI_6_3_ROOT_SYSTEM_DESCRIPTION_POINTER *cbRsdp; + EFI_ACPI_6_3_ROOT_SYSTEM_DESCRIPTION_POINTER *Rsdp; + + cbRsdp = NULL; + Rsdp = NULL; + + /* Find coreboot RSDP. */ + for (Ptr = 0xe0000; Ptr < 0xfffff; Ptr += 16) { + if (!AsciiStrnCmp ((CHAR8 *)Ptr, "RSD PTR ", 8)) { + cbRsdp = (EFI_ACPI_6_3_ROOT_SYSTEM_DESCRIPTION_POINTER *)Ptr; + break; + } + } + + if (cbRsdp == NULL) { + DEBUG ((EFI_D_ERROR, "No coreboot RSDP found, wake up from S3 not possible.\n")); + return; + } + + Status = EfiGetSystemConfigurationTable (&gEfiAcpiTableGuid, (VOID **) &Rsdp); + if (EFI_ERROR (Status) || (Rsdp == NULL)) { + DEBUG ((EFI_D_ERROR, "No RSDP found, wake up from S3 not possible.\n")); + return; + } + + CopyMem((VOID *)cbRsdp, (CONST VOID *)Rsdp, sizeof(*Rsdp)); + DEBUG ((EFI_D_INFO, "coreboot RSDP updated\n")); +} + +/** + Entrypoint of Acpi Platform driver. + + @param ImageHandle + @param SystemTable + + @return EFI_SUCCESS + @return EFI_LOAD_ERROR + @return EFI_OUT_OF_RESOURCES + +**/ +EFI_STATUS +EFIAPI +AcpiPlatformEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HOB_GUID_TYPE *GuidHob; + EFI_ACPI_6_3_ROOT_SYSTEM_DESCRIPTION_POINTER *Rsdp; + SYSTEM_TABLE_INFO *SystemTableInfo; + EFI_ACPI_DESCRIPTION_HEADER *DsdtTable; + UINTN TableHandle; + EFI_EVENT EndOfDxeEvent; + + TableHandle = 0; + + // + // Find the AcpiTable protocol + // + Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID**)&mAcpiProtocol); + ASSERT_EFI_ERROR (Status); + + Status = gBS->LocateProtocol (&gEfiAcpiSdtProtocolGuid, NULL, (VOID **)&mSdtProtocol); + ASSERT_EFI_ERROR (Status); + + // + // Find the system table information guid hob + // + GuidHob = GetFirstGuidHob (&gUefiSystemTableInfoGuid); + ASSERT (GuidHob != NULL); + SystemTableInfo = (SYSTEM_TABLE_INFO *)GET_GUID_HOB_DATA (GuidHob); + + // + // Set pointers to ACPI tables + // + if (SystemTableInfo->AcpiTableBase != 0 && SystemTableInfo->AcpiTableSize != 0) { + ASSERT_EFI_ERROR (Status); + } + + Rsdp = (EFI_ACPI_6_3_ROOT_SYSTEM_DESCRIPTION_POINTER *) SystemTableInfo->AcpiTableBase; + // + // If XSDT table is found, just install its tables. + // + if (Rsdp->XsdtAddress) { + Status = InstallTablesFromXsdt ((EFI_ACPI_DESCRIPTION_HEADER *)(UINTN)Rsdp->XsdtAddress, + &TableHandle, DsdtTable); + if (EFI_ERROR (Status)) { + DEBUG((DEBUG_ERROR, "Failed to install ACPI tables from XSDT\n")); + return Status; + } + } else { + DEBUG((DEBUG_ERROR, "XSDT not found, trying RSDT\n")); + if (Rsdp->RsdtAddress) { + Status = InstallTablesFromRsdt ((EFI_ACPI_DESCRIPTION_HEADER *)(UINTN)Rsdp->RsdtAddress, + &TableHandle, DsdtTable); + if (EFI_ERROR (Status)) { + DEBUG((DEBUG_ERROR, "Failed to install ACPI tables from RSDT\n")); + return Status; + } + } else { + DEBUG((DEBUG_ERROR, "RSDT not found. Failed to install ACPI tables\n")); + ASSERT_EFI_ERROR (Status); + } + } + + if (!AsciiStrnCmp ((CHAR8 *) &DsdtTable->Signature, "DSDT", 4)) { + // + // Install DSDT table. + // + Status = mAcpiProtocol->InstallAcpiTable ( + mAcpiProtocol, + DsdtTable, + DsdtTable->Length, + &TableHandle + ); + + if (EFI_ERROR (Status)) { + return Status; + } + } else { + DEBUG((DEBUG_ERROR, "DSDT not found\n")); + ASSERT_EFI_ERROR (Status); + } + + // + // Create an End of DXE event. + // + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + AcpiEndOfDxeEvent, + NULL, + &gEfiEndOfDxeEventGroupGuid, + &EndOfDxeEvent + ); + ASSERT_EFI_ERROR (Status); + + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + AcpiExitBootServicesEventNotify, + NULL, + &gEfiEventExitBootServicesGuid, + &mEfiExitBootServicesEvent + ); + ASSERT_EFI_ERROR (Status); + + return Status; +} + diff --git a/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.uni b/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.uni new file mode 100644 index 0000000000..4b8d33dbcc --- /dev/null +++ b/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.uni @@ -0,0 +1,16 @@ +// /** @file +// Sample ACPI Platform Driver +// +// Sample ACPI Platform Driver +// +// Copyright (c) 2008 - 2018, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Sample ACPI Platform Driver" + +#string STR_MODULE_DESCRIPTION #language en-US "Sample ACPI Platform Driver" + diff --git a/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf b/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf new file mode 100644 index 0000000000..f84efc0819 --- /dev/null +++ b/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf @@ -0,0 +1,58 @@ +## @file +# Sample ACPI Platform Driver +# +# Copyright (c) 2008 - 2018, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = AcpiPlatform + MODULE_UNI_FILE = AcpiPlatform.uni + FILE_GUID = cb933912-df8f-4305-b1f9-7b44fa11395c + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = AcpiPlatformEntryPoint + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + AcpiPlatform.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec + +[LibraryClasses] + UefiLib + PcdLib + DebugLib + HobLib + BaseMemoryLib + UefiBootServicesTableLib + UefiDriverEntryPoint + +[Protocols] + gEfiAcpiTableProtocolGuid ## CONSUMES + gEfiAcpiSdtProtocolGuid ## CONSUMES + gEfiPciIoProtocolGuid ## CONSUMES + +[Guids] + gUefiSystemTableInfoGuid ## CONSUMES + gEfiEndOfDxeEventGroupGuid ## CONSUMES + gEfiEventExitBootServicesGuid ## CONSUMES + gEfiAcpiTableGuid ## CONSUMES + +[Depex] + gEfiAcpiTableProtocolGuid AND + gEfiAcpiSdtProtocolGuid AND + gEfiPciRootBridgeIoProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + AcpiPlatformExtra.uni diff --git a/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatformExtra.uni b/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatformExtra.uni new file mode 100644 index 0000000000..7e7728ef9b --- /dev/null +++ b/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatformExtra.uni @@ -0,0 +1,14 @@ +// /** @file +// AcpiPlatform Localized Strings and Content +// +// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + +#string STR_PROPERTIES_MODULE_NAME +#language en-US +"ACPI Platform Sample DXE Driver" + + diff --git a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c index 16fe5c63f9..df59ac2630 100644 --- a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c +++ b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c @@ -222,15 +222,6 @@ BlDxeEntryPoint ( ASSERT (GuidHob != NULL); SystemTableInfo = (SYSTEM_TABLE_INFO *)GET_GUID_HOB_DATA (GuidHob); - // - // Install Acpi Table - // - if (SystemTableInfo->AcpiTableBase != 0 && SystemTableInfo->AcpiTableSize != 0) { - DEBUG ((DEBUG_ERROR, "Install Acpi Table at 0x%lx, length 0x%x\n", SystemTableInfo->AcpiTableBase, SystemTableInfo->AcpiTableSize)); - Status = gBS->InstallConfigurationTable (&gEfiAcpiTableGuid, (VOID *)(UINTN)SystemTableInfo->AcpiTableBase); - ASSERT_EFI_ERROR (Status); - } - // // Install Smbios Table // diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index f90cc4323b..4c898958df 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -402,6 +402,7 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey|$(BOOT_MENU_KEY) gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey|$(SETUP_MENU_KEY) gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|$(LOAD_OPTION_ROMS) + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiExposedTableVersions|0x3C !if $(SOURCE_DEBUG_ENABLE) gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 @@ -649,6 +650,7 @@ # ACPI Support # MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf + DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf # # PCI Support diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index c027faa571..4343df6d2b 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -136,6 +136,12 @@ INF MdeModulePkg/Logo/LogoDxe.inf INF DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf !endif +# +# ACPI Support +# +INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf +INF DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf + # # PCI Support # From 65b5ce18e3cbb6dc64024d477464f114f9bb6043 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sun, 28 Feb 2021 01:35:35 +0100 Subject: [PATCH 080/357] DasharoPayloadPkg: add new modules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 26 +++++++++++++++++++++++-- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 17 ++++++++++++++-- 2 files changed, 39 insertions(+), 4 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 4c898958df..652ba97d2e 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -309,6 +309,7 @@ MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf + PerformanceLib|MdeModulePkg/Library/PeiPerformanceLib/PeiPerformanceLib.inf [LibraryClasses.IA32.PEI_CORE, LibraryClasses.IA32.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf @@ -317,6 +318,7 @@ MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf ExtractGuidedSectionLib|MdePkg/Library/PeiExtractGuidedSectionLib/PeiExtractGuidedSectionLib.inf + PerformanceLib|MdeModulePkg/Library/PeiPerformanceLib/PeiPerformanceLib.inf !if $(SOURCE_DEBUG_ENABLE) DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SecPeiDebugAgentLib.inf !endif @@ -336,6 +338,7 @@ MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLib/DxeCoreMemoryAllocationLib.inf ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf + PerformanceLib|MdeModulePkg/Library/DxeCorePerformanceLib/DxeCorePerformanceLib.inf !if $(SOURCE_DEBUG_ENABLE) DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf !endif @@ -348,6 +351,7 @@ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf + PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf !if $(SOURCE_DEBUG_ENABLE) DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf !endif @@ -367,12 +371,14 @@ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf + PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf [LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf !if $(NETWORK_ENABLE) == TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf !endif @@ -525,6 +531,7 @@ } MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei.inf MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf + MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.inf DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -605,8 +612,6 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|$(DASHARO_SYSTEM_FEATURES_ENABLE) } MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf - MdeModulePkg/Application/VariableInfo/VariableInfo.inf - MdeModulePkg/Application/DumpDynPcd/DumpDynPcd.inf PcAtChipsetPkg/HpetTimerDxe/HpetTimerDxe.inf MdeModulePkg/Universal/Metronome/Metronome.inf @@ -638,6 +643,7 @@ MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf + MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.inf DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf @@ -645,6 +651,7 @@ # SMBIOS Support # MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf + MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.inf # # ACPI Support @@ -691,6 +698,7 @@ MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf + MdeModulePkg/Bus/Usb/UsbMouseAbsolutePointerDxe/UsbMouseAbsolutePointerDxe.inf # # ISA Support @@ -699,6 +707,7 @@ !if $(PS2_KEYBOARD_ENABLE) == TRUE OvmfPkg/SioBusDxe/SioBusDxe.inf MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf + MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf !endif # @@ -735,6 +744,19 @@ # SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf + # + # Hash2 + # + SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf { + + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + } + + # + # PKCS7 Verification + # + SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf + !if $(TPM_ENABLE) == TRUE SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 4343df6d2b..69e761c764 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -50,6 +50,7 @@ INF MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei. INF MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf INF DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +INF MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.inf !if $(TPM_ENABLE) == TRUE INF DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -102,6 +103,7 @@ INF MdeModulePkg/Core/Dxe/DxeMain.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf +INF MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.inf INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf INF UefiCpuPkg/CpuDxe/CpuDxe.inf @@ -109,8 +111,6 @@ INF MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf INF MdeModulePkg/Application/UiApp/UiApp.inf INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf -INF MdeModulePkg/Application/VariableInfo/VariableInfo.inf -INF MdeModulePkg/Application/DumpDynPcd/DumpDynPcd.inf INF PcAtChipsetPkg/HpetTimerDxe/HpetTimerDxe.inf INF MdeModulePkg/Universal/Metronome/Metronome.inf INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf @@ -132,6 +132,7 @@ INF DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf INF MdeModulePkg/Logo/LogoDxe.inf +INF MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.inf !if $(BOOTLOADER) == "COREBOOT" INF DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf !endif @@ -155,6 +156,7 @@ INF MdeModulePkg/Universal/SerialDxe/SerialDxe.inf !if $(PS2_KEYBOARD_ENABLE) == TRUE INF OvmfPkg/SioBusDxe/SioBusDxe.inf INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf +INF MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf !endif # @@ -215,6 +217,17 @@ INF MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf INF MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +INF MdeModulePkg/Bus/Usb/UsbMouseAbsolutePointerDxe/UsbMouseAbsolutePointerDxe.inf + +# +# Hash2 +# +INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf + +# +# PKCS7 Verification +# +INF SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf # # Security From d50d4a7f0b5fac51f2dba0e57ab54e3c0c47d817 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sun, 9 Oct 2022 14:32:19 +0200 Subject: [PATCH 081/357] DasharoPayloadPkg: enable ACPI SDT protocol MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + 1 file changed, 1 insertion(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 652ba97d2e..91d07e326b 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -394,6 +394,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwarePerformanceDataTableS3Support|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdInstallAcpiSdtProtocol|TRUE [PcdsFixedAtBuild] # UEFI spec: Minimal value is 0x8000! From 8c6529a633445a39d0aa721b9bf67d5665cfa4b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 31 May 2021 23:56:10 +0200 Subject: [PATCH 082/357] DasharoPayloadPkg: add support for ACPI BGRT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + DasharoPayloadPkg/DasharoPayloadPkg.fdf | 1 + 2 files changed, 2 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 91d07e326b..701fa193d4 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -659,6 +659,7 @@ # MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf + MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf # # PCI Support diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 69e761c764..3688cb04a0 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -142,6 +142,7 @@ INF DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf # INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf INF DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf +INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf # # PCI Support From e640f4e4c70f51b256a4dd695c57f7b51ba1b916 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sun, 9 Oct 2022 14:49:03 +0200 Subject: [PATCH 083/357] DasharoPayloadPkg: Add AcpiView Shell command MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 701fa193d4..d678839cf5 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -197,6 +197,7 @@ SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf + BmpSupportLib|MdeModulePkg/Library/BaseBmpSupportLib/BaseBmpSupportLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf @@ -409,7 +410,6 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey|$(BOOT_MENU_KEY) gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey|$(SETUP_MENU_KEY) gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|$(LOAD_OPTION_ROMS) - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiExposedTableVersions|0x3C !if $(SOURCE_DEBUG_ENABLE) gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 @@ -841,6 +841,7 @@ NULL|ShellPkg/Library/UefiShellDriver1CommandsLib/UefiShellDriver1CommandsLib.inf NULL|ShellPkg/Library/UefiShellInstall1CommandsLib/UefiShellInstall1CommandsLib.inf NULL|ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsLib.inf + NULL|ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.inf #------------------------------ # Networking commands From 166e340a8eaf1674c6efab513b9f133cc25ebfc0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sun, 9 Oct 2022 15:59:21 +0200 Subject: [PATCH 084/357] DasharoPayloadPkg/AcpiPlatformDxe: Install DSDT and FACS first MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../AcpiPlatformDxe/AcpiPlatform.c | 135 ++++++++++++------ 1 file changed, 91 insertions(+), 44 deletions(-) diff --git a/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c b/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c index 58c6a57d0e..60b6dfdb70 100644 --- a/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c +++ b/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c @@ -33,12 +33,13 @@ EFI_STATUS EFIAPI InstallTablesFromXsdt ( IN EFI_ACPI_DESCRIPTION_HEADER *Xsdt, - IN UINTN *TableHandle, - OUT EFI_ACPI_DESCRIPTION_HEADER *DsdtTable + IN UINTN *TableHandle ) { EFI_STATUS Status; EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *FadtTable; + EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE *FacsTable; + EFI_ACPI_DESCRIPTION_HEADER *DsdtTable; VOID *CurrentTableEntry; UINTN CurrentTablePointer; EFI_ACPI_DESCRIPTION_HEADER *CurrentTable; @@ -66,6 +67,48 @@ InstallTablesFromXsdt ( CurrentTablePointer = (UINTN) *(UINT64 *) CurrentTableEntry; CurrentTable = (EFI_ACPI_DESCRIPTION_HEADER *) CurrentTablePointer; + // + // Get the FACS and DSDT table address from the table FADT + // + if (!AsciiStrnCmp ((CHAR8 *) &CurrentTable->Signature, "FACP", 4)) { + FadtTable = (EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *) + (UINTN) CurrentTablePointer; + DsdtTable = (EFI_ACPI_DESCRIPTION_HEADER *) (UINTN) FadtTable->XDsdt; + FacsTable = (EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE *) (UINTN) FadtTable->XFirmwareCtrl; + + if (!AsciiStrnCmp ((CHAR8 *) &DsdtTable->Signature, "DSDT", 4)) { + // + // Install DSDT table. + // + Status = mAcpiProtocol->InstallAcpiTable ( + mAcpiProtocol, + DsdtTable, + DsdtTable->Length, + TableHandle + ); + ASSERT_EFI_ERROR (Status); + } else { + DEBUG((DEBUG_ERROR, "DSDT not found\n")); + ASSERT_EFI_ERROR (Status); + } + + if (!AsciiStrnCmp ((CHAR8 *) &FacsTable->Signature, "FACS", 4)) { + // + // Install the FACS tables + // + Status = mAcpiProtocol->InstallAcpiTable ( + mAcpiProtocol, + FacsTable, + FacsTable->Length, + TableHandle + ); + ASSERT_EFI_ERROR (Status); + } else { + DEBUG((DEBUG_ERROR, "FACS not found\n")); + ASSERT_EFI_ERROR (Status); + } + } + // // Install the XSDT tables // @@ -79,15 +122,6 @@ InstallTablesFromXsdt ( if (EFI_ERROR (Status)) { return Status; } - - // - // Get the FACS and DSDT table address from the table FADT - // - if (!AsciiStrnCmp ((CHAR8 *) &CurrentTable->Signature, "FACP", 4)) { - FadtTable = (EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *) - (UINTN) CurrentTablePointer; - DsdtTable = (EFI_ACPI_DESCRIPTION_HEADER *) (UINTN) FadtTable->XDsdt; - } } return Status; @@ -98,12 +132,13 @@ EFI_STATUS EFIAPI InstallTablesFromRsdt ( IN EFI_ACPI_DESCRIPTION_HEADER *Rsdt, - IN UINTN *TableHandle, - OUT EFI_ACPI_DESCRIPTION_HEADER *DsdtTable + IN UINTN *TableHandle ) { EFI_STATUS Status; EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *FadtTable; + EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE *FacsTable; + EFI_ACPI_DESCRIPTION_HEADER *DsdtTable; VOID *CurrentTableEntry; UINTN CurrentTablePointer; EFI_ACPI_DESCRIPTION_HEADER *CurrentTable; @@ -131,6 +166,47 @@ InstallTablesFromRsdt ( CurrentTablePointer = (UINTN) *(UINT32 *) CurrentTableEntry; CurrentTable = (EFI_ACPI_DESCRIPTION_HEADER *) CurrentTablePointer; + // + // Get the FACS and DSDT table address from the table FADT + // + if (!AsciiStrnCmp ((CHAR8 *) &CurrentTable->Signature, "FACP", 4)) { + FadtTable = (EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *) + (UINTN) CurrentTablePointer; + DsdtTable = (EFI_ACPI_DESCRIPTION_HEADER *) (UINTN) FadtTable->Dsdt; + FacsTable = (EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE *) (UINTN) FadtTable->FirmwareCtrl; + + if (!AsciiStrnCmp ((CHAR8 *) &DsdtTable->Signature, "DSDT", 4)) { + // + // Install DSDT table. + // + Status = mAcpiProtocol->InstallAcpiTable ( + mAcpiProtocol, + DsdtTable, + DsdtTable->Length, + TableHandle + ); + ASSERT_EFI_ERROR (Status); + } else { + DEBUG((DEBUG_ERROR, "DSDT not found\n")); + ASSERT_EFI_ERROR (Status); + } + + if (!AsciiStrnCmp ((CHAR8 *) &FacsTable->Signature, "FACS", 4)) { + // + // Install the FACS tables + // + Status = mAcpiProtocol->InstallAcpiTable ( + mAcpiProtocol, + FacsTable, + FacsTable->Length, + TableHandle + ); + ASSERT_EFI_ERROR (Status); + } else { + DEBUG((DEBUG_ERROR, "FACS not found\n")); + ASSERT_EFI_ERROR (Status); + } + } // // Install the RSDT tables // @@ -144,15 +220,6 @@ InstallTablesFromRsdt ( if (EFI_ERROR (Status)) { return Status; } - - // - // Get the FACS and DSDT table address from the table FADT - // - if (!AsciiStrnCmp ((CHAR8 *) &CurrentTable->Signature, "FACP", 4)) { - FadtTable = (EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *) - (UINTN) CurrentTablePointer; - DsdtTable = (EFI_ACPI_DESCRIPTION_HEADER *) (UINTN) FadtTable->Dsdt; - } } return Status; @@ -389,7 +456,6 @@ AcpiPlatformEntryPoint ( EFI_HOB_GUID_TYPE *GuidHob; EFI_ACPI_6_3_ROOT_SYSTEM_DESCRIPTION_POINTER *Rsdp; SYSTEM_TABLE_INFO *SystemTableInfo; - EFI_ACPI_DESCRIPTION_HEADER *DsdtTable; UINTN TableHandle; EFI_EVENT EndOfDxeEvent; @@ -424,7 +490,7 @@ AcpiPlatformEntryPoint ( // if (Rsdp->XsdtAddress) { Status = InstallTablesFromXsdt ((EFI_ACPI_DESCRIPTION_HEADER *)(UINTN)Rsdp->XsdtAddress, - &TableHandle, DsdtTable); + &TableHandle); if (EFI_ERROR (Status)) { DEBUG((DEBUG_ERROR, "Failed to install ACPI tables from XSDT\n")); return Status; @@ -433,7 +499,7 @@ AcpiPlatformEntryPoint ( DEBUG((DEBUG_ERROR, "XSDT not found, trying RSDT\n")); if (Rsdp->RsdtAddress) { Status = InstallTablesFromRsdt ((EFI_ACPI_DESCRIPTION_HEADER *)(UINTN)Rsdp->RsdtAddress, - &TableHandle, DsdtTable); + &TableHandle); if (EFI_ERROR (Status)) { DEBUG((DEBUG_ERROR, "Failed to install ACPI tables from RSDT\n")); return Status; @@ -444,25 +510,6 @@ AcpiPlatformEntryPoint ( } } - if (!AsciiStrnCmp ((CHAR8 *) &DsdtTable->Signature, "DSDT", 4)) { - // - // Install DSDT table. - // - Status = mAcpiProtocol->InstallAcpiTable ( - mAcpiProtocol, - DsdtTable, - DsdtTable->Length, - &TableHandle - ); - - if (EFI_ERROR (Status)) { - return Status; - } - } else { - DEBUG((DEBUG_ERROR, "DSDT not found\n")); - ASSERT_EFI_ERROR (Status); - } - // // Create an End of DXE event. // From 4a0947fcb978fbc3685ecd402430cf16a66df504 Mon Sep 17 00:00:00 2001 From: Benjamin Doron Date: Sun, 22 May 2022 14:20:55 -0400 Subject: [PATCH 085/357] DasharoPayloadPkg: Add support for logging to CBMEM console Writes TianoCore debug logs into the CBMEM console ringbuffer, from where the user can retrieve them with the `cbmem` userspace utility. The intention is to aid in debugging non-fatal issues even in release builds, or simply make TianoCore's logs available to those interested. Consequently, MDEPKG_NDEBUG must be masked. As an in-memory debug logging library, ASSERTs must be non-fatal to be seen, so they neither dead-loop nor create a breakpoint. It is assumed that ASSERT() neither enforces fatal conditions nor security integrity, as release builds do not call DebugAssert() from the ASSERT macro. More detailed debug logs are produced with the DEBUG_CODE macro, but this guards other debug-related code throughout the codebase. To avoid changing behaviour on release builds, this is only set for debug builds. Tested on QEMU, dumping the appropriate memory region in the UEFI shell shows the TianoCore log. An improved revision of the debug library used in several coreboot-related EDK2 forks, including MrChromebox's. Previous revisions also tested on an Acer Aspire VN7-572G laptop. Cc: Guo Dong Cc: Ray Ni Cc: Maurice Ma Cc: Benjamin You Cc: Sean Rhodes Signed-off-by: Benjamin Doron --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 27 ++++++++++++++++++++----- DasharoPayloadPkg/Include/Coreboot.h | 19 ++++++++++++++--- 2 files changed, 38 insertions(+), 8 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index d678839cf5..84aad66e8a 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -92,6 +92,9 @@ DEFINE LOAD_OPTION_ROMS = TRUE DEFINE DASHARO_SYSTEM_FEATURES_ENABLE = FALSE DEFINE SETUP_PASSWORD_ENABLE = FALSE + DEFINE USE_CBMEM_FOR_CONSOLE = FALSE + DEFINE ABOVE_4G_MEMORY = TRUE + # # Network definition # @@ -122,10 +125,11 @@ [BuildOptions] *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES - GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG +!if $(USE_CBMEM_FOR_CONSOLE) == FALSE GCC:RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG INTEL:RELEASE_*_*_CC_FLAGS = /D MDEPKG_NDEBUG MSFT:RELEASE_*_*_CC_FLAGS = /D MDEPKG_NDEBUG +!endif ################################################################################ @@ -216,8 +220,13 @@ # TimerLib|DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf ResetSystemLib|DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf +!if $(USE_CBMEM_FOR_CONSOLE) == TRUE + SerialPortLib|UefiPayloadPkg/Library/CbSerialPortLib/CbSerialPortLib.inf + PlatformHookLib|MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf +!else SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf PlatformHookLib|DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf +!endif PlatformBootManagerLib|DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf IoApicLib|PcAtChipsetPkg/Library/BaseIoApicLib/BaseIoApicLib.inf @@ -416,7 +425,7 @@ !endif [PcdsPatchableInModule.common] -!if $(TARGET) == DEBUG +!if ($(TARGET) == DEBUG || $(USE_CBMEM_FOR_CONSOLE) == TRUE) gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|TRUE !else gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|FALSE @@ -425,10 +434,18 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -!if $(SOURCE_DEBUG_ENABLE) - gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 +!if $(USE_CBMEM_FOR_CONSOLE) == FALSE + !if $(SOURCE_DEBUG_ENABLE) + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 + !else + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F + !endif !else - gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F + !if $(TARGET) == DEBUG + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x07 + !else + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x03 + !endif !endif # diff --git a/DasharoPayloadPkg/Include/Coreboot.h b/DasharoPayloadPkg/Include/Coreboot.h index 645562fec6..1a3c526641 100644 --- a/DasharoPayloadPkg/Include/Coreboot.h +++ b/DasharoPayloadPkg/Include/Coreboot.h @@ -201,7 +201,14 @@ struct cb_forward { UINT64 forward; }; -#define CB_TAG_FRAMEBUFFER 0x0012 +struct cb_cbmem_ref { + UINT32 tag; + // Field contains size of this struct == 0x0010 + UINT32 size; + UINT64 cbmem_addr; +}; + +#define CB_TAG_FRAMEBUFFER 0x0012 struct cb_framebuffer { UINT32 tag; UINT32 size; @@ -229,8 +236,14 @@ struct cb_vdat { UINT32 vdat_size; }; -#define CB_TAG_TIMESTAMPS 0x0016 -#define CB_TAG_CBMEM_CONSOLE 0x0017 +#define CB_TAG_TIMESTAMPS 0x0016 +#define CB_TAG_CBMEM_CONSOLE 0x0017 +struct cbmem_console { + UINT32 size; + UINT32 cursor; + UINT8 body[0]; +} __attribute__ ((packed)); + #define CB_TAG_MRC_CACHE 0x0018 struct cb_cbmem_tab { UINT32 tag; From 7fd3ec291d265a7438221c5fac96f8be48bca514 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sat, 3 Sep 2022 15:27:50 +0200 Subject: [PATCH 086/357] DasharoPayloadPkg: handle network boot option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Register/unregister iPXE boot option depending on the value of Dasharo/NetworkBoot EFI variable. Signed-off-by: Michał Żygowski Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 4 + DasharoPayloadPkg/DasharoPayloadPkg.fdf | 5 ++ .../PlatformBootManager.c | 90 +++++++++++++++++-- .../PlatformBootManagerLib.inf | 2 + 4 files changed, 96 insertions(+), 5 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 84aad66e8a..3d2588e906 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -758,6 +758,10 @@ } !endif +!if $(DASHARO_SYSTEM_FEATURES_ENABLE) == TRUE + DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.inf +!endif + # # Random Number Generator # diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 3688cb04a0..65acf7d319 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -279,6 +279,7 @@ INF SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf # Typically will be done per platform needs by coreboot. # FILE DRIVER = DEB917C0-C56A-4860-A05B-BF2F22EBB717 { + SECTION DXE_DEPEX_EXP = {gDasharoNetworkBootPolicyGuid} SECTION PE32 = DasharoPayloadPkg/NetworkDrivers/LanRom.efi } !endif @@ -292,6 +293,10 @@ INF SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf } !endif +!if $(DASHARO_SYSTEM_FEATURES_ENABLE) == TRUE + INF DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.inf +!endif + # # Random Number Generator # diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 7d30f56a88..c9c376fd20 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -152,6 +152,68 @@ PlatformRegisterFvBootOption ( EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); } +VOID +PlatformUnregisterFvBootOption ( + EFI_GUID *FileGuid, + CHAR16 *Description, + UINT32 Attributes + ) +{ + EFI_STATUS Status; + INTN OptionIndex; + EFI_BOOT_MANAGER_LOAD_OPTION NewOption; + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; + UINTN BootOptionCount; + MEDIA_FW_VOL_FILEPATH_DEVICE_PATH FileNode; + EFI_LOADED_IMAGE_PROTOCOL *LoadedImage; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + + Status = gBS->HandleProtocol ( + gImageHandle, + &gEfiLoadedImageProtocolGuid, + (VOID **) &LoadedImage + ); + ASSERT_EFI_ERROR (Status); + + EfiInitializeFwVolDevicepathNode (&FileNode, FileGuid); + DevicePath = DevicePathFromHandle (LoadedImage->DeviceHandle); + ASSERT (DevicePath != NULL); + DevicePath = AppendDevicePathNode ( + DevicePath, + (EFI_DEVICE_PATH_PROTOCOL *) &FileNode + ); + ASSERT (DevicePath != NULL); + + Status = EfiBootManagerInitializeLoadOption ( + &NewOption, + LoadOptionNumberUnassigned, + LoadOptionTypeBoot, + Attributes, + Description, + DevicePath, + NULL, + 0 + ); + ASSERT_EFI_ERROR (Status); + FreePool (DevicePath); + + BootOptions = EfiBootManagerGetLoadOptions ( + &BootOptionCount, LoadOptionTypeBoot + ); + + OptionIndex = EfiBootManagerFindLoadOption ( + &NewOption, BootOptions, BootOptionCount + ); + + if (OptionIndex >= 0 && OptionIndex < BootOptionCount) { + Status = EfiBootManagerDeleteLoadOptionVariable (BootOptions[OptionIndex].OptionNumber, + BootOptions[OptionIndex].OptionType); + ASSERT_EFI_ERROR (Status); + } + EfiBootManagerFreeLoadOption (&NewOption); + EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); +} + EFI_DEVICE_PATH * FvFilePath ( EFI_GUID *FileGuid @@ -745,10 +807,13 @@ PlatformBootManagerAfterConsole ( VOID ) { + EFI_STATUS Status; EFI_GRAPHICS_OUTPUT_BLT_PIXEL Black; EFI_GRAPHICS_OUTPUT_BLT_PIXEL White; CHAR16 *BootMenuKey; CHAR16 *SetupMenuKey; + BOOLEAN NetBootEnabled; + UINTN VarSize; Black.Blue = Black.Green = Black.Red = Black.Reserved = 0; White.Blue = White.Green = White.Red = White.Reserved = 0xFF; @@ -769,12 +834,27 @@ PlatformBootManagerAfterConsole ( // Tcg2PhysicalPresenceLibProcessRequest (NULL); - // - // Register iPXE - // - DEBUG((DEBUG_INFO, "Registering iPXE boot option\n")); - PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), L"iPXE Network boot", LOAD_OPTION_ACTIVE); + VarSize = sizeof (NetBootEnabled); + Status = gRT->GetVariable ( + L"NetworkBoot", + &gDasharoSystemFeaturesGuid, + NULL, + &VarSize, + &NetBootEnabled + ); + if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(NetBootEnabled))) { + if (NetBootEnabled) { + // + // Register iPXE + // + DEBUG((DEBUG_INFO, "Registering iPXE boot option\n")); + PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), L"iPXE Network boot", LOAD_OPTION_ACTIVE); + } else { + DEBUG((DEBUG_INFO, "Unregistering iPXE boot option\n")); + PlatformUnregisterFvBootOption (PcdGetPtr (PcdiPXEFile), L"iPXE Network boot", LOAD_OPTION_ACTIVE); + } + } // // Register UEFI Shell // diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index c094fe1663..8837dfb94e 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -32,6 +32,7 @@ MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec DasharoPayloadPkg/DasharoPayloadPkg.dec + DasharoModulePkg/DasharoModulePkg.dec SecurityPkg/SecurityPkg.dec [LibraryClasses] @@ -64,6 +65,7 @@ gEdkiiVT400Guid gEdkiiSCOTermGuid gEfiPcAnsiGuid + gDasharoSystemFeaturesGuid [Protocols] gEfiGenericMemTestProtocolGuid ## CONSUMES From 303f7b908522109f53ccd9b2f3f5a20a5c4c6abe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sat, 3 Sep 2022 18:46:05 +0200 Subject: [PATCH 087/357] DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c: report IOAPIC and HPET resource only if not present in GCD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c | 32 ++++++++++++++++--- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c index df59ac2630..96e98b5c13 100644 --- a/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c +++ b/DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.c @@ -30,7 +30,29 @@ ReserveResourceInGcd ( IN EFI_HANDLE ImageHandle ) { - EFI_STATUS Status; + EFI_STATUS Status; + EFI_GCD_MEMORY_SPACE_DESCRIPTOR GcdDescriptor; + + Status = gDS->GetMemorySpaceDescriptor ((EFI_PHYSICAL_ADDRESS)BaseAddress, &GcdDescriptor); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_ERROR, + "Failed to look up memory space: 0x%lx 0x%lx\n", + BaseAddress, + Length + )); + return EFI_ACCESS_DENIED; + } + + if (GcdDescriptor.GcdMemoryType != EfiGcdMemoryTypeNonExistent) { + DEBUG (( + DEBUG_ERROR, + "Skipping to add memory space: 0x%lx 0x%lx, already exists\n", + BaseAddress, + Length + )); + return EFI_SUCCESS; + } if (IsMMIO) { Status = gDS->AddMemorySpace ( @@ -200,10 +222,10 @@ BlDxeEntryPoint ( IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - EFI_HOB_GUID_TYPE *GuidHob; - SYSTEM_TABLE_INFO *SystemTableInfo; - EFI_PEI_GRAPHICS_INFO_HOB *GfxInfo; + EFI_STATUS Status; + EFI_HOB_GUID_TYPE *GuidHob; + SYSTEM_TABLE_INFO *SystemTableInfo; + EFI_PEI_GRAPHICS_INFO_HOB *GfxInfo; Status = EFI_SUCCESS; // From e7d148eee6959a07e85f102bcfdb4854c87771b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sun, 11 Sep 2022 14:14:01 +0200 Subject: [PATCH 088/357] MdeModulePkg: Add depex for USB modules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf | 5 +++++ MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf | 4 ++++ MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf | 4 ++++ MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf | 5 ++++- MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf | 4 ++++ MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf | 4 ++++ .../UsbMouseAbsolutePointerDxe.inf | 4 ++++ MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouseDxe.inf | 4 ++++ 8 files changed, 33 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf b/MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf index ffce075c23..e92c358f54 100644 --- a/MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf +++ b/MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf @@ -54,6 +54,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + DasharoModulePkg/DasharoModulePkg.dec [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport ## CONSUMES @@ -82,3 +83,7 @@ [UserExtensions.TianoCore."ExtraFiles"] EhciDxeExtra.uni + +[Depex] + gDasharoUsbDriverPolicyGuid + \ No newline at end of file diff --git a/MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf b/MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf index a5da1a9120..491dbd5bc0 100644 --- a/MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf +++ b/MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf @@ -50,6 +50,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + DasharoModulePkg/DasharoModulePkg.dec [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport ## CONSUMES @@ -78,3 +79,6 @@ [UserExtensions.TianoCore."ExtraFiles"] UhciDxeExtra.uni + +[Depex] + gDasharoUsbDriverPolicyGuid diff --git a/MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf b/MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf index 18ef87916a..d085d79d9f 100644 --- a/MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf +++ b/MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf @@ -45,6 +45,7 @@ [Packages] MdePkg/MdePkg.dec + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] MemoryAllocationLib @@ -70,3 +71,6 @@ [UserExtensions.TianoCore."ExtraFiles"] XhciDxeExtra.uni + +[Depex] + gDasharoUsbDriverPolicyGuid diff --git a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf index dd85894346..21045ec8de 100644 --- a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf +++ b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf @@ -43,7 +43,7 @@ [Packages] MdePkg/MdePkg.dec - + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] MemoryAllocationLib @@ -71,3 +71,6 @@ [UserExtensions.TianoCore."ExtraFiles"] UsbBusDxeExtra.uni + +[Depex] + gDasharoUsbDriverPolicyGuid diff --git a/MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf b/MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf index e981a0afc2..76352b57e6 100644 --- a/MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf +++ b/MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf @@ -48,6 +48,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] MemoryAllocationLib @@ -91,3 +92,6 @@ [UserExtensions.TianoCore."ExtraFiles"] UsbKbDxeExtra.uni + +[Depex] + gDasharoUsbDriverPolicyGuid diff --git a/MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf b/MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf index 54039389fb..4fb31f5b96 100644 --- a/MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +++ b/MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf @@ -55,6 +55,7 @@ [Packages] MdePkg/MdePkg.dec + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] BaseLib @@ -79,3 +80,6 @@ [UserExtensions.TianoCore."ExtraFiles"] UsbMassStorageDxeExtra.uni + +[Depex] + gDasharoUsbDriverPolicyGuid AND gDasharoUsbMassStoragePolicyGuid \ No newline at end of file diff --git a/MdeModulePkg/Bus/Usb/UsbMouseAbsolutePointerDxe/UsbMouseAbsolutePointerDxe.inf b/MdeModulePkg/Bus/Usb/UsbMouseAbsolutePointerDxe/UsbMouseAbsolutePointerDxe.inf index 00e061f56a..83392e8165 100644 --- a/MdeModulePkg/Bus/Usb/UsbMouseAbsolutePointerDxe/UsbMouseAbsolutePointerDxe.inf +++ b/MdeModulePkg/Bus/Usb/UsbMouseAbsolutePointerDxe/UsbMouseAbsolutePointerDxe.inf @@ -43,6 +43,7 @@ [Packages] MdePkg/MdePkg.dec + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] MemoryAllocationLib @@ -64,3 +65,6 @@ [UserExtensions.TianoCore."ExtraFiles"] UsbMouseAbsolutePointerDxeExtra.uni + +[Depex] + gDasharoUsbDriverPolicyGuid diff --git a/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouseDxe.inf b/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouseDxe.inf index 5221a41316..f000316817 100644 --- a/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouseDxe.inf +++ b/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouseDxe.inf @@ -43,6 +43,7 @@ [Packages] MdePkg/MdePkg.dec + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] MemoryAllocationLib @@ -64,3 +65,6 @@ [UserExtensions.TianoCore."ExtraFiles"] UsbMouseDxeExtra.uni + +[Depex] + gDasharoUsbDriverPolicyGuid From 291f5bf7f91af0497e43444b873c06f901602028 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sun, 11 Sep 2022 14:13:00 +0200 Subject: [PATCH 089/357] DasharoModulePkg: Add USB options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoBootPolicies/BootPolicies.c | 112 ++++++++++++++++++ .../DasharoBootPolicies/BootPolicies.h | 49 ++++++++ .../DasharoBootPolicies.inf} | 8 +- DasharoModulePkg/DasharoModulePkg.dec | 6 +- .../DasharoSystemFeatures.c | 71 ++++++++++- .../DasharoSystemFeaturesHii.h | 5 + .../DasharoSystemFeaturesStrings.uni | 9 ++ .../DasharoSystemFeaturesVfr.vfr | 29 +++++ .../NetworkBootPolicy/NetworkBootPolicy.c | 74 ------------ .../NetworkBootPolicy/NetworkBootPolicy.h | 29 ----- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 +- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 2 +- 12 files changed, 285 insertions(+), 111 deletions(-) create mode 100644 DasharoModulePkg/DasharoBootPolicies/BootPolicies.c create mode 100644 DasharoModulePkg/DasharoBootPolicies/BootPolicies.h rename DasharoModulePkg/{NetworkBootPolicy/NetworkBootPolicy.inf => DasharoBootPolicies/DasharoBootPolicies.inf} (79%) delete mode 100644 DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.c delete mode 100644 DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.h diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c new file mode 100644 index 0000000000..9a8fb5e358 --- /dev/null +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -0,0 +1,112 @@ +/*++ +Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved + + SPDX-License-Identifier: BSD-2-Clause-Patent + +--*/ + +/** @file +**/ + +#include +#include +#include +#include "BootPolicies.h" + +#include +#include + +NETWORK_BOOT_POLICY_PROTOCOL mNetworkBootPolicy; +USB_STACK_POLICY_PROTOCOL mUsbStackPolicy; +USB_MASS_STORAGE_POLICY_PROTOCOL mUsbMassStoragePolicy; + +/** + Entry point for the Boot Policies Driver. + @param ImageHandle Image handle of this driver. + @param SystemTable Global system service table. + @retval EFI_SUCCESS Initialization complete. +**/ +EFI_STATUS +EFIAPI +InitializeBootPolicies ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) + +{ + EFI_STATUS Status = EFI_SUCCESS; + BOOLEAN *EfiVar; + UINTN VarSize = sizeof(BOOLEAN); + + gBS = SystemTable->BootServices; + gRT = SystemTable->RuntimeServices; + + mNetworkBootPolicy.Revision = NETWORK_BOOT_POLICY_PROTOCOL_REVISION_01; + mNetworkBootPolicy.NetworkBootEnabled = FALSE; // disable by default + mUsbStackPolicy.Revision = USB_STACK_POLICY_PROTOCOL_REVISION_01; + mUsbStackPolicy.UsbStackEnabled = TRUE; + mUsbMassStoragePolicy.Revision = USB_MASS_STORAGE_POLICY_PROTOCOL_REVISION_01; + mUsbMassStoragePolicy.UsbMassStorageEnabled = TRUE; + + Status = GetVariable2 ( + L"NetworkBoot", + &gDasharoSystemFeaturesGuid, + (VOID **) &EfiVar, + &VarSize + ); + + if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*EfiVar))) { + + mNetworkBootPolicy.NetworkBootEnabled = *EfiVar; + + if (mNetworkBootPolicy.NetworkBootEnabled) + gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gDasharoNetworkBootPolicyGuid, + &mNetworkBootPolicy, + NULL + ); + } + + Status = GetVariable2 ( + L"UsbDriverStack", + &gDasharoSystemFeaturesGuid, + (VOID **) &EfiVar, + &VarSize + ); + + if ((Status == EFI_SUCCESS) && (VarSize == sizeof(*EfiVar))) + mUsbStackPolicy.UsbStackEnabled = *EfiVar; + else + mUsbStackPolicy.UsbStackEnabled = TRUE; // enable USB by default + + if (mUsbStackPolicy.UsbStackEnabled) + gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gDasharoUsbDriverPolicyGuid, + &mUsbStackPolicy, + NULL + ); + + Status = GetVariable2 ( + L"UsbMassStorage", + &gDasharoSystemFeaturesGuid, + (VOID **) &EfiVar, + &VarSize + ); + + if ((Status == EFI_SUCCESS) && (VarSize == sizeof(*EfiVar))) + mUsbMassStoragePolicy.UsbMassStorageEnabled = *EfiVar; + else + mUsbMassStoragePolicy.UsbMassStorageEnabled = TRUE; // enable USB boot by default + + if (mUsbMassStoragePolicy.UsbMassStorageEnabled && mUsbStackPolicy.UsbStackEnabled) + gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gDasharoUsbMassStoragePolicyGuid, + &mUsbMassStoragePolicy, + NULL + ); + + return EFI_SUCCESS; +} \ No newline at end of file diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h new file mode 100644 index 0000000000..e9a85f587f --- /dev/null +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h @@ -0,0 +1,49 @@ +/*++ +Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved + + SPDX-License-Identifier: BSD-2-Clause-Patent + +--*/ + +/** @file +**/ + +#ifndef _DASHARO_BOOT_POLICIES_H_ +#define _DASHARO_BOOT_POLICIES_H_ + +#define DASHARO_NETWORK_BOOT_POLICY_PROTOCOL_GUID \ + { 0xdef83d91, 0x4613, 0x474c, 0xa7, 0xad, 0xf7, 0x79, 0x10, 0x11, 0x43, 0xf2 } + +#define DASHARO_USB_DRIVER_POLICY_PROTOCOL_GUID \ + { 0x808330b5, 0xbe46, 0x4a41, 0x97, 0x79, 0x84, 0xa3, 0xd1, 0x31, 0xbb, 0xb4 } + +#define DASHARO_USB_MASS_STORAGE_POLICY_PROTOCOL_GUID \ + { 0xd7d1a290, 0x651a, 0x4c90, 0xbf, 0x09, 0x1b, 0x7c, 0x56, 0x7c, 0xd5, 0x9c } + +#define NETWORK_BOOT_POLICY_PROTOCOL_REVISION_01 0x01 +#define USB_STACK_POLICY_PROTOCOL_REVISION_01 0x01 +#define USB_MASS_STORAGE_POLICY_PROTOCOL_REVISION_01 0x01 + +typedef struct _NETWORK_BOOT_POLICY_PROTOCOL { + UINT32 Revision; + BOOLEAN NetworkBootEnabled; +} NETWORK_BOOT_POLICY_PROTOCOL; + +typedef struct _USB_STACK_POLICY_PROTOCOL { + UINT32 Revision; + BOOLEAN UsbStackEnabled; +} USB_STACK_POLICY_PROTOCOL; + +typedef struct _USB_MASS_STORAGE_POLICY_PROTOCOL { + UINT32 Revision; + BOOLEAN UsbMassStorageEnabled; +} USB_MASS_STORAGE_POLICY_PROTOCOL; + +// +// Extern the GUID for protocol users. +// +extern EFI_GUID gDasharoNetworkBootPolicyGuid; +extern EFI_GUID gDasharoUsbDriverPolicyGuid; +extern EFI_GUID gDasharoUsbMassStoragePolicyGuid; + +#endif diff --git a/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.inf b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf similarity index 79% rename from DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.inf rename to DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf index 81d04dc3c8..a4d27fdfd4 100644 --- a/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.inf +++ b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf @@ -8,11 +8,11 @@ [Defines] INF_VERSION = 0x00010005 - BASE_NAME = NetworkBootPolicy + BASE_NAME = DasharoBootPolicies FILE_GUID = ca90493e-1a22-4d09-9c78-3894507eb646 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 - ENTRY_POINT = NetworkBootPolicyEntryPoint + ENTRY_POINT = InitializeBootPolicies # # The following information is for reference only and not required by the build tools. @@ -21,7 +21,7 @@ # [Sources.common] - NetworkBootPolicy.c + BootPolicies.c [Packages] MdePkg/MdePkg.dec @@ -39,6 +39,8 @@ [Protocols] gDasharoNetworkBootPolicyGuid ### PROVIDES + gDasharoUsbDriverPolicyGuid ### PROVIDES + gDasharoUsbMassStoragePolicyGuid ### PROVIDES [Depex] gEfiVariableArchProtocolGuid \ No newline at end of file diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index db1197a9a1..0b7d60013b 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -23,7 +23,7 @@ PlatformPasswordLib|Include/Library/PlatformPasswordLib.h [Guids] - gDasharoSystemFeaturesGuid = { 0xd15b327e, 0xff2d, 0x4fc1, {0xab, 0xf6, 0xc1, 0x2b, 0xd0, 0x8c, 0x13, 0x59 } } + gDasharoSystemFeaturesGuid = { 0xd15b327e, 0xff2d, 0x4fc1, { 0xab, 0xf6, 0xc1, 0x2b, 0xd0, 0x8c, 0x13, 0x59 }} gDasharoSystemFeaturesTokenSpaceGuid = {0xc7d52e10, 0xadec, 0x4d49, { 0x9e, 0xc5, 0xb8, 0xcf, 0xcd, 0x4b, 0x9d, 0xb9 }} gUserAuthFeaturePkgTokenSpaceGuid = {0xa2793a6e, 0x6af1, 0x45c4, {0x88, 0x4d, 0x3d, 0x0c, 0x7a, 0xfe, 0x91, 0xc6}} ## Include Include/Guid/UserAuthentication.h @@ -32,7 +32,9 @@ [Ppis] [Protocols] - gDasharoNetworkBootPolicyGuid = { 0xdef83d91, 0x4613, 0x474c, {0xa7, 0xad, 0xf7, 0x79, 0x10, 0x11, 0x43, 0xf2 }} + gDasharoNetworkBootPolicyGuid = { 0xdef83d91, 0x4613, 0x474c, { 0xa7, 0xad, 0xf7, 0x79, 0x10, 0x11, 0x43, 0xf2 }} + gDasharoUsbDriverPolicyGuid = { 0x808330b5, 0xbe46, 0x4a41, { 0x97, 0x79, 0x84, 0xa3, 0xd1, 0x31, 0xbb, 0xb4 }} + gDasharoUsbMassStoragePolicyGuid = { 0xd7d1a290, 0x651a, 0x4c90, { 0xbf, 0x09, 0x1b, 0x7c, 0x56, 0x7c, 0xd5, 0x9c }} [PcdsFixedAtBuild] gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|FALSE|BOOLEAN|0x00000001 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 0afdc4dc4a..0d16bc0c96 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -12,9 +12,13 @@ SPDX-License-Identifier: BSD-2-Clause STATIC CHAR16 mVarStoreName[] = L"FeaturesData"; STATIC CHAR16 mLockBiosEfiVar[] = L"LockBios"; STATIC CHAR16 mSmmBwpEfiVar[] = L"SmmBwp"; +STATIC CHAR16 mNetworkBootEfiVar[] = L"NetworkBoot"; +STATIC CHAR16 mUsbStackEfiVar[] = L"UsbDriverStack"; +STATIC CHAR16 mUsbMassStorageEfiVar[] = L"UsbMassStorage"; +STATIC BOOLEAN mUsbStackDefault = TRUE; +STATIC BOOLEAN mUsbMassStorageDefault = TRUE; STATIC BOOLEAN mLockBiosDefault = TRUE; STATIC BOOLEAN mSmmBwpDefault = FALSE; -STATIC CHAR16 mNetworkBootEfiVar[] = L"NetworkBoot"; STATIC BOOLEAN mNetworkBootDefault = FALSE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { @@ -139,6 +143,45 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot = mNetworkBootDefault; } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack); + Status = gRT->GetVariable ( + mUsbStackEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack + ); + + if (Status == EFI_NOT_FOUND) { + Status = gRT->SetVariable ( + mUsbStackEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mUsbStackDefault), + &mUsbStackDefault + ); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack = mUsbStackDefault; + } + + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage); + Status = gRT->GetVariable ( + mUsbMassStorageEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage + ); + + if (Status == EFI_NOT_FOUND) { + Status = gRT->SetVariable ( + mUsbMassStorageEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mUsbMassStorageDefault), + &mUsbMassStorageDefault + ); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage = mUsbMassStorageDefault; + } if (EFI_ERROR(Status)) { return Status; @@ -393,6 +436,32 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.UsbStack != DasharoFeaturesData.UsbStack) { + Status = gRT->SetVariable ( + mUsbStackEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.UsbStack), + &DasharoFeaturesData.UsbStack + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + + if (Private->DasharoFeaturesData.UsbMassStorage != DasharoFeaturesData.UsbMassStorage) { + Status = gRT->SetVariable ( + mUsbMassStorageEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.UsbMassStorage), + &DasharoFeaturesData.UsbMassStorage + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index f21dc1ae51..e60c778ffa 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause #define DASHARO_SYSTEM_FEATURES_FORM_ID 0x1000 #define DASHARO_SECURITY_OPTIONS_FORM_ID 0x1001 #define DASHARO_NETWORK_OPTIONS_FORM_ID 0x1002 +#define DASHARO_USB_CONFIGURATION_FORM_ID 0x1003 #define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 @@ -22,10 +23,14 @@ typedef struct { BOOLEAN LockBios; BOOLEAN SmmBwp; BOOLEAN NetworkBoot; + BOOLEAN UsbStack; + BOOLEAN UsbMassStorage; } DASHARO_FEATURES_DATA; #define LOCK_BIOS_QUESTION_ID 0x8000 #define NETWORK_BOOT_QUESTION_ID 0x8001 +#define USB_STACK_QUESTION_ID 0x8002 +#define USB_MASS_STORAGE_QUESTION_ID 0x8003 extern EFI_GUID gDasharoSystemFeaturesGuid; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index be334a7c73..05d08fa621 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -23,6 +23,9 @@ #string STR_DASHARO_NETWORKING_OPTIONS_TITLE #language en-US "Networking Options" #string STR_DASHARO_NETWORKING_OPTIONS_HELP #language en-US "Network-related options" +#string STR_DASHARO_USB_CONFIGURATION_TITLE #language en-US "USB Configuration" +#string STR_DASHARO_USB_CONFIGURATION_HELP #language en-US "USB-related options" + #string STR_LOCK_BIOS_PROMPT #language en-US "Lock the BIOS boot medium" #string STR_LOCK_BIOS_HELP #language en-US "Locks the recovery partition of vboot" @@ -31,3 +34,9 @@ #string STR_NETWORK_BOOT_ENABLE_PROMPT #language en-US "Enable network boot" #string STR_NETWORK_BOOT_ENABLE_HELP #language en-US "Enables/disables the iPXE network boot and all NIC drivers" + +#string STR_USB_STACK_ENABLE_PROMPT #language en-US "Enable USB stack" +#string STR_USB_STACK_ENABLE_HELP #language en-US "Enables/disables the USB drivers. Disabling it means neither USB keyboard nor storage will work" + +#string STR_USB_MASS_STORAGE_ENABLE_PROMPT #language en-US "Enable USB Mass Storage driver" +#string STR_USB_MASS_STORAGE_ENABLE_HELP #language en-US "Enables/disables the USB Mass Storage driver. When disabled, booting from USB will not work, but USB keyboard still will" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index aa5c9a4591..205b915cbb 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -30,6 +30,9 @@ formset prompt = STRING_TOKEN(STR_DASHARO_NETWORKING_OPTIONS_TITLE), help = STRING_TOKEN(STR_DASHARO_NETWORKING_OPTIONS_HELP); + goto DASHARO_USB_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_USB_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_USB_CONFIGURATION_HELP); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -73,4 +76,30 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); endform; + + form formid = DASHARO_USB_CONFIGURATION_FORM_ID, + title = STRING_TOKEN(STR_DASHARO_USB_CONFIGURATION_TITLE); + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + + checkbox name = UsbStack, + varid = FeaturesData.UsbStack, + prompt = STRING_TOKEN(STR_USB_STACK_ENABLE_PROMPT), + help = STRING_TOKEN(STR_USB_STACK_ENABLE_HELP), + flags = INTERACTIVE, + endcheckbox; + + suppressif questionref(UsbStack) == FALSE; + checkbox varid = FeaturesData.UsbMassStorage, + prompt = STRING_TOKEN(STR_USB_MASS_STORAGE_ENABLE_PROMPT), + help = STRING_TOKEN(STR_USB_MASS_STORAGE_ENABLE_HELP), + flags = INTERACTIVE, + endcheckbox; + endif; + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EXIT_STRING); + endform; + endformset; diff --git a/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.c b/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.c deleted file mode 100644 index d889dab7c6..0000000000 --- a/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.c +++ /dev/null @@ -1,74 +0,0 @@ -/*++ -Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved - - SPDX-License-Identifier: BSD-2-Clause-Patent - ---*/ - -/** @file -**/ - -#include -#include -#include -#include "NetworkBootPolicy.h" - -#include -#include - -NETWORK_BOOT_POLICY_PROTOCOL mNetworkBootPolicy; - -/** - Entry point for the Platform GOP Policy Driver. - @param ImageHandle Image handle of this driver. - @param SystemTable Global system service table. - @retval EFI_SUCCESS Initialization complete. - @retval EFI_OUT_OF_RESOURCES Do not have enough resources to initialize the driver. -**/ - -EFI_STATUS -EFIAPI -NetworkBootPolicyEntryPoint ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) - -{ - EFI_STATUS Status = EFI_SUCCESS; - BOOLEAN *NetBootVar = &mNetworkBootPolicy.NetworkBootEnabled; - UINTN VarSize = sizeof(*NetBootVar); - - gBS = SystemTable->BootServices; - gRT = SystemTable->RuntimeServices; - - gBS->SetMem ( - &mNetworkBootPolicy, - sizeof (NETWORK_BOOT_POLICY_PROTOCOL), - 0 - ); - - mNetworkBootPolicy.Revision = NETWORK_BOOT_POLICY_PROTOCOL_REVISION_01; - mNetworkBootPolicy.NetworkBootEnabled = 0; // disable by default - - Status = GetVariable2 ( - L"NetworkBoot", - &gDasharoSystemFeaturesGuid, - (VOID **) &NetBootVar, - &VarSize - ); - - if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*NetBootVar))) { - - mNetworkBootPolicy.NetworkBootEnabled = *NetBootVar; - - if (mNetworkBootPolicy.NetworkBootEnabled) - Status = gBS->InstallMultipleProtocolInterfaces ( - &ImageHandle, - &gDasharoNetworkBootPolicyGuid, - &mNetworkBootPolicy, - NULL - ); - } - - return Status; -} \ No newline at end of file diff --git a/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.h b/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.h deleted file mode 100644 index 36c5a76cde..0000000000 --- a/DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.h +++ /dev/null @@ -1,29 +0,0 @@ -/*++ -Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved - - SPDX-License-Identifier: BSD-2-Clause-Patent - ---*/ - -/** @file -**/ - -#ifndef _NETWORK_BOOT_POLICY_PROTOCOL_H_ -#define _NETWORK_BOOT_POLICY_PROTOCOL_H_ - -#define EFI_NETWORK_BOOT_POLICY_PROTOCOL_GUID \ - { 0xdef83d91, 0x4613, 0x474c, 0xa7, 0xad, 0xf7, 0x79, 0x10, 0x11, 0x43, 0xf2 } - -#define NETWORK_BOOT_POLICY_PROTOCOL_REVISION_01 0x01 - -typedef struct _NETWORK_BOOT_POLICY_PROTOCOL { - UINT32 Revision; - BOOLEAN NetworkBootEnabled; -} NETWORK_BOOT_POLICY_PROTOCOL; - -// -// Extern the GUID for protocol users. -// -extern EFI_GUID gDasharoNetworkBootPolicyGuid; - -#endif \ No newline at end of file diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 3d2588e906..3169d40e6c 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -759,7 +759,7 @@ !endif !if $(DASHARO_SYSTEM_FEATURES_ENABLE) == TRUE - DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.inf + DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf !endif # diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 65acf7d319..2f29648b03 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -294,7 +294,7 @@ INF SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf !endif !if $(DASHARO_SYSTEM_FEATURES_ENABLE) == TRUE - INF DasharoModulePkg/NetworkBootPolicy/NetworkBootPolicy.inf + INF DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf !endif # From d329ea32094392b2c4adc0729551308b49f5a924 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sun, 11 Sep 2022 15:35:03 +0200 Subject: [PATCH 090/357] DasharoModulePkg: DasharoBootPolicies/BootPolicies.c: Add debugging info MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoBootPolicies/BootPolicies.c | 40 ++++++++++++------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index 9a8fb5e358..975bfbb0ab 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -59,13 +59,15 @@ InitializeBootPolicies ( mNetworkBootPolicy.NetworkBootEnabled = *EfiVar; - if (mNetworkBootPolicy.NetworkBootEnabled) + if (mNetworkBootPolicy.NetworkBootEnabled) { gBS->InstallMultipleProtocolInterfaces ( &ImageHandle, &gDasharoNetworkBootPolicyGuid, &mNetworkBootPolicy, NULL ); + DEBUG ((EFI_D_INFO, "Boot Policy: Enabling network stack\n")); + } } Status = GetVariable2 ( @@ -80,13 +82,17 @@ InitializeBootPolicies ( else mUsbStackPolicy.UsbStackEnabled = TRUE; // enable USB by default - if (mUsbStackPolicy.UsbStackEnabled) - gBS->InstallMultipleProtocolInterfaces ( - &ImageHandle, - &gDasharoUsbDriverPolicyGuid, - &mUsbStackPolicy, - NULL - ); + if (mUsbStackPolicy.UsbStackEnabled) { + gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gDasharoUsbDriverPolicyGuid, + &mUsbStackPolicy, + NULL + ); + DEBUG ((EFI_D_INFO, "Boot Policy: Enabling USB stack\n")); + } else { + DEBUG ((EFI_D_INFO, "Boot Policy: Not enabling USB stack\n")); + } Status = GetVariable2 ( L"UsbMassStorage", @@ -100,13 +106,17 @@ InitializeBootPolicies ( else mUsbMassStoragePolicy.UsbMassStorageEnabled = TRUE; // enable USB boot by default - if (mUsbMassStoragePolicy.UsbMassStorageEnabled && mUsbStackPolicy.UsbStackEnabled) - gBS->InstallMultipleProtocolInterfaces ( - &ImageHandle, - &gDasharoUsbMassStoragePolicyGuid, - &mUsbMassStoragePolicy, - NULL - ); + if (mUsbMassStoragePolicy.UsbMassStorageEnabled && mUsbStackPolicy.UsbStackEnabled) { + gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gDasharoUsbMassStoragePolicyGuid, + &mUsbMassStoragePolicy, + NULL + ); + DEBUG ((EFI_D_INFO, "Boot Policy: Enabling USB Mass Storage\n")); + } else { + DEBUG ((EFI_D_INFO, "Boot Policy: Not enabling USB Mass Storage\n")); + } return EFI_SUCCESS; } \ No newline at end of file From 8b5b6bee64790d2528fc798dda82abd1f824f258 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Sat, 29 Oct 2022 13:23:47 +0200 Subject: [PATCH 091/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: Add Intel ME disable option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../DasharoSystemFeatures.c | 40 ++++++++++++++++++- .../DasharoSystemFeaturesHii.h | 6 +++ .../DasharoSystemFeaturesStrings.uni | 14 +++++++ .../DasharoSystemFeaturesVfr.vfr | 24 +++++++++++ 4 files changed, 83 insertions(+), 1 deletion(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 0d16bc0c96..566e0cee94 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause STATIC CHAR16 mVarStoreName[] = L"FeaturesData"; STATIC CHAR16 mLockBiosEfiVar[] = L"LockBios"; STATIC CHAR16 mSmmBwpEfiVar[] = L"SmmBwp"; +STATIC CHAR16 mMeModeEfiVar[] = L"MeMode"; STATIC CHAR16 mNetworkBootEfiVar[] = L"NetworkBoot"; STATIC CHAR16 mUsbStackEfiVar[] = L"UsbDriverStack"; STATIC CHAR16 mUsbMassStorageEfiVar[] = L"UsbMassStorage"; @@ -20,6 +21,7 @@ STATIC BOOLEAN mUsbMassStorageDefault = TRUE; STATIC BOOLEAN mLockBiosDefault = TRUE; STATIC BOOLEAN mSmmBwpDefault = FALSE; STATIC BOOLEAN mNetworkBootDefault = FALSE; +STATIC UINT8 mMeModeDefault = ME_MODE_ENABLE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -122,7 +124,6 @@ DasharoSystemFeaturesUiLibConstructor ( } } - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot); Status = gRT->GetVariable ( mNetworkBootEfiVar, @@ -211,6 +212,30 @@ DasharoSystemFeaturesUiLibConstructor ( return Status; } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode); + Status = gRT->GetVariable ( + mMeModeEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode + ); + + if (Status == EFI_NOT_FOUND) { + Status = gRT->SetVariable ( + mMeModeEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mMeModeDefault), + &mMeModeDefault + ); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode = mMeModeDefault; + } + + if (EFI_ERROR(Status)) { + return Status; + } + return EFI_SUCCESS; } @@ -462,6 +487,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.MeMode != DasharoFeaturesData.MeMode) { + Status = gRT->SetVariable ( + mMeModeEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.MeMode), + &DasharoFeaturesData.MeMode + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index e60c778ffa..3b56fcf0b0 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause #define DASHARO_SECURITY_OPTIONS_FORM_ID 0x1001 #define DASHARO_NETWORK_OPTIONS_FORM_ID 0x1002 #define DASHARO_USB_CONFIGURATION_FORM_ID 0x1003 +#define DASHARO_INTEL_ME_OPTIONS_FORM_ID 0x1004 #define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 @@ -25,8 +26,13 @@ typedef struct { BOOLEAN NetworkBoot; BOOLEAN UsbStack; BOOLEAN UsbMassStorage; + UINT8 MeMode; } DASHARO_FEATURES_DATA; +#define ME_MODE_ENABLE 0 +#define ME_MODE_DISABLE_HECI 1 +#define ME_MODE_DISABLE_HAP 2 + #define LOCK_BIOS_QUESTION_ID 0x8000 #define NETWORK_BOOT_QUESTION_ID 0x8001 #define USB_STACK_QUESTION_ID 0x8002 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 05d08fa621..31ceb2a7fc 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -40,3 +40,17 @@ #string STR_USB_MASS_STORAGE_ENABLE_PROMPT #language en-US "Enable USB Mass Storage driver" #string STR_USB_MASS_STORAGE_ENABLE_HELP #language en-US "Enables/disables the USB Mass Storage driver. When disabled, booting from USB will not work, but USB keyboard still will" + +#string STR_DASHARO_INTEL_ME_OPTIONS_TITLE #language en-US "Intel Management Engine Options" +#string STR_DASHARO_INTEL_ME_OPTIONS_HELP #language en-US "Configuration for Intel Management Engine" + +#string STR_ME_MODE_PROMPT #language en-US "Intel ME mode" +#string STR_ME_MODE_HELP #language en-US "Operation mode of the Intel Management Engine. The ME can be enabled, or disabled using various methods.\n\n" + "Enabled: Enable the Intel Management Engine.\n\n" + "Disabled (Soft): Disable using a HECI message.\n\n" + "Disabled (HAP): Disable using the High Assurance Platform bit in the flash descriptor.\n\n" + "Note that with ME disabled, the firmware TPM will no longer be functional." + +#string STR_ME_MODE_ENABLE #language en-US "Enabled" +#string STR_ME_MODE_DISABLE_HECI #language en-US "Disabled (Soft)" +#string STR_ME_MODE_DISABLE_HAP #language en-US "Disabled (HAP)" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 205b915cbb..05e871cd56 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -34,6 +34,10 @@ formset prompt = STRING_TOKEN(STR_DASHARO_USB_CONFIGURATION_TITLE), help = STRING_TOKEN(STR_DASHARO_USB_CONFIGURATION_HELP); + goto DASHARO_INTEL_ME_OPTIONS_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_INTEL_ME_OPTIONS_TITLE), + help = STRING_TOKEN(STR_DASHARO_INTEL_ME_OPTIONS_HELP); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); @@ -102,4 +106,24 @@ formset subtitle text = STRING_TOKEN(STR_EXIT_STRING); endform; + form formid = DASHARO_INTEL_ME_OPTIONS_FORM_ID, + title = STRING_TOKEN(STR_DASHARO_INTEL_ME_OPTIONS_TITLE); + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + + oneof varid = FeaturesData.MeMode, + prompt = STRING_TOKEN(STR_ME_MODE_PROMPT), + help = STRING_TOKEN(STR_ME_MODE_HELP), + flags = INTERACTIVE, + + option text = STRING_TOKEN(STR_ME_MODE_ENABLE), value = ME_MODE_ENABLE, flags = 0; + option text = STRING_TOKEN(STR_ME_MODE_DISABLE_HECI), value = ME_MODE_DISABLE_HECI, flags = 0; + option text = STRING_TOKEN(STR_ME_MODE_DISABLE_HAP), value = ME_MODE_DISABLE_HAP, flags = 0; + endoneof; + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EXIT_STRING); + endform; + endformset; From 90659c5edf278b8ceffb234e2502ce5c84e0b2a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 10 Nov 2022 12:35:53 +0100 Subject: [PATCH 092/357] DasharoModulePkg: DasharoBootPolicies: add support for PS2 Controller policy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski Co-authored-by: Michał Kopeć --- .../DasharoBootPolicies/BootPolicies.c | 27 ++++++++++++++++++- .../DasharoBootPolicies/BootPolicies.h | 16 ++++++++--- .../DasharoBootPolicies.inf | 1 + DasharoModulePkg/DasharoModulePkg.dec | 2 +- 4 files changed, 41 insertions(+), 5 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index 975bfbb0ab..32d9852dc5 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -19,6 +19,7 @@ Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved NETWORK_BOOT_POLICY_PROTOCOL mNetworkBootPolicy; USB_STACK_POLICY_PROTOCOL mUsbStackPolicy; USB_MASS_STORAGE_POLICY_PROTOCOL mUsbMassStoragePolicy; +PS2_CONTROLLER_POLICY_PROTOCOL mPs2ControllerPolicy; /** Entry point for the Boot Policies Driver. @@ -47,6 +48,8 @@ InitializeBootPolicies ( mUsbStackPolicy.UsbStackEnabled = TRUE; mUsbMassStoragePolicy.Revision = USB_MASS_STORAGE_POLICY_PROTOCOL_REVISION_01; mUsbMassStoragePolicy.UsbMassStorageEnabled = TRUE; + mPs2ControllerPolicy.Revision = PS2_CONTROLLER_POLICY_PROTOCOL_REVISION_01; + mPs2ControllerPolicy.Ps2ControllerEnabled = FALSE; // disable by default Status = GetVariable2 ( L"NetworkBoot", @@ -118,5 +121,27 @@ InitializeBootPolicies ( DEBUG ((EFI_D_INFO, "Boot Policy: Not enabling USB Mass Storage\n")); } + Status = GetVariable2 ( + L"Ps2Controller", + &gDasharoSystemFeaturesGuid, + (VOID **) &EfiVar, + &VarSize + ); + + if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*EfiVar))) { + + mPs2ControllerPolicy.Ps2ControllerEnabled = *EfiVar; + + if (mPs2ControllerPolicy.Ps2ControllerEnabled) { + gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gDasharoPs2ControllerPolicyGuid, + &mPs2ControllerPolicy, + NULL + ); + DEBUG ((EFI_D_INFO, "Boot Policy: Enabling PS2 Controller\n")); + } + } + return EFI_SUCCESS; -} \ No newline at end of file +} diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h index e9a85f587f..265e110101 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h @@ -20,9 +20,13 @@ Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved #define DASHARO_USB_MASS_STORAGE_POLICY_PROTOCOL_GUID \ { 0xd7d1a290, 0x651a, 0x4c90, 0xbf, 0x09, 0x1b, 0x7c, 0x56, 0x7c, 0xd5, 0x9c } +#define DASHARO_PS2_CONTROLLER_POLICY_PROTOCOL_GUID \ + { 0x4885b96d, 0xbdf1, 0x496d, 0xbc, 0x3d, 0x3e, 0x79, 0x57, 0x74, 0xcd, 0x40 } + #define NETWORK_BOOT_POLICY_PROTOCOL_REVISION_01 0x01 #define USB_STACK_POLICY_PROTOCOL_REVISION_01 0x01 #define USB_MASS_STORAGE_POLICY_PROTOCOL_REVISION_01 0x01 +#define PS2_CONTROLLER_POLICY_PROTOCOL_REVISION_01 0x01 typedef struct _NETWORK_BOOT_POLICY_PROTOCOL { UINT32 Revision; @@ -39,11 +43,17 @@ typedef struct _USB_MASS_STORAGE_POLICY_PROTOCOL { BOOLEAN UsbMassStorageEnabled; } USB_MASS_STORAGE_POLICY_PROTOCOL; +typedef struct _PS2_CONTROLLER_POLICY_PROTOCOL { + UINT32 Revision; + BOOLEAN Ps2ControllerEnabled; +} PS2_CONTROLLER_POLICY_PROTOCOL; + // // Extern the GUID for protocol users. // -extern EFI_GUID gDasharoNetworkBootPolicyGuid; -extern EFI_GUID gDasharoUsbDriverPolicyGuid; -extern EFI_GUID gDasharoUsbMassStoragePolicyGuid; +extern EFI_GUID gDasharoNetworkBootPolicyGuid; +extern EFI_GUID gDasharoUsbDriverPolicyGuid; +extern EFI_GUID gDasharoUsbMassStoragePolicyGuid; +extern EFI_GUID gDasharoPs2ControllerPolicyGuid; #endif diff --git a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf index a4d27fdfd4..b4efccb43d 100644 --- a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf +++ b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf @@ -41,6 +41,7 @@ gDasharoNetworkBootPolicyGuid ### PROVIDES gDasharoUsbDriverPolicyGuid ### PROVIDES gDasharoUsbMassStoragePolicyGuid ### PROVIDES + gDasharoPs2ControllerPolicyGuid ### PROVIDES [Depex] gEfiVariableArchProtocolGuid \ No newline at end of file diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 0b7d60013b..d7b3ac3270 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -35,7 +35,7 @@ gDasharoNetworkBootPolicyGuid = { 0xdef83d91, 0x4613, 0x474c, { 0xa7, 0xad, 0xf7, 0x79, 0x10, 0x11, 0x43, 0xf2 }} gDasharoUsbDriverPolicyGuid = { 0x808330b5, 0xbe46, 0x4a41, { 0x97, 0x79, 0x84, 0xa3, 0xd1, 0x31, 0xbb, 0xb4 }} gDasharoUsbMassStoragePolicyGuid = { 0xd7d1a290, 0x651a, 0x4c90, { 0xbf, 0x09, 0x1b, 0x7c, 0x56, 0x7c, 0xd5, 0x9c }} - + gDasharoPs2ControllerPolicyGuid = { 0x4885b96d, 0xbdf1, 0x496d, {0xbc, 0x3d, 0x3e, 0x79, 0x57, 0x74, 0xcd, 0x40 }} [PcdsFixedAtBuild] gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|FALSE|BOOLEAN|0x00000001 From 46e791c80cd6b353804c9adcc7d22a9cf38e6d1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 10 Nov 2022 12:36:14 +0100 Subject: [PATCH 093/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: add PS2 Controller option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski Co-authored-by: Michał Kopeć --- .../DasharoSystemFeatures.c | 39 +++++++++++++++++++ .../DasharoSystemFeaturesHii.h | 14 ++++--- .../DasharoSystemFeaturesStrings.uni | 7 ++++ .../DasharoSystemFeaturesVfr.vfr | 20 ++++++++++ 4 files changed, 74 insertions(+), 6 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 566e0cee94..8c95e4685d 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -16,12 +16,14 @@ STATIC CHAR16 mMeModeEfiVar[] = L"MeMode"; STATIC CHAR16 mNetworkBootEfiVar[] = L"NetworkBoot"; STATIC CHAR16 mUsbStackEfiVar[] = L"UsbDriverStack"; STATIC CHAR16 mUsbMassStorageEfiVar[] = L"UsbMassStorage"; +STATIC CHAR16 mPs2ControllerEfiVar[] = L"Ps2Controller"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; STATIC BOOLEAN mLockBiosDefault = TRUE; STATIC BOOLEAN mSmmBwpDefault = FALSE; STATIC BOOLEAN mNetworkBootDefault = FALSE; STATIC UINT8 mMeModeDefault = ME_MODE_ENABLE; +STATIC BOOLEAN mPs2ControllerDefault = FALSE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -236,6 +238,30 @@ DasharoSystemFeaturesUiLibConstructor ( return Status; } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller); + Status = gRT->GetVariable ( + mPs2ControllerEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller + ); + + if (Status == EFI_NOT_FOUND) { + Status = gRT->SetVariable ( + mPs2ControllerEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mPs2ControllerDefault), + &mPs2ControllerDefault + ); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller = mPs2ControllerDefault; + } + + if (EFI_ERROR(Status)) { + return Status; + } + return EFI_SUCCESS; } @@ -500,6 +526,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.Ps2Controller != DasharoFeaturesData.Ps2Controller) { + Status = gRT->SetVariable ( + mPs2ControllerEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.Ps2Controller), + &DasharoFeaturesData.Ps2Controller + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 3b56fcf0b0..3dbf3718f5 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -12,13 +12,14 @@ SPDX-License-Identifier: BSD-2-Clause #define DASHARO_SYSTEM_FEATURES_GUID \ { 0xd15b327e, 0xff2d, 0x4fc1, {0xab, 0xf6, 0xc1, 0x2b, 0xd0, 0x8c, 0x13, 0x59} } -#define DASHARO_SYSTEM_FEATURES_FORM_ID 0x1000 -#define DASHARO_SECURITY_OPTIONS_FORM_ID 0x1001 -#define DASHARO_NETWORK_OPTIONS_FORM_ID 0x1002 -#define DASHARO_USB_CONFIGURATION_FORM_ID 0x1003 -#define DASHARO_INTEL_ME_OPTIONS_FORM_ID 0x1004 +#define DASHARO_SYSTEM_FEATURES_FORM_ID 0x1000 +#define DASHARO_SECURITY_OPTIONS_FORM_ID 0x1001 +#define DASHARO_NETWORK_OPTIONS_FORM_ID 0x1002 +#define DASHARO_USB_CONFIGURATION_FORM_ID 0x1003 +#define DASHARO_INTEL_ME_OPTIONS_FORM_ID 0x1004 +#define DASHARO_CHIPSET_CONFIGURATION_FORM_ID 0x1005 -#define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 +#define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 typedef struct { BOOLEAN LockBios; @@ -27,6 +28,7 @@ typedef struct { BOOLEAN UsbStack; BOOLEAN UsbMassStorage; UINT8 MeMode; + BOOLEAN Ps2Controller; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 31ceb2a7fc..ab38098a1f 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -26,6 +26,9 @@ #string STR_DASHARO_USB_CONFIGURATION_TITLE #language en-US "USB Configuration" #string STR_DASHARO_USB_CONFIGURATION_HELP #language en-US "USB-related options" +#string STR_DASHARO_CHIPSET_CONFIGURATION_TITLE #language en-US "Chipset Configuration" +#string STR_DASHARO_CHIPSET_CONFIGURATION_HELP #language en-US "Chipset-related options" + #string STR_LOCK_BIOS_PROMPT #language en-US "Lock the BIOS boot medium" #string STR_LOCK_BIOS_HELP #language en-US "Locks the recovery partition of vboot" @@ -54,3 +57,7 @@ #string STR_ME_MODE_ENABLE #language en-US "Enabled" #string STR_ME_MODE_DISABLE_HECI #language en-US "Disabled (Soft)" #string STR_ME_MODE_DISABLE_HAP #language en-US "Disabled (HAP)" + +#string STR_PS2_CONTROLLER_ENABLE_PROMPT #language en-US "Enable PS2 Controller" +#string STR_PS2_CONTROLLER_ENABLE_HELP #language en-US "Enables/disables the PS/2 Controller. When enabled, PS/2 keyboards and mice will be detected in the firmware and operating system." + diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 05e871cd56..477376cf55 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -38,6 +38,10 @@ formset prompt = STRING_TOKEN(STR_DASHARO_INTEL_ME_OPTIONS_TITLE), help = STRING_TOKEN(STR_DASHARO_INTEL_ME_OPTIONS_HELP); + goto DASHARO_CHIPSET_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_CHIPSET_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_CHIPSET_CONFIGURATION_HELP); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); @@ -126,4 +130,20 @@ formset subtitle text = STRING_TOKEN(STR_EXIT_STRING); endform; + form formid = DASHARO_CHIPSET_CONFIGURATION_FORM_ID, + title = STRING_TOKEN(STR_DASHARO_CHIPSET_CONFIGURATION_TITLE); + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + + checkbox varid = FeaturesData.Ps2Controller, + prompt = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_PROMPT), + help = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_HELP), + flags = INTERACTIVE, + endcheckbox; + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EXIT_STRING); + endform; + endformset; From ecaa5ddb30c58095e3b5bdc9dc7d260e1b98d57f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sat, 12 Nov 2022 13:32:01 +0100 Subject: [PATCH 094/357] DasharoModulePkg: DasharoBootPolicies,DasharoSystemFeatures: enable PS/2 by default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoBootPolicies/BootPolicies.c | 24 +++++++++---------- .../DasharoSystemFeatures.c | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index 32d9852dc5..fdb5e1dc16 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -49,7 +49,7 @@ InitializeBootPolicies ( mUsbMassStoragePolicy.Revision = USB_MASS_STORAGE_POLICY_PROTOCOL_REVISION_01; mUsbMassStoragePolicy.UsbMassStorageEnabled = TRUE; mPs2ControllerPolicy.Revision = PS2_CONTROLLER_POLICY_PROTOCOL_REVISION_01; - mPs2ControllerPolicy.Ps2ControllerEnabled = FALSE; // disable by default + mPs2ControllerPolicy.Ps2ControllerEnabled = TRUE; Status = GetVariable2 ( L"NetworkBoot", @@ -128,19 +128,19 @@ InitializeBootPolicies ( &VarSize ); - if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*EfiVar))) { - + if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*EfiVar))) mPs2ControllerPolicy.Ps2ControllerEnabled = *EfiVar; + else + mPs2ControllerPolicy.Ps2ControllerEnabled = TRUE; // enable PS2 by default - if (mPs2ControllerPolicy.Ps2ControllerEnabled) { - gBS->InstallMultipleProtocolInterfaces ( - &ImageHandle, - &gDasharoPs2ControllerPolicyGuid, - &mPs2ControllerPolicy, - NULL - ); - DEBUG ((EFI_D_INFO, "Boot Policy: Enabling PS2 Controller\n")); - } + if (mPs2ControllerPolicy.Ps2ControllerEnabled) { + gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gDasharoPs2ControllerPolicyGuid, + &mPs2ControllerPolicy, + NULL + ); + DEBUG ((EFI_D_INFO, "Boot Policy: Enabling PS2 Controller\n")); } return EFI_SUCCESS; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 8c95e4685d..8c42b12379 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -23,7 +23,7 @@ STATIC BOOLEAN mLockBiosDefault = TRUE; STATIC BOOLEAN mSmmBwpDefault = FALSE; STATIC BOOLEAN mNetworkBootDefault = FALSE; STATIC UINT8 mMeModeDefault = ME_MODE_ENABLE; -STATIC BOOLEAN mPs2ControllerDefault = FALSE; +STATIC BOOLEAN mPs2ControllerDefault = TRUE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, From a4553260b861018ee9badf763529b8d1c458a05b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 14 Nov 2022 11:03:20 +0100 Subject: [PATCH 095/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c: fix builds without Dasharo features enabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoSystemFeatures.c | 28 ++++++------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 8c42b12379..01218a9c12 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -80,7 +80,7 @@ DasharoSystemFeaturesUiLibConstructor ( UINTN BufferSize; if (!PcdGetBool (PcdShowMenu)) - return EFI_UNSUPPORTED; + return EFI_SUCCESS; mDasharoSystemFeaturesPrivate.DriverHandle = NULL; Status = gBS->InstallMultipleProtocolInterfaces ( @@ -121,9 +121,7 @@ DasharoSystemFeaturesUiLibConstructor ( &mLockBiosDefault ); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios = mLockBiosDefault; - if (EFI_ERROR(Status)) { - return Status; - } + ASSERT_EFI_ERROR (Status); } BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot); @@ -144,6 +142,7 @@ DasharoSystemFeaturesUiLibConstructor ( &mNetworkBootDefault ); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot = mNetworkBootDefault; + ASSERT_EFI_ERROR (Status); } BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack); @@ -164,6 +163,7 @@ DasharoSystemFeaturesUiLibConstructor ( &mUsbStackDefault ); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack = mUsbStackDefault; + ASSERT_EFI_ERROR (Status); } BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage); @@ -184,10 +184,7 @@ DasharoSystemFeaturesUiLibConstructor ( &mUsbMassStorageDefault ); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage = mUsbMassStorageDefault; - } - - if (EFI_ERROR(Status)) { - return Status; + ASSERT_EFI_ERROR (Status); } BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp); @@ -208,10 +205,7 @@ DasharoSystemFeaturesUiLibConstructor ( &mSmmBwpDefault ); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp = mSmmBwpDefault; - } - - if (EFI_ERROR(Status)) { - return Status; + ASSERT_EFI_ERROR (Status); } BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode); @@ -232,10 +226,7 @@ DasharoSystemFeaturesUiLibConstructor ( &mMeModeDefault ); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode = mMeModeDefault; - } - - if (EFI_ERROR(Status)) { - return Status; + ASSERT_EFI_ERROR (Status); } BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller); @@ -256,10 +247,7 @@ DasharoSystemFeaturesUiLibConstructor ( &mPs2ControllerDefault ); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller = mPs2ControllerDefault; - } - - if (EFI_ERROR(Status)) { - return Status; + ASSERT_EFI_ERROR (Status); } return EFI_SUCCESS; From be445fe4a1f71f09af39365b7bdf6daddc7f40d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 14 Nov 2022 16:09:17 +0100 Subject: [PATCH 096/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: add watchdog option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoSystemFeatures.c | 191 +++++++++++++++++- .../DasharoSystemFeatures.h | 5 + .../DasharoSystemFeaturesHii.h | 24 ++- .../DasharoSystemFeaturesStrings.uni | 5 + .../DasharoSystemFeaturesUiLib.inf | 2 + .../DasharoSystemFeaturesVfr.vfr | 21 ++ 6 files changed, 240 insertions(+), 8 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 01218a9c12..b61145fe81 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -6,9 +6,12 @@ SPDX-License-Identifier: BSD-2-Clause **/ -#include #include "DasharoSystemFeatures.h" +#define PCH_OC_WDT_CTL 0x54 +#define PCH_OC_WDT_CTL_EN BIT14 +#define PCH_OC_WDT_CTL_TOV_MASK 0x3FF + STATIC CHAR16 mVarStoreName[] = L"FeaturesData"; STATIC CHAR16 mLockBiosEfiVar[] = L"LockBios"; STATIC CHAR16 mSmmBwpEfiVar[] = L"SmmBwp"; @@ -17,6 +20,8 @@ STATIC CHAR16 mNetworkBootEfiVar[] = L"NetworkBoot"; STATIC CHAR16 mUsbStackEfiVar[] = L"UsbDriverStack"; STATIC CHAR16 mUsbMassStorageEfiVar[] = L"UsbMassStorage"; STATIC CHAR16 mPs2ControllerEfiVar[] = L"Ps2Controller"; +STATIC CHAR16 mWatchdogEfiVar[] = L"WatchdogConfig"; +STATIC CHAR16 mWatchdogStateEfiVar[] = L"WatchdogAvailable"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; STATIC BOOLEAN mLockBiosDefault = TRUE; @@ -58,6 +63,123 @@ STATIC HII_VENDOR_DEVICE_PATH mDasharoSystemFeaturesHiiVendorDevicePath = { } }; +/** + This function uses the ACPI SDT protocol to locate an ACPI table. + It is really only useful for finding tables that only have a single instance, + e.g. FADT, FACS, MADT, etc. It is not good for locating SSDT, etc. + Matches are determined by finding the table with ACPI table that has + a matching signature. + + @param[in] Signature - Pointer to an ASCII string containing the OEM Table ID from the ACPI table header + @param[in, out] Table - Updated with a pointer to the table + @param[in, out] Handle - AcpiSupport protocol table handle for the table found + @param[in, out] Version - The version of the table desired + + @retval EFI_SUCCESS - The function completed successfully. + @retval EFI_NOT_FOUND - Failed to locate AcpiTable. + @retval EFI_NOT_READY - Not ready to locate AcpiTable. +**/ +EFI_STATUS +EFIAPI +LocateAcpiTableBySignature ( + IN UINT32 Signature, + IN OUT EFI_ACPI_DESCRIPTION_HEADER **Table + ) +{ + EFI_STATUS Status; + INTN Index; + EFI_ACPI_TABLE_VERSION Version; + EFI_ACPI_DESCRIPTION_HEADER *OrgTable; + EFI_ACPI_SDT_PROTOCOL *SdtProtocol; + UINTN Handle; + + Status = gBS->LocateProtocol (&gEfiAcpiSdtProtocolGuid, NULL, (VOID **)&SdtProtocol); + if (EFI_ERROR (Status)) + return Status; + + /// + /// Locate table with matching ID + /// + Version = 0; + Index = 0; + Handle = 0; + do { + Status = SdtProtocol->GetAcpiTable ( + Index, + (EFI_ACPI_SDT_HEADER **)&OrgTable, + &Version, + &Handle + ); + if (Status == EFI_NOT_FOUND) { + break; + } + ASSERT_EFI_ERROR (Status); + Index++; + } while (OrgTable->Signature != Signature); + + if (Status != EFI_NOT_FOUND) { + *Table = AllocateCopyPool (OrgTable->Length, OrgTable); + if (*Table == NULL) + return EFI_OUT_OF_RESOURCES; + } + + /// + /// If we found the table, there will be no error. + /// + return Status; +} + +/** + This function will be called only if the Watchdog variable is not present. + It will populate the initial state based on what coreboot has programmed. + If watchdog was not enabled on first boot, it means it was not enabled, + and watchdog options should be hidden (WatchdogState == FALSE); +**/ +VOID +EFIAPI +GetDefaultWatchdogConfig ( + IN OUT DASHARO_FEATURES_DATA *FeaturesData + ) +{ + EFI_STATUS Status; + EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *FadtTable; + UINTN AcpiBase; + UINT32 WatchdogCtl; + + Status = LocateAcpiTableBySignature ( + EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE, + (EFI_ACPI_DESCRIPTION_HEADER **) &FadtTable + ); + if (EFI_ERROR (Status) || (FadtTable == NULL)) { + FeaturesData->WatchdogState = FALSE; + FeaturesData->WatchdogConfig.WatchdogEnable = FALSE; + return; + } + + /* On Intel platforms PM1A Event Block is the ACPI Base */ + AcpiBase = FadtTable->Pm1aEvtBlk; + + /* ACPI size is 0x100 bytes, check for invalid base */ + if (AcpiBase > 0xFF00) { + FeaturesData->WatchdogState = FALSE; + FeaturesData->WatchdogConfig.WatchdogEnable = FALSE; + return; + } + + WatchdogCtl = IoRead32(AcpiBase + 0x54); + + if (WatchdogCtl & PCH_OC_WDT_CTL_EN) { + FeaturesData->WatchdogState = TRUE; + FeaturesData->WatchdogConfig.WatchdogEnable = TRUE; + /* OC WDT timeout is 0 based (0 means 1 second) so increment to match the VFR */ + FeaturesData->WatchdogConfig.WatchdogTimeout = (WatchdogCtl & PCH_OC_WDT_CTL_TOV_MASK) + 1; + } else { + FeaturesData->WatchdogState = FALSE; + FeaturesData->WatchdogConfig.WatchdogEnable = FALSE; + } +} + + /** Install Dasharo System Features Menu driver. @@ -250,6 +372,57 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogState); + Status = gRT->GetVariable ( + mWatchdogStateEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogState + ); + + if (Status == EFI_NOT_FOUND) { + GetDefaultWatchdogConfig(&mDasharoSystemFeaturesPrivate.DasharoFeaturesData); + + Status = gRT->SetVariable ( + mWatchdogEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig + ); + ASSERT_EFI_ERROR (Status); + + Status = gRT->SetVariable ( + mWatchdogStateEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogState), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogState + ); + ASSERT_EFI_ERROR (Status); + } else { + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig); + Status = gRT->GetVariable ( + mWatchdogEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig + ); + + if (Status == EFI_NOT_FOUND) { + Status = gRT->SetVariable ( + mWatchdogEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig + ); + ASSERT_EFI_ERROR (Status); + } + } + return EFI_SUCCESS; } @@ -527,6 +700,22 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.WatchdogConfig.WatchdogEnable != + DasharoFeaturesData.WatchdogConfig.WatchdogEnable || + Private->DasharoFeaturesData.WatchdogConfig.WatchdogTimeout != + DasharoFeaturesData.WatchdogConfig.WatchdogTimeout) { + Status = gRT->SetVariable ( + mWatchdogEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.WatchdogConfig), + &DasharoFeaturesData.WatchdogConfig + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h index cb9bf53c8d..3cf7213eb4 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h @@ -12,8 +12,12 @@ SPDX-License-Identifier: BSD-2-Clause #include #include +#include #include +#include + +#include #include #include #include @@ -21,6 +25,7 @@ SPDX-License-Identifier: BSD-2-Clause #include #include #include +#include #include #include #include diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 3dbf3718f5..20137c6c9d 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -21,14 +21,24 @@ SPDX-License-Identifier: BSD-2-Clause #define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 +#pragma pack(push,1) typedef struct { - BOOLEAN LockBios; - BOOLEAN SmmBwp; - BOOLEAN NetworkBoot; - BOOLEAN UsbStack; - BOOLEAN UsbMassStorage; - UINT8 MeMode; - BOOLEAN Ps2Controller; + BOOLEAN WatchdogEnable; + UINT16 WatchdogTimeout; +} WATCHDOG_CONFIG; + +#pragma pack(pop) + +typedef struct { + BOOLEAN LockBios; + BOOLEAN SmmBwp; + BOOLEAN NetworkBoot; + BOOLEAN UsbStack; + BOOLEAN UsbMassStorage; + UINT8 MeMode; + BOOLEAN Ps2Controller; + WATCHDOG_CONFIG WatchdogConfig; + BOOLEAN WatchdogState; // holds the state of watchdog before VAR population } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index ab38098a1f..5eaac17e6f 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -61,3 +61,8 @@ #string STR_PS2_CONTROLLER_ENABLE_PROMPT #language en-US "Enable PS2 Controller" #string STR_PS2_CONTROLLER_ENABLE_HELP #language en-US "Enables/disables the PS/2 Controller. When enabled, PS/2 keyboards and mice will be detected in the firmware and operating system." +#string STR_WATCHDOG_ENABLE_PROMPT #language en-US "Enable watchdog" +#string STR_WATCHDOG_ENABLE_HELP #language en-US "Enables/disables OC Watchdog Timer during POST. If the timers expires, for example due to an unexpected hang or lockup, the platform will be reset after specified timeout." + +#string STR_WATCHDOG_TIMEOUT_PROMPT #language en-US "Watchdog timeout value" +#string STR_WATCHDOG_TIMEOUT_HELP #language en-US "Sets the watchdog timer expiration value in seconds. Minimum is 60s, maximum 1024s." diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index e8d89c6b1e..078ae3c04f 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -41,6 +41,7 @@ UefiRuntimeServicesTableLib BaseMemoryLib DebugLib + IoLib PcdLib PrintLib HiiLib @@ -54,6 +55,7 @@ [Protocols] gEfiHiiConfigAccessProtocolGuid ## CONSUMES + gEfiAcpiSdtProtocolGuid ## SOMETIMES_CONSUMES [Pcd] gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 477376cf55..996634d4b9 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -141,6 +141,27 @@ formset flags = INTERACTIVE, endcheckbox; + suppressif ideqval FeaturesData.WatchdogState == 0; + checkbox varid = FeaturesData.WatchdogConfig.WatchdogEnable, + prompt = STRING_TOKEN(STR_WATCHDOG_ENABLE_PROMPT), + help = STRING_TOKEN(STR_WATCHDOG_ENABLE_HELP), + flags = INTERACTIVE, + endcheckbox; + + suppressif ideqval FeaturesData.WatchdogConfig.WatchdogEnable == 0; + numeric varid = FeaturesData.WatchdogConfig.WatchdogTimeout, + prompt = STRING_TOKEN(STR_WATCHDOG_TIMEOUT_PROMPT), + help = STRING_TOKEN(STR_WATCHDOG_TIMEOUT_HELP), + flags = INTERACTIVE, + minimum = 60, + maximum = 1024, + step = 0, // Stepping of 0 equates to a manual entering + // of a value, otherwise it will be adjusted by "+"/"-" + default = 90, + endnumeric; + endif; + endif; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); From 274ce40520cc9116c81e84818879dc2a38e5e35b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 5 Dec 2022 19:28:38 +0100 Subject: [PATCH 097/357] DasharoModulePkg: Add PCDs for selective feature enablement MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoModulePkg/DasharoModulePkg.dec | 5 +++ .../DasharoSystemFeatures.c | 11 +++++ .../DasharoSystemFeaturesHii.h | 9 ++++- .../DasharoSystemFeaturesUiLib.inf | 5 +++ .../DasharoSystemFeaturesVfr.vfr | 40 ++++++++++++------- 5 files changed, 54 insertions(+), 16 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index d7b3ac3270..aa6277ba8c 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -38,6 +38,11 @@ gDasharoPs2ControllerPolicyGuid = { 0x4885b96d, 0xbdf1, 0x496d, {0xbc, 0x3d, 0x3e, 0x79, 0x57, 0x74, 0xcd, 0x40 }} [PcdsFixedAtBuild] gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|FALSE|BOOLEAN|0x00000001 +gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSecurityMenu|FALSE|BOOLEAN|0x00000002 +gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIntelMeMenu|FALSE|BOOLEAN|0x00000003 +gDasharoSystemFeaturesTokenSpaceGuid.PcdShowUsbMenu|FALSE|BOOLEAN|0x00000004 +gDasharoSystemFeaturesTokenSpaceGuid.PcdShowNetworkMenu|FALSE|BOOLEAN|0x00000005 +gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu|FALSE|BOOLEAN|0x00000006 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index b61145fe81..ea4e1b34a8 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -12,7 +12,9 @@ SPDX-License-Identifier: BSD-2-Clause #define PCH_OC_WDT_CTL_EN BIT14 #define PCH_OC_WDT_CTL_TOV_MASK 0x3FF +// Feature state STATIC CHAR16 mVarStoreName[] = L"FeaturesData"; + STATIC CHAR16 mLockBiosEfiVar[] = L"LockBios"; STATIC CHAR16 mSmmBwpEfiVar[] = L"SmmBwp"; STATIC CHAR16 mMeModeEfiVar[] = L"MeMode"; @@ -22,6 +24,7 @@ STATIC CHAR16 mUsbMassStorageEfiVar[] = L"UsbMassStorage"; STATIC CHAR16 mPs2ControllerEfiVar[] = L"Ps2Controller"; STATIC CHAR16 mWatchdogEfiVar[] = L"WatchdogConfig"; STATIC CHAR16 mWatchdogStateEfiVar[] = L"WatchdogAvailable"; + STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; STATIC BOOLEAN mLockBiosDefault = TRUE; @@ -225,6 +228,14 @@ DasharoSystemFeaturesUiLibConstructor ( ); ASSERT (mDasharoSystemFeaturesPrivate.HiiHandle != NULL); + // Set feature visibility + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSecurityMenu = PcdGetBool (PcdShowSecurityMenu); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowIntelMeMenu = PcdGetBool (PcdShowIntelMeMenu); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowUsbMenu = PcdGetBool (PcdShowUsbMenu); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowNetworkMenu = PcdGetBool (PcdShowNetworkMenu); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowChipsetMenu = PcdGetBool (PcdShowChipsetMenu); + + // Setup feature state BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); Status = gRT->GetVariable ( mLockBiosEfiVar, diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 20137c6c9d..f0d997834f 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -21,7 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause #define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 -#pragma pack(push,1) +#pragma pack(push,1) typedef struct { BOOLEAN WatchdogEnable; UINT16 WatchdogTimeout; @@ -30,6 +30,13 @@ typedef struct { #pragma pack(pop) typedef struct { + // Feature visibility + BOOLEAN ShowSecurityMenu; + BOOLEAN ShowIntelMeMenu; + BOOLEAN ShowUsbMenu; + BOOLEAN ShowNetworkMenu; + BOOLEAN ShowChipsetMenu; + // Feature data BOOLEAN LockBios; BOOLEAN SmmBwp; BOOLEAN NetworkBoot; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 078ae3c04f..1816b169c5 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -59,3 +59,8 @@ [Pcd] gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSecurityMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIntelMeMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowUsbMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowNetworkMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 996634d4b9..29f2538f01 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -22,25 +22,35 @@ formset form formid = DASHARO_SYSTEM_FEATURES_FORM_ID, title = STRING_TOKEN(STR_EDKII_MENU_TITLE); - goto DASHARO_SECURITY_OPTIONS_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_SECURITY_OPTIONS_TITLE), - help = STRING_TOKEN(STR_DASHARO_SECURITY_OPTIONS_HELP); + suppressif ideqval FeaturesData.ShowSecurityMenu == 0; + goto DASHARO_SECURITY_OPTIONS_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_SECURITY_OPTIONS_TITLE), + help = STRING_TOKEN(STR_DASHARO_SECURITY_OPTIONS_HELP); + endif; - goto DASHARO_NETWORK_OPTIONS_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_NETWORKING_OPTIONS_TITLE), - help = STRING_TOKEN(STR_DASHARO_NETWORKING_OPTIONS_HELP); + suppressif ideqval FeaturesData.ShowNetworkMenu == 0; + goto DASHARO_NETWORK_OPTIONS_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_NETWORKING_OPTIONS_TITLE), + help = STRING_TOKEN(STR_DASHARO_NETWORKING_OPTIONS_HELP); + endif; - goto DASHARO_USB_CONFIGURATION_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_USB_CONFIGURATION_TITLE), - help = STRING_TOKEN(STR_DASHARO_USB_CONFIGURATION_HELP); + suppressif ideqval FeaturesData.ShowUsbMenu == 0; + goto DASHARO_USB_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_USB_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_USB_CONFIGURATION_HELP); + endif; - goto DASHARO_INTEL_ME_OPTIONS_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_INTEL_ME_OPTIONS_TITLE), - help = STRING_TOKEN(STR_DASHARO_INTEL_ME_OPTIONS_HELP); + suppressif ideqval FeaturesData.ShowIntelMeMenu == 0; + goto DASHARO_INTEL_ME_OPTIONS_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_INTEL_ME_OPTIONS_TITLE), + help = STRING_TOKEN(STR_DASHARO_INTEL_ME_OPTIONS_HELP); + endif; - goto DASHARO_CHIPSET_CONFIGURATION_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_CHIPSET_CONFIGURATION_TITLE), - help = STRING_TOKEN(STR_DASHARO_CHIPSET_CONFIGURATION_HELP); + suppressif ideqval FeaturesData.ShowChipsetMenu == 0; + goto DASHARO_CHIPSET_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_CHIPSET_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_CHIPSET_CONFIGURATION_HELP); + endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); From 64d6e95a462681f5e108b21be4f2d3fb10bc415c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Thu, 8 Dec 2022 14:26:58 +0100 Subject: [PATCH 098/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c: Refactor the setting of efivar defaults MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change the efivar defaults setup so that the default value is only accessed once. This is a preparation for transitioning to using PCDs for defaults Signed-off-by: Michał Kopeć --- .../DasharoSystemFeatures.c | 42 +++++++++---------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index ea4e1b34a8..3448d38c6d 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -246,14 +246,14 @@ DasharoSystemFeaturesUiLibConstructor ( ); if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios = mLockBiosDefault; Status = gRT->SetVariable ( mLockBiosEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mLockBiosDefault), - &mLockBiosDefault + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios ); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios = mLockBiosDefault; ASSERT_EFI_ERROR (Status); } @@ -267,14 +267,14 @@ DasharoSystemFeaturesUiLibConstructor ( ); if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot = mNetworkBootDefault; Status = gRT->SetVariable ( mNetworkBootEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mNetworkBootDefault), - &mNetworkBootDefault + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot ); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot = mNetworkBootDefault; ASSERT_EFI_ERROR (Status); } @@ -288,14 +288,14 @@ DasharoSystemFeaturesUiLibConstructor ( ); if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack = mUsbStackDefault; Status = gRT->SetVariable ( mUsbStackEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mUsbStackDefault), - &mUsbStackDefault + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack ); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack = mUsbStackDefault; ASSERT_EFI_ERROR (Status); } @@ -309,14 +309,14 @@ DasharoSystemFeaturesUiLibConstructor ( ); if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage = mUsbMassStorageDefault; Status = gRT->SetVariable ( mUsbMassStorageEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mUsbMassStorageDefault), - &mUsbMassStorageDefault + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage ); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage = mUsbMassStorageDefault; ASSERT_EFI_ERROR (Status); } @@ -330,14 +330,14 @@ DasharoSystemFeaturesUiLibConstructor ( ); if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp = mSmmBwpDefault; Status = gRT->SetVariable ( mSmmBwpEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mSmmBwpDefault), - &mSmmBwpDefault + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp ); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp = mSmmBwpDefault; ASSERT_EFI_ERROR (Status); } @@ -351,14 +351,14 @@ DasharoSystemFeaturesUiLibConstructor ( ); if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode = mMeModeDefault; Status = gRT->SetVariable ( mMeModeEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mMeModeDefault), - &mMeModeDefault + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode ); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode = mMeModeDefault; ASSERT_EFI_ERROR (Status); } @@ -372,14 +372,14 @@ DasharoSystemFeaturesUiLibConstructor ( ); if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller = mPs2ControllerDefault; Status = gRT->SetVariable ( mPs2ControllerEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mPs2ControllerDefault), - &mPs2ControllerDefault + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller ); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller = mPs2ControllerDefault; ASSERT_EFI_ERROR (Status); } From 602b65cad2ecc7eb430279ff772ce0d2d24d52b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Thu, 8 Dec 2022 14:30:09 +0100 Subject: [PATCH 099/357] DasharoModulePkg: Add a PCD for network boot default enable state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoModulePkg/DasharoModulePkg.dec | 1 + .../Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c | 3 +-- .../DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index aa6277ba8c..0d662ccc54 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -43,6 +43,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIntelMeMenu|FALSE|BOOLEAN|0x00000003 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowUsbMenu|FALSE|BOOLEAN|0x00000004 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowNetworkMenu|FALSE|BOOLEAN|0x00000005 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu|FALSE|BOOLEAN|0x00000006 +gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE|BOOLEAN|0x00000007 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 3448d38c6d..f98b8b44f7 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -29,7 +29,6 @@ STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; STATIC BOOLEAN mLockBiosDefault = TRUE; STATIC BOOLEAN mSmmBwpDefault = FALSE; -STATIC BOOLEAN mNetworkBootDefault = FALSE; STATIC UINT8 mMeModeDefault = ME_MODE_ENABLE; STATIC BOOLEAN mPs2ControllerDefault = TRUE; @@ -267,7 +266,7 @@ DasharoSystemFeaturesUiLibConstructor ( ); if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot = mNetworkBootDefault; + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot = PcdGetBool (PcdDefaultNetworkBootEnable); Status = gRT->SetVariable ( mNetworkBootEfiVar, &gDasharoSystemFeaturesGuid, diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 1816b169c5..cd9f49448d 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -64,3 +64,4 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowUsbMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowNetworkMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable From 8f38732fe3adbad8882f730776cc7c0c189fdeb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 19 Dec 2022 14:54:09 +0100 Subject: [PATCH 100/357] DasharoModulePkg/DasharoModulePkg.dec: Fix formatting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoModulePkg/DasharoModulePkg.dec | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 0d662ccc54..677e98aebe 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -36,14 +36,15 @@ gDasharoUsbDriverPolicyGuid = { 0x808330b5, 0xbe46, 0x4a41, { 0x97, 0x79, 0x84, 0xa3, 0xd1, 0x31, 0xbb, 0xb4 }} gDasharoUsbMassStoragePolicyGuid = { 0xd7d1a290, 0x651a, 0x4c90, { 0xbf, 0x09, 0x1b, 0x7c, 0x56, 0x7c, 0xd5, 0x9c }} gDasharoPs2ControllerPolicyGuid = { 0x4885b96d, 0xbdf1, 0x496d, {0xbc, 0x3d, 0x3e, 0x79, 0x57, 0x74, 0xcd, 0x40 }} + [PcdsFixedAtBuild] -gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|FALSE|BOOLEAN|0x00000001 -gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSecurityMenu|FALSE|BOOLEAN|0x00000002 -gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIntelMeMenu|FALSE|BOOLEAN|0x00000003 -gDasharoSystemFeaturesTokenSpaceGuid.PcdShowUsbMenu|FALSE|BOOLEAN|0x00000004 -gDasharoSystemFeaturesTokenSpaceGuid.PcdShowNetworkMenu|FALSE|BOOLEAN|0x00000005 -gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu|FALSE|BOOLEAN|0x00000006 -gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE|BOOLEAN|0x00000007 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|FALSE|BOOLEAN|0x00000001 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSecurityMenu|FALSE|BOOLEAN|0x00000002 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIntelMeMenu|FALSE|BOOLEAN|0x00000003 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowUsbMenu|FALSE|BOOLEAN|0x00000004 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowNetworkMenu|FALSE|BOOLEAN|0x00000005 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu|FALSE|BOOLEAN|0x00000006 + gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE|BOOLEAN|0x00000007 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. From 55a69334d3f7f975a9649439caefd4401d82c222 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 24 Jan 2023 11:58:32 +0100 Subject: [PATCH 101/357] DasharoModulePkg: Setup fan curve efi vars MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoModulePkg/DasharoModulePkg.dec | 3 +- .../DasharoSystemFeatures.c | 48 ++++++++++++++++--- .../DasharoSystemFeaturesHii.h | 5 ++ .../DasharoSystemFeaturesStrings.uni | 11 +++++ .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 30 ++++++++++-- 6 files changed, 88 insertions(+), 10 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 677e98aebe..178d5c8165 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -44,7 +44,8 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowUsbMenu|FALSE|BOOLEAN|0x00000004 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowNetworkMenu|FALSE|BOOLEAN|0x00000005 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu|FALSE|BOOLEAN|0x00000006 - gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE|BOOLEAN|0x00000007 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu|FALSE|BOOLEAN|0x00000007 + gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE|BOOLEAN|0x00000008 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index f98b8b44f7..0539cf9ece 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -24,13 +24,15 @@ STATIC CHAR16 mUsbMassStorageEfiVar[] = L"UsbMassStorage"; STATIC CHAR16 mPs2ControllerEfiVar[] = L"Ps2Controller"; STATIC CHAR16 mWatchdogEfiVar[] = L"WatchdogConfig"; STATIC CHAR16 mWatchdogStateEfiVar[] = L"WatchdogAvailable"; +STATIC CHAR16 mFanCurveOptionEfiVar[] = L"FanCurveOption"; -STATIC BOOLEAN mUsbStackDefault = TRUE; -STATIC BOOLEAN mUsbMassStorageDefault = TRUE; -STATIC BOOLEAN mLockBiosDefault = TRUE; -STATIC BOOLEAN mSmmBwpDefault = FALSE; -STATIC UINT8 mMeModeDefault = ME_MODE_ENABLE; -STATIC BOOLEAN mPs2ControllerDefault = TRUE; +STATIC BOOLEAN mUsbStackDefault = TRUE; +STATIC BOOLEAN mUsbMassStorageDefault = TRUE; +STATIC BOOLEAN mLockBiosDefault = TRUE; +STATIC BOOLEAN mSmmBwpDefault = FALSE; +STATIC UINT8 mMeModeDefault = ME_MODE_ENABLE; +STATIC BOOLEAN mPs2ControllerDefault = TRUE; +STATIC UINT8 mFanCurveOptionDefault = FAN_CURVE_OPTION_SILENT; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -233,6 +235,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowUsbMenu = PcdGetBool (PcdShowUsbMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowNetworkMenu = PcdGetBool (PcdShowNetworkMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowChipsetMenu = PcdGetBool (PcdShowChipsetMenu); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPowerMenu = PcdGetBool (PcdShowPowerMenu); // Setup feature state BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); @@ -433,6 +436,26 @@ DasharoSystemFeaturesUiLibConstructor ( } } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption); + Status = gRT->GetVariable ( + mFanCurveOptionEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption = mFanCurveOptionDefault; + Status = gRT->SetVariable ( + mFanCurveOptionEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption + ); + ASSERT_EFI_ERROR (Status); + } return EFI_SUCCESS; } @@ -710,6 +733,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.FanCurveOption != DasharoFeaturesData.FanCurveOption) { + Status = gRT->SetVariable ( + mFanCurveOptionEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.FanCurveOption), + &DasharoFeaturesData.FanCurveOption + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + if (Private->DasharoFeaturesData.WatchdogConfig.WatchdogEnable != DasharoFeaturesData.WatchdogConfig.WatchdogEnable || Private->DasharoFeaturesData.WatchdogConfig.WatchdogTimeout != diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index f0d997834f..82a999e3db 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -18,6 +18,7 @@ SPDX-License-Identifier: BSD-2-Clause #define DASHARO_USB_CONFIGURATION_FORM_ID 0x1003 #define DASHARO_INTEL_ME_OPTIONS_FORM_ID 0x1004 #define DASHARO_CHIPSET_CONFIGURATION_FORM_ID 0x1005 +#define DASHARO_POWER_CONFIGURATION_FORM_ID 0x1006 #define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 @@ -27,6 +28,8 @@ typedef struct { UINT16 WatchdogTimeout; } WATCHDOG_CONFIG; +#define FAN_CURVE_OPTION_SILENT 0 +#define FAN_CURVE_OPTION_PERFORMANCE 1 #pragma pack(pop) typedef struct { @@ -36,6 +39,7 @@ typedef struct { BOOLEAN ShowUsbMenu; BOOLEAN ShowNetworkMenu; BOOLEAN ShowChipsetMenu; + BOOLEAN ShowPowerMenu; // Feature data BOOLEAN LockBios; BOOLEAN SmmBwp; @@ -46,6 +50,7 @@ typedef struct { BOOLEAN Ps2Controller; WATCHDOG_CONFIG WatchdogConfig; BOOLEAN WatchdogState; // holds the state of watchdog before VAR population + UINT8 FanCurveOption; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 5eaac17e6f..79cd2fc240 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -29,6 +29,9 @@ #string STR_DASHARO_CHIPSET_CONFIGURATION_TITLE #language en-US "Chipset Configuration" #string STR_DASHARO_CHIPSET_CONFIGURATION_HELP #language en-US "Chipset-related options" +#string STR_DASHARO_POWER_CONFIGURATION_TITLE #language en-US "Power Management Options" +#string STR_DASHARO_POWER_CONFIGURATION_HELP #language en-US "Power management-related options" + #string STR_LOCK_BIOS_PROMPT #language en-US "Lock the BIOS boot medium" #string STR_LOCK_BIOS_HELP #language en-US "Locks the recovery partition of vboot" @@ -66,3 +69,11 @@ #string STR_WATCHDOG_TIMEOUT_PROMPT #language en-US "Watchdog timeout value" #string STR_WATCHDOG_TIMEOUT_HELP #language en-US "Sets the watchdog timer expiration value in seconds. Minimum is 60s, maximum 1024s." + +#string STR_FAN_CURVE_PROMPT #language en-US "Fan profile" +#string STR_FAN_CURVE_HELP #language en-US "Sets the preferred fan operation mode.\n\n" + "Silent: The fan will operate at lower speeds to reduce noise.\n\n" + "Performance: The fans will work at higher speeds to reduce temperature and increase performance." + +#string STR_FAN_CURVE_SILENT #language en-US "Silent" +#string STR_FAN_CURVE_PERFORMANCE #language en-US "Performance" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index cd9f49448d..861874655a 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -64,4 +64,5 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowUsbMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowNetworkMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 29f2538f01..78f584473f 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -52,6 +52,12 @@ formset help = STRING_TOKEN(STR_DASHARO_CHIPSET_CONFIGURATION_HELP); endif; + suppressif ideqval FeaturesData.ShowPowerMenu == 0; + goto DASHARO_POWER_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_POWER_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_POWER_CONFIGURATION_HELP); + endif; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); @@ -130,9 +136,9 @@ formset help = STRING_TOKEN(STR_ME_MODE_HELP), flags = INTERACTIVE, - option text = STRING_TOKEN(STR_ME_MODE_ENABLE), value = ME_MODE_ENABLE, flags = 0; - option text = STRING_TOKEN(STR_ME_MODE_DISABLE_HECI), value = ME_MODE_DISABLE_HECI, flags = 0; - option text = STRING_TOKEN(STR_ME_MODE_DISABLE_HAP), value = ME_MODE_DISABLE_HAP, flags = 0; + option text = STRING_TOKEN(STR_ME_MODE_ENABLE), value = ME_MODE_ENABLE, flags = 0; + option text = STRING_TOKEN(STR_ME_MODE_DISABLE_HECI), value = ME_MODE_DISABLE_HECI, flags = 0; + option text = STRING_TOKEN(STR_ME_MODE_DISABLE_HAP), value = ME_MODE_DISABLE_HAP, flags = 0; endoneof; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -177,4 +183,22 @@ formset subtitle text = STRING_TOKEN(STR_EXIT_STRING); endform; + form formid = DASHARO_POWER_CONFIGURATION_FORM_ID, + title = STRING_TOKEN(STR_DASHARO_POWER_CONFIGURATION_TITLE); + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + + oneof varid = FeaturesData.FanCurveOption, + prompt = STRING_TOKEN(STR_FAN_CURVE_PROMPT), + help = STRING_TOKEN(STR_FAN_CURVE_HELP), + flags = INTERACTIVE, + + option text = STRING_TOKEN(STR_FAN_CURVE_SILENT), value = FAN_CURVE_OPTION_SILENT, flags = 0; + option text = STRING_TOKEN(STR_FAN_CURVE_PERFORMANCE), value = FAN_CURVE_OPTION_PERFORMANCE, flags = 0; + endoneof; + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EXIT_STRING); + endform; endformset; From fc71429b89056f5d44d46f1bc81bc44e56f2b2d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 31 Jan 2023 18:21:39 +0100 Subject: [PATCH 102/357] DasharoModulePkg: fan curve: add additional PCD for fan curve visibility MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoModulePkg/DasharoModulePkg.dec | 3 ++- .../DasharoSystemFeatures.c | 1 + .../DasharoSystemFeaturesHii.h | 1 + .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 18 ++++++++++-------- 5 files changed, 15 insertions(+), 9 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 178d5c8165..1480872c18 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -45,7 +45,8 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowNetworkMenu|FALSE|BOOLEAN|0x00000005 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu|FALSE|BOOLEAN|0x00000006 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu|FALSE|BOOLEAN|0x00000007 - gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE|BOOLEAN|0x00000008 + gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve|FALSE|BOOLEAN|0x00000008 + gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE|BOOLEAN|0x00000009 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 0539cf9ece..7f4f651ac8 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -236,6 +236,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowNetworkMenu = PcdGetBool (PcdShowNetworkMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowChipsetMenu = PcdGetBool (PcdShowChipsetMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPowerMenu = PcdGetBool (PcdShowPowerMenu); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowFanCurve = PcdGetBool (PcdPowerMenuShowFanCurve); // Setup feature state BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 82a999e3db..3d0a22daf6 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -40,6 +40,7 @@ typedef struct { BOOLEAN ShowNetworkMenu; BOOLEAN ShowChipsetMenu; BOOLEAN ShowPowerMenu; + BOOLEAN PowerMenuShowFanCurve; // Feature data BOOLEAN LockBios; BOOLEAN SmmBwp; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 861874655a..85ecf9883b 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -65,4 +65,5 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowNetworkMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 78f584473f..56b30ff32b 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -188,14 +188,16 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - oneof varid = FeaturesData.FanCurveOption, - prompt = STRING_TOKEN(STR_FAN_CURVE_PROMPT), - help = STRING_TOKEN(STR_FAN_CURVE_HELP), - flags = INTERACTIVE, - - option text = STRING_TOKEN(STR_FAN_CURVE_SILENT), value = FAN_CURVE_OPTION_SILENT, flags = 0; - option text = STRING_TOKEN(STR_FAN_CURVE_PERFORMANCE), value = FAN_CURVE_OPTION_PERFORMANCE, flags = 0; - endoneof; + suppressif ideqval FeaturesData.PowerMenuShowFanCurve == 0; + oneof varid = FeaturesData.FanCurveOption, + prompt = STRING_TOKEN(STR_FAN_CURVE_PROMPT), + help = STRING_TOKEN(STR_FAN_CURVE_HELP), + flags = INTERACTIVE, + + option text = STRING_TOKEN(STR_FAN_CURVE_SILENT), value = FAN_CURVE_OPTION_SILENT, flags = 0; + option text = STRING_TOKEN(STR_FAN_CURVE_PERFORMANCE), value = FAN_CURVE_OPTION_PERFORMANCE, flags = 0; + endoneof; + endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); From c3a9e6275a51bab7d45aeaf3a417c98322646508 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 1 Feb 2023 11:55:29 +0100 Subject: [PATCH 103/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni: fix indentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoSystemFeaturesStrings.uni | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 79cd2fc240..704d46e274 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -52,14 +52,14 @@ #string STR_ME_MODE_PROMPT #language en-US "Intel ME mode" #string STR_ME_MODE_HELP #language en-US "Operation mode of the Intel Management Engine. The ME can be enabled, or disabled using various methods.\n\n" - "Enabled: Enable the Intel Management Engine.\n\n" - "Disabled (Soft): Disable using a HECI message.\n\n" - "Disabled (HAP): Disable using the High Assurance Platform bit in the flash descriptor.\n\n" - "Note that with ME disabled, the firmware TPM will no longer be functional." + "Enabled: Enable the Intel Management Engine.\n\n" + "Disabled (Soft): Disable using a HECI message.\n\n" + "Disabled (HAP): Disable using the High Assurance Platform bit in the flash descriptor.\n\n" + "Note that with ME disabled, the firmware TPM will no longer be functional." -#string STR_ME_MODE_ENABLE #language en-US "Enabled" -#string STR_ME_MODE_DISABLE_HECI #language en-US "Disabled (Soft)" -#string STR_ME_MODE_DISABLE_HAP #language en-US "Disabled (HAP)" +#string STR_ME_MODE_ENABLE #language en-US "Enabled" +#string STR_ME_MODE_DISABLE_HECI #language en-US "Disabled (Soft)" +#string STR_ME_MODE_DISABLE_HAP #language en-US "Disabled (HAP)" #string STR_PS2_CONTROLLER_ENABLE_PROMPT #language en-US "Enable PS2 Controller" #string STR_PS2_CONTROLLER_ENABLE_HELP #language en-US "Enables/disables the PS/2 Controller. When enabled, PS/2 keyboards and mice will be detected in the firmware and operating system." @@ -70,10 +70,10 @@ #string STR_WATCHDOG_TIMEOUT_PROMPT #language en-US "Watchdog timeout value" #string STR_WATCHDOG_TIMEOUT_HELP #language en-US "Sets the watchdog timer expiration value in seconds. Minimum is 60s, maximum 1024s." -#string STR_FAN_CURVE_PROMPT #language en-US "Fan profile" -#string STR_FAN_CURVE_HELP #language en-US "Sets the preferred fan operation mode.\n\n" - "Silent: The fan will operate at lower speeds to reduce noise.\n\n" - "Performance: The fans will work at higher speeds to reduce temperature and increase performance." +#string STR_FAN_CURVE_PROMPT #language en-US "Fan profile" +#string STR_FAN_CURVE_HELP #language en-US "Sets the preferred fan operation mode.\n\n" + "Silent: The fan will operate at lower speeds to reduce noise.\n\n" + "Performance: The fans will work at higher speeds to reduce temperature and increase performance." -#string STR_FAN_CURVE_SILENT #language en-US "Silent" -#string STR_FAN_CURVE_PERFORMANCE #language en-US "Performance" +#string STR_FAN_CURVE_SILENT #language en-US "Silent" +#string STR_FAN_CURVE_PERFORMANCE #language en-US "Performance" From 4628f35b4065cf7557276766a5e5d8f0ef38b374 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 16 Feb 2023 13:07:13 +0100 Subject: [PATCH 104/357] DasharoModulePkg: DasharoBootPolicies/BootPolicies.c: enable network stack if variable not found MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoBootPolicies/BootPolicies.c | 21 ++++++++++--------- .../DasharoBootPolicies.inf | 4 ++++ 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index fdb5e1dc16..f5ca1978df 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -58,19 +58,20 @@ InitializeBootPolicies ( &VarSize ); - if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*EfiVar))) { + if (Status == EFI_NOT_FOUND) + mNetworkBootPolicy.NetworkBootEnabled = FixedPcdGetBool(PcdDefaultNetworkBootEnable); + else if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*EfiVar))) mNetworkBootPolicy.NetworkBootEnabled = *EfiVar; - if (mNetworkBootPolicy.NetworkBootEnabled) { - gBS->InstallMultipleProtocolInterfaces ( - &ImageHandle, - &gDasharoNetworkBootPolicyGuid, - &mNetworkBootPolicy, - NULL - ); - DEBUG ((EFI_D_INFO, "Boot Policy: Enabling network stack\n")); - } + if (mNetworkBootPolicy.NetworkBootEnabled) { + gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gDasharoNetworkBootPolicyGuid, + &mNetworkBootPolicy, + NULL + ); + DEBUG ((EFI_D_INFO, "Boot Policy: Enabling network stack\n")); } Status = GetVariable2 ( diff --git a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf index b4efccb43d..32680a3dbc 100644 --- a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf +++ b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf @@ -30,6 +30,7 @@ [LibraryClasses] BaseLib DebugLib + PcdLib UefiLib UefiDriverEntryPoint UefiRuntimeServicesTableLib @@ -43,5 +44,8 @@ gDasharoUsbMassStoragePolicyGuid ### PROVIDES gDasharoPs2ControllerPolicyGuid ### PROVIDES +[Pcd] + gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable + [Depex] gEfiVariableArchProtocolGuid \ No newline at end of file From 93a34883cd79047d5cae4691f6245bf8a2a76037 Mon Sep 17 00:00:00 2001 From: Kacper Stojek Date: Wed, 8 Feb 2023 09:25:01 +0100 Subject: [PATCH 105/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: Add DmaProtection EFI variable Signed-off-by: Kacper Stojek --- .../DasharoSystemFeatures.c | 36 +++++++++++++++++++ .../DasharoSystemFeaturesHii.h | 1 + 2 files changed, 37 insertions(+) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 7f4f651ac8..6f88e8eda4 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -25,6 +25,7 @@ STATIC CHAR16 mPs2ControllerEfiVar[] = L"Ps2Controller"; STATIC CHAR16 mWatchdogEfiVar[] = L"WatchdogConfig"; STATIC CHAR16 mWatchdogStateEfiVar[] = L"WatchdogAvailable"; STATIC CHAR16 mFanCurveOptionEfiVar[] = L"FanCurveOption"; +STATIC CHAR16 mDmaProtectionEfiVar[] = L"DmaProtection"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -33,6 +34,7 @@ STATIC BOOLEAN mSmmBwpDefault = FALSE; STATIC UINT8 mMeModeDefault = ME_MODE_ENABLE; STATIC BOOLEAN mPs2ControllerDefault = TRUE; STATIC UINT8 mFanCurveOptionDefault = FAN_CURVE_OPTION_SILENT; +STATIC BOOLEAN mDmaProtectionDefault = TRUE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -457,6 +459,27 @@ DasharoSystemFeaturesUiLibConstructor ( ); ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DmaProtection); + Status = gRT->GetVariable ( + mDmaProtectionEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DmaProtection + ); + + if (Status == EFI_NOT_FOUND) { + Status = gRT->SetVariable ( + mDmaProtectionEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDmaProtectionDefault), + &mDmaProtectionDefault + ); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DmaProtection = mDmaProtectionDefault; + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } @@ -763,6 +786,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.DmaProtection != DasharoFeaturesData.DmaProtection) { + Status = gRT->SetVariable ( + mDmaProtectionEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.DmaProtection), + &DasharoFeaturesData.DmaProtection + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 3d0a22daf6..cb8730d00b 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -52,6 +52,7 @@ typedef struct { WATCHDOG_CONFIG WatchdogConfig; BOOLEAN WatchdogState; // holds the state of watchdog before VAR population UINT8 FanCurveOption; + BOOLEAN DmaProtection; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 From fab4d273c565b382d3917e1e1029fba6d2fd3f25 Mon Sep 17 00:00:00 2001 From: Kacper Stojek Date: Wed, 8 Feb 2023 10:02:57 +0100 Subject: [PATCH 106/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: Add DMA protection to GUI Signed-off-by: Kacper Stojek --- .../DasharoSystemFeaturesStrings.uni | 3 +++ .../DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 704d46e274..e4f933d81d 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -77,3 +77,6 @@ #string STR_FAN_CURVE_SILENT #language en-US "Silent" #string STR_FAN_CURVE_PERFORMANCE #language en-US "Performance" + +#string STR_DMA_BOOT_ENABLE_PROMPT #language en-US "DMA Protection" +#string STR_DMA_BOOT_ENABLE_HELP #language en-US "Enables DMA protection" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 56b30ff32b..b0acc02545 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -80,6 +80,12 @@ formset flags = INTERACTIVE, endcheckbox; + checkbox varid = FeaturesData.DmaProtection, + prompt = STRING_TOKEN(STR_DMA_BOOT_ENABLE_PROMPT), + help = STRING_TOKEN(STR_DMA_BOOT_ENABLE_HELP), + flags = INTERACTIVE, + endcheckbox; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); From 049c8ce02a580fa025deeb9022cf166b684dfe98 Mon Sep 17 00:00:00 2001 From: Kacper Stojek Date: Thu, 9 Feb 2023 08:51:33 +0100 Subject: [PATCH 107/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: Add EFI variable for IOMMU handoff at EBS Signed-off-by: Kacper Stojek --- .../DasharoSystemFeatures.c | 39 ++++++++++++++++++- .../DasharoSystemFeaturesHii.h | 1 + .../DasharoSystemFeaturesStrings.uni | 3 ++ .../DasharoSystemFeaturesVfr.vfr | 6 +++ 4 files changed, 48 insertions(+), 1 deletion(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 6f88e8eda4..cc6c7f3738 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -26,6 +26,7 @@ STATIC CHAR16 mWatchdogEfiVar[] = L"WatchdogConfig"; STATIC CHAR16 mWatchdogStateEfiVar[] = L"WatchdogAvailable"; STATIC CHAR16 mFanCurveOptionEfiVar[] = L"FanCurveOption"; STATIC CHAR16 mDmaProtectionEfiVar[] = L"DmaProtection"; +STATIC CHAR16 mIommuHandoffEfiVar[] = L"IommuHandoff"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -34,7 +35,8 @@ STATIC BOOLEAN mSmmBwpDefault = FALSE; STATIC UINT8 mMeModeDefault = ME_MODE_ENABLE; STATIC BOOLEAN mPs2ControllerDefault = TRUE; STATIC UINT8 mFanCurveOptionDefault = FAN_CURVE_OPTION_SILENT; -STATIC BOOLEAN mDmaProtectionDefault = TRUE; +STATIC BOOLEAN mDmaProtectionDefault = TRUE; +STATIC BOOLEAN mIommuHandoffDefault = TRUE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -459,6 +461,7 @@ DasharoSystemFeaturesUiLibConstructor ( ); ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DmaProtection); Status = gRT->GetVariable ( mDmaProtectionEfiVar, @@ -480,6 +483,27 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuHandoff); + Status = gRT->GetVariable ( + mIommuHandoffEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuHandoff + ); + + if (Status == EFI_NOT_FOUND) { + Status = gRT->SetVariable ( + mIommuHandoffEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mIommuHandoffDefault), + &mIommuHandoffDefault + ); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuHandoff = mIommuHandoffDefault; + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } @@ -799,6 +823,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.IommuHandoff != DasharoFeaturesData.IommuHandoff) { + Status = gRT->SetVariable ( + mIommuHandoffEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.IommuHandoff), + &DasharoFeaturesData.IommuHandoff + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index cb8730d00b..d42c379e79 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -53,6 +53,7 @@ typedef struct { BOOLEAN WatchdogState; // holds the state of watchdog before VAR population UINT8 FanCurveOption; BOOLEAN DmaProtection; + BOOLEAN IommuHandoff; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index e4f933d81d..c4a69e6ddf 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -80,3 +80,6 @@ #string STR_DMA_BOOT_ENABLE_PROMPT #language en-US "DMA Protection" #string STR_DMA_BOOT_ENABLE_HELP #language en-US "Enables DMA protection" + +#string STR_IOMMU_HANDOFF_ENABLE_PROMPT #language en-US "IOMMU handoff at ExitBootServices" +#string STR_IOMMU_HANDOFF_ENABLE_HELP #language en-US "Enable IOMMU when transfering control to OS (ExitBootService in normal boot), otherwise IOMMU will be enabled at the start of boot device selection." diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index b0acc02545..c470c8d848 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -86,6 +86,12 @@ formset flags = INTERACTIVE, endcheckbox; + checkbox varid = FeaturesData.IommuHandoff, + prompt = STRING_TOKEN(STR_IOMMU_HANDOFF_ENABLE_PROMPT), + help = STRING_TOKEN(STR_IOMMU_HANDOFF_ENABLE_HELP), + flags = INTERACTIVE, + endcheckbox; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); From 7f70f493318ef74ac5f9e47ce917bb98b08001cc Mon Sep 17 00:00:00 2001 From: Kacper Stojek Date: Tue, 14 Feb 2023 08:24:09 +0100 Subject: [PATCH 108/357] DasharoModulePkg: DasharoBootPolicies/BootPolicies.c: Patch PcdVTdPolicyPropertyMask according to IommuHandoff EfiVar Signed-off-by: Kacper Stojek --- .../DasharoBootPolicies/BootPolicies.c | 20 +++++++++++++++++++ .../DasharoBootPolicies.inf | 7 ++++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index f5ca1978df..1afc8c0532 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -8,6 +8,7 @@ Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved /** @file **/ +#include #include #include #include @@ -38,6 +39,7 @@ InitializeBootPolicies ( EFI_STATUS Status = EFI_SUCCESS; BOOLEAN *EfiVar; UINTN VarSize = sizeof(BOOLEAN); + UINT8 PcdVal = 0; gBS = SystemTable->BootServices; gRT = SystemTable->RuntimeServices; @@ -144,5 +146,23 @@ InitializeBootPolicies ( DEBUG ((EFI_D_INFO, "Boot Policy: Enabling PS2 Controller\n")); } + Status = GetVariable2 ( + L"IommuHandoff", + &gDasharoSystemFeaturesGuid, + (VOID **) &EfiVar, + &VarSize + ); + + if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*EfiVar))){ + PcdVal = PcdGet8(PcdVTdPolicyPropertyMask); + if (EfiVar){ + PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal | 0x02); + DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU handoff at ExitBootServices\n")); + } + else{ + PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal & (~0x02)); + } + } + return EFI_SUCCESS; } diff --git a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf index 32680a3dbc..c2a12eb935 100644 --- a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf +++ b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf @@ -26,12 +26,14 @@ [Packages] MdePkg/MdePkg.dec DasharoModulePkg/DasharoModulePkg.dec + IntelSiliconPkg/IntelSiliconPkg.dec [LibraryClasses] BaseLib DebugLib PcdLib UefiLib + PcdLib UefiDriverEntryPoint UefiRuntimeServicesTableLib @@ -48,4 +50,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable [Depex] - gEfiVariableArchProtocolGuid \ No newline at end of file + gEfiVariableArchProtocolGuid + +[Pcd] + gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask From 778d4ee2c2689d1c35fde28adb59b35d0edc2947 Mon Sep 17 00:00:00 2001 From: Kacper Stojek Date: Wed, 15 Feb 2023 10:27:24 +0100 Subject: [PATCH 109/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr: suppress iommu handoff when dma protection is disabled Signed-off-by: Kacper Stojek --- .../DasharoSystemFeaturesVfr.vfr | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index c470c8d848..e295bfa3eb 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -80,17 +80,20 @@ formset flags = INTERACTIVE, endcheckbox; - checkbox varid = FeaturesData.DmaProtection, + checkbox name = DmaProtection, + varid = FeaturesData.DmaProtection, prompt = STRING_TOKEN(STR_DMA_BOOT_ENABLE_PROMPT), help = STRING_TOKEN(STR_DMA_BOOT_ENABLE_HELP), flags = INTERACTIVE, endcheckbox; - checkbox varid = FeaturesData.IommuHandoff, - prompt = STRING_TOKEN(STR_IOMMU_HANDOFF_ENABLE_PROMPT), - help = STRING_TOKEN(STR_IOMMU_HANDOFF_ENABLE_HELP), - flags = INTERACTIVE, - endcheckbox; + suppressif questionref(DmaProtection) == FALSE; + checkbox varid = FeaturesData.IommuHandoff, + prompt = STRING_TOKEN(STR_IOMMU_HANDOFF_ENABLE_PROMPT), + help = STRING_TOKEN(STR_IOMMU_HANDOFF_ENABLE_HELP), + flags = INTERACTIVE, + endcheckbox; + endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); From 6358e7d74558a40f7e8186ef81cc2379fa9295d0 Mon Sep 17 00:00:00 2001 From: Kacper Stojek <108516646+Stojek139808@users.noreply.github.com> Date: Wed, 15 Feb 2023 10:41:47 +0100 Subject: [PATCH 110/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c: Remove extra newline MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Michał Żygowski --- .../Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c | 1 - 1 file changed, 1 deletion(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index cc6c7f3738..b482ccf740 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -37,7 +37,6 @@ STATIC BOOLEAN mPs2ControllerDefault = TRUE; STATIC UINT8 mFanCurveOptionDefault = FAN_CURVE_OPTION_SILENT; STATIC BOOLEAN mDmaProtectionDefault = TRUE; STATIC BOOLEAN mIommuHandoffDefault = TRUE; - STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, NULL, From 9c8ac0db1cfd7b18bba2cb52bc78986f644dcd71 Mon Sep 17 00:00:00 2001 From: Kacper Stojek Date: Thu, 16 Feb 2023 16:08:51 +0100 Subject: [PATCH 111/357] DasharoModulePkg: Change Iommuhandoff and DMA protection to one EfiVar Signed-off-by: Kacper Stojek --- .../DasharoBootPolicies/BootPolicies.c | 11 ++-- .../DasharoSystemFeatures.c | 60 ++++--------------- .../DasharoSystemFeaturesHii.h | 8 ++- 3 files changed, 25 insertions(+), 54 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index 1afc8c0532..f0b64aa474 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -13,6 +13,7 @@ Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved #include #include #include "BootPolicies.h" +#include "DasharoSystemFeaturesHii.h" #include #include @@ -39,6 +40,7 @@ InitializeBootPolicies ( EFI_STATUS Status = EFI_SUCCESS; BOOLEAN *EfiVar; UINTN VarSize = sizeof(BOOLEAN); + IOMMU_CONFIG *IommuConfigEfiVar; UINT8 PcdVal = 0; gBS = SystemTable->BootServices; @@ -146,16 +148,17 @@ InitializeBootPolicies ( DEBUG ((EFI_D_INFO, "Boot Policy: Enabling PS2 Controller\n")); } + VarSize = sizeof(IOMMU_CONFIG); Status = GetVariable2 ( - L"IommuHandoff", + L"IommuConfig", &gDasharoSystemFeaturesGuid, - (VOID **) &EfiVar, + (VOID **) &IommuConfigEfiVar, &VarSize ); - if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*EfiVar))){ + if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*IommuConfigEfiVar))){ PcdVal = PcdGet8(PcdVTdPolicyPropertyMask); - if (EfiVar){ + if (IommuConfigEfiVar->IommuHandoff){ PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal | 0x02); DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU handoff at ExitBootServices\n")); } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index b482ccf740..82fa52ab2b 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -25,8 +25,7 @@ STATIC CHAR16 mPs2ControllerEfiVar[] = L"Ps2Controller"; STATIC CHAR16 mWatchdogEfiVar[] = L"WatchdogConfig"; STATIC CHAR16 mWatchdogStateEfiVar[] = L"WatchdogAvailable"; STATIC CHAR16 mFanCurveOptionEfiVar[] = L"FanCurveOption"; -STATIC CHAR16 mDmaProtectionEfiVar[] = L"DmaProtection"; -STATIC CHAR16 mIommuHandoffEfiVar[] = L"IommuHandoff"; +STATIC CHAR16 mIommuConfigEfiVar[] = L"IommuConfig"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -35,8 +34,7 @@ STATIC BOOLEAN mSmmBwpDefault = FALSE; STATIC UINT8 mMeModeDefault = ME_MODE_ENABLE; STATIC BOOLEAN mPs2ControllerDefault = TRUE; STATIC UINT8 mFanCurveOptionDefault = FAN_CURVE_OPTION_SILENT; -STATIC BOOLEAN mDmaProtectionDefault = TRUE; -STATIC BOOLEAN mIommuHandoffDefault = TRUE; +STATIC BOOLEAN mIommuConfigDefault = {TRUE, TRUE}; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, NULL, @@ -461,45 +459,24 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DmaProtection); + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig); Status = gRT->GetVariable ( - mDmaProtectionEfiVar, + mIommuConfigEfiVar, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DmaProtection + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig ); if (Status == EFI_NOT_FOUND) { Status = gRT->SetVariable ( - mDmaProtectionEfiVar, + mIommuConfigEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDmaProtectionDefault), - &mDmaProtectionDefault + &mIommuConfigDefault ); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DmaProtection = mDmaProtectionDefault; - ASSERT_EFI_ERROR (Status); - } - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuHandoff); - Status = gRT->GetVariable ( - mIommuHandoffEfiVar, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuHandoff - ); - - if (Status == EFI_NOT_FOUND) { - Status = gRT->SetVariable ( - mIommuHandoffEfiVar, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mIommuHandoffDefault), - &mIommuHandoffDefault - ); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuHandoff = mIommuHandoffDefault; + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig = mIommuConfigDefault; ASSERT_EFI_ERROR (Status); } @@ -809,26 +786,13 @@ DasharoSystemFeaturesRouteConfig ( } } - if (Private->DasharoFeaturesData.DmaProtection != DasharoFeaturesData.DmaProtection) { - Status = gRT->SetVariable ( - mDmaProtectionEfiVar, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.DmaProtection), - &DasharoFeaturesData.DmaProtection - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.IommuHandoff != DasharoFeaturesData.IommuHandoff) { + if (Private->DasharoFeaturesData.IommuConfig != DasharoFeaturesData.IommuConfig) { Status = gRT->SetVariable ( - mIommuHandoffEfiVar, + mIommuConfigEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.IommuHandoff), - &DasharoFeaturesData.IommuHandoff + sizeof (DasharoFeaturesData.IommuConfig), + &DasharoFeaturesData.IommuConfig ); if (EFI_ERROR (Status)) { return Status; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index d42c379e79..d66c3e0d56 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -28,6 +28,11 @@ typedef struct { UINT16 WatchdogTimeout; } WATCHDOG_CONFIG; +typedef struct { + BOOLEAN DmaProtectionEnable; + BOOLEAN IommuHandoff; +} IOMMU_CONFIG; + #define FAN_CURVE_OPTION_SILENT 0 #define FAN_CURVE_OPTION_PERFORMANCE 1 #pragma pack(pop) @@ -52,8 +57,7 @@ typedef struct { WATCHDOG_CONFIG WatchdogConfig; BOOLEAN WatchdogState; // holds the state of watchdog before VAR population UINT8 FanCurveOption; - BOOLEAN DmaProtection; - BOOLEAN IommuHandoff; + IOMMU_CONFIG IommuConfig; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 From cd97490a580f3ab1d56a762f6132643aa05c8bbb Mon Sep 17 00:00:00 2001 From: Kacper Stojek Date: Tue, 21 Feb 2023 08:00:57 +0100 Subject: [PATCH 112/357] DasharoModulePkg: DasharoBootPolicies/BootPolicies.c: Add DEBUG message for handoff at ReadyToBoot Signed-off-by: Kacper Stojek --- DasharoModulePkg/DasharoBootPolicies/BootPolicies.c | 1 + 1 file changed, 1 insertion(+) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index f0b64aa474..ae1777b0d3 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -164,6 +164,7 @@ InitializeBootPolicies ( } else{ PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal & (~0x02)); + DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU handoff at ReadyToBoot\n")); } } From a83f91c6c03492b35c6f6b228821197f2bcae30e Mon Sep 17 00:00:00 2001 From: Kacper Stojek Date: Tue, 21 Feb 2023 11:24:02 +0100 Subject: [PATCH 113/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: Change DMA efivar to a single uint8 value Signed-off-by: Kacper Stojek --- .../DasharoSystemFeatures.c | 4 ++-- .../DasharoSystemFeaturesHii.h | 11 +++++------ .../DasharoSystemFeaturesStrings.uni | 13 ++++++++----- .../DasharoSystemFeaturesVfr.vfr | 19 +++++++------------ 4 files changed, 22 insertions(+), 25 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 82fa52ab2b..40f15be0e9 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -34,7 +34,7 @@ STATIC BOOLEAN mSmmBwpDefault = FALSE; STATIC UINT8 mMeModeDefault = ME_MODE_ENABLE; STATIC BOOLEAN mPs2ControllerDefault = TRUE; STATIC UINT8 mFanCurveOptionDefault = FAN_CURVE_OPTION_SILENT; -STATIC BOOLEAN mIommuConfigDefault = {TRUE, TRUE}; +STATIC UINT8 mIommuConfigDefault = DMA_MODE_ENABLE_EBS; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, NULL, @@ -473,7 +473,7 @@ DasharoSystemFeaturesUiLibConstructor ( mIommuConfigEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDmaProtectionDefault), + sizeof (mIommuConfigDefault), &mIommuConfigDefault ); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig = mIommuConfigDefault; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index d66c3e0d56..2e785109e2 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -28,11 +28,6 @@ typedef struct { UINT16 WatchdogTimeout; } WATCHDOG_CONFIG; -typedef struct { - BOOLEAN DmaProtectionEnable; - BOOLEAN IommuHandoff; -} IOMMU_CONFIG; - #define FAN_CURVE_OPTION_SILENT 0 #define FAN_CURVE_OPTION_PERFORMANCE 1 #pragma pack(pop) @@ -57,13 +52,17 @@ typedef struct { WATCHDOG_CONFIG WatchdogConfig; BOOLEAN WatchdogState; // holds the state of watchdog before VAR population UINT8 FanCurveOption; - IOMMU_CONFIG IommuConfig; + UINT8 IommuConfig; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 #define ME_MODE_DISABLE_HECI 1 #define ME_MODE_DISABLE_HAP 2 +#define DMA_MODE_DISABLE 0 +#define DMA_MODE_ENABLE_RTB 1 // Iommu handoff at ReadyToBoot +#define DMA_MODE_ENABLE_EBS 2 // Iommu handoff at ExitBootServices + #define LOCK_BIOS_QUESTION_ID 0x8000 #define NETWORK_BOOT_QUESTION_ID 0x8001 #define USB_STACK_QUESTION_ID 0x8002 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index c4a69e6ddf..cbdf1eba1e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -78,8 +78,11 @@ #string STR_FAN_CURVE_SILENT #language en-US "Silent" #string STR_FAN_CURVE_PERFORMANCE #language en-US "Performance" -#string STR_DMA_BOOT_ENABLE_PROMPT #language en-US "DMA Protection" -#string STR_DMA_BOOT_ENABLE_HELP #language en-US "Enables DMA protection" - -#string STR_IOMMU_HANDOFF_ENABLE_PROMPT #language en-US "IOMMU handoff at ExitBootServices" -#string STR_IOMMU_HANDOFF_ENABLE_HELP #language en-US "Enable IOMMU when transfering control to OS (ExitBootService in normal boot), otherwise IOMMU will be enabled at the start of boot device selection." +#string STR_DMA_MODE_PROMPT #language en-US "DMA Protection" +#string STR_DMA_MODE_HELP #language en-US "DMA protection can be disabled or enabled in two modes:\n\n" + "Enabled (EBS): Enable IOMMU when transfering control to OS (ExitBootService in normal boot)\n\n" + "Enabled (RTB): Enable IOMMU at the start of boot device selection (ReadyToBoot)." + +#string STR_DMA_MODE_DISABLE #language en-US "Disabled" +#string STR_DMA_MODE_ENABLE_EBS #language en-US "Enabled (EBS)" +#string STR_DMA_MODE_ENABLE_RTB #language en-US "Enabled (RTB)" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index e295bfa3eb..35b704d79f 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -80,20 +80,15 @@ formset flags = INTERACTIVE, endcheckbox; - checkbox name = DmaProtection, - varid = FeaturesData.DmaProtection, - prompt = STRING_TOKEN(STR_DMA_BOOT_ENABLE_PROMPT), - help = STRING_TOKEN(STR_DMA_BOOT_ENABLE_HELP), + oneof varid = FeaturesData.IommuConfig, + prompt = STRING_TOKEN(STR_DMA_MODE_PROMPT), + help = STRING_TOKEN(STR_DMA_MODE_HELP), flags = INTERACTIVE, - endcheckbox; - suppressif questionref(DmaProtection) == FALSE; - checkbox varid = FeaturesData.IommuHandoff, - prompt = STRING_TOKEN(STR_IOMMU_HANDOFF_ENABLE_PROMPT), - help = STRING_TOKEN(STR_IOMMU_HANDOFF_ENABLE_HELP), - flags = INTERACTIVE, - endcheckbox; - endif; + option text = STRING_TOKEN(STR_DMA_MODE_DISABLE), value = DMA_MODE_DISABLE, flags = 0; + option text = STRING_TOKEN(STR_DMA_MODE_ENABLE_RTB), value = DMA_MODE_ENABLE_RTB, flags = 0; + option text = STRING_TOKEN(STR_DMA_MODE_ENABLE_EBS), value = DMA_MODE_ENABLE_EBS, flags = 0; + endoneof; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); From 649ace4963015a86d3b536aa7e24388816784b8f Mon Sep 17 00:00:00 2001 From: Kacper Stojek Date: Tue, 21 Feb 2023 11:26:07 +0100 Subject: [PATCH 114/357] DasharoModulePkg: DasharoBootPolicies/BootPolicies.c: Adjust dma setup to changes in efivar Signed-off-by: Kacper Stojek --- DasharoModulePkg/DasharoBootPolicies/BootPolicies.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index ae1777b0d3..59c6e02d9c 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -13,7 +13,7 @@ Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved #include #include #include "BootPolicies.h" -#include "DasharoSystemFeaturesHii.h" +#include "Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h" #include #include @@ -40,7 +40,6 @@ InitializeBootPolicies ( EFI_STATUS Status = EFI_SUCCESS; BOOLEAN *EfiVar; UINTN VarSize = sizeof(BOOLEAN); - IOMMU_CONFIG *IommuConfigEfiVar; UINT8 PcdVal = 0; gBS = SystemTable->BootServices; @@ -148,17 +147,16 @@ InitializeBootPolicies ( DEBUG ((EFI_D_INFO, "Boot Policy: Enabling PS2 Controller\n")); } - VarSize = sizeof(IOMMU_CONFIG); Status = GetVariable2 ( L"IommuConfig", &gDasharoSystemFeaturesGuid, - (VOID **) &IommuConfigEfiVar, + (VOID **) &EfiVar, &VarSize ); - if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*IommuConfigEfiVar))){ + if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*EfiVar))){ PcdVal = PcdGet8(PcdVTdPolicyPropertyMask); - if (IommuConfigEfiVar->IommuHandoff){ + if (*EfiVar == DMA_MODE_ENABLE_EBS){ PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal | 0x02); DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU handoff at ExitBootServices\n")); } From 01213dfdafbdc02ef411490779ce722d1da97e42 Mon Sep 17 00:00:00 2001 From: Kacper Stojek Date: Tue, 21 Feb 2023 12:42:20 +0100 Subject: [PATCH 115/357] DasharoModulePkg: DasharoBootPolicies/BootPolicies.c: Toggle first bit of PcdVTdPolicyPropertyMask Signed-off-by: Kacper Stojek --- .../DasharoBootPolicies/BootPolicies.c | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index 59c6e02d9c..0702f29a8e 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -156,13 +156,21 @@ InitializeBootPolicies ( if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*EfiVar))){ PcdVal = PcdGet8(PcdVTdPolicyPropertyMask); - if (*EfiVar == DMA_MODE_ENABLE_EBS){ - PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal | 0x02); - DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU handoff at ExitBootServices\n")); - } - else{ - PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal & (~0x02)); - DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU handoff at ReadyToBoot\n")); + if (*EfiVar){ + PcdVal |= 0x01; + if (*EfiVar == DMA_MODE_ENABLE_EBS){ + PcdVal |= 0x02; + + DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU handoff at ExitBootServices\n")); + } + else{ + PcdVal &= (~0x02); + DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU handoff at ReadyToBoot\n")); + } + PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal); + } else { + PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal & (~0x03)); + DEBUG ((EFI_D_INFO, "Boot Policy: DMA protection disabled\n")); } } From d19df548d3691be5372e9f9d75d83daf31519c5c Mon Sep 17 00:00:00 2001 From: Kacper Stojek Date: Wed, 22 Feb 2023 08:42:53 +0100 Subject: [PATCH 116/357] DasharoModulePkg: DasharoBootPolicies/BootPolicies.c: Add handle for wrong values in IommuConfig Signed-off-by: Kacper Stojek --- DasharoModulePkg/DasharoBootPolicies/BootPolicies.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index 0702f29a8e..3cab377bd4 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -154,13 +154,17 @@ InitializeBootPolicies ( &VarSize ); - if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*EfiVar))){ + if (Status == EFI_NOT_FOUND){ + DEBUG ((EFI_D_ERROR, "Boot Policy: IommuConfig read uncorrectly, using default value\n")); + PcdVal = PcdGet8(PcdVTdPolicyPropertyMask); + PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal | 0x03); + } + else if ((Status == EFI_SUCESS) && (VarSize == sizeof(*EfiVar))){ PcdVal = PcdGet8(PcdVTdPolicyPropertyMask); if (*EfiVar){ PcdVal |= 0x01; if (*EfiVar == DMA_MODE_ENABLE_EBS){ PcdVal |= 0x02; - DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU handoff at ExitBootServices\n")); } else{ From 9c7ae94dafdf78455e05ffe7c6b4b91aace814c4 Mon Sep 17 00:00:00 2001 From: Kacper Stojek Date: Wed, 22 Feb 2023 11:09:47 +0100 Subject: [PATCH 117/357] DasharoModulePkg: DasharoBootPolicies/BootPolicies.c: Fix typo and use proper variable types Signed-off-by: Kacper Stojek --- DasharoModulePkg/DasharoBootPolicies/BootPolicies.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index 3cab377bd4..dd4afd8207 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -40,6 +40,7 @@ InitializeBootPolicies ( EFI_STATUS Status = EFI_SUCCESS; BOOLEAN *EfiVar; UINTN VarSize = sizeof(BOOLEAN); + UINT8 *IommuConfig; UINT8 PcdVal = 0; gBS = SystemTable->BootServices; @@ -147,10 +148,11 @@ InitializeBootPolicies ( DEBUG ((EFI_D_INFO, "Boot Policy: Enabling PS2 Controller\n")); } + VarSize = sizeof(UINT8); Status = GetVariable2 ( L"IommuConfig", &gDasharoSystemFeaturesGuid, - (VOID **) &EfiVar, + (VOID **) &IommuConfig, &VarSize ); @@ -159,11 +161,11 @@ InitializeBootPolicies ( PcdVal = PcdGet8(PcdVTdPolicyPropertyMask); PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal | 0x03); } - else if ((Status == EFI_SUCESS) && (VarSize == sizeof(*EfiVar))){ + else if ((Status == EFI_SUCCESS) && (VarSize == sizeof(*IommuConfig))){ PcdVal = PcdGet8(PcdVTdPolicyPropertyMask); - if (*EfiVar){ + if (*IommuConfig){ PcdVal |= 0x01; - if (*EfiVar == DMA_MODE_ENABLE_EBS){ + if (*IommuConfig == DMA_MODE_ENABLE_EBS){ PcdVal |= 0x02; DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU handoff at ExitBootServices\n")); } From 873fcaffca7f5d90cdd0815be603383d43bef68b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 22 Feb 2023 16:40:09 +0100 Subject: [PATCH 118/357] DasharoModulePkg: Update DMA protection option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoBootPolicies/BootPolicies.c | 22 +++++++++---------- .../DasharoSystemFeatures.c | 13 ++++++----- .../DasharoSystemFeaturesHii.h | 13 ++++++----- .../DasharoSystemFeaturesStrings.uni | 14 +++++------- .../DasharoSystemFeaturesVfr.vfr | 18 +++++++++------ 5 files changed, 42 insertions(+), 38 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index dd4afd8207..7e1817a066 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -40,7 +40,7 @@ InitializeBootPolicies ( EFI_STATUS Status = EFI_SUCCESS; BOOLEAN *EfiVar; UINTN VarSize = sizeof(BOOLEAN); - UINT8 *IommuConfig; + IOMMU_CONFIG *IommuConfig; UINT8 PcdVal = 0; gBS = SystemTable->BootServices; @@ -148,7 +148,7 @@ InitializeBootPolicies ( DEBUG ((EFI_D_INFO, "Boot Policy: Enabling PS2 Controller\n")); } - VarSize = sizeof(UINT8); + VarSize = sizeof(*IommuConfig); Status = GetVariable2 ( L"IommuConfig", &gDasharoSystemFeaturesGuid, @@ -156,28 +156,26 @@ InitializeBootPolicies ( &VarSize ); - if (Status == EFI_NOT_FOUND){ - DEBUG ((EFI_D_ERROR, "Boot Policy: IommuConfig read uncorrectly, using default value\n")); + if ((Status == EFI_SUCCESS) && (VarSize == sizeof(*IommuConfig))){ PcdVal = PcdGet8(PcdVTdPolicyPropertyMask); - PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal | 0x03); - } - else if ((Status == EFI_SUCCESS) && (VarSize == sizeof(*IommuConfig))){ - PcdVal = PcdGet8(PcdVTdPolicyPropertyMask); - if (*IommuConfig){ + if (IommuConfig->IommuEnable){ PcdVal |= 0x01; - if (*IommuConfig == DMA_MODE_ENABLE_EBS){ + if (IommuConfig->IommuHandoff){ PcdVal |= 0x02; - DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU handoff at ExitBootServices\n")); + DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU will be kept enabled on ExitBootServices\n")); } else{ PcdVal &= (~0x02); - DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU handoff at ReadyToBoot\n")); + DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU will be disabled on ExitBootServices\n")); } PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal); } else { PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal & (~0x03)); DEBUG ((EFI_D_INFO, "Boot Policy: DMA protection disabled\n")); } + } else { + PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal & (~0x03)); + DEBUG ((EFI_D_INFO, "Boot Policy: DMA protection disabled\n")); } return EFI_SUCCESS; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 40f15be0e9..a788bf5532 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -34,7 +34,8 @@ STATIC BOOLEAN mSmmBwpDefault = FALSE; STATIC UINT8 mMeModeDefault = ME_MODE_ENABLE; STATIC BOOLEAN mPs2ControllerDefault = TRUE; STATIC UINT8 mFanCurveOptionDefault = FAN_CURVE_OPTION_SILENT; -STATIC UINT8 mIommuConfigDefault = DMA_MODE_ENABLE_EBS; +STATIC UINT8 mIommuEnableDefault = TRUE; +STATIC UINT8 mIommuHandoffDefault = FALSE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, NULL, @@ -469,14 +470,15 @@ DasharoSystemFeaturesUiLibConstructor ( ); if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig.IommuEnable = mIommuEnableDefault; + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig.IommuHandoff = mIommuHandoffDefault; Status = gRT->SetVariable ( mIommuConfigEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mIommuConfigDefault), - &mIommuConfigDefault + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig ); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig = mIommuConfigDefault; ASSERT_EFI_ERROR (Status); } @@ -786,7 +788,8 @@ DasharoSystemFeaturesRouteConfig ( } } - if (Private->DasharoFeaturesData.IommuConfig != DasharoFeaturesData.IommuConfig) { + if (Private->DasharoFeaturesData.IommuConfig.IommuEnable != DasharoFeaturesData.IommuConfig.IommuEnable || + Private->DasharoFeaturesData.IommuConfig.IommuHandoff != DasharoFeaturesData.IommuConfig.IommuHandoff) { Status = gRT->SetVariable ( mIommuConfigEfiVar, &gDasharoSystemFeaturesGuid, diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 2e785109e2..196e04630a 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -28,9 +28,14 @@ typedef struct { UINT16 WatchdogTimeout; } WATCHDOG_CONFIG; +typedef struct { + BOOLEAN IommuEnable; + BOOLEAN IommuHandoff; +} IOMMU_CONFIG; +#pragma pack(pop) + #define FAN_CURVE_OPTION_SILENT 0 #define FAN_CURVE_OPTION_PERFORMANCE 1 -#pragma pack(pop) typedef struct { // Feature visibility @@ -52,17 +57,13 @@ typedef struct { WATCHDOG_CONFIG WatchdogConfig; BOOLEAN WatchdogState; // holds the state of watchdog before VAR population UINT8 FanCurveOption; - UINT8 IommuConfig; + IOMMU_CONFIG IommuConfig; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 #define ME_MODE_DISABLE_HECI 1 #define ME_MODE_DISABLE_HAP 2 -#define DMA_MODE_DISABLE 0 -#define DMA_MODE_ENABLE_RTB 1 // Iommu handoff at ReadyToBoot -#define DMA_MODE_ENABLE_EBS 2 // Iommu handoff at ExitBootServices - #define LOCK_BIOS_QUESTION_ID 0x8000 #define NETWORK_BOOT_QUESTION_ID 0x8001 #define USB_STACK_QUESTION_ID 0x8002 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index cbdf1eba1e..8ac097d45e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -78,11 +78,9 @@ #string STR_FAN_CURVE_SILENT #language en-US "Silent" #string STR_FAN_CURVE_PERFORMANCE #language en-US "Performance" -#string STR_DMA_MODE_PROMPT #language en-US "DMA Protection" -#string STR_DMA_MODE_HELP #language en-US "DMA protection can be disabled or enabled in two modes:\n\n" - "Enabled (EBS): Enable IOMMU when transfering control to OS (ExitBootService in normal boot)\n\n" - "Enabled (RTB): Enable IOMMU at the start of boot device selection (ReadyToBoot)." - -#string STR_DMA_MODE_DISABLE #language en-US "Disabled" -#string STR_DMA_MODE_ENABLE_EBS #language en-US "Enabled (EBS)" -#string STR_DMA_MODE_ENABLE_RTB #language en-US "Enabled (RTB)" +#string STR_DMA_PROTECTION_PROMPT #language en-US "Early boot DMA Protection" +#string STR_DMA_PROTECTION_HELP #language en-US "Enables IOMMU DMA protection early during POST." + +#string STR_IOMMU_HANDOFF_PROMPT #language en-US "Keep IOMMU enabled when transfer control to OS" +#string STR_IOMMU_HANDOFF_HELP #language en-US "Keeps IOMMU DMA protection enabled during ExitBootServices when control is passed to the OS.\n\n" + "If unsure or see any problems with DMA/IOMMU during OS boot, keep it disabled." diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 35b704d79f..9258b78cdc 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -80,15 +80,19 @@ formset flags = INTERACTIVE, endcheckbox; - oneof varid = FeaturesData.IommuConfig, - prompt = STRING_TOKEN(STR_DMA_MODE_PROMPT), - help = STRING_TOKEN(STR_DMA_MODE_HELP), + checkbox varid = FeaturesData.IommuConfig.IommuEnable, + prompt = STRING_TOKEN(STR_DMA_PROTECTION_PROMPT), + help = STRING_TOKEN(STR_DMA_PROTECTION_HELP), flags = INTERACTIVE, + endcheckbox; - option text = STRING_TOKEN(STR_DMA_MODE_DISABLE), value = DMA_MODE_DISABLE, flags = 0; - option text = STRING_TOKEN(STR_DMA_MODE_ENABLE_RTB), value = DMA_MODE_ENABLE_RTB, flags = 0; - option text = STRING_TOKEN(STR_DMA_MODE_ENABLE_EBS), value = DMA_MODE_ENABLE_EBS, flags = 0; - endoneof; + suppressif ideqval FeaturesData.IommuConfig.IommuEnable == 0; + checkbox varid = FeaturesData.IommuConfig.IommuHandoff, + prompt = STRING_TOKEN(STR_IOMMU_HANDOFF_PROMPT), + help = STRING_TOKEN(STR_IOMMU_HANDOFF_HELP), + flags = INTERACTIVE, + endcheckbox; + endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); From 30933cc1cff77c79b7a3905051a22c724f22c358 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 22 Feb 2023 17:19:26 +0100 Subject: [PATCH 119/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c: disable IOMMU by default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index a788bf5532..8f1ea2ca3c 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -34,7 +34,7 @@ STATIC BOOLEAN mSmmBwpDefault = FALSE; STATIC UINT8 mMeModeDefault = ME_MODE_ENABLE; STATIC BOOLEAN mPs2ControllerDefault = TRUE; STATIC UINT8 mFanCurveOptionDefault = FAN_CURVE_OPTION_SILENT; -STATIC UINT8 mIommuEnableDefault = TRUE; +STATIC UINT8 mIommuEnableDefault = FALSE; STATIC UINT8 mIommuHandoffDefault = FALSE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, From c24aa9d3fda6388790483a8f4b8cd5f1b21e76a5 Mon Sep 17 00:00:00 2001 From: Karol Zmyslowski Date: Wed, 15 Feb 2023 17:03:19 +0100 Subject: [PATCH 120/357] DasharoModulePkg: DasharoSystemFeatures.c: Implement Boot Manager Enable option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../DasharoSystemFeatures.c | 37 +++++++++++++++++++ .../DasharoSystemFeaturesHii.h | 1 + .../DasharoSystemFeaturesStrings.uni | 3 ++ .../DasharoSystemFeaturesVfr.vfr | 6 +++ 4 files changed, 47 insertions(+) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 8f1ea2ca3c..56ebfd1084 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -21,6 +21,7 @@ STATIC CHAR16 mMeModeEfiVar[] = L"MeMode"; STATIC CHAR16 mNetworkBootEfiVar[] = L"NetworkBoot"; STATIC CHAR16 mUsbStackEfiVar[] = L"UsbDriverStack"; STATIC CHAR16 mUsbMassStorageEfiVar[] = L"UsbMassStorage"; +STATIC CHAR16 mBootManagerEnabledEfiVar[] = L"BootManagerEnabled"; STATIC CHAR16 mPs2ControllerEfiVar[] = L"Ps2Controller"; STATIC CHAR16 mWatchdogEfiVar[] = L"WatchdogConfig"; STATIC CHAR16 mWatchdogStateEfiVar[] = L"WatchdogAvailable"; @@ -36,6 +37,8 @@ STATIC BOOLEAN mPs2ControllerDefault = TRUE; STATIC UINT8 mFanCurveOptionDefault = FAN_CURVE_OPTION_SILENT; STATIC UINT8 mIommuEnableDefault = FALSE; STATIC UINT8 mIommuHandoffDefault = FALSE; +STATIC BOOLEAN mBootManagerEnabledDefault = TRUE; + STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, NULL, @@ -439,6 +442,27 @@ DasharoSystemFeaturesUiLibConstructor ( } } + BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled); + Status = gRT->GetVariable( + mBootManagerEnabledEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled + ); + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled = mBootManagerEnabledDefault; + Status = gRT->SetVariable( + mBootManagerEnabledEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled + ); + + ASSERT_EFI_ERROR(Status); + } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption); Status = gRT->GetVariable ( mFanCurveOptionEfiVar, @@ -772,6 +796,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.BootManagerEnabled != DasharoFeaturesData.BootManagerEnabled) { + Status = gRT->SetVariable ( + mBootManagerEnabledEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.BootManagerEnabled), + &DasharoFeaturesData.BootManagerEnabled + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + if (Private->DasharoFeaturesData.WatchdogConfig.WatchdogEnable != DasharoFeaturesData.WatchdogConfig.WatchdogEnable || Private->DasharoFeaturesData.WatchdogConfig.WatchdogTimeout != diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 196e04630a..acad789273 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -58,6 +58,7 @@ typedef struct { BOOLEAN WatchdogState; // holds the state of watchdog before VAR population UINT8 FanCurveOption; IOMMU_CONFIG IommuConfig; + BOOLEAN BootManagerEnabled; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 8ac097d45e..aa24b8e434 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -70,6 +70,9 @@ #string STR_WATCHDOG_TIMEOUT_PROMPT #language en-US "Watchdog timeout value" #string STR_WATCHDOG_TIMEOUT_HELP #language en-US "Sets the watchdog timer expiration value in seconds. Minimum is 60s, maximum 1024s." +#string STR_BOOT_MENU_ENABLED_PROMPT #language en-US "Boot menu enabled" +#string STR_BOOT_MENU_ENABLED_HELP #language en-US "Enables or disables choice of one-time boot menu" + #string STR_FAN_CURVE_PROMPT #language en-US "Fan profile" #string STR_FAN_CURVE_HELP #language en-US "Sets the preferred fan operation mode.\n\n" "Silent: The fan will operate at lower speeds to reduce noise.\n\n" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 9258b78cdc..3f30ea0879 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -94,6 +94,12 @@ formset endcheckbox; endif; + checkbox varid = FeaturesData.BootManagerEnabled, + prompt = STRING_TOKEN(STR_BOOT_MENU_ENABLED_PROMPT), + help = STRING_TOKEN(STR_BOOT_MENU_ENABLED_HELP), + flags = INTERACTIVE, + endcheckbox; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); From c2af5459fc56d6d6d827f8fd49488c9cbaf6fefb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 8 Mar 2023 15:31:46 +0100 Subject: [PATCH 121/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: add sleep type option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoModulePkg/DasharoModulePkg.dec | 2 + .../DasharoSystemFeatures.c | 37 +++++++++++++++++++ .../DasharoSystemFeaturesHii.h | 5 +++ .../DasharoSystemFeaturesStrings.uni | 7 ++++ .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 22 ++++++++--- 6 files changed, 69 insertions(+), 5 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 1480872c18..8af413a3e2 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -47,6 +47,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu|FALSE|BOOLEAN|0x00000007 gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve|FALSE|BOOLEAN|0x00000008 gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE|BOOLEAN|0x00000009 + gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise|FALSE|BOOLEAN|0x0000000A [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. @@ -54,3 +55,4 @@ # a platform-specific method (e.g. Board Jumper set) in a actual platform in early boot phase.

# @Prompt The password clear status gUserAuthFeaturePkgTokenSpaceGuid.PcdPasswordCleared|FALSE|BOOLEAN|0xF0000001 + diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 56ebfd1084..4b6ad15e7e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -27,6 +27,7 @@ STATIC CHAR16 mWatchdogEfiVar[] = L"WatchdogConfig"; STATIC CHAR16 mWatchdogStateEfiVar[] = L"WatchdogAvailable"; STATIC CHAR16 mFanCurveOptionEfiVar[] = L"FanCurveOption"; STATIC CHAR16 mIommuConfigEfiVar[] = L"IommuConfig"; +STATIC CHAR16 mSleepTypeEfiVar[] = L"SleepType"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -38,6 +39,7 @@ STATIC UINT8 mFanCurveOptionDefault = FAN_CURVE_OPTION_SILENT; STATIC UINT8 mIommuEnableDefault = FALSE; STATIC UINT8 mIommuHandoffDefault = FALSE; STATIC BOOLEAN mBootManagerEnabledDefault = TRUE; +STATIC UINT8 mSleepTypeDefault = SLEEP_TYPE_S0IX; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -242,6 +244,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowChipsetMenu = PcdGetBool (PcdShowChipsetMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPowerMenu = PcdGetBool (PcdShowPowerMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowFanCurve = PcdGetBool (PcdPowerMenuShowFanCurve); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DasharoEnterprise = PcdGetBool (PcdDasharoEnterprise); // Setup feature state BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); @@ -506,6 +509,27 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType); + Status = gRT->GetVariable ( + mSleepTypeEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType = mSleepTypeDefault; + Status = gRT->SetVariable ( + mSleepTypeEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType + ); + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } @@ -839,6 +863,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.SleepType != DasharoFeaturesData.SleepType) { + Status = gRT->SetVariable ( + mSleepTypeEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.SleepType), + &DasharoFeaturesData.SleepType + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index acad789273..97899fe59d 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -46,6 +46,7 @@ typedef struct { BOOLEAN ShowChipsetMenu; BOOLEAN ShowPowerMenu; BOOLEAN PowerMenuShowFanCurve; + BOOLEAN DasharoEnterprise; // Feature data BOOLEAN LockBios; BOOLEAN SmmBwp; @@ -59,12 +60,16 @@ typedef struct { UINT8 FanCurveOption; IOMMU_CONFIG IommuConfig; BOOLEAN BootManagerEnabled; + UINT8 SleepType; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 #define ME_MODE_DISABLE_HECI 1 #define ME_MODE_DISABLE_HAP 2 +#define SLEEP_TYPE_S0IX 0 +#define SLEEP_TYPE_S3 1 + #define LOCK_BIOS_QUESTION_ID 0x8000 #define NETWORK_BOOT_QUESTION_ID 0x8001 #define USB_STACK_QUESTION_ID 0x8002 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index aa24b8e434..a46a289615 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -87,3 +87,10 @@ #string STR_IOMMU_HANDOFF_PROMPT #language en-US "Keep IOMMU enabled when transfer control to OS" #string STR_IOMMU_HANDOFF_HELP #language en-US "Keeps IOMMU DMA protection enabled during ExitBootServices when control is passed to the OS.\n\n" "If unsure or see any problems with DMA/IOMMU during OS boot, keep it disabled." + +#string STR_SLEEP_TYPE_PROMPT #language en-US "Platform sleep type" +#string STR_SLEEP_TYPE_HELP #language en-US "Selects which sleep function should be enabled in the firmware and available to use in OS.\n\n" + "Note that Suspend to Idle (S0ix) will not work if Intel ME is disabled." + +#string STR_SLEEP_TYPE_S0IX #language en-US "Suspend to Idle (S0ix)" +#string STR_SLEEP_TYPE_S3 #language en-US "Suspend to RAM (S3)" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 85ecf9883b..d1df27cf72 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -67,3 +67,4 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable + gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 3f30ea0879..a41f28e8e8 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -94,11 +94,14 @@ formset endcheckbox; endif; - checkbox varid = FeaturesData.BootManagerEnabled, - prompt = STRING_TOKEN(STR_BOOT_MENU_ENABLED_PROMPT), - help = STRING_TOKEN(STR_BOOT_MENU_ENABLED_HELP), - flags = INTERACTIVE, - endcheckbox; + suppressif ideqval FeaturesData.DasharoEnterprise == 0; + checkbox varid = FeaturesData.BootManagerEnabled, + prompt = STRING_TOKEN(STR_BOOT_MENU_ENABLED_PROMPT), + help = STRING_TOKEN(STR_BOOT_MENU_ENABLED_HELP), + flags = INTERACTIVE, + default = 1, + endcheckbox; + endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -219,6 +222,15 @@ formset endoneof; endif; + oneof varid = FeaturesData.SleepType, + prompt = STRING_TOKEN(STR_SLEEP_TYPE_PROMPT), + help = STRING_TOKEN(STR_SLEEP_TYPE_HELP), + flags = INTERACTIVE, + + option text = STRING_TOKEN(STR_SLEEP_TYPE_S0IX), value = SLEEP_TYPE_S0IX, flags = DEFAULT; + option text = STRING_TOKEN(STR_SLEEP_TYPE_S3), value = SLEEP_TYPE_S3, flags = 0; + endoneof; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); From dabf60df3044e11b02c69fadae48847b3e962a9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 12 Apr 2023 12:36:58 +0200 Subject: [PATCH 122/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: hide IOMMU if not enabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski Co-authored-by: Michał Kopeć --- DasharoModulePkg/DasharoModulePkg.dec | 1 + .../DasharoSystemFeatures.c | 1 + .../DasharoSystemFeaturesHii.h | 1 + .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 15 +++++++++------ 5 files changed, 13 insertions(+), 6 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 8af413a3e2..61127c8aa5 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -48,6 +48,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve|FALSE|BOOLEAN|0x00000008 gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE|BOOLEAN|0x00000009 gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise|FALSE|BOOLEAN|0x0000000A + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions|FALSE|BOOLEAN|0x0000000B [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 4b6ad15e7e..2d1a3f5f10 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -245,6 +245,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPowerMenu = PcdGetBool (PcdShowPowerMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowFanCurve = PcdGetBool (PcdPowerMenuShowFanCurve); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DasharoEnterprise = PcdGetBool (PcdDasharoEnterprise); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowIommu = PcdGetBool (PcdShowIommuOptions); // Setup feature state BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 97899fe59d..6618459563 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -47,6 +47,7 @@ typedef struct { BOOLEAN ShowPowerMenu; BOOLEAN PowerMenuShowFanCurve; BOOLEAN DasharoEnterprise; + BOOLEAN SecurityMenuShowIommu; // Feature data BOOLEAN LockBios; BOOLEAN SmmBwp; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index d1df27cf72..b0440d5a48 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -68,3 +68,4 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index a41f28e8e8..f2686b4af3 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -80,13 +80,16 @@ formset flags = INTERACTIVE, endcheckbox; - checkbox varid = FeaturesData.IommuConfig.IommuEnable, - prompt = STRING_TOKEN(STR_DMA_PROTECTION_PROMPT), - help = STRING_TOKEN(STR_DMA_PROTECTION_HELP), - flags = INTERACTIVE, - endcheckbox; + suppressif ideqval FeaturesData.SecurityMenuShowIommu == 0; + checkbox name = IommuEnable, + varid = FeaturesData.IommuConfig.IommuEnable, + prompt = STRING_TOKEN(STR_DMA_PROTECTION_PROMPT), + help = STRING_TOKEN(STR_DMA_PROTECTION_HELP), + flags = INTERACTIVE, + endcheckbox; + endif; - suppressif ideqval FeaturesData.IommuConfig.IommuEnable == 0; + suppressif questionref(IommuEnable) == FALSE; checkbox varid = FeaturesData.IommuConfig.IommuHandoff, prompt = STRING_TOKEN(STR_IOMMU_HANDOFF_PROMPT), help = STRING_TOKEN(STR_IOMMU_HANDOFF_HELP), From 43c99bff6f901181ec7bbd3f9cb52fe7f2b28f48 Mon Sep 17 00:00:00 2001 From: Karol Zmyslowski Date: Mon, 15 May 2023 14:45:23 +0200 Subject: [PATCH 123/357] DasharoModulePkg: DasharoSystemFeaturesVfr.vfr: Correct default values for variables Signed-off-by: Karol Zmyslowski --- .../DasharoSystemFeaturesVfr.vfr | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index f2686b4af3..07a26912f9 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -72,6 +72,7 @@ formset prompt = STRING_TOKEN(STR_LOCK_BIOS_PROMPT), help = STRING_TOKEN(STR_LOCK_BIOS_HELP), flags = INTERACTIVE, + default= 1, endcheckbox; checkbox varid = FeaturesData.SmmBwp, @@ -137,6 +138,7 @@ formset prompt = STRING_TOKEN(STR_USB_STACK_ENABLE_PROMPT), help = STRING_TOKEN(STR_USB_STACK_ENABLE_HELP), flags = INTERACTIVE, + default= 1, endcheckbox; suppressif questionref(UsbStack) == FALSE; @@ -144,6 +146,7 @@ formset prompt = STRING_TOKEN(STR_USB_MASS_STORAGE_ENABLE_PROMPT), help = STRING_TOKEN(STR_USB_MASS_STORAGE_ENABLE_HELP), flags = INTERACTIVE, + default= 1, endcheckbox; endif; @@ -181,6 +184,7 @@ formset prompt = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_PROMPT), help = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_HELP), flags = INTERACTIVE, + default= 1, endcheckbox; suppressif ideqval FeaturesData.WatchdogState == 0; @@ -188,6 +192,7 @@ formset prompt = STRING_TOKEN(STR_WATCHDOG_ENABLE_PROMPT), help = STRING_TOKEN(STR_WATCHDOG_ENABLE_HELP), flags = INTERACTIVE, + default= 1, endcheckbox; suppressif ideqval FeaturesData.WatchdogConfig.WatchdogEnable == 0; @@ -199,7 +204,7 @@ formset maximum = 1024, step = 0, // Stepping of 0 equates to a manual entering // of a value, otherwise it will be adjusted by "+"/"-" - default = 90, + default = 120, endnumeric; endif; endif; From d1462b33fdc79319d7145d1559dabab11ee6fe8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 25 May 2023 18:10:56 +0200 Subject: [PATCH 124/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr: fix default and add reset requirement MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoSystemFeaturesVfr.vfr | 65 +++++++++---------- 1 file changed, 30 insertions(+), 35 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 07a26912f9..82af83731d 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -71,22 +71,21 @@ formset checkbox varid = FeaturesData.LockBios, prompt = STRING_TOKEN(STR_LOCK_BIOS_PROMPT), help = STRING_TOKEN(STR_LOCK_BIOS_HELP), - flags = INTERACTIVE, - default= 1, + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, endcheckbox; checkbox varid = FeaturesData.SmmBwp, prompt = STRING_TOKEN(STR_SMM_BWP_PROMPT), help = STRING_TOKEN(STR_SMM_BWP_HELP), - flags = INTERACTIVE, + flags = RESET_REQUIRED, endcheckbox; suppressif ideqval FeaturesData.SecurityMenuShowIommu == 0; - checkbox name = IommuEnable, + checkbox name = IommuEnable, varid = FeaturesData.IommuConfig.IommuEnable, prompt = STRING_TOKEN(STR_DMA_PROTECTION_PROMPT), help = STRING_TOKEN(STR_DMA_PROTECTION_HELP), - flags = INTERACTIVE, + flags = RESET_REQUIRED, endcheckbox; endif; @@ -94,16 +93,15 @@ formset checkbox varid = FeaturesData.IommuConfig.IommuHandoff, prompt = STRING_TOKEN(STR_IOMMU_HANDOFF_PROMPT), help = STRING_TOKEN(STR_IOMMU_HANDOFF_HELP), - flags = INTERACTIVE, + flags = RESET_REQUIRED, endcheckbox; endif; suppressif ideqval FeaturesData.DasharoEnterprise == 0; - checkbox varid = FeaturesData.BootManagerEnabled, - prompt = STRING_TOKEN(STR_BOOT_MENU_ENABLED_PROMPT), - help = STRING_TOKEN(STR_BOOT_MENU_ENABLED_HELP), - flags = INTERACTIVE, - default = 1, + checkbox varid = FeaturesData.BootManagerEnabled, + prompt = STRING_TOKEN(STR_BOOT_MENU_ENABLED_PROMPT), + help = STRING_TOKEN(STR_BOOT_MENU_ENABLED_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, endcheckbox; endif; @@ -118,9 +116,10 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); checkbox varid = FeaturesData.NetworkBoot, + questionid = 0x1101, prompt = STRING_TOKEN(STR_NETWORK_BOOT_ENABLE_PROMPT), help = STRING_TOKEN(STR_NETWORK_BOOT_ENABLE_HELP), - flags = INTERACTIVE, + flags = INTERACTIVE | RESET_REQUIRED, endcheckbox; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -133,20 +132,18 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - checkbox name = UsbStack, + checkbox name = UsbStack, varid = FeaturesData.UsbStack, prompt = STRING_TOKEN(STR_USB_STACK_ENABLE_PROMPT), help = STRING_TOKEN(STR_USB_STACK_ENABLE_HELP), - flags = INTERACTIVE, - default= 1, + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, endcheckbox; suppressif questionref(UsbStack) == FALSE; checkbox varid = FeaturesData.UsbMassStorage, prompt = STRING_TOKEN(STR_USB_MASS_STORAGE_ENABLE_PROMPT), help = STRING_TOKEN(STR_USB_MASS_STORAGE_ENABLE_HELP), - flags = INTERACTIVE, - default= 1, + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, endcheckbox; endif; @@ -163,9 +160,9 @@ formset oneof varid = FeaturesData.MeMode, prompt = STRING_TOKEN(STR_ME_MODE_PROMPT), help = STRING_TOKEN(STR_ME_MODE_HELP), - flags = INTERACTIVE, + flags = RESET_REQUIRED, - option text = STRING_TOKEN(STR_ME_MODE_ENABLE), value = ME_MODE_ENABLE, flags = 0; + option text = STRING_TOKEN(STR_ME_MODE_ENABLE), value = ME_MODE_ENABLE, flags = DEFAULT; option text = STRING_TOKEN(STR_ME_MODE_DISABLE_HECI), value = ME_MODE_DISABLE_HECI, flags = 0; option text = STRING_TOKEN(STR_ME_MODE_DISABLE_HAP), value = ME_MODE_DISABLE_HAP, flags = 0; endoneof; @@ -180,31 +177,29 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - checkbox varid = FeaturesData.Ps2Controller, - prompt = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_PROMPT), - help = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_HELP), - flags = INTERACTIVE, - default= 1, + checkbox varid = FeaturesData.Ps2Controller, + prompt = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_PROMPT), + help = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, endcheckbox; suppressif ideqval FeaturesData.WatchdogState == 0; - checkbox varid = FeaturesData.WatchdogConfig.WatchdogEnable, - prompt = STRING_TOKEN(STR_WATCHDOG_ENABLE_PROMPT), - help = STRING_TOKEN(STR_WATCHDOG_ENABLE_HELP), - flags = INTERACTIVE, - default= 1, + checkbox varid = FeaturesData.WatchdogConfig.WatchdogEnable, + prompt = STRING_TOKEN(STR_WATCHDOG_ENABLE_PROMPT), + help = STRING_TOKEN(STR_WATCHDOG_ENABLE_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, endcheckbox; suppressif ideqval FeaturesData.WatchdogConfig.WatchdogEnable == 0; numeric varid = FeaturesData.WatchdogConfig.WatchdogTimeout, prompt = STRING_TOKEN(STR_WATCHDOG_TIMEOUT_PROMPT), help = STRING_TOKEN(STR_WATCHDOG_TIMEOUT_HELP), - flags = INTERACTIVE, - minimum = 60, + flags = RESET_REQUIRED, + minimum = 300, maximum = 1024, step = 0, // Stepping of 0 equates to a manual entering // of a value, otherwise it will be adjusted by "+"/"-" - default = 120, + default = 300, endnumeric; endif; endif; @@ -223,9 +218,9 @@ formset oneof varid = FeaturesData.FanCurveOption, prompt = STRING_TOKEN(STR_FAN_CURVE_PROMPT), help = STRING_TOKEN(STR_FAN_CURVE_HELP), - flags = INTERACTIVE, + flags = RESET_REQUIRED, - option text = STRING_TOKEN(STR_FAN_CURVE_SILENT), value = FAN_CURVE_OPTION_SILENT, flags = 0; + option text = STRING_TOKEN(STR_FAN_CURVE_SILENT), value = FAN_CURVE_OPTION_SILENT, flags = DEFAULT; option text = STRING_TOKEN(STR_FAN_CURVE_PERFORMANCE), value = FAN_CURVE_OPTION_PERFORMANCE, flags = 0; endoneof; endif; @@ -233,7 +228,7 @@ formset oneof varid = FeaturesData.SleepType, prompt = STRING_TOKEN(STR_SLEEP_TYPE_PROMPT), help = STRING_TOKEN(STR_SLEEP_TYPE_HELP), - flags = INTERACTIVE, + flags = RESET_REQUIRED, option text = STRING_TOKEN(STR_SLEEP_TYPE_S0IX), value = SLEEP_TYPE_S0IX, flags = DEFAULT; option text = STRING_TOKEN(STR_SLEEP_TYPE_S3), value = SLEEP_TYPE_S3, flags = 0; From 472011932d241d61e6a4b12e164ad2773401d67c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 25 May 2023 18:11:26 +0200 Subject: [PATCH 125/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c: handle interactive NetworkBoot default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoSystemFeatures.c | 30 ++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 2d1a3f5f10..07e0b6faf4 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -908,5 +908,33 @@ DasharoSystemFeaturesCallback ( OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest ) { - return EFI_UNSUPPORTED; + EFI_STATUS Status; + + Status = EFI_SUCCESS; + + switch (Action) { + case EFI_BROWSER_ACTION_DEFAULT_STANDARD: + case EFI_BROWSER_ACTION_DEFAULT_MANUFACTURING: + { + switch (QuestionId) { + case 0x1101: + { + if (Value == NULL) + return EFI_INVALID_PARAMETER; + + Value->b = PcdGetBool (PcdDefaultNetworkBootEnable); + break; + } + default: + Status = EFI_UNSUPPORTED; + break; + } + break; + } + default: + Status = EFI_UNSUPPORTED; + break; + } + + return Status; } From 56d0d5ade62f3fdd17bacb003a97934e1a118c01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Fri, 21 Jul 2023 13:28:26 +0200 Subject: [PATCH 126/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: make default OC WDT timeout depend on PCD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoModulePkg/DasharoModulePkg.dec | 1 + .../DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c | 8 ++++++++ .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 4 ++-- 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 61127c8aa5..25bf25f1f7 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -49,6 +49,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE|BOOLEAN|0x00000009 gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise|FALSE|BOOLEAN|0x0000000A gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions|FALSE|BOOLEAN|0x0000000B + gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault|500|UINT16|0x0000000C [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 07e0b6faf4..8ca174e97e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -925,6 +925,14 @@ DasharoSystemFeaturesCallback ( Value->b = PcdGetBool (PcdDefaultNetworkBootEnable); break; } + case 0x1102: + { + if (Value == NULL) + return EFI_INVALID_PARAMETER; + + Value->u16 = FixedPcdGet16 (PcdOcWdtTimeoutDefault); + break; + } default: Status = EFI_UNSUPPORTED; break; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index b0440d5a48..ee35cdfaaf 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -69,3 +69,4 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions + gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault \ No newline at end of file diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 82af83731d..0f8641edd6 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -192,14 +192,14 @@ formset suppressif ideqval FeaturesData.WatchdogConfig.WatchdogEnable == 0; numeric varid = FeaturesData.WatchdogConfig.WatchdogTimeout, + questionid = 0x1102, prompt = STRING_TOKEN(STR_WATCHDOG_TIMEOUT_PROMPT), help = STRING_TOKEN(STR_WATCHDOG_TIMEOUT_HELP), - flags = RESET_REQUIRED, + flags = RESET_REQUIRED | INTERACTIVE, minimum = 300, maximum = 1024, step = 0, // Stepping of 0 equates to a manual entering // of a value, otherwise it will be adjusted by "+"/"-" - default = 300, endnumeric; endif; endif; From cf76fe5ae4dd7dc4d438f8452f7641a8b789934f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Fri, 21 Jul 2023 13:37:57 +0200 Subject: [PATCH 127/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: hide OC WDT with PCD if not enabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoModulePkg/DasharoModulePkg.dec | 3 +- .../DasharoSystemFeatures.c | 47 +++++-------------- .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 3 +- 4 files changed, 16 insertions(+), 38 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 25bf25f1f7..68fdad224e 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -49,7 +49,8 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE|BOOLEAN|0x00000009 gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise|FALSE|BOOLEAN|0x0000000A gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions|FALSE|BOOLEAN|0x0000000B - gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault|500|UINT16|0x0000000C + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions|FALSE|BOOLEAN|0x0000000C + gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault|500|UINT16|0x0000000D [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 8ca174e97e..350acb3c80 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -152,42 +152,9 @@ GetDefaultWatchdogConfig ( IN OUT DASHARO_FEATURES_DATA *FeaturesData ) { - EFI_STATUS Status; - EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *FadtTable; - UINTN AcpiBase; - UINT32 WatchdogCtl; - - Status = LocateAcpiTableBySignature ( - EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE, - (EFI_ACPI_DESCRIPTION_HEADER **) &FadtTable - ); - if (EFI_ERROR (Status) || (FadtTable == NULL)) { - FeaturesData->WatchdogState = FALSE; - FeaturesData->WatchdogConfig.WatchdogEnable = FALSE; - return; - } - - /* On Intel platforms PM1A Event Block is the ACPI Base */ - AcpiBase = FadtTable->Pm1aEvtBlk; - - /* ACPI size is 0x100 bytes, check for invalid base */ - if (AcpiBase > 0xFF00) { - FeaturesData->WatchdogState = FALSE; - FeaturesData->WatchdogConfig.WatchdogEnable = FALSE; - return; - } - - WatchdogCtl = IoRead32(AcpiBase + 0x54); - - if (WatchdogCtl & PCH_OC_WDT_CTL_EN) { - FeaturesData->WatchdogState = TRUE; - FeaturesData->WatchdogConfig.WatchdogEnable = TRUE; - /* OC WDT timeout is 0 based (0 means 1 second) so increment to match the VFR */ - FeaturesData->WatchdogConfig.WatchdogTimeout = (WatchdogCtl & PCH_OC_WDT_CTL_TOV_MASK) + 1; - } else { - FeaturesData->WatchdogState = FALSE; - FeaturesData->WatchdogConfig.WatchdogEnable = FALSE; - } + FeaturesData->WatchdogState = PcdGetBool (PcdShowOcWdtOptions); + FeaturesData->WatchdogConfig.WatchdogEnable = PcdGetBool (PcdShowOcWdtOptions); + FeaturesData->WatchdogConfig.WatchdogTimeout = FixedPcdGet16 (PcdOcWdtTimeoutDefault); } @@ -926,6 +893,14 @@ DasharoSystemFeaturesCallback ( break; } case 0x1102: + { + if (Value == NULL) + return EFI_INVALID_PARAMETER; + + Value->b = PcdGetBool (PcdShowOcWdtOptions); + break; + } + case 0x1103: { if (Value == NULL) return EFI_INVALID_PARAMETER; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index ee35cdfaaf..2230f49ba4 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -69,4 +69,5 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault \ No newline at end of file diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 0f8641edd6..4f4ed0027d 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -185,6 +185,7 @@ formset suppressif ideqval FeaturesData.WatchdogState == 0; checkbox varid = FeaturesData.WatchdogConfig.WatchdogEnable, + questionid = 0x1102, prompt = STRING_TOKEN(STR_WATCHDOG_ENABLE_PROMPT), help = STRING_TOKEN(STR_WATCHDOG_ENABLE_HELP), flags = CHECKBOX_DEFAULT | RESET_REQUIRED, @@ -192,7 +193,7 @@ formset suppressif ideqval FeaturesData.WatchdogConfig.WatchdogEnable == 0; numeric varid = FeaturesData.WatchdogConfig.WatchdogTimeout, - questionid = 0x1102, + questionid = 0x1103, prompt = STRING_TOKEN(STR_WATCHDOG_TIMEOUT_PROMPT), help = STRING_TOKEN(STR_WATCHDOG_TIMEOUT_HELP), flags = RESET_REQUIRED | INTERACTIVE, From 5988034bb9d03e349018f2eb6160c882883568f8 Mon Sep 17 00:00:00 2001 From: Krystian Hebel Date: Thu, 10 Aug 2023 18:53:17 +0200 Subject: [PATCH 128/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures: add FUM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit adds option in security menu to enable Firmware Update Mode. As a result, UEFI variable is set, which will be later caught by coreboot and acted upon to disable firmware write protections. Signed-off-by: Krystian Hebel Signed-off-by: Michał Żygowski --- .../DasharoSystemFeatures.c | 40 +++++++++++++++++++ .../DasharoSystemFeatures.h | 1 + .../DasharoSystemFeaturesStrings.uni | 3 ++ .../DasharoSystemFeaturesVfr.vfr | 10 +++++ 4 files changed, 54 insertions(+) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 350acb3c80..38871592ce 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -28,6 +28,7 @@ STATIC CHAR16 mWatchdogStateEfiVar[] = L"WatchdogAvailable"; STATIC CHAR16 mFanCurveOptionEfiVar[] = L"FanCurveOption"; STATIC CHAR16 mIommuConfigEfiVar[] = L"IommuConfig"; STATIC CHAR16 mSleepTypeEfiVar[] = L"SleepType"; +STATIC CHAR16 mFirmwareUpdateModeEfiVar[] = L"FirmwareUpdateMode"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -876,7 +877,10 @@ DasharoSystemFeaturesCallback ( ) { EFI_STATUS Status; + EFI_INPUT_KEY Key; + BOOLEAN Enable; + Enable = TRUE; Status = EFI_SUCCESS; switch (Action) { @@ -914,6 +918,42 @@ DasharoSystemFeaturesCallback ( } break; } + case EFI_BROWSER_ACTION_CHANGED: + { + if (QuestionId == 0x1330) { + do { + CreatePopUp ( + EFI_BLACK | EFI_BACKGROUND_RED, + &Key, + L"", + L"You are about to enable Firmware Update Mode.", + L"This will turn off all flash protection mechanisms", + L"for the duration of the next boot.", + L"", + L"Press ENTER to continue and reboot or ESC to cancel...", + L"", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + Status = gRT->SetVariable ( + mFirmwareUpdateModeEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (Enable), + &Enable + ); + if (EFI_ERROR (Status)) { + return Status; + } + gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); + } + } else { + Status = EFI_UNSUPPORTED; + } + } + break; default: Status = EFI_UNSUPPORTED; break; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h index 3cf7213eb4..a22565b3d2 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h @@ -29,6 +29,7 @@ SPDX-License-Identifier: BSD-2-Clause #include #include #include +#include #include "DasharoSystemFeaturesHii.h" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index a46a289615..cfc4d5229d 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -32,6 +32,9 @@ #string STR_DASHARO_POWER_CONFIGURATION_TITLE #language en-US "Power Management Options" #string STR_DASHARO_POWER_CONFIGURATION_HELP #language en-US "Power management-related options" +#string STR_FUM_PROMPT #language en-US "> Enter Firmware Update Mode" +#string STR_FUM_HELP #language en-US "Disables all firmware protections for the duration of next boot." + #string STR_LOCK_BIOS_PROMPT #language en-US "Lock the BIOS boot medium" #string STR_LOCK_BIOS_HELP #language en-US "Locks the recovery partition of vboot" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 4f4ed0027d..c9b35b0dca 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -105,9 +105,19 @@ formset endcheckbox; endif; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + + text + help = STRING_TOKEN(STR_FUM_HELP), + text = STRING_TOKEN(STR_FUM_PROMPT), + flags = INTERACTIVE, + key = 0x1330; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); + endform; form formid = DASHARO_NETWORK_OPTIONS_FORM_ID, From 4cdcf390b8e6ee07a244a399a4a332699580ebee Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sun, 27 Aug 2023 19:16:58 +0300 Subject: [PATCH 129/357] DasharoModulePkg: Add Power Management Option for power failure state Selects state the system gets into when power supply is restored after power failure. Adds gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultPowerFailureState PCD which sets its default value. Signed-off-by: Sergii Dmytruk --- DasharoModulePkg/DasharoModulePkg.dec | 1 + .../DasharoSystemFeatures.c | 45 +++++++++++++++++++ .../DasharoSystemFeaturesHii.h | 7 +++ .../DasharoSystemFeaturesStrings.uni | 7 +++ .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 13 ++++++ 6 files changed, 74 insertions(+) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 68fdad224e..f1b963f6d6 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -51,6 +51,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions|FALSE|BOOLEAN|0x0000000B gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions|FALSE|BOOLEAN|0x0000000C gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault|500|UINT16|0x0000000D + gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultPowerFailureState|0xff|UINT8|0x0000000E [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 38871592ce..6c6ff46e77 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -29,6 +29,7 @@ STATIC CHAR16 mFanCurveOptionEfiVar[] = L"FanCurveOption"; STATIC CHAR16 mIommuConfigEfiVar[] = L"IommuConfig"; STATIC CHAR16 mSleepTypeEfiVar[] = L"SleepType"; STATIC CHAR16 mFirmwareUpdateModeEfiVar[] = L"FirmwareUpdateMode"; +STATIC CHAR16 mPowerFailureStateEfiVar[] = L"PowerFailureState"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -499,6 +500,29 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState); + Status = gRT->GetVariable ( + mPowerFailureStateEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState = + FixedPcdGet8 (PcdDefaultPowerFailureState); + + Status = gRT->SetVariable ( + mPowerFailureStateEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState + ); + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } @@ -845,6 +869,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.PowerFailureState != DasharoFeaturesData.PowerFailureState) { + Status = gRT->SetVariable ( + mPowerFailureStateEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.PowerFailureState), + &DasharoFeaturesData.PowerFailureState + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } @@ -912,6 +949,14 @@ DasharoSystemFeaturesCallback ( Value->u16 = FixedPcdGet16 (PcdOcWdtTimeoutDefault); break; } + case 0x1104: + { + if (Value == NULL) + return EFI_INVALID_PARAMETER; + + Value->u8 = FixedPcdGet8 (PcdDefaultPowerFailureState); + break; + } default: Status = EFI_UNSUPPORTED; break; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 6618459563..f556ff0e78 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -62,6 +62,7 @@ typedef struct { IOMMU_CONFIG IommuConfig; BOOLEAN BootManagerEnabled; UINT8 SleepType; + UINT8 PowerFailureState; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 @@ -71,10 +72,16 @@ typedef struct { #define SLEEP_TYPE_S0IX 0 #define SLEEP_TYPE_S3 1 +#define POWER_FAILURE_STATE_OFF 0 +#define POWER_FAILURE_STATE_ON 1 +#define POWER_FAILURE_STATE_KEEP 2 +#define POWER_FAILURE_STATE_HIDDEN 0xff + #define LOCK_BIOS_QUESTION_ID 0x8000 #define NETWORK_BOOT_QUESTION_ID 0x8001 #define USB_STACK_QUESTION_ID 0x8002 #define USB_MASS_STORAGE_QUESTION_ID 0x8003 +#define POWER_FAILURE_STATE_QUESTION_ID 0x8004 extern EFI_GUID gDasharoSystemFeaturesGuid; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index cfc4d5229d..0b2d2a86c2 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -97,3 +97,10 @@ #string STR_SLEEP_TYPE_S0IX #language en-US "Suspend to Idle (S0ix)" #string STR_SLEEP_TYPE_S3 #language en-US "Suspend to RAM (S3)" + +#string STR_POWER_FAILURE_STATE_PROMPT #language en-US "Power state after power failure" +#string STR_POWER_FAILURE_STATE_HELP #language en-US "Selects state the system gets into when power supply is restored after power failure" + +#string STR_POWER_FAILURE_STATE_OFF #language en-US "Powered Off" +#string STR_POWER_FAILURE_STATE_ON #language en-US "Powered On" +#string STR_POWER_FAILURE_STATE_KEEP #language en-US "The state at the moment of power failure" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 2230f49ba4..5ade7f6d80 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -67,6 +67,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable + gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultPowerFailureState gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index c9b35b0dca..d1312714b6 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -245,6 +245,19 @@ formset option text = STRING_TOKEN(STR_SLEEP_TYPE_S3), value = SLEEP_TYPE_S3, flags = 0; endoneof; + suppressif ideqval FeaturesData.PowerFailureState == POWER_FAILURE_STATE_HIDDEN; + oneof varid = FeaturesData.PowerFailureState, + questionid = 0x1104, + prompt = STRING_TOKEN(STR_POWER_FAILURE_STATE_PROMPT), + help = STRING_TOKEN(STR_POWER_FAILURE_STATE_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + + option text = STRING_TOKEN(STR_POWER_FAILURE_STATE_OFF), value = POWER_FAILURE_STATE_OFF, flags = 0; + option text = STRING_TOKEN(STR_POWER_FAILURE_STATE_ON), value = POWER_FAILURE_STATE_ON, flags = 0; + option text = STRING_TOKEN(STR_POWER_FAILURE_STATE_KEEP), value = POWER_FAILURE_STATE_KEEP, flags = 0; + endoneof; + endif; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); From 5404e7fb597f78b3092a11ddbf1233179c9acec1 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sun, 27 Aug 2023 19:33:02 +0300 Subject: [PATCH 130/357] DasharoModulePkg: Add PcdPowerMenuShowSleepType PCD It controls visibility of sleep type inside Power Management Options submenu. The PCD is on by default for compatibility. Signed-off-by: Sergii Dmytruk --- DasharoModulePkg/DasharoModulePkg.dec | 1 + .../DasharoSystemFeatures.c | 1 + .../DasharoSystemFeaturesHii.h | 1 + .../DasharoSystemFeaturesUiLib.inf | 3 ++- .../DasharoSystemFeaturesVfr.vfr | 16 +++++++++------- 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index f1b963f6d6..42ce2bd33f 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -52,6 +52,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions|FALSE|BOOLEAN|0x0000000C gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault|500|UINT16|0x0000000D gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultPowerFailureState|0xff|UINT8|0x0000000E + gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowSleepType|TRUE|BOOLEAN|0x0000000F [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 6c6ff46e77..579ddd727e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -213,6 +213,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowChipsetMenu = PcdGetBool (PcdShowChipsetMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPowerMenu = PcdGetBool (PcdShowPowerMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowFanCurve = PcdGetBool (PcdPowerMenuShowFanCurve); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowSleepType = PcdGetBool (PcdPowerMenuShowSleepType); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DasharoEnterprise = PcdGetBool (PcdDasharoEnterprise); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowIommu = PcdGetBool (PcdShowIommuOptions); diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index f556ff0e78..82c984139e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -46,6 +46,7 @@ typedef struct { BOOLEAN ShowChipsetMenu; BOOLEAN ShowPowerMenu; BOOLEAN PowerMenuShowFanCurve; + BOOLEAN PowerMenuShowSleepType; BOOLEAN DasharoEnterprise; BOOLEAN SecurityMenuShowIommu; // Feature data diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 5ade7f6d80..10b1df957a 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -66,9 +66,10 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve + gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowSleepType gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultPowerFailureState gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions - gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault \ No newline at end of file + gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index d1312714b6..fae9976ae7 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -236,14 +236,16 @@ formset endoneof; endif; - oneof varid = FeaturesData.SleepType, - prompt = STRING_TOKEN(STR_SLEEP_TYPE_PROMPT), - help = STRING_TOKEN(STR_SLEEP_TYPE_HELP), - flags = RESET_REQUIRED, + suppressif ideqval FeaturesData.PowerMenuShowSleepType == 0; + oneof varid = FeaturesData.SleepType, + prompt = STRING_TOKEN(STR_SLEEP_TYPE_PROMPT), + help = STRING_TOKEN(STR_SLEEP_TYPE_HELP), + flags = RESET_REQUIRED, - option text = STRING_TOKEN(STR_SLEEP_TYPE_S0IX), value = SLEEP_TYPE_S0IX, flags = DEFAULT; - option text = STRING_TOKEN(STR_SLEEP_TYPE_S3), value = SLEEP_TYPE_S3, flags = 0; - endoneof; + option text = STRING_TOKEN(STR_SLEEP_TYPE_S0IX), value = SLEEP_TYPE_S0IX, flags = DEFAULT; + option text = STRING_TOKEN(STR_SLEEP_TYPE_S3), value = SLEEP_TYPE_S3, flags = 0; + endoneof; + endif; suppressif ideqval FeaturesData.PowerFailureState == POWER_FAILURE_STATE_HIDDEN; oneof varid = FeaturesData.PowerFailureState, From 78bc59ad1347b45fbc42e1562a7558775a786e71 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Tue, 29 Aug 2023 15:32:34 +0300 Subject: [PATCH 131/357] DasharoModulePkg: DasharoSystemFeaturesUiLib: use *_QUESTION_ID constants Signed-off-by: Sergii Dmytruk --- .../DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c | 10 +++++----- .../DasharoSystemFeaturesHii.h | 10 +++++----- .../DasharoSystemFeaturesVfr.vfr | 10 +++++----- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 579ddd727e..432a8c298b 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -926,7 +926,7 @@ DasharoSystemFeaturesCallback ( case EFI_BROWSER_ACTION_DEFAULT_MANUFACTURING: { switch (QuestionId) { - case 0x1101: + case NETWORK_BOOT_QUESTION_ID: { if (Value == NULL) return EFI_INVALID_PARAMETER; @@ -934,7 +934,7 @@ DasharoSystemFeaturesCallback ( Value->b = PcdGetBool (PcdDefaultNetworkBootEnable); break; } - case 0x1102: + case WATCHDOG_OPTIONS_QUESTION_ID: { if (Value == NULL) return EFI_INVALID_PARAMETER; @@ -942,7 +942,7 @@ DasharoSystemFeaturesCallback ( Value->b = PcdGetBool (PcdShowOcWdtOptions); break; } - case 0x1103: + case WATCHDOG_TIMEOUT_QUESTION_ID: { if (Value == NULL) return EFI_INVALID_PARAMETER; @@ -950,7 +950,7 @@ DasharoSystemFeaturesCallback ( Value->u16 = FixedPcdGet16 (PcdOcWdtTimeoutDefault); break; } - case 0x1104: + case POWER_FAILURE_STATE_QUESTION_ID: { if (Value == NULL) return EFI_INVALID_PARAMETER; @@ -966,7 +966,7 @@ DasharoSystemFeaturesCallback ( } case EFI_BROWSER_ACTION_CHANGED: { - if (QuestionId == 0x1330) { + if (QuestionId == FIRMWARE_UPDATE_MODE_QUESTION_ID) { do { CreatePopUp ( EFI_BLACK | EFI_BACKGROUND_RED, diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 82c984139e..a068a0182f 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -78,11 +78,11 @@ typedef struct { #define POWER_FAILURE_STATE_KEEP 2 #define POWER_FAILURE_STATE_HIDDEN 0xff -#define LOCK_BIOS_QUESTION_ID 0x8000 -#define NETWORK_BOOT_QUESTION_ID 0x8001 -#define USB_STACK_QUESTION_ID 0x8002 -#define USB_MASS_STORAGE_QUESTION_ID 0x8003 -#define POWER_FAILURE_STATE_QUESTION_ID 0x8004 +#define NETWORK_BOOT_QUESTION_ID 0x8000 +#define WATCHDOG_OPTIONS_QUESTION_ID 0x8001 +#define WATCHDOG_TIMEOUT_QUESTION_ID 0x8002 +#define FIRMWARE_UPDATE_MODE_QUESTION_ID 0x8003 +#define POWER_FAILURE_STATE_QUESTION_ID 0x8004 extern EFI_GUID gDasharoSystemFeaturesGuid; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index fae9976ae7..7bcfed31ac 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -112,7 +112,7 @@ formset help = STRING_TOKEN(STR_FUM_HELP), text = STRING_TOKEN(STR_FUM_PROMPT), flags = INTERACTIVE, - key = 0x1330; + key = FIRMWARE_UPDATE_MODE_QUESTION_ID; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -126,7 +126,7 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); checkbox varid = FeaturesData.NetworkBoot, - questionid = 0x1101, + questionid = NETWORK_BOOT_QUESTION_ID, prompt = STRING_TOKEN(STR_NETWORK_BOOT_ENABLE_PROMPT), help = STRING_TOKEN(STR_NETWORK_BOOT_ENABLE_HELP), flags = INTERACTIVE | RESET_REQUIRED, @@ -195,7 +195,7 @@ formset suppressif ideqval FeaturesData.WatchdogState == 0; checkbox varid = FeaturesData.WatchdogConfig.WatchdogEnable, - questionid = 0x1102, + questionid = WATCHDOG_OPTIONS_QUESTION_ID, prompt = STRING_TOKEN(STR_WATCHDOG_ENABLE_PROMPT), help = STRING_TOKEN(STR_WATCHDOG_ENABLE_HELP), flags = CHECKBOX_DEFAULT | RESET_REQUIRED, @@ -203,7 +203,7 @@ formset suppressif ideqval FeaturesData.WatchdogConfig.WatchdogEnable == 0; numeric varid = FeaturesData.WatchdogConfig.WatchdogTimeout, - questionid = 0x1103, + questionid = WATCHDOG_TIMEOUT_QUESTION_ID, prompt = STRING_TOKEN(STR_WATCHDOG_TIMEOUT_PROMPT), help = STRING_TOKEN(STR_WATCHDOG_TIMEOUT_HELP), flags = RESET_REQUIRED | INTERACTIVE, @@ -249,7 +249,7 @@ formset suppressif ideqval FeaturesData.PowerFailureState == POWER_FAILURE_STATE_HIDDEN; oneof varid = FeaturesData.PowerFailureState, - questionid = 0x1104, + questionid = POWER_FAILURE_STATE_QUESTION_ID, prompt = STRING_TOKEN(STR_POWER_FAILURE_STATE_PROMPT), help = STRING_TOKEN(STR_POWER_FAILURE_STATE_HELP), flags = INTERACTIVE | RESET_REQUIRED, From f2fddbc458dd8e3b408f015182a0e8cf2fa66bda Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Mon, 28 Aug 2023 19:12:36 +0300 Subject: [PATCH 132/357] DasharoModulePkg: Add empty PCI/PCIe Configuration submenu Signed-off-by: Sergii Dmytruk --- DasharoModulePkg/DasharoModulePkg.dec | 1 + .../DasharoSystemFeatures.c | 1 + .../DasharoSystemFeaturesHii.h | 2 ++ .../DasharoSystemFeaturesStrings.uni | 3 +++ .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 11 +++++++++++ 6 files changed, 19 insertions(+) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 42ce2bd33f..f4cbbbe1f3 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -53,6 +53,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault|500|UINT16|0x0000000D gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultPowerFailureState|0xff|UINT8|0x0000000E gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowSleepType|TRUE|BOOLEAN|0x0000000F + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPciMenu|FALSE|BOOLEAN|0x00000010 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 432a8c298b..a9b14abc04 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -212,6 +212,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowNetworkMenu = PcdGetBool (PcdShowNetworkMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowChipsetMenu = PcdGetBool (PcdShowChipsetMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPowerMenu = PcdGetBool (PcdShowPowerMenu); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPciMenu = PcdGetBool (PcdShowPciMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowFanCurve = PcdGetBool (PcdPowerMenuShowFanCurve); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowSleepType = PcdGetBool (PcdPowerMenuShowSleepType); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DasharoEnterprise = PcdGetBool (PcdDasharoEnterprise); diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index a068a0182f..ada969230a 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -19,6 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause #define DASHARO_INTEL_ME_OPTIONS_FORM_ID 0x1004 #define DASHARO_CHIPSET_CONFIGURATION_FORM_ID 0x1005 #define DASHARO_POWER_CONFIGURATION_FORM_ID 0x1006 +#define DASHARO_PCI_CONFIGURATION_FORM_ID 0x1007 #define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 @@ -45,6 +46,7 @@ typedef struct { BOOLEAN ShowNetworkMenu; BOOLEAN ShowChipsetMenu; BOOLEAN ShowPowerMenu; + BOOLEAN ShowPciMenu; BOOLEAN PowerMenuShowFanCurve; BOOLEAN PowerMenuShowSleepType; BOOLEAN DasharoEnterprise; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 0b2d2a86c2..373e3de0a3 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -32,6 +32,9 @@ #string STR_DASHARO_POWER_CONFIGURATION_TITLE #language en-US "Power Management Options" #string STR_DASHARO_POWER_CONFIGURATION_HELP #language en-US "Power management-related options" +#string STR_DASHARO_PCI_CONFIGURATION_TITLE #language en-US "PCI/PCIe Configuration" +#string STR_DASHARO_PCI_CONFIGURATION_HELP #language en-US "PCI/PCIe configuration options" + #string STR_FUM_PROMPT #language en-US "> Enter Firmware Update Mode" #string STR_FUM_HELP #language en-US "Disables all firmware protections for the duration of next boot." diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 10b1df957a..869889dfe1 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -65,6 +65,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowNetworkMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPciMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowSleepType gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 7bcfed31ac..6c1f097fa7 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -58,6 +58,12 @@ formset help = STRING_TOKEN(STR_DASHARO_POWER_CONFIGURATION_HELP); endif; + suppressif ideqval FeaturesData.ShowPciMenu == 0; + goto DASHARO_PCI_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_PCI_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_PCI_CONFIGURATION_HELP); + endif; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); @@ -264,4 +270,9 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); endform; + + form formid = DASHARO_PCI_CONFIGURATION_FORM_ID, + title = STRING_TOKEN(STR_DASHARO_PCI_CONFIGURATION_TITLE); + + endform; endformset; From 48596fa020a6685b220fa69f6d145fda77174a80 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Mon, 28 Aug 2023 20:43:43 +0300 Subject: [PATCH 133/357] DasharoModulePkg: Add PCI/PCIe option to enable Resizeable BARs Signed-off-by: Sergii Dmytruk --- DasharoModulePkg/DasharoModulePkg.dec | 1 + .../DasharoSystemFeatures.c | 37 +++++++++++++++++++ .../DasharoSystemFeaturesHii.h | 2 + .../DasharoSystemFeaturesStrings.uni | 5 +++ .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 10 ++++- 6 files changed, 55 insertions(+), 1 deletion(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index f4cbbbe1f3..ab0dc1aa19 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -54,6 +54,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultPowerFailureState|0xff|UINT8|0x0000000E gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowSleepType|TRUE|BOOLEAN|0x0000000F gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPciMenu|FALSE|BOOLEAN|0x00000010 + gDasharoSystemFeaturesTokenSpaceGuid.PcdPciMenuShowResizeableBars|FALSE|BOOLEAN|0x00000011 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index a9b14abc04..d29cab527a 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -30,6 +30,7 @@ STATIC CHAR16 mIommuConfigEfiVar[] = L"IommuConfig"; STATIC CHAR16 mSleepTypeEfiVar[] = L"SleepType"; STATIC CHAR16 mFirmwareUpdateModeEfiVar[] = L"FirmwareUpdateMode"; STATIC CHAR16 mPowerFailureStateEfiVar[] = L"PowerFailureState"; +STATIC CHAR16 mResizeableBarsEnabledEfiVar[] = L"PCIeResizeableBarsEnabled"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -42,6 +43,7 @@ STATIC UINT8 mIommuEnableDefault = FALSE; STATIC UINT8 mIommuHandoffDefault = FALSE; STATIC BOOLEAN mBootManagerEnabledDefault = TRUE; STATIC UINT8 mSleepTypeDefault = SLEEP_TYPE_S0IX; +STATIC UINT8 mResizeableBarsEnabledDefault = FALSE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -217,6 +219,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowSleepType = PcdGetBool (PcdPowerMenuShowSleepType); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DasharoEnterprise = PcdGetBool (PcdDasharoEnterprise); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowIommu = PcdGetBool (PcdShowIommuOptions); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PciMenuShowResizeableBars = PcdGetBool (PcdPciMenuShowResizeableBars); // Setup feature state BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); @@ -525,6 +528,27 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled); + Status = gRT->GetVariable ( + mResizeableBarsEnabledEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled = mResizeableBarsEnabledDefault; + Status = gRT->SetVariable ( + mResizeableBarsEnabledEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled + ); + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } @@ -884,6 +908,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.ResizeableBarsEnabled != DasharoFeaturesData.ResizeableBarsEnabled) { + Status = gRT->SetVariable ( + mResizeableBarsEnabledEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.ResizeableBarsEnabled), + &DasharoFeaturesData.ResizeableBarsEnabled + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index ada969230a..b64ce036e4 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -51,6 +51,7 @@ typedef struct { BOOLEAN PowerMenuShowSleepType; BOOLEAN DasharoEnterprise; BOOLEAN SecurityMenuShowIommu; + BOOLEAN PciMenuShowResizeableBars; // Feature data BOOLEAN LockBios; BOOLEAN SmmBwp; @@ -66,6 +67,7 @@ typedef struct { BOOLEAN BootManagerEnabled; UINT8 SleepType; UINT8 PowerFailureState; + BOOLEAN ResizeableBarsEnabled; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 373e3de0a3..627c389ada 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -107,3 +107,8 @@ #string STR_POWER_FAILURE_STATE_OFF #language en-US "Powered Off" #string STR_POWER_FAILURE_STATE_ON #language en-US "Powered On" #string STR_POWER_FAILURE_STATE_KEEP #language en-US "The state at the moment of power failure" + +#string STR_RESIZEABLE_BARS_PROMPT #language en-US "Enable PCIe Resizeable BARs" +#string STR_RESIZEABLE_BARS_HELP #language en-US "Enables allocation of resizeable BARs for devices that request them.\n\n" + "Enabling this option can cause conflicts with GPU virtualization.\n\n" + "Requested size might exceed maximum BAR size of the firmware in which case performance might be reduced." diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 869889dfe1..58797a2afb 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -74,3 +74,4 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault + gDasharoSystemFeaturesTokenSpaceGuid.PcdPciMenuShowResizeableBars diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 6c1f097fa7..11ea2aa812 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -273,6 +273,14 @@ formset form formid = DASHARO_PCI_CONFIGURATION_FORM_ID, title = STRING_TOKEN(STR_DASHARO_PCI_CONFIGURATION_TITLE); - + + suppressif ideqval FeaturesData.PciMenuShowResizeableBars == 0; + checkbox varid = FeaturesData.ResizeableBarsEnabled, + prompt = STRING_TOKEN(STR_RESIZEABLE_BARS_PROMPT), + help = STRING_TOKEN(STR_RESIZEABLE_BARS_HELP), + flags = RESET_REQUIRED, + endcheckbox; + endif; + endform; endformset; From f591d0eb227b960a3688c9d58a823e26332a1c99 Mon Sep 17 00:00:00 2001 From: Husni Faiz Date: Tue, 29 Aug 2023 03:01:20 +0530 Subject: [PATCH 134/357] DasharoModulePkg: DasharoSystemFeatures: add PCI OptionROM execution option --- DasharoModulePkg/Include/DasharoOptions.h | 16 +++++++ .../DasharoSystemFeatures.c | 47 ++++++++++++++++++- .../DasharoSystemFeaturesHii.h | 8 ++++ .../DasharoSystemFeaturesUiLib.inf | 2 + 4 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 DasharoModulePkg/Include/DasharoOptions.h diff --git a/DasharoModulePkg/Include/DasharoOptions.h b/DasharoModulePkg/Include/DasharoOptions.h new file mode 100644 index 0000000000..cd54426c63 --- /dev/null +++ b/DasharoModulePkg/Include/DasharoOptions.h @@ -0,0 +1,16 @@ +/** @file +Constants for options of Dasharo system features + +Copyright (c) 2023, 3mdeb Sp. z o.o. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _DASHARO_OPTIONS_H_ +#define _DASHARO_OPTIONS_H_ + +#define DASHARO_OPTION_ROM_POLICY_DISABLE_ALL 0 +#define DASHARO_OPTION_ROM_POLICY_ENABLE_ALL 1 +#define DASHARO_OPTION_ROM_POLICY_VGA_ONLY 2 + +#endif diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index d29cab527a..4ccc9b2117 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -31,6 +31,7 @@ STATIC CHAR16 mSleepTypeEfiVar[] = L"SleepType"; STATIC CHAR16 mFirmwareUpdateModeEfiVar[] = L"FirmwareUpdateMode"; STATIC CHAR16 mPowerFailureStateEfiVar[] = L"PowerFailureState"; STATIC CHAR16 mResizeableBarsEnabledEfiVar[] = L"PCIeResizeableBarsEnabled"; +STATIC CHAR16 mOptionRomPolicyEfiVar[] = L"OptionRomPolicy"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -161,7 +162,6 @@ GetDefaultWatchdogConfig ( FeaturesData->WatchdogConfig.WatchdogTimeout = FixedPcdGet16 (PcdOcWdtTimeoutDefault); } - /** Install Dasharo System Features Menu driver. @@ -348,6 +348,29 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution); + Status = gRT->GetVariable ( + mOptionRomPolicyEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution = FixedPcdGetBool (PcdLoadOptionRoms) + ? OPTION_ROM_POLICY_ENABLE_ALL + : OPTION_ROM_POLICY_DISABLE_ALL; + Status = gRT->SetVariable ( + mOptionRomPolicyEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution + ); + ASSERT_EFI_ERROR (Status); + } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller); Status = gRT->GetVariable ( mPs2ControllerEfiVar, @@ -921,6 +944,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.OptionRomExecution != DasharoFeaturesData.OptionRomExecution) { + Status = gRT->SetVariable ( + mOptionRomPolicyEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.OptionRomExecution), + &DasharoFeaturesData.OptionRomExecution + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } @@ -996,6 +1032,15 @@ DasharoSystemFeaturesCallback ( Value->u8 = FixedPcdGet8 (PcdDefaultPowerFailureState); break; } + case OPTION_ROM_STATE_QUESTION_ID: + { + if (Value == NULL) + return EFI_INVALID_PARAMETER; + + Value->u8 = FixedPcdGetBool (PcdLoadOptionRoms) ? OPTION_ROM_POLICY_ENABLE_ALL + : OPTION_ROM_POLICY_DISABLE_ALL; + break; + } default: Status = EFI_UNSUPPORTED; break; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index b64ce036e4..73985d094b 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -9,6 +9,8 @@ SPDX-License-Identifier: BSD-2-Clause #ifndef _DASHARO_SYSTEM_FEATURES_HII_H_ #define _DASHARO_SYSTEM_FEATURES_HII_H_ +#include + #define DASHARO_SYSTEM_FEATURES_GUID \ { 0xd15b327e, 0xff2d, 0x4fc1, {0xab, 0xf6, 0xc1, 0x2b, 0xd0, 0x8c, 0x13, 0x59} } @@ -68,12 +70,17 @@ typedef struct { UINT8 SleepType; UINT8 PowerFailureState; BOOLEAN ResizeableBarsEnabled; + UINT8 OptionRomExecution; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 #define ME_MODE_DISABLE_HECI 1 #define ME_MODE_DISABLE_HAP 2 +#define OPTION_ROM_POLICY_DISABLE_ALL DASHARO_OPTION_ROM_POLICY_DISABLE_ALL +#define OPTION_ROM_POLICY_ENABLE_ALL DASHARO_OPTION_ROM_POLICY_ENABLE_ALL +#define OPTION_ROM_POLICY_VGA_ONLY DASHARO_OPTION_ROM_POLICY_VGA_ONLY + #define SLEEP_TYPE_S0IX 0 #define SLEEP_TYPE_S3 1 @@ -87,6 +94,7 @@ typedef struct { #define WATCHDOG_TIMEOUT_QUESTION_ID 0x8002 #define FIRMWARE_UPDATE_MODE_QUESTION_ID 0x8003 #define POWER_FAILURE_STATE_QUESTION_ID 0x8004 +#define OPTION_ROM_STATE_QUESTION_ID 0x8005 extern EFI_GUID gDasharoSystemFeaturesGuid; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 58797a2afb..0136fcf040 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -32,6 +32,7 @@ DasharoModulePkg/DasharoModulePkg.dec MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec [LibraryClasses] DevicePathLib @@ -75,3 +76,4 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault gDasharoSystemFeaturesTokenSpaceGuid.PcdPciMenuShowResizeableBars + gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms From 9420c1ac04ca1cc3044871e79e8e40ca57acee62 Mon Sep 17 00:00:00 2001 From: Husni Faiz Date: Tue, 29 Aug 2023 03:02:12 +0530 Subject: [PATCH 135/357] DasharoModulePkg: DasharoSyxtemFeatures: define OptionROM strings for menu --- .../DasharoSystemFeaturesStrings.uni | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 627c389ada..e32fe354ea 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -112,3 +112,10 @@ #string STR_RESIZEABLE_BARS_HELP #language en-US "Enables allocation of resizeable BARs for devices that request them.\n\n" "Enabling this option can cause conflicts with GPU virtualization.\n\n" "Requested size might exceed maximum BAR size of the firmware in which case performance might be reduced." + +#string STR_OPTION_ROM_PROMPT #language en-US "OptionROM Execution Policy" +#string STR_OPTION_ROM_HELP #language en-US "This option allows control over which OptionROMs get loaded." + +#string STR_OPTION_ROM_DISABLE #language en-US "Disable all OptionROMs loading" +#string STR_OPTION_ROM_ENABLE #language en-US "Enable all OptionROMs loading" +#string STR_OPTION_ROM_ENABLE_VGA #language en-US "Enable OptionROM loading only on GPUs" From 699b1b4c6983b88a55c121b226ba6d133401f6bc Mon Sep 17 00:00:00 2001 From: Husni Faiz Date: Tue, 29 Aug 2023 03:03:59 +0530 Subject: [PATCH 136/357] DasharoModulePkg: DasharoSystemFeatures: add OptionROM loading control Signed-off-by: Sergii Dmytruk --- .../DasharoSystemFeaturesVfr.vfr | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 11ea2aa812..ebabab076e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -274,6 +274,8 @@ formset form formid = DASHARO_PCI_CONFIGURATION_FORM_ID, title = STRING_TOKEN(STR_DASHARO_PCI_CONFIGURATION_TITLE); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + suppressif ideqval FeaturesData.PciMenuShowResizeableBars == 0; checkbox varid = FeaturesData.ResizeableBarsEnabled, prompt = STRING_TOKEN(STR_RESIZEABLE_BARS_PROMPT), @@ -282,5 +284,20 @@ formset endcheckbox; endif; + oneof varid = FeaturesData.OptionRomExecution, + questionid = OPTION_ROM_STATE_QUESTION_ID, + prompt = STRING_TOKEN(STR_OPTION_ROM_PROMPT), + help = STRING_TOKEN(STR_OPTION_ROM_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + + option text = STRING_TOKEN(STR_OPTION_ROM_DISABLE), value = OPTION_ROM_POLICY_DISABLE_ALL, flags = 0; + option text = STRING_TOKEN(STR_OPTION_ROM_ENABLE), value = OPTION_ROM_POLICY_ENABLE_ALL, flags = 0; + option text = STRING_TOKEN(STR_OPTION_ROM_ENABLE_VGA), value = OPTION_ROM_POLICY_VGA_ONLY, flags = 0; + endoneof; + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EXIT_STRING); endform; + endformset; From 0d6dab0052cdf0a238d9de62aa79702b5200aea0 Mon Sep 17 00:00:00 2001 From: Mixss Date: Tue, 22 Aug 2023 12:54:36 +0200 Subject: [PATCH 137/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: added menu entry 'Enable Camera' --- .../DasharoSystemFeatures.c | 36 +++++++++++++++++++ .../DasharoSystemFeaturesHii.h | 1 + .../DasharoSystemFeaturesStrings.uni | 4 +++ .../DasharoSystemFeaturesVfr.vfr | 6 ++++ 4 files changed, 47 insertions(+) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 4ccc9b2117..d59a85566e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -32,6 +32,7 @@ STATIC CHAR16 mFirmwareUpdateModeEfiVar[] = L"FirmwareUpdateMode"; STATIC CHAR16 mPowerFailureStateEfiVar[] = L"PowerFailureState"; STATIC CHAR16 mResizeableBarsEnabledEfiVar[] = L"PCIeResizeableBarsEnabled"; STATIC CHAR16 mOptionRomPolicyEfiVar[] = L"OptionRomPolicy"; +STATIC CHAR16 mEnableCameraEfiVar[] = L"EnableCamera"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -45,6 +46,7 @@ STATIC UINT8 mIommuHandoffDefault = FALSE; STATIC BOOLEAN mBootManagerEnabledDefault = TRUE; STATIC UINT8 mSleepTypeDefault = SLEEP_TYPE_S0IX; STATIC UINT8 mResizeableBarsEnabledDefault = FALSE; +STATIC BOOLEAN mEnableCameraDefault = TRUE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -572,6 +574,27 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera); + Status = gRT->GetVariable ( + mEnableCameraEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera = mEnableCameraDefault; + Status = gRT->SetVariable ( + mEnableCameraEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera + ); + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } @@ -957,6 +980,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if(Private->DasharoFeaturesData.EnableCamera != DasharoFeaturesData.EnableCamera) { + Status = gRT->SetVariable ( + mEnableCameraEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.EnableCamera), + &DasharoFeaturesData.EnableCamera + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 73985d094b..8f193b5728 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -71,6 +71,7 @@ typedef struct { UINT8 PowerFailureState; BOOLEAN ResizeableBarsEnabled; UINT8 OptionRomExecution; + BOOLEAN EnableCamera; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index e32fe354ea..560d2c75c1 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -119,3 +119,7 @@ #string STR_OPTION_ROM_DISABLE #language en-US "Disable all OptionROMs loading" #string STR_OPTION_ROM_ENABLE #language en-US "Enable all OptionROMs loading" #string STR_OPTION_ROM_ENABLE_VGA #language en-US "Enable OptionROM loading only on GPUs" + +#string STR_ENABLE_CAMERA_PROMPT #language en-US "Enable Camera" +#string STR_ENABLE_CAMERA_HELP #language en-US "If this option is disabled, the power to the USB webcam is disconnected completely" + diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index ebabab076e..7cc7ff9730 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -111,6 +111,12 @@ formset endcheckbox; endif; + checkbox varid = FeaturesData.EnableCamera, + prompt = STRING_TOKEN(STR_ENABLE_CAMERA_PROMPT), + help = STRING_TOKEN(STR_ENABLE_CAMERA_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, + endcheckbox; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); From 94dff1a06534f8f6165a3f1c19fd46cbaa81fe45 Mon Sep 17 00:00:00 2001 From: Krystian Hebel Date: Fri, 15 Sep 2023 15:21:28 +0200 Subject: [PATCH 138/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c: warn about network use DTS will be automatically started after FUM is enabled. Inform user that Ethernet cable must be plugged in for seamless update process. Signed-off-by: Krystian Hebel --- .../Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index d59a85566e..695ae05740 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -1095,6 +1095,9 @@ DasharoSystemFeaturesCallback ( L"This will turn off all flash protection mechanisms", L"for the duration of the next boot.", L"", + L"DTS will be started automatically through iPXE, please", + L"make sure an Ethernet cable is connected before continuing.", + L"", L"Press ENTER to continue and reboot or ESC to cancel...", L"", NULL From e68e82364315ddd3fc40148a36053f8d278d6faf Mon Sep 17 00:00:00 2001 From: Mixss Date: Thu, 24 Aug 2023 09:21:03 +0200 Subject: [PATCH 139/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: added Enable WiFi + BT radios setting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mixss Signed-off-by: Michał Kopeć --- .../DasharoSystemFeatures.c | 36 +++++++++++++++++++ .../DasharoSystemFeaturesHii.h | 1 + .../DasharoSystemFeaturesStrings.uni | 2 ++ .../DasharoSystemFeaturesVfr.vfr | 6 ++++ 4 files changed, 45 insertions(+) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 695ae05740..c984dde25f 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -33,6 +33,7 @@ STATIC CHAR16 mPowerFailureStateEfiVar[] = L"PowerFailureState"; STATIC CHAR16 mResizeableBarsEnabledEfiVar[] = L"PCIeResizeableBarsEnabled"; STATIC CHAR16 mOptionRomPolicyEfiVar[] = L"OptionRomPolicy"; STATIC CHAR16 mEnableCameraEfiVar[] = L"EnableCamera"; +STATIC CHAR16 mEnableWifiBtEfiVar[] = L"EnableWifiBt"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -47,6 +48,7 @@ STATIC BOOLEAN mBootManagerEnabledDefault = TRUE; STATIC UINT8 mSleepTypeDefault = SLEEP_TYPE_S0IX; STATIC UINT8 mResizeableBarsEnabledDefault = FALSE; STATIC BOOLEAN mEnableCameraDefault = TRUE; +STATIC BOOLEAN mEnableWifiBtDefault = TRUE; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -595,6 +597,27 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt); + Status = gRT->GetVariable ( + mEnableWifiBtEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt = mEnableWifiBtDefault; + Status = gRT->SetVariable ( + mEnableWifiBtEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt + ); + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } @@ -954,6 +977,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.EnableWifiBt != DasharoFeaturesData.EnableWifiBt) { + Status = gRT->SetVariable ( + mEnableWifiBtEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.EnableWifiBt), + &DasharoFeaturesData.EnableWifiBt + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + if (Private->DasharoFeaturesData.ResizeableBarsEnabled != DasharoFeaturesData.ResizeableBarsEnabled) { Status = gRT->SetVariable ( mResizeableBarsEnabledEfiVar, diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 8f193b5728..1a24feb7f7 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -72,6 +72,7 @@ typedef struct { BOOLEAN ResizeableBarsEnabled; UINT8 OptionRomExecution; BOOLEAN EnableCamera; + BOOLEAN EnableWifiBt; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 560d2c75c1..84c8936963 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -123,3 +123,5 @@ #string STR_ENABLE_CAMERA_PROMPT #language en-US "Enable Camera" #string STR_ENABLE_CAMERA_HELP #language en-US "If this option is disabled, the power to the USB webcam is disconnected completely" +#string STR_WIFI_BT_ENABLE_PROMPT #language en-US "Enable Wi-Fi + BT radios" +#string STR_WIFI_BT_ENABLE_HELP #language en-US "When not enabled, WiFi + Bluetooth card slot is disabled." diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 7cc7ff9730..38ab505a8e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -110,6 +110,12 @@ formset flags = CHECKBOX_DEFAULT | RESET_REQUIRED, endcheckbox; endif; + + checkbox varid = FeaturesData.EnableWifiBt, + prompt = STRING_TOKEN(STR_WIFI_BT_ENABLE_PROMPT), + help = STRING_TOKEN(STR_WIFI_BT_ENABLE_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, + endcheckbox; checkbox varid = FeaturesData.EnableCamera, prompt = STRING_TOKEN(STR_ENABLE_CAMERA_PROMPT), From d91cd17493a7d9966f0944457d5bd50ae346ff0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Wed, 13 Sep 2023 15:36:27 +0200 Subject: [PATCH 140/357] DasharoModulePkg: add option for battery thresholds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoModulePkg/DasharoModulePkg.dec | 1 + .../DasharoSystemFeatures.c | 77 +++++++++++++++++++ .../DasharoSystemFeaturesHii.h | 3 + .../DasharoSystemFeaturesStrings.uni | 10 ++- .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 27 +++++++ 6 files changed, 118 insertions(+), 1 deletion(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index ab0dc1aa19..67c94be4fc 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -55,6 +55,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowSleepType|TRUE|BOOLEAN|0x0000000F gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPciMenu|FALSE|BOOLEAN|0x00000010 gDasharoSystemFeaturesTokenSpaceGuid.PcdPciMenuShowResizeableBars|FALSE|BOOLEAN|0x00000011 + gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowBatteryThresholds|FALSE|BOOLEAN|0x00000012 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index c984dde25f..98c22d522f 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -34,6 +34,8 @@ STATIC CHAR16 mResizeableBarsEnabledEfiVar[] = L"PCIeResizeableBarsEnabled"; STATIC CHAR16 mOptionRomPolicyEfiVar[] = L"OptionRomPolicy"; STATIC CHAR16 mEnableCameraEfiVar[] = L"EnableCamera"; STATIC CHAR16 mEnableWifiBtEfiVar[] = L"EnableWifiBt"; +STATIC CHAR16 mBatteryStartThresholdEfiVar[] = L"BatteryStartThreshold"; +STATIC CHAR16 mBatteryStopThresholdEfiVar[] = L"BatteryStopThreshold"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -49,6 +51,8 @@ STATIC UINT8 mSleepTypeDefault = SLEEP_TYPE_S0IX; STATIC UINT8 mResizeableBarsEnabledDefault = FALSE; STATIC BOOLEAN mEnableCameraDefault = TRUE; STATIC BOOLEAN mEnableWifiBtDefault = TRUE; +STATIC UINT8 mBatteryStartThresholdDefault = 95; +STATIC UINT8 mBatteryStopThresholdDefault = 98; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -221,6 +225,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPciMenu = PcdGetBool (PcdShowPciMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowFanCurve = PcdGetBool (PcdPowerMenuShowFanCurve); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowSleepType = PcdGetBool (PcdPowerMenuShowSleepType); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowBatteryThresholds = PcdGetBool (PcdPowerMenuShowBatteryThresholds); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DasharoEnterprise = PcdGetBool (PcdDasharoEnterprise); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowIommu = PcdGetBool (PcdShowIommuOptions); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PciMenuShowResizeableBars = PcdGetBool (PcdPciMenuShowResizeableBars); @@ -618,6 +623,48 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStartThreshold); + Status = gRT->GetVariable ( + mBatteryStartThresholdEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStartThreshold + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStartThreshold = mBatteryStartThresholdDefault; + Status = gRT->SetVariable ( + mBatteryStartThresholdEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStartThreshold), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStartThreshold + ); + ASSERT_EFI_ERROR (Status); + } + + BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStopThreshold); + Status = gRT->GetVariable ( + mBatteryStopThresholdEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStopThreshold + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStopThreshold = mBatteryStopThresholdDefault; + Status = gRT->SetVariable ( + mBatteryStopThresholdEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStopThreshold), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStopThreshold + ); + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } @@ -1029,6 +1076,36 @@ DasharoSystemFeaturesRouteConfig ( } } + if(DasharoFeaturesData.BatteryStartThreshold > DasharoFeaturesData.BatteryStopThreshold) { + return EFI_INVALID_PARAMETER; + } + + if(Private->DasharoFeaturesData.BatteryStartThreshold != DasharoFeaturesData.BatteryStartThreshold) { + Status = gRT->SetVariable ( + mBatteryStartThresholdEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.BatteryStartThreshold), + &DasharoFeaturesData.BatteryStartThreshold + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + + if(Private->DasharoFeaturesData.BatteryStopThreshold != DasharoFeaturesData.BatteryStopThreshold) { + Status = gRT->SetVariable ( + mBatteryStopThresholdEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.BatteryStopThreshold), + &DasharoFeaturesData.BatteryStopThreshold + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 1a24feb7f7..996d7543b4 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -51,6 +51,7 @@ typedef struct { BOOLEAN ShowPciMenu; BOOLEAN PowerMenuShowFanCurve; BOOLEAN PowerMenuShowSleepType; + BOOLEAN PowerMenuShowBatteryThresholds; BOOLEAN DasharoEnterprise; BOOLEAN SecurityMenuShowIommu; BOOLEAN PciMenuShowResizeableBars; @@ -73,6 +74,8 @@ typedef struct { UINT8 OptionRomExecution; BOOLEAN EnableCamera; BOOLEAN EnableWifiBt; + UINT8 BatteryStartThreshold; + UINT8 BatteryStopThreshold; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 84c8936963..c24e1ba1c6 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -121,7 +121,15 @@ #string STR_OPTION_ROM_ENABLE_VGA #language en-US "Enable OptionROM loading only on GPUs" #string STR_ENABLE_CAMERA_PROMPT #language en-US "Enable Camera" -#string STR_ENABLE_CAMERA_HELP #language en-US "If this option is disabled, the power to the USB webcam is disconnected completely" +#string STR_ENABLE_CAMERA_HELP #language en-US "If this option is disabled, the power to the USB webcam is disconnected completely" #string STR_WIFI_BT_ENABLE_PROMPT #language en-US "Enable Wi-Fi + BT radios" #string STR_WIFI_BT_ENABLE_HELP #language en-US "When not enabled, WiFi + Bluetooth card slot is disabled." + +#string STR_BATTERY_START_THRESHOLD_PROMPT #language en-US "Battery charging start threshold" +#string STR_BATTERY_START_THRESHOLD_HELP #language en-US "The battery will start charging once the charge level drops below this value." + +#string STR_BATTERY_STOP_THRESHOLD_PROMPT #language en-US "Battery charging stop threshold" +#string STR_BATTERY_STOP_THRESHOLD_HELP #language en-US "The battery will stop charging once the charge level reaches this value." + +#string STR_BATTERY_THRESHOLD_RANGE_ERROR #language en-US "The battery stop threshold must be greater than the start threshold!" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 0136fcf040..14d5da7ed4 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -76,4 +76,5 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault gDasharoSystemFeaturesTokenSpaceGuid.PcdPciMenuShowResizeableBars + gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowBatteryThresholds gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 38ab505a8e..cc456df753 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -278,6 +278,33 @@ formset endoneof; endif; + suppressif ideqval FeaturesData.PowerMenuShowBatteryThresholds == 0; + numeric varid = FeaturesData.BatteryStartThreshold, + prompt = STRING_TOKEN(STR_BATTERY_START_THRESHOLD_PROMPT), + help = STRING_TOKEN(STR_BATTERY_START_THRESHOLD_HELP), + flags = RESET_REQUIRED | INTERACTIVE, + minimum = 0, + maximum = 100, + step = 1, + + nosubmitif prompt = STRING_TOKEN(STR_BATTERY_THRESHOLD_RANGE_ERROR), + ideqid FeaturesData.BatteryStartThreshold > FeaturesData.BatteryStopThreshold + endif + endnumeric; + numeric varid = FeaturesData.BatteryStopThreshold, + prompt = STRING_TOKEN(STR_BATTERY_STOP_THRESHOLD_PROMPT), + help = STRING_TOKEN(STR_BATTERY_STOP_THRESHOLD_HELP), + flags = RESET_REQUIRED | INTERACTIVE, + minimum = 0, + maximum = 100, + step = 1, + + nosubmitif prompt = STRING_TOKEN(STR_BATTERY_THRESHOLD_RANGE_ERROR), + ideqid FeaturesData.BatteryStartThreshold > FeaturesData.BatteryStopThreshold + endif + endnumeric; + endif; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); From 578d752502ebf7269681a03de450beddda5a8cff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Fri, 15 Sep 2023 13:23:26 +0200 Subject: [PATCH 141/357] DasharoModulePkg: Store both bat thresholds in single efivar MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../DasharoSystemFeatures.c | 69 +++++-------------- .../DasharoSystemFeaturesHii.h | 8 ++- .../DasharoSystemFeaturesVfr.vfr | 8 +-- 3 files changed, 27 insertions(+), 58 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 98c22d522f..0a360f0b49 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -34,8 +34,7 @@ STATIC CHAR16 mResizeableBarsEnabledEfiVar[] = L"PCIeResizeableBarsEnabled"; STATIC CHAR16 mOptionRomPolicyEfiVar[] = L"OptionRomPolicy"; STATIC CHAR16 mEnableCameraEfiVar[] = L"EnableCamera"; STATIC CHAR16 mEnableWifiBtEfiVar[] = L"EnableWifiBt"; -STATIC CHAR16 mBatteryStartThresholdEfiVar[] = L"BatteryStartThreshold"; -STATIC CHAR16 mBatteryStopThresholdEfiVar[] = L"BatteryStopThreshold"; +STATIC CHAR16 mBatteryConfigEfiVar[] = L"BatteryConfig"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -623,44 +622,24 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } - BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStartThreshold); + BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig); Status = gRT->GetVariable ( - mBatteryStartThresholdEfiVar, + mBatteryConfigEfiVar, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStartThreshold + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig ); if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStartThreshold = mBatteryStartThresholdDefault; + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig.StartThreshold = mBatteryStartThresholdDefault; + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig.StopThreshold = mBatteryStopThresholdDefault; Status = gRT->SetVariable ( - mBatteryStartThresholdEfiVar, + mBatteryConfigEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStartThreshold), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStartThreshold - ); - ASSERT_EFI_ERROR (Status); - } - - BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStopThreshold); - Status = gRT->GetVariable ( - mBatteryStopThresholdEfiVar, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStopThreshold - ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStopThreshold = mBatteryStopThresholdDefault; - Status = gRT->SetVariable ( - mBatteryStopThresholdEfiVar, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStopThreshold), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryStopThreshold + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig ); ASSERT_EFI_ERROR (Status); } @@ -1076,33 +1055,19 @@ DasharoSystemFeaturesRouteConfig ( } } - if(DasharoFeaturesData.BatteryStartThreshold > DasharoFeaturesData.BatteryStopThreshold) { - return EFI_INVALID_PARAMETER; - } - - if(Private->DasharoFeaturesData.BatteryStartThreshold != DasharoFeaturesData.BatteryStartThreshold) { - Status = gRT->SetVariable ( - mBatteryStartThresholdEfiVar, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.BatteryStartThreshold), - &DasharoFeaturesData.BatteryStartThreshold - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if(Private->DasharoFeaturesData.BatteryStopThreshold != DasharoFeaturesData.BatteryStopThreshold) { + if (Private->DasharoFeaturesData.BatteryConfig.StartThreshold != + DasharoFeaturesData.BatteryConfig.StartThreshold || + Private->DasharoFeaturesData.BatteryConfig.StopThreshold != + DasharoFeaturesData.BatteryConfig.StopThreshold) { Status = gRT->SetVariable ( - mBatteryStopThresholdEfiVar, + mBatteryConfigEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.BatteryStopThreshold), - &DasharoFeaturesData.BatteryStopThreshold + sizeof (DasharoFeaturesData.BatteryConfig), + &DasharoFeaturesData.BatteryConfig ); if (EFI_ERROR (Status)) { - return Status; + return Status; } } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 996d7543b4..8652086631 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -35,6 +35,11 @@ typedef struct { BOOLEAN IommuEnable; BOOLEAN IommuHandoff; } IOMMU_CONFIG; + +typedef struct { + UINT8 StartThreshold; + UINT8 StopThreshold; +} BATTERY_CONFIG; #pragma pack(pop) #define FAN_CURVE_OPTION_SILENT 0 @@ -74,8 +79,7 @@ typedef struct { UINT8 OptionRomExecution; BOOLEAN EnableCamera; BOOLEAN EnableWifiBt; - UINT8 BatteryStartThreshold; - UINT8 BatteryStopThreshold; + BATTERY_CONFIG BatteryConfig; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index cc456df753..c5a351859e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -279,7 +279,7 @@ formset endif; suppressif ideqval FeaturesData.PowerMenuShowBatteryThresholds == 0; - numeric varid = FeaturesData.BatteryStartThreshold, + numeric varid = FeaturesData.BatteryConfig.StartThreshold, prompt = STRING_TOKEN(STR_BATTERY_START_THRESHOLD_PROMPT), help = STRING_TOKEN(STR_BATTERY_START_THRESHOLD_HELP), flags = RESET_REQUIRED | INTERACTIVE, @@ -288,10 +288,10 @@ formset step = 1, nosubmitif prompt = STRING_TOKEN(STR_BATTERY_THRESHOLD_RANGE_ERROR), - ideqid FeaturesData.BatteryStartThreshold > FeaturesData.BatteryStopThreshold + ideqid FeaturesData.BatteryConfig.StartThreshold > FeaturesData.BatteryConfig.StopThreshold endif endnumeric; - numeric varid = FeaturesData.BatteryStopThreshold, + numeric varid = FeaturesData.BatteryConfig.StopThreshold, prompt = STRING_TOKEN(STR_BATTERY_STOP_THRESHOLD_PROMPT), help = STRING_TOKEN(STR_BATTERY_STOP_THRESHOLD_HELP), flags = RESET_REQUIRED | INTERACTIVE, @@ -300,7 +300,7 @@ formset step = 1, nosubmitif prompt = STRING_TOKEN(STR_BATTERY_THRESHOLD_RANGE_ERROR), - ideqid FeaturesData.BatteryStartThreshold > FeaturesData.BatteryStopThreshold + ideqid FeaturesData.BatteryConfig.StartThreshold > FeaturesData.BatteryConfig.StopThreshold endif endnumeric; endif; From 756398c5653f4b19148753066204859905ca0ecc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 18 Sep 2023 15:54:49 +0200 Subject: [PATCH 142/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni: align threshold opt name with docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../DasharoSystemFeaturesStrings.uni | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index c24e1ba1c6..995e18165c 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -126,10 +126,10 @@ #string STR_WIFI_BT_ENABLE_PROMPT #language en-US "Enable Wi-Fi + BT radios" #string STR_WIFI_BT_ENABLE_HELP #language en-US "When not enabled, WiFi + Bluetooth card slot is disabled." -#string STR_BATTERY_START_THRESHOLD_PROMPT #language en-US "Battery charging start threshold" +#string STR_BATTERY_START_THRESHOLD_PROMPT #language en-US "Battery Start Charge Threshold" #string STR_BATTERY_START_THRESHOLD_HELP #language en-US "The battery will start charging once the charge level drops below this value." -#string STR_BATTERY_STOP_THRESHOLD_PROMPT #language en-US "Battery charging stop threshold" +#string STR_BATTERY_STOP_THRESHOLD_PROMPT #language en-US "Battery Stop Charge Threshold" #string STR_BATTERY_STOP_THRESHOLD_HELP #language en-US "The battery will stop charging once the charge level reaches this value." #string STR_BATTERY_THRESHOLD_RANGE_ERROR #language en-US "The battery stop threshold must be greater than the start threshold!" From 414c1aaa01c983dbafdb6cd691edbb14c7761c66 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Wed, 20 Sep 2023 10:47:47 +0200 Subject: [PATCH 143/357] DasharoModulePkg: tree-wide: pre-commit autofixes Signed-off-by: Maciej Pijanowski --- DasharoModulePkg/DasharoBootPolicies/BootPolicies.c | 4 ++-- DasharoModulePkg/DasharoBootPolicies/BootPolicies.h | 4 ++-- DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf | 2 +- DasharoModulePkg/DasharoModulePkg.dec | 1 - .../DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr | 2 +- .../Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c | 1 - .../PlatformPasswordLibNull/PlatformPasswordLibNull.uni | 1 - DasharoModulePkg/UserAuthenticationDxe/KeyService.h | 1 - .../UserAuthenticationDxe/UserAuthenticationDxe.c | 1 - .../UserAuthenticationDxe/UserAuthenticationDxeStrings.uni | 1 - 10 files changed, 6 insertions(+), 12 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index 7e1817a066..2ef1217cb6 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -1,8 +1,8 @@ /*++ Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved - + SPDX-License-Identifier: BSD-2-Clause-Patent - + --*/ /** @file diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h index 265e110101..d26c56d774 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h @@ -1,8 +1,8 @@ /*++ Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved - + SPDX-License-Identifier: BSD-2-Clause-Patent - + --*/ /** @file diff --git a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf index c2a12eb935..601868df2c 100644 --- a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf +++ b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf @@ -1,7 +1,7 @@ # # # Copyright (c) 1999 - 2019, Intel Corporation. All rights reserved -# +# # SPDX-License-Identifier: BSD-2-Clause-Patent # ## diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 67c94be4fc..c68ce25681 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -63,4 +63,3 @@ # a platform-specific method (e.g. Board Jumper set) in a actual platform in early boot phase.

# @Prompt The password clear status gUserAuthFeaturePkgTokenSpaceGuid.PcdPasswordCleared|FALSE|BOOLEAN|0xF0000001 - diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index c5a351859e..9d90272bba 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -110,7 +110,7 @@ formset flags = CHECKBOX_DEFAULT | RESET_REQUIRED, endcheckbox; endif; - + checkbox varid = FeaturesData.EnableWifiBt, prompt = STRING_TOKEN(STR_WIFI_BT_ENABLE_PROMPT), help = STRING_TOKEN(STR_WIFI_BT_ENABLE_HELP), diff --git a/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c b/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c index 08e081aa99..23c293976d 100644 --- a/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c +++ b/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c @@ -75,4 +75,3 @@ PlatformPasswordLibNullConstructor ( return EFI_SUCCESS; } - diff --git a/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni b/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni index b0255889e0..a6b218306a 100644 --- a/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni +++ b/DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni @@ -16,4 +16,3 @@ #string STR_MODULE_ABSTRACT #language en-US "NULL platform password library instance that returns the password clear state based upon PCD." #string STR_MODULE_DESCRIPTION #language en-US "NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared but returns the PCD value directly. This instance can be used to verify security related features during platform enabling and development. It should be replaced by a platform-specific method(e.g. Button pressed) in a real platform for product." - diff --git a/DasharoModulePkg/UserAuthenticationDxe/KeyService.h b/DasharoModulePkg/UserAuthenticationDxe/KeyService.h index d0b20851fa..f030f36f1c 100644 --- a/DasharoModulePkg/UserAuthenticationDxe/KeyService.h +++ b/DasharoModulePkg/UserAuthenticationDxe/KeyService.h @@ -85,4 +85,3 @@ KeyLibGeneratePBKDF2Hash ( ); #endif - diff --git a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c index ba99549e45..4710efbaf2 100644 --- a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c +++ b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c @@ -770,4 +770,3 @@ UserAuthenticationUnload ( return EFI_SUCCESS; } - diff --git a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeStrings.uni b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeStrings.uni index ca86bb9a10..8c0298ac23 100644 --- a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeStrings.uni +++ b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeStrings.uni @@ -27,4 +27,3 @@ #language fr-FR "Admin Password Status" #string STR_ADMIN_PASSWORD_STS_CONTENT #language en-US "" #language fr-FR "" - From 8d85197e8d8b98a406919290b4edd90aaa47a5c3 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Thu, 21 Sep 2023 16:14:24 +0300 Subject: [PATCH 144/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: add empty memory submenu Signed-off-by: Sergii Dmytruk --- DasharoModulePkg/DasharoModulePkg.dec | 1 + .../DasharoSystemFeatures.c | 1 + .../DasharoSystemFeaturesHii.h | 2 ++ .../DasharoSystemFeaturesStrings.uni | 3 +++ .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 16 ++++++++++++++++ 6 files changed, 24 insertions(+) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index c68ce25681..3cbed3fec7 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -56,6 +56,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPciMenu|FALSE|BOOLEAN|0x00000010 gDasharoSystemFeaturesTokenSpaceGuid.PcdPciMenuShowResizeableBars|FALSE|BOOLEAN|0x00000011 gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowBatteryThresholds|FALSE|BOOLEAN|0x00000012 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMemoryMenu|FALSE|BOOLEAN|0x000000013 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 0a360f0b49..edac7d06a0 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -222,6 +222,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowChipsetMenu = PcdGetBool (PcdShowChipsetMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPowerMenu = PcdGetBool (PcdShowPowerMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPciMenu = PcdGetBool (PcdShowPciMenu); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowMemoryMenu = PcdGetBool (PcdShowMemoryMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowFanCurve = PcdGetBool (PcdPowerMenuShowFanCurve); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowSleepType = PcdGetBool (PcdPowerMenuShowSleepType); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowBatteryThresholds = PcdGetBool (PcdPowerMenuShowBatteryThresholds); diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 8652086631..887c034562 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause #define DASHARO_CHIPSET_CONFIGURATION_FORM_ID 0x1005 #define DASHARO_POWER_CONFIGURATION_FORM_ID 0x1006 #define DASHARO_PCI_CONFIGURATION_FORM_ID 0x1007 +#define DASHARO_MEMORY_CONFIGURATION_FORM_ID 0x1008 #define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 @@ -54,6 +55,7 @@ typedef struct { BOOLEAN ShowChipsetMenu; BOOLEAN ShowPowerMenu; BOOLEAN ShowPciMenu; + BOOLEAN ShowMemoryMenu; BOOLEAN PowerMenuShowFanCurve; BOOLEAN PowerMenuShowSleepType; BOOLEAN PowerMenuShowBatteryThresholds; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 995e18165c..c32765eb76 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -35,6 +35,9 @@ #string STR_DASHARO_PCI_CONFIGURATION_TITLE #language en-US "PCI/PCIe Configuration" #string STR_DASHARO_PCI_CONFIGURATION_HELP #language en-US "PCI/PCIe configuration options" +#string STR_DASHARO_MEMORY_CONFIGURATION_TITLE #language en-US "Memory Configuration" +#string STR_DASHARO_MEMORY_CONFIGURATION_HELP #language en-US "Memory-related options" + #string STR_FUM_PROMPT #language en-US "> Enter Firmware Update Mode" #string STR_FUM_HELP #language en-US "Disables all firmware protections for the duration of next boot." diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 14d5da7ed4..0e1b039923 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -67,6 +67,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPciMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMemoryMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowSleepType gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 9d90272bba..b91125cceb 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -64,6 +64,12 @@ formset help = STRING_TOKEN(STR_DASHARO_PCI_CONFIGURATION_HELP); endif; + suppressif ideqval FeaturesData.ShowMemoryMenu == 0; + goto DASHARO_MEMORY_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_MEMORY_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_MEMORY_CONFIGURATION_HELP); + endif; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); @@ -339,4 +345,14 @@ formset subtitle text = STRING_TOKEN(STR_EXIT_STRING); endform; + form formid = DASHARO_MEMORY_CONFIGURATION_FORM_ID, + title = STRING_TOKEN(STR_DASHARO_MEMORY_CONFIGURATION_TITLE); + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EXIT_STRING); + endform; + endformset; From f33f5949c418e2e59869a6310f6d830307925ecf Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Fri, 22 Sep 2023 19:43:44 +0300 Subject: [PATCH 145/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: add memory profile option Signed-off-by: Sergii Dmytruk --- .../DasharoSystemFeatures.c | 36 +++++++++++++++++++ .../DasharoSystemFeaturesHii.h | 7 ++++ .../DasharoSystemFeaturesStrings.uni | 10 ++++++ .../DasharoSystemFeaturesVfr.vfr | 11 ++++++ 4 files changed, 64 insertions(+) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index edac7d06a0..90f7800bd8 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -35,6 +35,7 @@ STATIC CHAR16 mOptionRomPolicyEfiVar[] = L"OptionRomPolicy"; STATIC CHAR16 mEnableCameraEfiVar[] = L"EnableCamera"; STATIC CHAR16 mEnableWifiBtEfiVar[] = L"EnableWifiBt"; STATIC CHAR16 mBatteryConfigEfiVar[] = L"BatteryConfig"; +STATIC CHAR16 mMemoryProfileEfiVar[] = L"MemoryProfile"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -52,6 +53,7 @@ STATIC BOOLEAN mEnableCameraDefault = TRUE; STATIC BOOLEAN mEnableWifiBtDefault = TRUE; STATIC UINT8 mBatteryStartThresholdDefault = 95; STATIC UINT8 mBatteryStopThresholdDefault = 98; +STATIC UINT8 mMemoryProfileDefault = MEMORY_PROFILE_JEDEC; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -645,6 +647,27 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile); + Status = gRT->GetVariable ( + mMemoryProfileEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile = mMemoryProfileDefault; + Status = gRT->SetVariable ( + mMemoryProfileEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile + ); + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } @@ -1072,6 +1095,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.MemoryProfile != DasharoFeaturesData.MemoryProfile) { + Status = gRT->SetVariable ( + mMemoryProfileEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.MemoryProfile), + &DasharoFeaturesData.MemoryProfile + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 887c034562..1501798832 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -82,6 +82,7 @@ typedef struct { BOOLEAN EnableCamera; BOOLEAN EnableWifiBt; BATTERY_CONFIG BatteryConfig; + UINT8 MemoryProfile; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 @@ -100,6 +101,12 @@ typedef struct { #define POWER_FAILURE_STATE_KEEP 2 #define POWER_FAILURE_STATE_HIDDEN 0xff +// Values aren't random, they match FSP_M_CONFIG::SpdProfileSelected +#define MEMORY_PROFILE_JEDEC 0 +#define MEMORY_PROFILE_XMP1 2 +#define MEMORY_PROFILE_XMP2 3 +#define MEMORY_PROFILE_XMP3 4 + #define NETWORK_BOOT_QUESTION_ID 0x8000 #define WATCHDOG_OPTIONS_QUESTION_ID 0x8001 #define WATCHDOG_TIMEOUT_QUESTION_ID 0x8002 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index c32765eb76..c129ba59ea 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -136,3 +136,13 @@ #string STR_BATTERY_STOP_THRESHOLD_HELP #language en-US "The battery will stop charging once the charge level reaches this value." #string STR_BATTERY_THRESHOLD_RANGE_ERROR #language en-US "The battery stop threshold must be greater than the start threshold!" + +#string STR_MEMORY_PROFILE_PROMPT #language en-US "Memory SPD Profile" +#string STR_MEMORY_PROFILE_HELP #language en-US "This option selects memory profile applied to RAM modules.\n\n" + "Selecting an XMP profile may result in unstable memory modules and even prevent system from booting.\n\n" + "Changing this option causes memory retraining on the next boot which takes time to complete." + +#string STR_MEMORY_PROFILE_JEDEC #language en-US "JEDEC (safe non-overclocked default)" +#string STR_MEMORY_PROFILE_XMP1 #language en-US "XMP#1 (predefined extreme memory profile)" +#string STR_MEMORY_PROFILE_XMP2 #language en-US "XMP#2 (predefined extreme memory profile)" +#string STR_MEMORY_PROFILE_XMP3 #language en-US "XMP#3 (predefined extreme memory profile)" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index b91125cceb..801cbf80ad 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -350,6 +350,17 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + oneof varid = FeaturesData.MemoryProfile, + prompt = STRING_TOKEN(STR_MEMORY_PROFILE_PROMPT), + help = STRING_TOKEN(STR_MEMORY_PROFILE_HELP), + flags = RESET_REQUIRED, + + option text = STRING_TOKEN(STR_MEMORY_PROFILE_JEDEC), value = MEMORY_PROFILE_JEDEC, flags = DEFAULT; + option text = STRING_TOKEN(STR_MEMORY_PROFILE_XMP1), value = MEMORY_PROFILE_XMP1, flags = 0; + option text = STRING_TOKEN(STR_MEMORY_PROFILE_XMP2), value = MEMORY_PROFILE_XMP2, flags = 0; + option text = STRING_TOKEN(STR_MEMORY_PROFILE_XMP3), value = MEMORY_PROFILE_XMP3, flags = 0; + endoneof; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); From 5f15317e8551083e6c52881b7f9712721307753c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Fri, 29 Sep 2023 15:20:25 +0200 Subject: [PATCH 146/357] DasharoModulePkg: Add serial port console redirection option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoBootPolicies/BootPolicies.c | 27 ++++++++++ .../DasharoBootPolicies/BootPolicies.h | 10 ++++ .../DasharoBootPolicies.inf | 6 +-- DasharoModulePkg/DasharoModulePkg.dec | 5 +- .../DasharoSystemFeatures.c | 49 ++++++++++++++++++- .../DasharoSystemFeaturesHii.h | 22 +++++---- .../DasharoSystemFeaturesStrings.uni | 6 +++ .../DasharoSystemFeaturesUiLib.inf | 2 + .../DasharoSystemFeaturesVfr.vfr | 23 +++++++++ 9 files changed, 135 insertions(+), 15 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index 2ef1217cb6..ee11b3baaa 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -22,6 +22,7 @@ NETWORK_BOOT_POLICY_PROTOCOL mNetworkBootPolicy; USB_STACK_POLICY_PROTOCOL mUsbStackPolicy; USB_MASS_STORAGE_POLICY_PROTOCOL mUsbMassStoragePolicy; PS2_CONTROLLER_POLICY_PROTOCOL mPs2ControllerPolicy; +SERIAL_REDIRECTION_POLICY_PROTOCOL mSerialRedirectionPolicy; /** Entry point for the Boot Policies Driver. @@ -54,6 +55,8 @@ InitializeBootPolicies ( mUsbMassStoragePolicy.UsbMassStorageEnabled = TRUE; mPs2ControllerPolicy.Revision = PS2_CONTROLLER_POLICY_PROTOCOL_REVISION_01; mPs2ControllerPolicy.Ps2ControllerEnabled = TRUE; + mSerialRedirectionPolicy.Revision = PS2_CONTROLLER_POLICY_PROTOCOL_REVISION_01; + mSerialRedirectionPolicy.SerialRedirectionEnabled = FALSE; Status = GetVariable2 ( L"NetworkBoot", @@ -178,5 +181,29 @@ InitializeBootPolicies ( DEBUG ((EFI_D_INFO, "Boot Policy: DMA protection disabled\n")); } + VarSize = sizeof(BOOLEAN); + Status = GetVariable2 ( + L"SerialRedirection", + &gDasharoSystemFeaturesGuid, + (VOID **) &EfiVar, + &VarSize + ); + + + if (Status == EFI_NOT_FOUND) + mSerialRedirectionPolicy.SerialRedirectionEnabled = FixedPcdGetBool(PcdSerialRedirectionDefaultState); + else if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*EfiVar))) + mSerialRedirectionPolicy.SerialRedirectionEnabled = *EfiVar; + + if (mSerialRedirectionPolicy.SerialRedirectionEnabled) { + gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gDasharoSerialRedirectionPolicyGuid, + &mSerialRedirectionPolicy, + NULL + ); + DEBUG ((EFI_D_INFO, "Boot Policy: Enabling Serial Redirection\n")); + } + return EFI_SUCCESS; } diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h index d26c56d774..0f1790f222 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.h @@ -23,10 +23,14 @@ Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved #define DASHARO_PS2_CONTROLLER_POLICY_PROTOCOL_GUID \ { 0x4885b96d, 0xbdf1, 0x496d, 0xbc, 0x3d, 0x3e, 0x79, 0x57, 0x74, 0xcd, 0x40 } +#define DASHARO_SERIAL_REDIRECTION_POLICY_PROTOCOL_GUID \ + { 0x0cd9776f, 0xd803, 0x42b4, 0x95, 0xa4, 0xa8, 0x58, 0x46, 0x46, 0x23, 0xc9 } + #define NETWORK_BOOT_POLICY_PROTOCOL_REVISION_01 0x01 #define USB_STACK_POLICY_PROTOCOL_REVISION_01 0x01 #define USB_MASS_STORAGE_POLICY_PROTOCOL_REVISION_01 0x01 #define PS2_CONTROLLER_POLICY_PROTOCOL_REVISION_01 0x01 +#define SERIAL_REDIRECTION_POLICY_PROTOCOL_REVISION_01 0x01 typedef struct _NETWORK_BOOT_POLICY_PROTOCOL { UINT32 Revision; @@ -48,6 +52,11 @@ typedef struct _PS2_CONTROLLER_POLICY_PROTOCOL { BOOLEAN Ps2ControllerEnabled; } PS2_CONTROLLER_POLICY_PROTOCOL; +typedef struct _SERIAL_REDIRECTION_POLICY_PROTOCOL { + UINT32 Revision; + BOOLEAN SerialRedirectionEnabled; +} SERIAL_REDIRECTION_POLICY_PROTOCOL; + // // Extern the GUID for protocol users. // @@ -55,5 +64,6 @@ extern EFI_GUID gDasharoNetworkBootPolicyGuid; extern EFI_GUID gDasharoUsbDriverPolicyGuid; extern EFI_GUID gDasharoUsbMassStoragePolicyGuid; extern EFI_GUID gDasharoPs2ControllerPolicyGuid; +extern EFI_GUID gDasharoSerialRedirectionPolicyGuid; #endif diff --git a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf index 601868df2c..1def2c4e5c 100644 --- a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf +++ b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf @@ -45,12 +45,12 @@ gDasharoUsbDriverPolicyGuid ### PROVIDES gDasharoUsbMassStoragePolicyGuid ### PROVIDES gDasharoPs2ControllerPolicyGuid ### PROVIDES + gDasharoSerialRedirectionPolicyGuid ### PROVIDES [Pcd] gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable + gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState + gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask [Depex] gEfiVariableArchProtocolGuid - -[Pcd] - gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 3cbed3fec7..127c33071f 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -35,7 +35,8 @@ gDasharoNetworkBootPolicyGuid = { 0xdef83d91, 0x4613, 0x474c, { 0xa7, 0xad, 0xf7, 0x79, 0x10, 0x11, 0x43, 0xf2 }} gDasharoUsbDriverPolicyGuid = { 0x808330b5, 0xbe46, 0x4a41, { 0x97, 0x79, 0x84, 0xa3, 0xd1, 0x31, 0xbb, 0xb4 }} gDasharoUsbMassStoragePolicyGuid = { 0xd7d1a290, 0x651a, 0x4c90, { 0xbf, 0x09, 0x1b, 0x7c, 0x56, 0x7c, 0xd5, 0x9c }} - gDasharoPs2ControllerPolicyGuid = { 0x4885b96d, 0xbdf1, 0x496d, {0xbc, 0x3d, 0x3e, 0x79, 0x57, 0x74, 0xcd, 0x40 }} + gDasharoPs2ControllerPolicyGuid = { 0x4885b96d, 0xbdf1, 0x496d, { 0xbc, 0x3d, 0x3e, 0x79, 0x57, 0x74, 0xcd, 0x40 }} + gDasharoSerialRedirectionPolicyGuid = { 0x0cd9776f, 0xd803, 0x42b4, { 0x95, 0xa4, 0xa8, 0x58, 0x46, 0x46, 0x23, 0xc9 }} [PcdsFixedAtBuild] gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|FALSE|BOOLEAN|0x00000001 @@ -57,6 +58,8 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdPciMenuShowResizeableBars|FALSE|BOOLEAN|0x00000011 gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowBatteryThresholds|FALSE|BOOLEAN|0x00000012 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMemoryMenu|FALSE|BOOLEAN|0x000000013 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSerialPortMenu|FALSE|BOOLEAN|0x000000014 + gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState|FALSE|BOOLEAN|0x000000015 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 90f7800bd8..6c86f82357 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -36,6 +36,7 @@ STATIC CHAR16 mEnableCameraEfiVar[] = L"EnableCamera"; STATIC CHAR16 mEnableWifiBtEfiVar[] = L"EnableWifiBt"; STATIC CHAR16 mBatteryConfigEfiVar[] = L"BatteryConfig"; STATIC CHAR16 mMemoryProfileEfiVar[] = L"MemoryProfile"; +STATIC CHAR16 mSerialRedirectionEfiVar[] = L"SerialRedirection"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -231,6 +232,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DasharoEnterprise = PcdGetBool (PcdDasharoEnterprise); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowIommu = PcdGetBool (PcdShowIommuOptions); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PciMenuShowResizeableBars = PcdGetBool (PcdPciMenuShowResizeableBars); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSerialPortMenu = PcdGetBool (PcdShowSerialPortMenu); // Setup feature state BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); @@ -369,7 +371,7 @@ DasharoSystemFeaturesUiLibConstructor ( ); if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution = FixedPcdGetBool (PcdLoadOptionRoms) + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution = PcdGetBool (PcdLoadOptionRoms) ? OPTION_ROM_POLICY_ENABLE_ALL : OPTION_ROM_POLICY_DISABLE_ALL; Status = gRT->SetVariable ( @@ -668,6 +670,28 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection); + Status = gRT->GetVariable ( + mSerialRedirectionEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection = PcdGetBool (PcdSerialRedirectionDefaultState); + Status = gRT->SetVariable ( + mSerialRedirectionEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection + ); + ASSERT_EFI_ERROR (Status); + } + + return EFI_SUCCESS; } @@ -1108,6 +1132,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.SerialPortRedirection != DasharoFeaturesData.SerialPortRedirection) { + Status = gRT->SetVariable ( + mSerialRedirectionEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.SerialPortRedirection), + &DasharoFeaturesData.SerialPortRedirection + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } @@ -1188,10 +1225,18 @@ DasharoSystemFeaturesCallback ( if (Value == NULL) return EFI_INVALID_PARAMETER; - Value->u8 = FixedPcdGetBool (PcdLoadOptionRoms) ? OPTION_ROM_POLICY_ENABLE_ALL + Value->u8 = PcdGetBool (PcdLoadOptionRoms) ? OPTION_ROM_POLICY_ENABLE_ALL : OPTION_ROM_POLICY_DISABLE_ALL; break; } + case SERIAL_PORT_REDIR_QUESTION_ID: + { + if (Value == NULL) + return EFI_INVALID_PARAMETER; + + Value->b = PcdGetBool (PcdSerialRedirectionDefaultState); + break; + } default: Status = EFI_UNSUPPORTED; break; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 1501798832..0711f125ad 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -14,15 +14,16 @@ SPDX-License-Identifier: BSD-2-Clause #define DASHARO_SYSTEM_FEATURES_GUID \ { 0xd15b327e, 0xff2d, 0x4fc1, {0xab, 0xf6, 0xc1, 0x2b, 0xd0, 0x8c, 0x13, 0x59} } -#define DASHARO_SYSTEM_FEATURES_FORM_ID 0x1000 -#define DASHARO_SECURITY_OPTIONS_FORM_ID 0x1001 -#define DASHARO_NETWORK_OPTIONS_FORM_ID 0x1002 -#define DASHARO_USB_CONFIGURATION_FORM_ID 0x1003 -#define DASHARO_INTEL_ME_OPTIONS_FORM_ID 0x1004 -#define DASHARO_CHIPSET_CONFIGURATION_FORM_ID 0x1005 -#define DASHARO_POWER_CONFIGURATION_FORM_ID 0x1006 -#define DASHARO_PCI_CONFIGURATION_FORM_ID 0x1007 -#define DASHARO_MEMORY_CONFIGURATION_FORM_ID 0x1008 +#define DASHARO_SYSTEM_FEATURES_FORM_ID 0x1000 +#define DASHARO_SECURITY_OPTIONS_FORM_ID 0x1001 +#define DASHARO_NETWORK_OPTIONS_FORM_ID 0x1002 +#define DASHARO_USB_CONFIGURATION_FORM_ID 0x1003 +#define DASHARO_INTEL_ME_OPTIONS_FORM_ID 0x1004 +#define DASHARO_CHIPSET_CONFIGURATION_FORM_ID 0x1005 +#define DASHARO_POWER_CONFIGURATION_FORM_ID 0x1006 +#define DASHARO_PCI_CONFIGURATION_FORM_ID 0x1007 +#define DASHARO_MEMORY_CONFIGURATION_FORM_ID 0x1008 +#define DASHARO_SERIAL_PORT_CONFIGURATION_FORM_ID 0x1009 #define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 @@ -56,6 +57,7 @@ typedef struct { BOOLEAN ShowPowerMenu; BOOLEAN ShowPciMenu; BOOLEAN ShowMemoryMenu; + BOOLEAN ShowSerialPortMenu; BOOLEAN PowerMenuShowFanCurve; BOOLEAN PowerMenuShowSleepType; BOOLEAN PowerMenuShowBatteryThresholds; @@ -83,6 +85,7 @@ typedef struct { BOOLEAN EnableWifiBt; BATTERY_CONFIG BatteryConfig; UINT8 MemoryProfile; + BOOLEAN SerialPortRedirection; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 @@ -113,6 +116,7 @@ typedef struct { #define FIRMWARE_UPDATE_MODE_QUESTION_ID 0x8003 #define POWER_FAILURE_STATE_QUESTION_ID 0x8004 #define OPTION_ROM_STATE_QUESTION_ID 0x8005 +#define SERIAL_PORT_REDIR_QUESTION_ID 0x8006 extern EFI_GUID gDasharoSystemFeaturesGuid; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index c129ba59ea..a29ddeb080 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -38,6 +38,9 @@ #string STR_DASHARO_MEMORY_CONFIGURATION_TITLE #language en-US "Memory Configuration" #string STR_DASHARO_MEMORY_CONFIGURATION_HELP #language en-US "Memory-related options" +#string STR_DASHARO_SERIAL_PORT_CONFIGURATION_TITLE #language en-US "Serial Port Configuration" +#string STR_DASHARO_SERIAL_PORT_CONFIGURATION_HELP #language en-US "Serial port options" + #string STR_FUM_PROMPT #language en-US "> Enter Firmware Update Mode" #string STR_FUM_HELP #language en-US "Disables all firmware protections for the duration of next boot." @@ -146,3 +149,6 @@ #string STR_MEMORY_PROFILE_XMP1 #language en-US "XMP#1 (predefined extreme memory profile)" #string STR_MEMORY_PROFILE_XMP2 #language en-US "XMP#2 (predefined extreme memory profile)" #string STR_MEMORY_PROFILE_XMP3 #language en-US "XMP#3 (predefined extreme memory profile)" + +#string STR_SERIAL_CONSOLE_REDIRECTION_PROMPT #language en-US "Enable Serial Port Console Redirection" +#string STR_SERIAL_CONSOLE_REDIRECTION_HELP #language en-US "Redirect the firmware console to the serial port." diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 0e1b039923..03530dc371 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -68,6 +68,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPciMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMemoryMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSerialPortMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowSleepType gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable @@ -78,4 +79,5 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault gDasharoSystemFeaturesTokenSpaceGuid.PcdPciMenuShowResizeableBars gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowBatteryThresholds + gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 801cbf80ad..f64ec189fa 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -70,6 +70,12 @@ formset help = STRING_TOKEN(STR_DASHARO_MEMORY_CONFIGURATION_HELP); endif; + suppressif ideqval FeaturesData.ShowSerialPortMenu == 0; + goto DASHARO_SERIAL_PORT_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_SERIAL_PORT_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_SERIAL_PORT_CONFIGURATION_HELP); + endif; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); @@ -366,4 +372,21 @@ formset subtitle text = STRING_TOKEN(STR_EXIT_STRING); endform; + form formid = DASHARO_SERIAL_PORT_CONFIGURATION_FORM_ID, + title = STRING_TOKEN(STR_DASHARO_SERIAL_PORT_CONFIGURATION_TITLE); + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + + checkbox varid = FeaturesData.SerialPortRedirection, + questionid = SERIAL_PORT_REDIR_QUESTION_ID, + prompt = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION_PROMPT), + help = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + endcheckbox; + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EXIT_STRING); + endform; + endformset; From de20387a2fa10c9ec3e324fa9cbcaff1e9335f80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Fri, 29 Sep 2023 15:24:32 +0200 Subject: [PATCH 147/357] DasharoModulePkg: Add switches to hide Camera and WiFi/BT options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoModulePkg/DasharoModulePkg.dec | 2 ++ .../DasharoSystemFeatures.c | 2 ++ .../DasharoSystemFeaturesHii.h | 2 ++ .../DasharoSystemFeaturesUiLib.inf | 2 ++ .../DasharoSystemFeaturesVfr.vfr | 24 +++++++++++-------- 5 files changed, 22 insertions(+), 10 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 127c33071f..4422107fed 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -60,6 +60,8 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMemoryMenu|FALSE|BOOLEAN|0x000000013 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSerialPortMenu|FALSE|BOOLEAN|0x000000014 gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState|FALSE|BOOLEAN|0x000000015 + gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowWiFiBtOption|FALSE|BOOLEAN|0x000000016 + gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowCameraOption|FALSE|BOOLEAN|0x000000017 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 6c86f82357..8b2ea33f9a 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -233,6 +233,8 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowIommu = PcdGetBool (PcdShowIommuOptions); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PciMenuShowResizeableBars = PcdGetBool (PcdPciMenuShowResizeableBars); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSerialPortMenu = PcdGetBool (PcdShowSerialPortMenu); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowWiFiBt = PcdGetBool (PcdSecurityShowWiFiBtOption); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowCamera = PcdGetBool (PcdSecurityShowCameraOption); // Setup feature state BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 0711f125ad..bddff81306 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -64,6 +64,8 @@ typedef struct { BOOLEAN DasharoEnterprise; BOOLEAN SecurityMenuShowIommu; BOOLEAN PciMenuShowResizeableBars; + BOOLEAN SecurityMenuShowWiFiBt; + BOOLEAN SecurityMenuShowCamera; // Feature data BOOLEAN LockBios; BOOLEAN SmmBwp; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 03530dc371..bf5019b743 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -80,4 +80,6 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdPciMenuShowResizeableBars gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowBatteryThresholds gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState + gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowWiFiBtOption + gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowCameraOption gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index f64ec189fa..8b6396f361 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -123,17 +123,21 @@ formset endcheckbox; endif; - checkbox varid = FeaturesData.EnableWifiBt, - prompt = STRING_TOKEN(STR_WIFI_BT_ENABLE_PROMPT), - help = STRING_TOKEN(STR_WIFI_BT_ENABLE_HELP), - flags = CHECKBOX_DEFAULT | RESET_REQUIRED, - endcheckbox; + suppressif ideqval FeaturesData.SecurityMenuShowWiFiBt == 0; + checkbox varid = FeaturesData.EnableWifiBt, + prompt = STRING_TOKEN(STR_WIFI_BT_ENABLE_PROMPT), + help = STRING_TOKEN(STR_WIFI_BT_ENABLE_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, + endcheckbox; + endif; - checkbox varid = FeaturesData.EnableCamera, - prompt = STRING_TOKEN(STR_ENABLE_CAMERA_PROMPT), - help = STRING_TOKEN(STR_ENABLE_CAMERA_HELP), - flags = CHECKBOX_DEFAULT | RESET_REQUIRED, - endcheckbox; + suppressif ideqval FeaturesData.SecurityMenuShowCamera == 0; + checkbox varid = FeaturesData.EnableCamera, + prompt = STRING_TOKEN(STR_ENABLE_CAMERA_PROMPT), + help = STRING_TOKEN(STR_ENABLE_CAMERA_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, + endcheckbox; + endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); From b7a3a724758bbfae5c6813a8d18dd11a3449293f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 5 Oct 2023 12:22:28 +0200 Subject: [PATCH 148/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib: add defaults for BAT thresholds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr | 2 ++ 1 file changed, 2 insertions(+) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 8b6396f361..d96435dba0 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -299,6 +299,7 @@ formset prompt = STRING_TOKEN(STR_BATTERY_START_THRESHOLD_PROMPT), help = STRING_TOKEN(STR_BATTERY_START_THRESHOLD_HELP), flags = RESET_REQUIRED | INTERACTIVE, + default = 95, minimum = 0, maximum = 100, step = 1, @@ -311,6 +312,7 @@ formset prompt = STRING_TOKEN(STR_BATTERY_STOP_THRESHOLD_PROMPT), help = STRING_TOKEN(STR_BATTERY_STOP_THRESHOLD_HELP), flags = RESET_REQUIRED | INTERACTIVE, + default = 98, minimum = 0, maximum = 100, step = 1, From 3115ff4512e6332ba0c47bccb256307d0523fd88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Fri, 6 Oct 2023 12:16:44 +0200 Subject: [PATCH 149/357] DasharoModulePkg: Add bat thresholds to default callback MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../DasharoSystemFeatures.c | 16 ++++++++++++++++ .../DasharoSystemFeaturesHii.h | 16 +++++++++------- .../DasharoSystemFeaturesVfr.vfr | 4 ++-- 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 8b2ea33f9a..c074ccadd6 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -1239,6 +1239,22 @@ DasharoSystemFeaturesCallback ( Value->b = PcdGetBool (PcdSerialRedirectionDefaultState); break; } + case BATTERY_START_THRESHOLD_QUESTION_ID: + { + if (Value == NULL) + return EFI_INVALID_PARAMETER; + + Value->u8 = 95; + break; + } + case BATTERY_STOP_THRESHOLD_QUESTION_ID: + { + if (Value == NULL) + return EFI_INVALID_PARAMETER; + + Value->u8 = 98; + break; + } default: Status = EFI_UNSUPPORTED; break; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index bddff81306..f93a0b2ab5 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -112,13 +112,15 @@ typedef struct { #define MEMORY_PROFILE_XMP2 3 #define MEMORY_PROFILE_XMP3 4 -#define NETWORK_BOOT_QUESTION_ID 0x8000 -#define WATCHDOG_OPTIONS_QUESTION_ID 0x8001 -#define WATCHDOG_TIMEOUT_QUESTION_ID 0x8002 -#define FIRMWARE_UPDATE_MODE_QUESTION_ID 0x8003 -#define POWER_FAILURE_STATE_QUESTION_ID 0x8004 -#define OPTION_ROM_STATE_QUESTION_ID 0x8005 -#define SERIAL_PORT_REDIR_QUESTION_ID 0x8006 +#define NETWORK_BOOT_QUESTION_ID 0x8000 +#define WATCHDOG_OPTIONS_QUESTION_ID 0x8001 +#define WATCHDOG_TIMEOUT_QUESTION_ID 0x8002 +#define FIRMWARE_UPDATE_MODE_QUESTION_ID 0x8003 +#define POWER_FAILURE_STATE_QUESTION_ID 0x8004 +#define OPTION_ROM_STATE_QUESTION_ID 0x8005 +#define SERIAL_PORT_REDIR_QUESTION_ID 0x8006 +#define BATTERY_START_THRESHOLD_QUESTION_ID 0x8007 +#define BATTERY_STOP_THRESHOLD_QUESTION_ID 0x8008 extern EFI_GUID gDasharoSystemFeaturesGuid; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index d96435dba0..88caeba74d 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -296,10 +296,10 @@ formset suppressif ideqval FeaturesData.PowerMenuShowBatteryThresholds == 0; numeric varid = FeaturesData.BatteryConfig.StartThreshold, + questionid = BATTERY_START_THRESHOLD_QUESTION_ID, prompt = STRING_TOKEN(STR_BATTERY_START_THRESHOLD_PROMPT), help = STRING_TOKEN(STR_BATTERY_START_THRESHOLD_HELP), flags = RESET_REQUIRED | INTERACTIVE, - default = 95, minimum = 0, maximum = 100, step = 1, @@ -309,10 +309,10 @@ formset endif endnumeric; numeric varid = FeaturesData.BatteryConfig.StopThreshold, + questionid = BATTERY_STOP_THRESHOLD_QUESTION_ID, prompt = STRING_TOKEN(STR_BATTERY_STOP_THRESHOLD_PROMPT), help = STRING_TOKEN(STR_BATTERY_STOP_THRESHOLD_HELP), flags = RESET_REQUIRED | INTERACTIVE, - default = 98, minimum = 0, maximum = 100, step = 1, From 8f9241cd73c17f92b0592bfee11c55a0bea86f94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 12 Oct 2023 16:20:49 +0200 Subject: [PATCH 150/357] DasharoModulePkg: Add logic to set ME to default disabled and hide HAP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add new PCDs which control the visibility of HAP bit, in case the underlying coreboot code does not support HAP yet, and the default state of ME, if the platform should boot automatically in ME disabled mode. Protectli platform need to boot with ME disabled per customer policy. Signed-off-by: Michał Żygowski --- DasharoModulePkg/DasharoModulePkg.dec | 2 ++ .../DasharoSystemFeatures.c | 12 ++++++++++-- .../DasharoSystemFeaturesHii.h | 2 ++ .../DasharoSystemFeaturesUiLib.inf | 2 ++ .../DasharoSystemFeaturesVfr.vfr | 7 +++++-- 5 files changed, 21 insertions(+), 4 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 4422107fed..d870aaea38 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -62,6 +62,8 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState|FALSE|BOOLEAN|0x000000015 gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowWiFiBtOption|FALSE|BOOLEAN|0x000000016 gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowCameraOption|FALSE|BOOLEAN|0x000000017 + gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeDefaultState|0|UINT8|0x000000018 + gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeHapAvailable|TRUE|BOOLEAN|0x000000019 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index c074ccadd6..c7abc0cb5e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -42,7 +42,6 @@ STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; STATIC BOOLEAN mLockBiosDefault = TRUE; STATIC BOOLEAN mSmmBwpDefault = FALSE; -STATIC UINT8 mMeModeDefault = ME_MODE_ENABLE; STATIC BOOLEAN mPs2ControllerDefault = TRUE; STATIC UINT8 mFanCurveOptionDefault = FAN_CURVE_OPTION_SILENT; STATIC UINT8 mIommuEnableDefault = FALSE; @@ -235,6 +234,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSerialPortMenu = PcdGetBool (PcdShowSerialPortMenu); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowWiFiBt = PcdGetBool (PcdSecurityShowWiFiBtOption); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowCamera = PcdGetBool (PcdSecurityShowCameraOption); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeHapAvailable = PcdGetBool (PcdIntelMeHapAvailable); // Setup feature state BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); @@ -352,7 +352,7 @@ DasharoSystemFeaturesUiLibConstructor ( ); if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode = mMeModeDefault; + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode = FixedPcdGet8(PcdIntelMeDefaultState); Status = gRT->SetVariable ( mMeModeEfiVar, &gDasharoSystemFeaturesGuid, @@ -1255,6 +1255,14 @@ DasharoSystemFeaturesCallback ( Value->u8 = 98; break; } + case INTEL_ME_MODE_QUESTION_ID: + { + if (Value == NULL) + return EFI_INVALID_PARAMETER; + + Value->u8 = FixedPcdGet8(PcdIntelMeDefaultState); + break; + } default: Status = EFI_UNSUPPORTED; break; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index f93a0b2ab5..eff4c51bee 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -66,6 +66,7 @@ typedef struct { BOOLEAN PciMenuShowResizeableBars; BOOLEAN SecurityMenuShowWiFiBt; BOOLEAN SecurityMenuShowCamera; + BOOLEAN MeHapAvailable; // Feature data BOOLEAN LockBios; BOOLEAN SmmBwp; @@ -121,6 +122,7 @@ typedef struct { #define SERIAL_PORT_REDIR_QUESTION_ID 0x8006 #define BATTERY_START_THRESHOLD_QUESTION_ID 0x8007 #define BATTERY_STOP_THRESHOLD_QUESTION_ID 0x8008 +#define INTEL_ME_MODE_QUESTION_ID 0x8009 extern EFI_GUID gDasharoSystemFeaturesGuid; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index bf5019b743..4c6fb841b7 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -82,4 +82,6 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowWiFiBtOption gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowCameraOption + gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeDefaultState + gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeHapAvailable gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 88caeba74d..e98d2c3dcb 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -202,13 +202,16 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); oneof varid = FeaturesData.MeMode, + questionid = INTEL_ME_MODE_QUESTION_ID, prompt = STRING_TOKEN(STR_ME_MODE_PROMPT), help = STRING_TOKEN(STR_ME_MODE_HELP), - flags = RESET_REQUIRED, + flags = RESET_REQUIRED | INTERACTIVE, - option text = STRING_TOKEN(STR_ME_MODE_ENABLE), value = ME_MODE_ENABLE, flags = DEFAULT; + option text = STRING_TOKEN(STR_ME_MODE_ENABLE), value = ME_MODE_ENABLE, flags = 0; option text = STRING_TOKEN(STR_ME_MODE_DISABLE_HECI), value = ME_MODE_DISABLE_HECI, flags = 0; + suppressif ideqval FeaturesData.MeHapAvailable == 0; option text = STRING_TOKEN(STR_ME_MODE_DISABLE_HAP), value = ME_MODE_DISABLE_HAP, flags = 0; + endif; endoneof; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); From 6e361007792db3581c965cba57d3d7f9b497f398 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Fri, 3 Nov 2023 12:44:22 +0100 Subject: [PATCH 151/357] DasharoModulePkg: Add S3 experimental disclaimer PCD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoModulePkg/DasharoModulePkg.dec | 1 + .../DasharoSystemFeatures.c | 1 + .../DasharoSystemFeaturesHii.h | 1 + .../DasharoSystemFeaturesStrings.uni | 15 +++++++++++++-- .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 6 ++++++ 6 files changed, 23 insertions(+), 2 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index d870aaea38..3d1fab00f0 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -64,6 +64,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowCameraOption|FALSE|BOOLEAN|0x000000017 gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeDefaultState|0|UINT8|0x000000018 gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeHapAvailable|TRUE|BOOLEAN|0x000000019 + gDasharoSystemFeaturesTokenSpaceGuid.PcdS3SupportExperimental|FALSE|BOOLEAN|0x000000020 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index c7abc0cb5e..3c1e24dcc1 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -235,6 +235,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowWiFiBt = PcdGetBool (PcdSecurityShowWiFiBtOption); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowCamera = PcdGetBool (PcdSecurityShowCameraOption); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeHapAvailable = PcdGetBool (PcdIntelMeHapAvailable); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.S3SupportExperimental = PcdGetBool (PcdS3SupportExperimental); // Setup feature state BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index eff4c51bee..4852810b21 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -67,6 +67,7 @@ typedef struct { BOOLEAN SecurityMenuShowWiFiBt; BOOLEAN SecurityMenuShowCamera; BOOLEAN MeHapAvailable; + BOOLEAN S3SupportExperimental; // Feature data BOOLEAN LockBios; BOOLEAN SmmBwp; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index a29ddeb080..4f71395599 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -101,11 +101,22 @@ "If unsure or see any problems with DMA/IOMMU during OS boot, keep it disabled." #string STR_SLEEP_TYPE_PROMPT #language en-US "Platform sleep type" -#string STR_SLEEP_TYPE_HELP #language en-US "Selects which sleep function should be enabled in the firmware and available to use in OS.\n\n" - "Note that Suspend to Idle (S0ix) will not work if Intel ME is disabled." +#string STR_SLEEP_TYPE_HELP #language en-US "Select the sleep type that will be exposed to the OS.\n\n" + "Note that Suspend to Idle (S0ix) will not work if Intel ME is disabled.\n\n" + "Recommended settings:\n" + "- Windows: S0ix\n" + "- Linux: S3\n\n" + +#string STR_SLEEP_TYPE_HELP_EXPERIMENTAL #language en-US "Select the sleep type that will be exposed to the OS.\n\n" + "Note that Suspend to Idle (S0ix) will not work if Intel ME is disabled.\n\n" + "Recommended settings:\n" + "- Windows: S0ix\n" + "- Linux: S3\n\n" + "Note: S3 support is experimental on this device." #string STR_SLEEP_TYPE_S0IX #language en-US "Suspend to Idle (S0ix)" #string STR_SLEEP_TYPE_S3 #language en-US "Suspend to RAM (S3)" +#string STR_SLEEP_TYPE_S3_EXPERIMENTAL #language en-US "Suspend to RAM (S3) - Experimental" #string STR_POWER_FAILURE_STATE_PROMPT #language en-US "Power state after power failure" #string STR_POWER_FAILURE_STATE_HELP #language en-US "Selects state the system gets into when power supply is restored after power failure" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 4c6fb841b7..f970b86558 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -84,4 +84,5 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowCameraOption gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeDefaultState gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeHapAvailable + gDasharoSystemFeaturesTokenSpaceGuid.PcdS3SupportExperimental gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index e98d2c3dcb..22bad54dc5 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -277,10 +277,16 @@ formset oneof varid = FeaturesData.SleepType, prompt = STRING_TOKEN(STR_SLEEP_TYPE_PROMPT), help = STRING_TOKEN(STR_SLEEP_TYPE_HELP), + flags = RESET_REQUIRED, option text = STRING_TOKEN(STR_SLEEP_TYPE_S0IX), value = SLEEP_TYPE_S0IX, flags = DEFAULT; + suppressif ideqval FeaturesData.S3SupportExperimental == 1; option text = STRING_TOKEN(STR_SLEEP_TYPE_S3), value = SLEEP_TYPE_S3, flags = 0; + endif; + suppressif ideqval FeaturesData.S3SupportExperimental == 0; + option text = STRING_TOKEN(STR_SLEEP_TYPE_S3_EXPERIMENTAL), value = SLEEP_TYPE_S3, flags = 0; + endif; endoneof; endif; From 6aba232f424025a26a213f4e8fc7c47aeeaf8790 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Fri, 10 Nov 2023 21:23:54 +0200 Subject: [PATCH 152/357] DasharoModulePkg: DasharoSystemFeaturesUiLib: add help note on power failulre definition Related to https://github.com/Dasharo/dasharo-issues/issues/557 Signed-off-by: Sergii Dmytruk --- .../DasharoSystemFeaturesStrings.uni | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 4f71395599..22c17a80e7 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -119,7 +119,8 @@ #string STR_SLEEP_TYPE_S3_EXPERIMENTAL #language en-US "Suspend to RAM (S3) - Experimental" #string STR_POWER_FAILURE_STATE_PROMPT #language en-US "Power state after power failure" -#string STR_POWER_FAILURE_STATE_HELP #language en-US "Selects state the system gets into when power supply is restored after power failure" +#string STR_POWER_FAILURE_STATE_HELP #language en-US "Selects state the system gets into when power supply is restored after power failure.\n\n" + "Note that the definition of power failure varies between platforms and it might take absence of power for up to 30 seconds for this option to apply." #string STR_POWER_FAILURE_STATE_OFF #language en-US "Powered Off" #string STR_POWER_FAILURE_STATE_ON #language en-US "Powered On" From 4880dd2c702fc1d0f5819031828bb05900d1db32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 19 Feb 2024 11:45:04 +0100 Subject: [PATCH 153/357] DasharoModulePkg: Add more switches to hide features MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoModulePkg/DasharoModulePkg.dec | 4 ++ .../DasharoSystemFeatures.c | 26 ++++++++++ .../DasharoSystemFeaturesHii.h | 4 ++ .../DasharoSystemFeaturesUiLib.inf | 5 ++ .../DasharoSystemFeaturesVfr.vfr | 52 +++++++++++-------- 5 files changed, 69 insertions(+), 22 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 3d1fab00f0..93345b1037 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -65,6 +65,10 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeDefaultState|0|UINT8|0x000000018 gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeHapAvailable|TRUE|BOOLEAN|0x000000019 gDasharoSystemFeaturesTokenSpaceGuid.PcdS3SupportExperimental|FALSE|BOOLEAN|0x000000020 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowLockBios|FALSE|BOOLEAN|0x00000001A + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSmmBwp|FALSE|BOOLEAN|0x00000001B + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowFum|TRUE|BOOLEAN|0x00000001C + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option|FALSE|BOOLEAN|0x00000001D [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 3c1e24dcc1..61d6282ab0 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -236,6 +236,29 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowCamera = PcdGetBool (PcdSecurityShowCameraOption); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeHapAvailable = PcdGetBool (PcdIntelMeHapAvailable); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.S3SupportExperimental = PcdGetBool (PcdS3SupportExperimental); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowLockBios = PcdGetBool (PcdShowLockBios); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSmmBwp = PcdGetBool (PcdShowSmmBwp); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowFum = PcdGetBool (PcdShowFum); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPs2Option = PcdGetBool (PcdShowPs2Option); + + // Ensure at least one option is visible in given menu (if enabled), otherwise hide it + if (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSecurityMenu) + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSecurityMenu = PcdGetBool (PcdDasharoEnterprise) || + PcdGetBool (PcdShowIommuOptions) || + PcdGetBool (PcdSecurityShowWiFiBtOption) || + PcdGetBool (PcdSecurityShowCameraOption) || + PcdGetBool (PcdShowLockBios) || + PcdGetBool (PcdShowSmmBwp) || + PcdGetBool (PcdShowFum); + + if (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowChipsetMenu) + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowChipsetMenu = PcdGetBool (PcdShowOcWdtOptions) || + PcdGetBool (PcdShowPs2Option); + if (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPowerMenu) + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPowerMenu = PcdGetBool (PcdPowerMenuShowFanCurve) || + PcdGetBool (PcdPowerMenuShowSleepType) || + PcdGetBool (PcdPowerMenuShowBatteryThresholds) || + (FixedPcdGet8 (PcdDefaultPowerFailureState) != POWER_FAILURE_STATE_HIDDEN); // Setup feature state BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); @@ -1273,6 +1296,9 @@ DasharoSystemFeaturesCallback ( case EFI_BROWSER_ACTION_CHANGED: { if (QuestionId == FIRMWARE_UPDATE_MODE_QUESTION_ID) { + if (!PcdGetBool(PcdShowFum)) + return EFI_UNSUPPORTED; + do { CreatePopUp ( EFI_BLACK | EFI_BACKGROUND_RED, diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 4852810b21..a9769fad57 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -58,6 +58,10 @@ typedef struct { BOOLEAN ShowPciMenu; BOOLEAN ShowMemoryMenu; BOOLEAN ShowSerialPortMenu; + BOOLEAN ShowLockBios; + BOOLEAN ShowSmmBwp; + BOOLEAN ShowFum; + BOOLEAN ShowPs2Option; BOOLEAN PowerMenuShowFanCurve; BOOLEAN PowerMenuShowSleepType; BOOLEAN PowerMenuShowBatteryThresholds; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index f970b86558..da4be7dfc2 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -85,4 +85,9 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeDefaultState gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeHapAvailable gDasharoSystemFeaturesTokenSpaceGuid.PcdS3SupportExperimental + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowLockBios + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSmmBwp + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowFum + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option + gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 22bad54dc5..1ab9584551 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -86,17 +86,21 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - checkbox varid = FeaturesData.LockBios, - prompt = STRING_TOKEN(STR_LOCK_BIOS_PROMPT), - help = STRING_TOKEN(STR_LOCK_BIOS_HELP), - flags = CHECKBOX_DEFAULT | RESET_REQUIRED, - endcheckbox; + suppressif ideqval FeaturesData.ShowLockBios == 0; + checkbox varid = FeaturesData.LockBios, + prompt = STRING_TOKEN(STR_LOCK_BIOS_PROMPT), + help = STRING_TOKEN(STR_LOCK_BIOS_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, + endcheckbox; + endif; - checkbox varid = FeaturesData.SmmBwp, - prompt = STRING_TOKEN(STR_SMM_BWP_PROMPT), - help = STRING_TOKEN(STR_SMM_BWP_HELP), - flags = RESET_REQUIRED, - endcheckbox; + suppressif ideqval FeaturesData.ShowSmmBwp == 0; + checkbox varid = FeaturesData.SmmBwp, + prompt = STRING_TOKEN(STR_SMM_BWP_PROMPT), + help = STRING_TOKEN(STR_SMM_BWP_HELP), + flags = RESET_REQUIRED, + endcheckbox; + endif; suppressif ideqval FeaturesData.SecurityMenuShowIommu == 0; checkbox name = IommuEnable, @@ -139,14 +143,16 @@ formset endcheckbox; endif; - subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + suppressif ideqval FeaturesData.ShowFum == 0; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - text - help = STRING_TOKEN(STR_FUM_HELP), - text = STRING_TOKEN(STR_FUM_PROMPT), - flags = INTERACTIVE, - key = FIRMWARE_UPDATE_MODE_QUESTION_ID; + text + help = STRING_TOKEN(STR_FUM_HELP), + text = STRING_TOKEN(STR_FUM_PROMPT), + flags = INTERACTIVE, + key = FIRMWARE_UPDATE_MODE_QUESTION_ID; + endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -224,11 +230,13 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - checkbox varid = FeaturesData.Ps2Controller, - prompt = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_PROMPT), - help = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_HELP), - flags = CHECKBOX_DEFAULT | RESET_REQUIRED, - endcheckbox; + suppressif ideqval FeaturesData.ShowPs2Option == 0; + checkbox varid = FeaturesData.Ps2Controller, + prompt = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_PROMPT), + help = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, + endcheckbox; + endif; suppressif ideqval FeaturesData.WatchdogState == 0; checkbox varid = FeaturesData.WatchdogConfig.WatchdogEnable, From 7364c7453158da2fa5b5385133c00bc78a2c0d96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 19 Feb 2024 12:06:09 +0100 Subject: [PATCH 154/357] DasharoModulePkg: Handle default sleep type override MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoModulePkg/DasharoModulePkg.dec | 1 + .../DasharoSystemFeatures.c | 12 ++++++++++++ .../DasharoSystemFeaturesHii.h | 1 + .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 6 +++--- 5 files changed, 18 insertions(+), 3 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 93345b1037..591bbf29e7 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -69,6 +69,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSmmBwp|FALSE|BOOLEAN|0x00000001B gDasharoSystemFeaturesTokenSpaceGuid.PcdShowFum|TRUE|BOOLEAN|0x00000001C gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option|FALSE|BOOLEAN|0x00000001D + gDasharoSystemFeaturesTokenSpaceGuid.PcdSleepTypeDefaultS3|FALSE|BOOLEAN|0x00000001E [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 61d6282ab0..91e030aa56 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -1287,6 +1287,18 @@ DasharoSystemFeaturesCallback ( Value->u8 = FixedPcdGet8(PcdIntelMeDefaultState); break; } + case SLEEP_TYPE_QUESTION_ID: + { + if (Value == NULL) + return EFI_INVALID_PARAMETER; + + if (PcdGetBool (PcdSleepTypeDefaultS3)) + Value->u8 = SLEEP_TYPE_S3; + else + Value->u8 = SLEEP_TYPE_S0IX; + + break; + } default: Status = EFI_UNSUPPORTED; break; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index a9769fad57..da5cf2144a 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -128,6 +128,7 @@ typedef struct { #define BATTERY_START_THRESHOLD_QUESTION_ID 0x8007 #define BATTERY_STOP_THRESHOLD_QUESTION_ID 0x8008 #define INTEL_ME_MODE_QUESTION_ID 0x8009 +#define SLEEP_TYPE_QUESTION_ID 0x800A extern EFI_GUID gDasharoSystemFeaturesGuid; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index da4be7dfc2..4f2d0db1fd 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -89,5 +89,6 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSmmBwp gDasharoSystemFeaturesTokenSpaceGuid.PcdShowFum gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option + gDasharoSystemFeaturesTokenSpaceGuid.PcdSleepTypeDefaultS3 gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 1ab9584551..efece44816 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -283,12 +283,12 @@ formset suppressif ideqval FeaturesData.PowerMenuShowSleepType == 0; oneof varid = FeaturesData.SleepType, + questionid = SLEEP_TYPE_QUESTION_ID, prompt = STRING_TOKEN(STR_SLEEP_TYPE_PROMPT), help = STRING_TOKEN(STR_SLEEP_TYPE_HELP), + flags = RESET_REQUIRED | INTERACTIVE, - flags = RESET_REQUIRED, - - option text = STRING_TOKEN(STR_SLEEP_TYPE_S0IX), value = SLEEP_TYPE_S0IX, flags = DEFAULT; + option text = STRING_TOKEN(STR_SLEEP_TYPE_S0IX), value = SLEEP_TYPE_S0IX, flags = 0; suppressif ideqval FeaturesData.S3SupportExperimental == 1; option text = STRING_TOKEN(STR_SLEEP_TYPE_S3), value = SLEEP_TYPE_S3, flags = 0; endif; From 8ddd88e5700eb60e1cb2e39c419f9812aadff9df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 19 Feb 2024 18:10:44 +0100 Subject: [PATCH 155/357] DasharoModulePkg: Add support for second serial port MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoBootPolicies/BootPolicies.c | 20 +++++++- .../DasharoBootPolicies.inf | 3 ++ DasharoModulePkg/DasharoModulePkg.dec | 2 + .../DasharoSystemFeatures.c | 50 +++++++++++++++++++ .../DasharoSystemFeaturesHii.h | 3 ++ .../DasharoSystemFeaturesStrings.uni | 3 ++ .../DasharoSystemFeaturesUiLib.inf | 2 + .../DasharoSystemFeaturesVfr.vfr | 21 +++++--- 8 files changed, 96 insertions(+), 8 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index ee11b3baaa..457f175611 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -190,11 +190,27 @@ InitializeBootPolicies ( ); - if (Status == EFI_NOT_FOUND) + if (EFI_ERROR (Status)) mSerialRedirectionPolicy.SerialRedirectionEnabled = FixedPcdGetBool(PcdSerialRedirectionDefaultState); - else if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(*EfiVar))) + else if (!EFI_ERROR (Status) && (VarSize == sizeof(*EfiVar))) mSerialRedirectionPolicy.SerialRedirectionEnabled = *EfiVar; + /* Check if second port redirection is enabled */ + if (FixedPcdGetBool (PcdHave2ndUart)) { + VarSize = sizeof(BOOLEAN); + Status = GetVariable2 ( + L"SerialRedirection2", + &gDasharoSystemFeaturesGuid, + (VOID **) &EfiVar, + &VarSize + ); + + if (EFI_ERROR (Status)) + mSerialRedirectionPolicy.SerialRedirectionEnabled |= FixedPcdGetBool(PcdSerialRedirection2DefaultState); + else if (!EFI_ERROR (Status) && (VarSize == sizeof(*EfiVar))) + mSerialRedirectionPolicy.SerialRedirectionEnabled |= *EfiVar; + } + if (mSerialRedirectionPolicy.SerialRedirectionEnabled) { gBS->InstallMultipleProtocolInterfaces ( &ImageHandle, diff --git a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf index 1def2c4e5c..1f1e75a28e 100644 --- a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf +++ b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf @@ -50,7 +50,10 @@ [Pcd] gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState + gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirection2DefaultState + gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask + [Depex] gEfiVariableArchProtocolGuid diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 591bbf29e7..1f6f1fe771 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -70,6 +70,8 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowFum|TRUE|BOOLEAN|0x00000001C gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option|FALSE|BOOLEAN|0x00000001D gDasharoSystemFeaturesTokenSpaceGuid.PcdSleepTypeDefaultS3|FALSE|BOOLEAN|0x00000001E + gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirection2DefaultState|FALSE|BOOLEAN|0x00000001F + gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart|FALSE|BOOLEAN|0x000000021 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 91e030aa56..526cfd404e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -37,6 +37,7 @@ STATIC CHAR16 mEnableWifiBtEfiVar[] = L"EnableWifiBt"; STATIC CHAR16 mBatteryConfigEfiVar[] = L"BatteryConfig"; STATIC CHAR16 mMemoryProfileEfiVar[] = L"MemoryProfile"; STATIC CHAR16 mSerialRedirectionEfiVar[] = L"SerialRedirection"; +STATIC CHAR16 mSerialRedirection2EfiVar[] = L"SerialRedirection2"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -240,6 +241,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSmmBwp = PcdGetBool (PcdShowSmmBwp); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowFum = PcdGetBool (PcdShowFum); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPs2Option = PcdGetBool (PcdShowPs2Option); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Have2ndUart = PcdGetBool (PcdHave2ndUart); // Ensure at least one option is visible in given menu (if enabled), otherwise hide it if (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSecurityMenu) @@ -718,6 +720,30 @@ DasharoSystemFeaturesUiLibConstructor ( } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection); + Status = gRT->GetVariable ( + mSerialRedirection2EfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection = PcdGetBool(PcdHave2ndUart) ? + PcdGetBool (PcdSerialRedirection2DefaultState) : + FALSE; + Status = gRT->SetVariable ( + mSerialRedirection2EfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection + ); + ASSERT_EFI_ERROR (Status); + } + + return EFI_SUCCESS; } @@ -1171,6 +1197,19 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.SerialPort2Redirection != DasharoFeaturesData.SerialPort2Redirection) { + Status = gRT->SetVariable ( + mSerialRedirection2EfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.SerialPort2Redirection), + &DasharoFeaturesData.SerialPort2Redirection + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } @@ -1263,6 +1302,17 @@ DasharoSystemFeaturesCallback ( Value->b = PcdGetBool (PcdSerialRedirectionDefaultState); break; } + case SERIAL_PORT2_REDIR_QUESTION_ID: + { + if (Value == NULL) + return EFI_INVALID_PARAMETER; + + if (PcdGetBool (PcdHave2ndUart)) + Value->b = PcdGetBool (PcdSerialRedirection2DefaultState); + else + Value->b = FALSE; + break; + } case BATTERY_START_THRESHOLD_QUESTION_ID: { if (Value == NULL) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index da5cf2144a..c40f5662ef 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -72,6 +72,7 @@ typedef struct { BOOLEAN SecurityMenuShowCamera; BOOLEAN MeHapAvailable; BOOLEAN S3SupportExperimental; + BOOLEAN Have2ndUart; // Feature data BOOLEAN LockBios; BOOLEAN SmmBwp; @@ -94,6 +95,7 @@ typedef struct { BATTERY_CONFIG BatteryConfig; UINT8 MemoryProfile; BOOLEAN SerialPortRedirection; + BOOLEAN SerialPort2Redirection; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 @@ -129,6 +131,7 @@ typedef struct { #define BATTERY_STOP_THRESHOLD_QUESTION_ID 0x8008 #define INTEL_ME_MODE_QUESTION_ID 0x8009 #define SLEEP_TYPE_QUESTION_ID 0x800A +#define SERIAL_PORT2_REDIR_QUESTION_ID 0x800B extern EFI_GUID gDasharoSystemFeaturesGuid; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 22c17a80e7..f44a6d338d 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -164,3 +164,6 @@ #string STR_SERIAL_CONSOLE_REDIRECTION_PROMPT #language en-US "Enable Serial Port Console Redirection" #string STR_SERIAL_CONSOLE_REDIRECTION_HELP #language en-US "Redirect the firmware console to the serial port." + +#string STR_SERIAL_CONSOLE_REDIRECTION2_PROMPT #language en-US "Enable COM2 Port Console Redirection" +#string STR_SERIAL_CONSOLE_REDIRECTION2_HELP #language en-US "Redirect the firmware console to the second serial port." diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 4f2d0db1fd..4cfb5ec048 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -90,5 +90,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowFum gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option gDasharoSystemFeaturesTokenSpaceGuid.PcdSleepTypeDefaultS3 + gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirection2DefaultState + gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index efece44816..6c5eb6accd 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -400,12 +400,21 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - checkbox varid = FeaturesData.SerialPortRedirection, - questionid = SERIAL_PORT_REDIR_QUESTION_ID, - prompt = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION_PROMPT), - help = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION_HELP), - flags = INTERACTIVE | RESET_REQUIRED, - endcheckbox; + checkbox varid = FeaturesData.SerialPortRedirection, + questionid = SERIAL_PORT_REDIR_QUESTION_ID, + prompt = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION_PROMPT), + help = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + endcheckbox; + + suppressif ideqval FeaturesData.Have2ndUart == 0; + checkbox varid = FeaturesData.SerialPort2Redirection, + questionid = SERIAL_PORT2_REDIR_QUESTION_ID, + prompt = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION2_PROMPT), + help = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION2_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + endcheckbox; + endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); From b76168f3f379fe048b21a1bd9e834d3cb9e1920c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Thu, 14 Mar 2024 18:39:38 +0100 Subject: [PATCH 156/357] DasharoModulePkg: Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni: fix incorrect min timeout in helptext MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index f44a6d338d..c119985923 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -80,7 +80,7 @@ #string STR_WATCHDOG_ENABLE_HELP #language en-US "Enables/disables OC Watchdog Timer during POST. If the timers expires, for example due to an unexpected hang or lockup, the platform will be reset after specified timeout." #string STR_WATCHDOG_TIMEOUT_PROMPT #language en-US "Watchdog timeout value" -#string STR_WATCHDOG_TIMEOUT_HELP #language en-US "Sets the watchdog timer expiration value in seconds. Minimum is 60s, maximum 1024s." +#string STR_WATCHDOG_TIMEOUT_HELP #language en-US "Sets the watchdog timer expiration value in seconds. Minimum is 300s, maximum 1024s." #string STR_BOOT_MENU_ENABLED_PROMPT #language en-US "Boot menu enabled" #string STR_BOOT_MENU_ENABLED_HELP #language en-US "Enables or disables choice of one-time boot menu" From be9a06153937a3489160e9b8b4828cb501a9f914 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Fri, 15 Mar 2024 16:08:19 +0100 Subject: [PATCH 157/357] DasharoModulePkg: Decouple watchdog enablement and visibility from each other MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoModulePkg/DasharoModulePkg.dec | 1 + .../DasharoSystemFeatures.c | 24 +++++++++---------- .../DasharoSystemFeaturesHii.h | 4 ++-- .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 6 ++--- 5 files changed, 19 insertions(+), 17 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 1f6f1fe771..c86f2cd295 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -72,6 +72,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdSleepTypeDefaultS3|FALSE|BOOLEAN|0x00000001E gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirection2DefaultState|FALSE|BOOLEAN|0x00000001F gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart|FALSE|BOOLEAN|0x000000021 + gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtEnableDefault|FALSE|BOOLEAN|0x000000022 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 526cfd404e..3d6a1ab378 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -24,7 +24,7 @@ STATIC CHAR16 mUsbMassStorageEfiVar[] = L"UsbMassStorage"; STATIC CHAR16 mBootManagerEnabledEfiVar[] = L"BootManagerEnabled"; STATIC CHAR16 mPs2ControllerEfiVar[] = L"Ps2Controller"; STATIC CHAR16 mWatchdogEfiVar[] = L"WatchdogConfig"; -STATIC CHAR16 mWatchdogStateEfiVar[] = L"WatchdogAvailable"; +STATIC CHAR16 mWatchdogAvailableEfiVar[] = L"WatchdogAvailable"; STATIC CHAR16 mFanCurveOptionEfiVar[] = L"FanCurveOption"; STATIC CHAR16 mIommuConfigEfiVar[] = L"IommuConfig"; STATIC CHAR16 mSleepTypeEfiVar[] = L"SleepType"; @@ -159,7 +159,7 @@ LocateAcpiTableBySignature ( This function will be called only if the Watchdog variable is not present. It will populate the initial state based on what coreboot has programmed. If watchdog was not enabled on first boot, it means it was not enabled, - and watchdog options should be hidden (WatchdogState == FALSE); + and watchdog options should be hidden (WatchdogAvailable == FALSE); **/ VOID EFIAPI @@ -167,8 +167,8 @@ GetDefaultWatchdogConfig ( IN OUT DASHARO_FEATURES_DATA *FeaturesData ) { - FeaturesData->WatchdogState = PcdGetBool (PcdShowOcWdtOptions); - FeaturesData->WatchdogConfig.WatchdogEnable = PcdGetBool (PcdShowOcWdtOptions); + FeaturesData->WatchdogAvailable = PcdGetBool (PcdShowOcWdtOptions); + FeaturesData->WatchdogConfig.WatchdogEnable = PcdGetBool (PcdOcWdtEnableDefault); FeaturesData->WatchdogConfig.WatchdogTimeout = FixedPcdGet16 (PcdOcWdtTimeoutDefault); } @@ -433,13 +433,13 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogState); + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogAvailable); Status = gRT->GetVariable ( - mWatchdogStateEfiVar, + mWatchdogAvailableEfiVar, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogState + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogAvailable ); if (Status == EFI_NOT_FOUND) { @@ -455,11 +455,11 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); Status = gRT->SetVariable ( - mWatchdogStateEfiVar, + mWatchdogAvailableEfiVar, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogState), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogState + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogAvailable), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogAvailable ); ASSERT_EFI_ERROR (Status); } else { @@ -1261,12 +1261,12 @@ DasharoSystemFeaturesCallback ( Value->b = PcdGetBool (PcdDefaultNetworkBootEnable); break; } - case WATCHDOG_OPTIONS_QUESTION_ID: + case WATCHDOG_ENABLE_QUESTION_ID: { if (Value == NULL) return EFI_INVALID_PARAMETER; - Value->b = PcdGetBool (PcdShowOcWdtOptions); + Value->b = PcdGetBool (PcdOcWdtEnableDefault); break; } case WATCHDOG_TIMEOUT_QUESTION_ID: diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index c40f5662ef..91c1fbb853 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -82,7 +82,7 @@ typedef struct { UINT8 MeMode; BOOLEAN Ps2Controller; WATCHDOG_CONFIG WatchdogConfig; - BOOLEAN WatchdogState; // holds the state of watchdog before VAR population + BOOLEAN WatchdogAvailable; UINT8 FanCurveOption; IOMMU_CONFIG IommuConfig; BOOLEAN BootManagerEnabled; @@ -121,7 +121,7 @@ typedef struct { #define MEMORY_PROFILE_XMP3 4 #define NETWORK_BOOT_QUESTION_ID 0x8000 -#define WATCHDOG_OPTIONS_QUESTION_ID 0x8001 +#define WATCHDOG_ENABLE_QUESTION_ID 0x8001 #define WATCHDOG_TIMEOUT_QUESTION_ID 0x8002 #define FIRMWARE_UPDATE_MODE_QUESTION_ID 0x8003 #define POWER_FAILURE_STATE_QUESTION_ID 0x8004 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 4cfb5ec048..f89dc1ccff 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -92,5 +92,6 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdSleepTypeDefaultS3 gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirection2DefaultState gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart + gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtEnableDefault gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 6c5eb6accd..6cf3183d31 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -238,12 +238,12 @@ formset endcheckbox; endif; - suppressif ideqval FeaturesData.WatchdogState == 0; + suppressif ideqval FeaturesData.WatchdogAvailable == 0; checkbox varid = FeaturesData.WatchdogConfig.WatchdogEnable, - questionid = WATCHDOG_OPTIONS_QUESTION_ID, + questionid = WATCHDOG_ENABLE_QUESTION_ID, prompt = STRING_TOKEN(STR_WATCHDOG_ENABLE_PROMPT), help = STRING_TOKEN(STR_WATCHDOG_ENABLE_HELP), - flags = CHECKBOX_DEFAULT | RESET_REQUIRED, + flags = RESET_REQUIRED, endcheckbox; suppressif ideqval FeaturesData.WatchdogConfig.WatchdogEnable == 0; From ee9f10200c20016a4ae22ed55986eaf82f60d4c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sat, 29 Oct 2022 15:39:25 +0200 Subject: [PATCH 158/357] DasharoPayloadPkg/DasharoPayloadPkg.dsc: remove unnecessary includes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 -- 1 file changed, 2 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 3169d40e6c..3bca898e8d 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -608,8 +608,6 @@ !endif !if $(SETUP_PASSWORD_ENABLE) == TRUE -!include DasharoModulePkg/DasharoModuleComponents.dsc.inc -!include DasharoModulePkg/Include/UserAuthFeature.dsc DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf { PlatformPasswordLib|DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf From db279779c32d24c72f0285b83e0082c94763e118 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sat, 29 Oct 2022 15:52:24 +0200 Subject: [PATCH 159/357] MdeModulePkg/Bus/Pci/XhciDxe/Xhci.h: reduce timeout to 2 seconds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- MdeModulePkg/Bus/Pci/XhciDxe/Xhci.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Bus/Pci/XhciDxe/Xhci.h b/MdeModulePkg/Bus/Pci/XhciDxe/Xhci.h index 4401675872..f9068aa871 100644 --- a/MdeModulePkg/Bus/Pci/XhciDxe/Xhci.h +++ b/MdeModulePkg/Bus/Pci/XhciDxe/Xhci.h @@ -54,9 +54,9 @@ typedef struct _USB_DEV_CONTEXT USB_DEV_CONTEXT; #define XHC_1_MILLISECOND (1000) // // XHC generic timeout experience values. -// The unit is millisecond, setting it as 10s. +// The unit is millisecond, setting it as 2s. // -#define XHC_GENERIC_TIMEOUT (10 * 1000) +#define XHC_GENERIC_TIMEOUT (2 * 1000) // // XHC reset timeout experience values. // The unit is millisecond, setting it as 1s. From 56be67930073baf50ebe4011c13346cf67cb0967 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 19 Oct 2022 14:43:05 +0200 Subject: [PATCH 160/357] DasharoPayloadPkg: Add VT-d driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + DasharoPayloadPkg/DasharoPayloadPkg.fdf | 1 + 2 files changed, 2 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 3bca898e8d..4554f50675 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -814,6 +814,7 @@ SecurityPkg/HddPassword/HddPasswordDxe.inf !endif + IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxe.inf #------------------------------ # Build the shell diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 2f29648b03..13ef792f0a 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -320,6 +320,7 @@ INF SecurityPkg/HddPassword/HddPasswordDxe.inf !if $(SETUP_PASSWORD_ENABLE) == TRUE INF DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf +INF IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxe.inf !endif # From ff78843e0e9683eb407f906ce709aa92a4979865 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 8 Nov 2022 16:08:56 +0100 Subject: [PATCH 161/357] DasharoPayloadPkg: Allow adding external iPXE with custom boot option name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dec | 2 ++ DasharoPayloadPkg/DasharoPayloadPkg.fdf | 3 +++ .../Library/PlatformBootManagerLib/PlatformBootManager.c | 8 ++++++-- .../PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index ef5779722d..b672427602 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -65,6 +65,8 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdShellFile|{ 0x83, 0xA5, 0x04, 0x7C, 0x3E, 0x ### FFS filename to find the ipxe application. gDasharoPayloadPkgTokenSpaceGuid.PcdiPXEFile|{ 0xC7, 0x53, 0x86, 0xb6, 0xA1, 0xEE, 0x35, 0x44, 0xA1, 0x99, 0xA4, 0x4F, 0x59, 0xE4, 0x47, 0x6C }|VOID*|0x10000006 +gDasharoPayloadPkgTokenSpaceGuid.PcdiPXEOptionName|L"iPXE"|VOID*|0x10000007 + ## Used to help reduce fragmentation in the EFI memory map gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0x08|UINT32|0x10000012 diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 13ef792f0a..b13b7d2c66 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -288,6 +288,9 @@ INF SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf # iPXE support # !if $(NETWORK_IPXE) == TRUE + # + # coreboot build system should put the ipxe.efi file here before EDK2 build + # FILE FREEFORM = B68653C7-EEA1-4435-A199-A44F59E4476C { SECTION PE32 = DasharoPayloadPkg/NetworkDrivers/ipxe.efi } diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index c9c376fd20..21b00f128b 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -849,10 +849,14 @@ PlatformBootManagerAfterConsole ( // Register iPXE // DEBUG((DEBUG_INFO, "Registering iPXE boot option\n")); - PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), L"iPXE Network boot", LOAD_OPTION_ACTIVE); + PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), + (CHAR16 *) PcdGetPtr(PcdiPXEOptionName), + LOAD_OPTION_ACTIVE); } else { DEBUG((DEBUG_INFO, "Unregistering iPXE boot option\n")); - PlatformUnregisterFvBootOption (PcdGetPtr (PcdiPXEFile), L"iPXE Network boot", LOAD_OPTION_ACTIVE); + PlatformUnregisterFvBootOption (PcdGetPtr (PcdiPXEFile), + (CHAR16 *) PcdGetPtr(PcdiPXEOptionName), + LOAD_OPTION_ACTIVE); } } // diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 8837dfb94e..e2c1b6729b 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -85,6 +85,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdConInConnectOnDemand gDasharoPayloadPkgTokenSpaceGuid.PcdShellFile gDasharoPayloadPkgTokenSpaceGuid.PcdiPXEFile + gDasharoPayloadPkgTokenSpaceGuid.PcdiPXEOptionName gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity From 7990ccbda527267a4b3d22ceeeeb58934df98f31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 7 Nov 2022 12:51:02 +0100 Subject: [PATCH 162/357] DasharoPayloadPkg/DasharoPayloadPkg.dsc: do not depend BaseCryptLib on NETWORK_ENABLE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 4554f50675..551d2b2286 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -389,10 +389,9 @@ ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf -!if $(NETWORK_ENABLE) == TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf -!endif DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf + ################################################################################ # # Pcd Section - list of all EDK II PCD Entries defined by this Platform. From c3ef11ee2e889d097d89fd811d25c49e219991c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 10 Nov 2022 12:34:31 +0100 Subject: [PATCH 163/357] MdeModulePkg/Bus/Isa/Ps2: add depex for Dasharo PS2 policy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf | 4 ++++ MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf b/MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf index d551c53fa4..f3447e742d 100644 --- a/MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf +++ b/MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf @@ -37,6 +37,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] MemoryAllocationLib @@ -76,3 +77,6 @@ [UserExtensions.TianoCore."ExtraFiles"] Ps2KeyboardDxeExtra.uni + +[Depex] + gDasharoPs2ControllerPolicyGuid diff --git a/MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf b/MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf index 7e801ecd1f..c236329ba7 100644 --- a/MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf +++ b/MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf @@ -36,6 +36,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] ReportStatusCodeLib @@ -68,3 +69,6 @@ [UserExtensions.TianoCore."ExtraFiles"] Ps2MouseDxeExtra.uni + +[Depex] + gDasharoPs2ControllerPolicyGuid From de7f79befecf01de947a5e8d07f8d32b4ea6f1ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 10 Nov 2022 15:56:26 +0100 Subject: [PATCH 164/357] DasharoPayloadPkg,MdeModulePkg: improve detection of PS/2 keyboard MdeModulePkg: * add defines * add PcdDetectPs2KbOnCmdAck DasharoPayloadPkg: * detect PS/2 keyboard by sending it an "echo" command if Dasharo/Ps2Controller is enabled or doesn't exist * remove PS/2 from ConIn if the variable exists and the keyboard is not connected or is disabled --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + .../PlatformBootManagerLib.inf | 4 + .../PlatformBootManagerLib/PlatformConsole.c | 164 +++++++++++++++++- .../PlatformBootManagerLib/PlatformConsole.h | 2 + .../Bus/Isa/Ps2KeyboardDxe/Ps2Keyboard.h | 6 +- .../Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf | 1 + MdeModulePkg/MdeModulePkg.dec | 2 + 7 files changed, 173 insertions(+), 7 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 551d2b2286..98fbb25b0b 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -404,6 +404,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwarePerformanceDataTableS3Support|FALSE gEfiMdeModulePkgTokenSpaceGuid.PcdInstallAcpiSdtProtocol|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdPs2KbdExtendedVerification|TRUE [PcdsFixedAtBuild] # UEFI spec: Minimal value is 0x8000! diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index e2c1b6729b..a3ffd4aae7 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -47,7 +47,9 @@ MemoryAllocationLib DevicePathLib HiiLib + IoLib PrintLib + TimerLib PlatformHookLib Tcg2PhysicalPresenceLib CustomizedDisplayLib @@ -93,3 +95,5 @@ gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey + gEfiMdeModulePkgTokenSpaceGuid.PcdFastPS2Detection + gEfiMdeModulePkgTokenSpaceGuid.PcdDetectPs2KbOnCmdAck diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c index b793c1ef14..a80f195d1a 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c @@ -92,6 +92,20 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define gPnpPs2Keyboard \ PNPID_DEVICE_PATH_NODE(0x0303) +#define KEYBOARD_8042_DATA_REGISTER 0x60 +#define KEYBOARD_8042_STATUS_REGISTER 0x64 + +#define KBC_INPBUF_VIA60_KBECHO 0xEE +#define KEYBOARD_CMDECHO_ACK 0xFA +#define KEYBOARD_CMD_RESEND 0xFE + +#define KEYBOARD_STATUS_REGISTER_HAS_OUTPUT_DATA BIT0 +#define KEYBOARD_STATUS_REGISTER_HAS_INPUT_DATA BIT1 +#define KEYBOARD_STATUS_REGISTER_RECEIVE_TIMEOUT BIT6 + +#define KEYBOARD_TIMEOUT 65536 // 0.07s +#define KEYBOARD_WAITFORVALUE_TIMEOUT 1000000 // 1s + typedef enum _TYPE_OF_TERMINAL { TerminalTypePcAnsi = 0, TerminalTypeVt100, @@ -110,6 +124,110 @@ VENDOR_DEVICE_PATH gTerminalTypeDeviceNode = gPcAnsiTerminal; VENDOR_DEVICE_PATH gUartDeviceVendorNode = gUartVendor; BOOLEAN mDetectDisplayOnly; +/** + Check if PS2 keyboard is connected, by sending ECHO command. + @param none + @retval TRUE connected + @retvar FALSE unconnected +**/ +BOOLEAN +DetectPs2Keyboard ( + VOID + ) +{ + UINT32 TimeOut; + UINT32 RegEmptied; + UINT8 Data; + UINT8 Status; + UINT32 SumTimeOut; + UINT32 GotIt; + + TimeOut = 0; + RegEmptied = 0; + + // + // Wait for input buffer empty + // + for (TimeOut = 0; TimeOut < KEYBOARD_TIMEOUT; TimeOut += 30) { + if ((IoRead8 (KEYBOARD_8042_STATUS_REGISTER) & KEYBOARD_STATUS_REGISTER_HAS_INPUT_DATA) == 0) { + RegEmptied = 1; + break; + } + MicroSecondDelay (30); + } + + if (RegEmptied == 0) { + DEBUG ((EFI_D_INFO, "PS2 reg not emptied\n")); + return FALSE; + } + + // + // Write it + // + IoWrite8 (KEYBOARD_8042_DATA_REGISTER, KBC_INPBUF_VIA60_KBECHO); + + // + // wait for 1s + // + GotIt = 0; + TimeOut = 0; + SumTimeOut = 0; + Data = 0; + Status = 0; + + // + // Read from 8042 (multiple times if needed) + // until the expected value appears + // use SumTimeOut to control the iteration + // + while (1) { + + // + // Perform a read + // + for (TimeOut = 0; TimeOut < KEYBOARD_TIMEOUT; TimeOut += 30) { + Status = IoRead8 (KEYBOARD_8042_STATUS_REGISTER); + Data = IoRead8 (KEYBOARD_8042_DATA_REGISTER); + MicroSecondDelay (30); + } + + SumTimeOut += TimeOut; + + if (PcdGetBool (PcdDetectPs2KbOnCmdAck)) { + if(Data == KEYBOARD_CMDECHO_ACK) { + GotIt = 1; + break; + } + } + + // If keyboard not connected, the timeout will occur + if (Status & KEYBOARD_STATUS_REGISTER_RECEIVE_TIMEOUT || Data == KEYBOARD_CMD_RESEND) { + DEBUG ((EFI_D_INFO, "PS/2 receive timeout, keyboard not connected\n")); + GotIt = 0; + break; + } + + if (SumTimeOut >= KEYBOARD_WAITFORVALUE_TIMEOUT || PcdGetBool (PcdFastPS2Detection)) { + // Some PS/2 controllers may not respond to echo command. + // Assume keyboard connected if no timeout has been detected + DEBUG ((EFI_D_INFO, "PS/2 detect timeout\n")); + if (Data == KBC_INPBUF_VIA60_KBECHO) { + GotIt = 1; + break; + } + break; + } + } + + // + // Check results + // + if (GotIt == 1) { + return TRUE; + } else { + return FALSE; + } +} /** Add IsaKeyboard to ConIn; add IsaSerial to ConOut, ConIn, ErrOut. @@ -131,6 +249,8 @@ PrepareLpcBridgeDevicePath ( EFI_DEVICE_PATH_PROTOCOL *DevicePath; EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; EFI_GUID TerminalTypeGuid; + BOOLEAN Ps2Enabled; + UINTN VarSize; DevicePath = NULL; Status = gBS->HandleProtocol ( @@ -142,12 +262,46 @@ PrepareLpcBridgeDevicePath ( return Status; } TempDevicePath = DevicePath; - - // - // Register Keyboard - // DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gPnpPs2KeyboardDeviceNode); - EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + + VarSize = sizeof (Ps2Enabled); + Status = gRT->GetVariable ( + L"Ps2Controller", + &gDasharoSystemFeaturesGuid, + NULL, + &VarSize, + &Ps2Enabled + ); + + if ((Status == EFI_SUCCESS) && (VarSize == sizeof(Ps2Enabled))) { + if (Ps2Enabled) { + DEBUG ((DEBUG_INFO, "PS/2 controller enabled\n")); + if (DetectPs2Keyboard()) { + // + // Register Keyboard + // + DEBUG ((DEBUG_INFO, "PS/2 keyboard connected\n")); + EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + } else { + // Remove PS/2 Keyboard from ConIn + DEBUG ((DEBUG_INFO, "PS/2 keyboard not connected\n")); + EfiBootManagerUpdateConsoleVariable (ConIn, NULL, DevicePath); + } + } else { + DEBUG ((DEBUG_INFO, "PS/2 controller disabled\n")); + // Remove PS/2 Keyboard from ConIn + EfiBootManagerUpdateConsoleVariable (ConIn, NULL, DevicePath); + } + } else { + DEBUG ((DEBUG_INFO, "PS/2 controller variable status %r\n", Status)); + if (DetectPs2Keyboard()) { + // + // Register Keyboard + // + DEBUG ((DEBUG_INFO, "PS/2 keyboard connected\n")); + EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + } + } // // Register COM1 // diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.h b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.h index 68bdf5e555..68855ccfa5 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.h +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.h @@ -15,7 +15,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include +#include #include #include #include diff --git a/MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2Keyboard.h b/MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2Keyboard.h index ca1dd9b2c2..3abec59b99 100644 --- a/MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2Keyboard.h +++ b/MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2Keyboard.h @@ -151,8 +151,10 @@ InstallPs2KeyboardDriver ( #define KEYBOARD_8042_STATUS_REGISTER 0x64 #define KEYBOARD_8042_COMMAND_REGISTER 0x64 -#define KEYBOARD_KBEN 0xF4 -#define KEYBOARD_CMDECHO_ACK 0xFA +#define KBC_INPBUF_VIA60_KBECHO 0xEE +#define KEYBOARD_KBEN 0xF4 +#define KEYBOARD_CMDECHO_ACK 0xFA +#define KEYBOARD_CMD_RESEND 0xFE #define KEYBOARD_MAX_TRY 256 // 256 #define KEYBOARD_TIMEOUT 65536 // 0.07s diff --git a/MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf b/MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf index f3447e742d..4d026a2dec 100644 --- a/MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf +++ b/MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf @@ -65,6 +65,7 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdFastPS2Detection ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdDetectPs2KbOnCmdAck ## SOMETIMES_CONSUMES # # [Event] diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index a2cd83345f..6034a0df7d 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1678,6 +1678,8 @@ # @Prompt Boot Discovery Policy gEfiMdeModulePkgTokenSpaceGuid.PcdBootDiscoveryPolicy|2|UINT32|0x4000000f + gEfiMdeModulePkgTokenSpaceGuid.PcdDetectPs2KbOnCmdAck|TRUE|BOOLEAN|0x40000010 + [PcdsFixedAtBuild.AARCH64, PcdsPatchableInModule.AARCH64] gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiExposedTableVersions|0x20|UINT32|0x0001004c From 41e0edc3dcaa8a39eb67b59f65fcdb9906c2ac27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Fri, 11 Nov 2022 19:13:09 +0100 Subject: [PATCH 165/357] DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c: refresh logo after popup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../Library/PlatformBootManagerLib/PlatformBootManager.c | 1 + 1 file changed, 1 insertion(+) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 21b00f128b..fa7aee2a49 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -789,6 +789,7 @@ WarnIfRecoveryBoot ( gST->ConOut->SetAttribute (gST->ConOut, CurrentAttribute); gST->ConOut->ClearScreen (gST->ConOut); + BootLogoEnableLogo (); } /** From 491b1ff15f6fee2ca48aea7b636063088e24439a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 19 Dec 2022 17:33:28 +0100 Subject: [PATCH 166/357] DasharoPayloadPkg: add build option for IOMMU MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 3 +++ DasharoPayloadPkg/DasharoPayloadPkg.fdf | 3 +++ 2 files changed, 6 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 98fbb25b0b..c61e23a64f 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -94,6 +94,7 @@ DEFINE SETUP_PASSWORD_ENABLE = FALSE DEFINE USE_CBMEM_FOR_CONSOLE = FALSE DEFINE ABOVE_4G_MEMORY = TRUE + DEFINE IOMMU_ENABLE = FALSE # # Network definition @@ -814,7 +815,9 @@ SecurityPkg/HddPassword/HddPasswordDxe.inf !endif +!if $(IOMMU_ENABLE) == TRUE IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxe.inf +!endif #------------------------------ # Build the shell diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index b13b7d2c66..34db09c392 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -323,6 +323,9 @@ INF SecurityPkg/HddPassword/HddPasswordDxe.inf !if $(SETUP_PASSWORD_ENABLE) == TRUE INF DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf +!endif + +!if $(IOMMU_ENABLE) == TRUE INF IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxe.inf !endif From cd8132081f75b6f3183fd3a0483b5f49ed036d36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 9 Jan 2023 18:09:04 +0100 Subject: [PATCH 167/357] DasharoPayloadPkg/BlSMMStoreDxe: add debug prints MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../BlSMMStoreDxe/BlSMMStoreDxe.c | 3 + .../BlSMMStoreDxe/BlSMMStoreFvbDxe.c | 79 ++++++++++++++++--- 2 files changed, 69 insertions(+), 13 deletions(-) diff --git a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.c b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.c index fa5459cd28..8197d3414a 100644 --- a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.c +++ b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.c @@ -87,6 +87,7 @@ SMMStoreCreateInstance ( Instance = AllocateRuntimeCopyPool (sizeof(SMMSTORE_INSTANCE),&mSMMStoreInstanceTemplate); if (Instance == NULL) { + DEBUG((DEBUG_ERROR, "%a: Failed to allocate pool for SMMStore instance\n", __FUNCTION__)); return EFI_OUT_OF_RESOURCES; } @@ -99,6 +100,7 @@ SMMStoreCreateInstance ( Status = SMMStoreFvbInitialize (Instance); if (EFI_ERROR(Status)) { + DEBUG((DEBUG_ERROR, "%a: SMMStoreFvbInitialize failed\n", __FUNCTION__)); FreePool (Instance); return Status; } @@ -110,6 +112,7 @@ SMMStoreCreateInstance ( NULL ); if (EFI_ERROR(Status)) { + DEBUG((DEBUG_ERROR, "%a: Failed to install FVB protocol\n", __FUNCTION__)); FreePool (Instance); return Status; } diff --git a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreFvbDxe.c b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreFvbDxe.c index 63ca6172a6..cdd1690cd8 100644 --- a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreFvbDxe.c +++ b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreFvbDxe.c @@ -115,6 +115,61 @@ InitializeFvAndVariableStoreHeaders ( return Status; } +/** + + This function dump raw data. + + @param Data raw data + @param Size raw data size + +**/ +VOID +InternalDumpData ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + for (Index = 0; Index < Size; Index++) { + DEBUG ((EFI_D_INFO, "%02x", (UINTN)Data[Index])); + } +} + +/** + + This function dump raw data with colume format. + + @param Data raw data + @param Size raw data size + +**/ +VOID +InternalDumpHex ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + UINTN Count; + UINTN Left; + +#define COLUME_SIZE (16 * 2) + + Count = Size / COLUME_SIZE; + Left = Size % COLUME_SIZE; + for (Index = 0; Index < Count; Index++) { + DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); + InternalDumpData (Data + Index * COLUME_SIZE, COLUME_SIZE); + DEBUG ((EFI_D_INFO, "\n")); + } + + if (Left != 0) { + DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); + InternalDumpData (Data + Index * COLUME_SIZE, Left); + DEBUG ((EFI_D_INFO, "\n")); + } +} + /** Check the integrity of firmware volume header. @@ -141,14 +196,18 @@ ValidateFvHeader ( BufferSizeReqested = sizeof(EFI_FIRMWARE_VOLUME_HEADER); FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER*)AllocatePool(BufferSizeReqested); if (!FwVolHeader) { + DEBUG((DEBUG_ERROR, "%a: Failed to allocate pool for FVB header\n", __FUNCTION__)); return EFI_OUT_OF_RESOURCES; } BufferSize = BufferSizeReqested; TempStatus = SMMStoreRead (0, 0, &BufferSize, (UINT8 *)FwVolHeader); if (EFI_ERROR (TempStatus) || BufferSizeReqested != BufferSize) { + DEBUG((DEBUG_ERROR, "%a: Failed to read current FVB header\n", __FUNCTION__)); FreePool (FwVolHeader); return EFI_DEVICE_ERROR; } + DEBUG((DEBUG_INFO, "%a: FVB header:\n", __FUNCTION__)); + InternalDumpHex ((UINT8 *)FwVolHeader, BufferSizeReqested); FvLength = PcdGet32(PcdFlashNvStorageVariableSize) + PcdGet32(PcdFlashNvStorageFtwWorkingSize) + PcdGet32(PcdFlashNvStorageFtwSpareSize); @@ -177,19 +236,6 @@ ValidateFvHeader ( return EFI_NOT_FOUND; } - BufferSizeReqested = FwVolHeader->HeaderLength; - FreePool (FwVolHeader); - FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER*)AllocatePool(BufferSizeReqested); - if (!FwVolHeader) { - return EFI_OUT_OF_RESOURCES; - } - BufferSize = BufferSizeReqested; - TempStatus = SMMStoreRead (0, 0, &BufferSize, (UINT8 *)FwVolHeader); - if (EFI_ERROR (TempStatus) || BufferSizeReqested != BufferSize) { - FreePool (FwVolHeader); - return EFI_DEVICE_ERROR; - } - // Verify the header checksum Checksum = CalculateSum16((UINT16*)FwVolHeader, FwVolHeader->HeaderLength); if (Checksum != 0) { @@ -202,16 +248,21 @@ ValidateFvHeader ( BufferSizeReqested = sizeof(VARIABLE_STORE_HEADER); VariableStoreHeader = (VARIABLE_STORE_HEADER*)AllocatePool(BufferSizeReqested); if (!VariableStoreHeader) { + DEBUG((DEBUG_ERROR, "%a: Failed to allocate pool for varstore header\n", __FUNCTION__)); return EFI_OUT_OF_RESOURCES; } BufferSize = BufferSizeReqested; TempStatus = SMMStoreRead (0, FwVolHeader->HeaderLength, &BufferSize, (UINT8 *)VariableStoreHeader); if (EFI_ERROR (TempStatus) || BufferSizeReqested != BufferSize) { + DEBUG((DEBUG_ERROR, "%a: Failed to read current varstore header\n", __FUNCTION__)); FreePool (VariableStoreHeader); FreePool (FwVolHeader); return EFI_DEVICE_ERROR; } + DEBUG((DEBUG_INFO, "%a: Varstore header:\n", __FUNCTION__)); + InternalDumpHex ((UINT8 *)VariableStoreHeader, BufferSizeReqested); + // Check the Variable Store Guid if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) && !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) { @@ -772,12 +823,14 @@ SMMStoreFvbInitialize ( Status = FvbEraseBlocks (&Instance->FvbProtocol, (EFI_LBA)0, FvbNumLba, EFI_LBA_LIST_TERMINATOR); if (EFI_ERROR(Status)) { + DEBUG((DEBUG_ERROR, "%a: Failed to erase blocks for FVB header\n", __FUNCTION__)); return Status; } // Install all appropriate headers Status = InitializeFvAndVariableStoreHeaders (Instance); if (EFI_ERROR(Status)) { + DEBUG((DEBUG_ERROR, "%a: Failed to install FVB headers\n", __FUNCTION__)); return Status; } } else { From 2485f4042773be374a916a7fd6da62c65b6632f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sun, 14 Apr 2024 20:43:18 +0300 Subject: [PATCH 168/357] DasharoPayloadPkg: Add fresh SmmStore from MrChromebox repo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixing one confusing debug message in DasharoPayloadPkg/Library/SmmStoreLib/SmmStore.c in the process. Signed-off-by: Michał Żygowski Signed-off-by: Sergii Dmytruk --- .../BlSMMStoreDxe/BlSMMStoreDxe.c | 340 ----------- .../BlSMMStoreDxe/BlSMMStoreDxe.h | 118 ---- DasharoPayloadPkg/BlSupportPei/BlSupportPei.c | 2 +- DasharoPayloadPkg/BlSupportPei/BlSupportPei.h | 2 +- .../BlSupportPei/BlSupportPei.inf | 2 +- DasharoPayloadPkg/DasharoPayloadPkg.dec | 2 +- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 23 +- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 27 +- ...{SMMSTOREInfoGuid.h => SmmStoreInfoGuid.h} | 12 +- .../Include/Library/BlParseLib.h | 2 +- .../Include/Library/SMMStoreLib.h | 98 ---- .../Include/Library/SmmStoreLib.h | 120 ++++ .../Library/CbSMMStoreLib/CbSMMStoreLib.inf | 28 - .../Library/CbSMMStoreLib/CorebootSMMStore.c | 281 --------- .../Library/SblSMMStoreLib/SblSMMStore.c | 102 ---- .../Library/SblSMMStoreLib/SblSMMStoreLib.inf | 28 - .../Library/SmmStoreLib/SmmStore.c | 473 +++++++++++++++ .../Library/SmmStoreLib/SmmStore.h | 81 +++ .../Library/SmmStoreLib/SmmStoreLib.inf | 41 ++ .../Library/SmmStoreLib/X64/SmmStore.nasm | 48 ++ .../SmmStoreFvb/SmmStoreFvbRuntime.c | 282 +++++++++ .../SmmStoreFvb/SmmStoreFvbRuntime.h | 111 ++++ .../SmmStoreFvbRuntimeDxe.c} | 538 +++++++++--------- .../SmmStoreFvbRuntimeDxe.inf} | 36 +- 24 files changed, 1459 insertions(+), 1338 deletions(-) delete mode 100644 DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.c delete mode 100644 DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.h rename DasharoPayloadPkg/Include/Guid/{SMMSTOREInfoGuid.h => SmmStoreInfoGuid.h} (54%) delete mode 100644 DasharoPayloadPkg/Include/Library/SMMStoreLib.h create mode 100644 DasharoPayloadPkg/Include/Library/SmmStoreLib.h delete mode 100644 DasharoPayloadPkg/Library/CbSMMStoreLib/CbSMMStoreLib.inf delete mode 100644 DasharoPayloadPkg/Library/CbSMMStoreLib/CorebootSMMStore.c delete mode 100644 DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStore.c delete mode 100644 DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStoreLib.inf create mode 100644 DasharoPayloadPkg/Library/SmmStoreLib/SmmStore.c create mode 100644 DasharoPayloadPkg/Library/SmmStoreLib/SmmStore.h create mode 100644 DasharoPayloadPkg/Library/SmmStoreLib/SmmStoreLib.inf create mode 100644 DasharoPayloadPkg/Library/SmmStoreLib/X64/SmmStore.nasm create mode 100644 DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntime.c create mode 100644 DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntime.h rename DasharoPayloadPkg/{BlSMMStoreDxe/BlSMMStoreFvbDxe.c => SmmStoreFvb/SmmStoreFvbRuntimeDxe.c} (58%) rename DasharoPayloadPkg/{BlSMMStoreDxe/BlSMMStoreDxe.inf => SmmStoreFvb/SmmStoreFvbRuntimeDxe.inf} (61%) diff --git a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.c b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.c deleted file mode 100644 index 8197d3414a..0000000000 --- a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.c +++ /dev/null @@ -1,340 +0,0 @@ -/** @file BlSMMStoreDxe.c - - Copyright (c) 2020, 9elements Agency GmbH
- - SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "BlSMMStoreDxe.h" - -STATIC EFI_EVENT mSMMStoreVirtualAddrChangeEvent; - -// -// Global variable declarations -// -SMMSTORE_INSTANCE *mSMMStoreInstance; - -SMMSTORE_INSTANCE mSMMStoreInstanceTemplate = { - SMMSTORE_SIGNATURE, // Signature - NULL, // Handle ... NEED TO BE FILLED - { - 0, // MediaId ... NEED TO BE FILLED - FALSE, // RemovableMedia - TRUE, // MediaPresent - FALSE, // LogicalPartition - FALSE, // ReadOnly - FALSE, // WriteCaching; - 0, // BlockSize ... NEED TO BE FILLED - 4, // IoAlign - 0, // LastBlock ... NEED TO BE FILLED - 0, // LowestAlignedLba - 1, // LogicalBlocksPerPhysicalBlock - }, //Media; - - { - FvbGetAttributes, // GetAttributes - FvbSetAttributes, // SetAttributes - FvbGetPhysicalAddress, // GetPhysicalAddress - FvbGetBlockSize, // GetBlockSize - FvbRead, // Read - FvbWrite, // Write - FvbEraseBlocks, // EraseBlocks - NULL, //ParentHandle - }, // FvbProtoccol; - { - { - { - HARDWARE_DEVICE_PATH, - HW_VENDOR_DP, - { - (UINT8)(OFFSET_OF (NOR_FLASH_DEVICE_PATH, End)), - (UINT8)(OFFSET_OF (NOR_FLASH_DEVICE_PATH, End) >> 8) - } - }, - { 0x0, 0x0, 0x0, { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 } }, // GUID ... NEED TO BE FILLED - }, - 0, // Index - { - END_DEVICE_PATH_TYPE, - END_ENTIRE_DEVICE_PATH_SUBTYPE, - { sizeof (EFI_DEVICE_PATH_PROTOCOL), 0 } - } - } // DevicePath -}; - -STATIC -EFI_STATUS -SMMStoreCreateInstance ( - IN UINTN NumberofBlocks, - IN UINTN BlockSize, - OUT SMMSTORE_INSTANCE** SMMStoreInstance - ) -{ - EFI_STATUS Status; - SMMSTORE_INSTANCE* Instance; - - ASSERT(SMMStoreInstance != NULL); - - Instance = AllocateRuntimeCopyPool (sizeof(SMMSTORE_INSTANCE),&mSMMStoreInstanceTemplate); - if (Instance == NULL) { - DEBUG((DEBUG_ERROR, "%a: Failed to allocate pool for SMMStore instance\n", __FUNCTION__)); - return EFI_OUT_OF_RESOURCES; - } - - Instance->Media.MediaId = 0; - Instance->Media.BlockSize = BlockSize; - Instance->Media.LastBlock = NumberofBlocks - 1; - - CopyGuid (&Instance->DevicePath.Vendor.Guid, &gEfiCallerIdGuid); - Instance->DevicePath.Index = (UINT8)0; - - Status = SMMStoreFvbInitialize (Instance); - if (EFI_ERROR(Status)) { - DEBUG((DEBUG_ERROR, "%a: SMMStoreFvbInitialize failed\n", __FUNCTION__)); - FreePool (Instance); - return Status; - } - - Status = gBS->InstallMultipleProtocolInterfaces ( - &Instance->Handle, - &gEfiDevicePathProtocolGuid, &Instance->DevicePath, - &gEfiFirmwareVolumeBlockProtocolGuid, &Instance->FvbProtocol, - NULL - ); - if (EFI_ERROR(Status)) { - DEBUG((DEBUG_ERROR, "%a: Failed to install FVB protocol\n", __FUNCTION__)); - FreePool (Instance); - return Status; - } - - DEBUG((DEBUG_INFO, "%a: Created a new instance\n", __FUNCTION__)); - - *SMMStoreInstance = Instance; - return Status; -} - -/** - Fixup internal data so that EFI can be call in virtual mode. - Call the passed in Child Notify event and convert any pointers in - lib to virtual mode. - - @param[in] Event The Event that is being processed - @param[in] Context Event Context -**/ -VOID -EFIAPI -BlSMMStoreVirtualNotifyEvent ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - // Convert Fvb - EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.EraseBlocks); - EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.GetAttributes); - EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.GetBlockSize); - EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.GetPhysicalAddress); - EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.Read); - EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.SetAttributes); - EfiConvertPointer (0x0, (VOID**)&mSMMStoreInstance->FvbProtocol.Write); - - SMMStoreVirtualNotifyEvent (Event, Context); - - return; -} - -EFI_STATUS -EFIAPI -BlSMMSTOREInitialise ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - EFI_STATUS Status; - VOID *ComBuf; - VOID *GuidHob; - SMMSTORE_INFO *SMMStoreInfoHob; - EFI_GCD_MEMORY_SPACE_DESCRIPTOR GcdDescriptor; - - if (PcdGetBool (PcdEmuVariableNvModeEnable)) { - DEBUG ((DEBUG_WARN, "Variable emulation is active! Skipping driver init.\n")); - return EFI_SUCCESS; - } - - // - // Find the SMMSTORE information guid hob - // - GuidHob = GetFirstGuidHob (&gEfiSMMSTOREInfoHobGuid); - if (GuidHob == NULL) { - DEBUG ((DEBUG_WARN, "SMMSTORE not supported! Skipping driver init.\n")); - PcdSetBoolS (PcdEmuVariableNvModeEnable, TRUE); - return EFI_SUCCESS; - } - - // - // Allocate Communication Buffer for arguments to pass to SMM - // - ComBuf = AllocateRuntimePool (SMMSTORE_COMBUF_SIZE); - if (!ComBuf) { - PcdSetBoolS (PcdEmuVariableNvModeEnable, TRUE); - return EFI_OUT_OF_RESOURCES; - } - - // - // Place SMMSTORE information hob in a runtime buffer - // - SMMStoreInfoHob = AllocateRuntimePool (GET_GUID_HOB_DATA_SIZE(GuidHob)); - if (!SMMStoreInfoHob) { - FreePool(ComBuf); - PcdSetBoolS (PcdEmuVariableNvModeEnable, TRUE); - return EFI_OUT_OF_RESOURCES; - } - - CopyMem(SMMStoreInfoHob, GET_GUID_HOB_DATA (GuidHob), GET_GUID_HOB_DATA_SIZE(GuidHob)); - - if (!SMMStoreInfoHob->MmioAddress || - !SMMStoreInfoHob->ComBuffer || - !SMMStoreInfoHob->BlockSize || - !SMMStoreInfoHob->NumBlocks) { - DEBUG((EFI_D_ERROR, "%a: Invalid data in SMMStore Info hob\n", __FUNCTION__)); - FreePool(ComBuf); - FreePool(SMMStoreInfoHob); - return EFI_WRITE_PROTECTED; - } - - Status = SMMStoreInitialize(ComBuf, SMMStoreInfoHob); - if (EFI_ERROR(Status)) { - DEBUG((EFI_D_ERROR,"%a: Failed to initialize SMMStore\n", - __FUNCTION__)); - PcdSetBoolS (PcdEmuVariableNvModeEnable, TRUE); - FreePool(ComBuf); - FreePool(SMMStoreInfoHob); - return Status; - } - - // Update PCDs for Variable/RuntimeDxe - PcdSet32S (PcdFlashNvStorageVariableBase, - PcdGet32 (PcdFlashNvStorageVariableBase) + SMMStoreInfoHob->MmioAddress); - PcdSet32S (PcdFlashNvStorageFtwWorkingBase, - PcdGet32 (PcdFlashNvStorageFtwWorkingBase) + SMMStoreInfoHob->MmioAddress); - PcdSet32S (PcdFlashNvStorageFtwSpareBase, - PcdGet32 (PcdFlashNvStorageFtwSpareBase) + SMMStoreInfoHob->MmioAddress); - - mSMMStoreInstance = AllocateRuntimePool (sizeof(SMMSTORE_INSTANCE*)); - if (!mSMMStoreInstance) { - DEBUG((EFI_D_ERROR, "%a: Out of resources\n", __FUNCTION__)); - FreePool(ComBuf); - FreePool(SMMStoreInfoHob); - PcdSetBoolS (PcdEmuVariableNvModeEnable, TRUE); - return EFI_OUT_OF_RESOURCES; - } - - Status = SMMStoreCreateInstance ( - SMMStoreInfoHob->NumBlocks, - SMMStoreInfoHob->BlockSize, - &mSMMStoreInstance - ); - if (EFI_ERROR(Status)) { - DEBUG((EFI_D_ERROR, "%a: Fail to create instance for SMMStore\n", - __FUNCTION__)); - PcdSetBoolS (PcdEmuVariableNvModeEnable, TRUE); - FreePool(ComBuf); - FreePool(SMMStoreInfoHob); - return Status; - } - - // - // Register for the virtual address change event - // - Status = gBS->CreateEventEx ( - EVT_NOTIFY_SIGNAL, - TPL_NOTIFY, - BlSMMStoreVirtualNotifyEvent, - NULL, - &gEfiEventVirtualAddressChangeGuid, - &mSMMStoreVirtualAddrChangeEvent - ); - ASSERT_EFI_ERROR (Status); - - // - // Finally mark the SMM communication buffer provided by CB or SBL as runtime memory - // - Status = gDS->GetMemorySpaceDescriptor (SMMStoreInfoHob->ComBuffer, &GcdDescriptor); - if (EFI_ERROR (Status) || GcdDescriptor.GcdMemoryType == EfiGcdMemoryTypeNonExistent) { - DEBUG((EFI_D_INFO, "%a: No memory space descriptor for com buffer found\n", - __FUNCTION__)); - - // - // Add a new entry if not covered by existing mapping - // - Status = gDS->AddMemorySpace ( - EfiGcdMemoryTypeReserved, - SMMStoreInfoHob->ComBuffer, SMMStoreInfoHob->ComBufferSize, - EFI_MEMORY_WB | EFI_MEMORY_RUNTIME - ); - if (EFI_ERROR (Status)) - DEBUG((EFI_D_ERROR, "%a: Failed to add memory space for com buffer (%r)\n", - __FUNCTION__, Status)); - } - - // - // Mark as runtime service - // - Status = gDS->SetMemorySpaceAttributes ( - SMMStoreInfoHob->ComBuffer, - SMMStoreInfoHob->ComBufferSize, - EFI_MEMORY_RUNTIME - ); - if (EFI_ERROR (Status)) - DEBUG((EFI_D_ERROR, "%a: Failed to mark com buffer as Runtime Service memory (%r)\n", - __FUNCTION__, Status)); - - if (!SMMStoreInfoHob->MmioAddress) - return Status; - - // - // Mark the memory mapped store as MMIO memory - // - Status = gDS->GetMemorySpaceDescriptor (SMMStoreInfoHob->MmioAddress, &GcdDescriptor); - if (EFI_ERROR (Status) || GcdDescriptor.GcdMemoryType == EfiGcdMemoryTypeNonExistent) { - DEBUG((EFI_D_INFO, "%a: No memory space descriptor for MMIO found\n", - __FUNCTION__)); - - // - // Add a new entry if not covered by existing mapping - // - Status = gDS->AddMemorySpace ( - EfiGcdMemoryTypeMemoryMappedIo, - SMMStoreInfoHob->MmioAddress, - SMMStoreInfoHob->NumBlocks * SMMStoreInfoHob->BlockSize, - EFI_MEMORY_UC | EFI_MEMORY_RUNTIME - ); - if (EFI_ERROR (Status)) - DEBUG((EFI_D_ERROR, "%a: Failed to add memory space for MMIO (%r)\n", - __FUNCTION__, Status)); - } - - // - // Mark as runtime service - // - Status = gDS->SetMemorySpaceAttributes ( - SMMStoreInfoHob->MmioAddress, - SMMStoreInfoHob->NumBlocks * SMMStoreInfoHob->BlockSize, - EFI_MEMORY_RUNTIME - ); - if (EFI_ERROR (Status)) - DEBUG((EFI_D_ERROR, "%a: Failed to mark MMIO as Runtime Service memory (%r)\n", - __FUNCTION__, Status)); - - - return Status; -} diff --git a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.h b/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.h deleted file mode 100644 index 87fcbc3894..0000000000 --- a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.h +++ /dev/null @@ -1,118 +0,0 @@ -/** @file BlSMMStoreDxe.h - - Copyright (c) 2020, 9elements Agency GmbH
- - SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#ifndef __COREBOOT_SMM_STORE_DXE_H__ -#define __COREBOOT_SMM_STORE_DXE_H__ - - -#include -#include - -#include - -#include -#include -#include - -#include -#include -#include -#include - -#define SMMSTORE_SIGNATURE SIGNATURE_32('S', 'M', 'M', 'S') -#define INSTANCE_FROM_FVB_THIS(a) CR(a, SMMSTORE_INSTANCE, FvbProtocol, SMMSTORE_SIGNATURE) - -typedef struct _SMMSTORE_INSTANCE SMMSTORE_INSTANCE; - -#pragma pack (1) -typedef struct { - VENDOR_DEVICE_PATH Vendor; - UINT8 Index; - EFI_DEVICE_PATH_PROTOCOL End; -} NOR_FLASH_DEVICE_PATH; -#pragma pack () - -struct _SMMSTORE_INSTANCE { - UINT32 Signature; - EFI_HANDLE Handle; - EFI_BLOCK_IO_MEDIA Media; - - EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL FvbProtocol; - - NOR_FLASH_DEVICE_PATH DevicePath; -}; - -// -// BlSMMStoreFvbDxe.c -// - -EFI_STATUS -EFIAPI -SMMStoreFvbInitialize ( - IN SMMSTORE_INSTANCE* Instance - ); - -EFI_STATUS -EFIAPI -FvbGetAttributes( - IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, - OUT EFI_FVB_ATTRIBUTES_2 *Attributes - ); - -EFI_STATUS -EFIAPI -FvbSetAttributes( - IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, - IN OUT EFI_FVB_ATTRIBUTES_2 *Attributes - ); - -EFI_STATUS -EFIAPI -FvbGetPhysicalAddress( - IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, - OUT EFI_PHYSICAL_ADDRESS *Address - ); - -EFI_STATUS -EFIAPI -FvbGetBlockSize( - IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, - IN EFI_LBA Lba, - OUT UINTN *BlockSize, - OUT UINTN *NumberOfBlocks - ); - -EFI_STATUS -EFIAPI -FvbRead( - IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, - IN EFI_LBA Lba, - IN UINTN Offset, - IN OUT UINTN *NumBytes, - IN OUT UINT8 *Buffer - ); - -EFI_STATUS -EFIAPI -FvbWrite( - IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, - IN EFI_LBA Lba, - IN UINTN Offset, - IN OUT UINTN *NumBytes, - IN UINT8 *Buffer - ); - -EFI_STATUS -EFIAPI -FvbEraseBlocks( - IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, - ... - ); - - -#endif /* __COREBOOT_SMM_STORE_DXE_H__ */ diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c index 773cd59dfb..48602ca0b2 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c @@ -548,7 +548,7 @@ BlPeiEntryPoint ( // Status = ParseSMMSTOREInfo (&SMMSTOREInfo); if (!EFI_ERROR (Status)) { - NewSMMSTOREInfo = BuildGuidHob (&gEfiSMMSTOREInfoHobGuid, sizeof (SMMSTOREInfo)); + NewSMMSTOREInfo = BuildGuidHob (&gEfiSmmStoreInfoHobGuid, sizeof (SMMSTOREInfo)); ASSERT (NewSMMSTOREInfo != NULL); CopyMem (NewSMMSTOREInfo, &SMMSTOREInfo, sizeof (SMMSTOREInfo)); DEBUG ((DEBUG_INFO, "Created SMMSTORE info hob\n")); diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h index be5550f5b6..e1ca2a7c93 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h @@ -28,7 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include -#include +#include #include #include #include diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf index 353dfd806b..626f81b3f5 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf @@ -56,7 +56,7 @@ gEfiGraphicsInfoHobGuid gEfiGraphicsDeviceInfoHobGuid gUefiAcpiBoardInfoGuid - gEfiSMMSTOREInfoHobGuid + gEfiSmmStoreInfoHobGuid gEfiTcgPhysicalPresenceInfoHobGuid gEfiFirmwarePerformanceGuid diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index b672427602..b643fe318c 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -33,7 +33,7 @@ gUefiAcpiBoardInfoGuid = {0xad3d31b, 0xb3d8, 0x4506, {0xae, 0x71, 0x2e, 0xf1, 0x10, 0x6, 0xd9, 0xf}} gUefiSerialPortInfoGuid = { 0x6c6872fe, 0x56a9, 0x4403, { 0xbb, 0x98, 0x95, 0x8d, 0x62, 0xde, 0x87, 0xf1 } } gLoaderMemoryMapInfoGuid = { 0xa1ff7424, 0x7a1a, 0x478e, { 0xa9, 0xe4, 0x92, 0xf3, 0x57, 0xd1, 0x28, 0x32 } } - gEfiSMMSTOREInfoHobGuid = { 0xf585ca19, 0x881b, 0x44fb, { 0x3f, 0x3d, 0x81, 0x89, 0x7c, 0x57, 0xbb, 0x01 } } + gEfiSmmStoreInfoHobGuid = { 0xf585ca19, 0x881b, 0x44fb, { 0x3f, 0x3d, 0x81, 0x89, 0x7c, 0x57, 0xbb, 0x01 } } gEfiTcgPhysicalPresenceInfoHobGuid = { 0xf367be59, 0x5891, 0x40eb, { 0x21, 0x44, 0xed, 0x2e, 0xac, 0x57, 0xfd, 0x14 }} [Ppis] diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index c61e23a64f..e56aa2e38c 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -296,9 +296,7 @@ # SMMSTORE # !if $(BOOTLOADER) == "COREBOOT" - SmmStoreLib|DasharoPayloadPkg/Library/CbSMMStoreLib/CbSMMStoreLib.inf -!else - SmmStoreLib|DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStoreLib.inf + SmmStoreLib|DasharoPayloadPkg/Library/SmmStoreLib/SmmStoreLib.inf !endif !if $(TPM_ENABLE) == TRUE @@ -497,6 +495,14 @@ gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|$(PLATFORM_BOOT_TIMEOUT) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize |0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize |0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase |0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0 + ## This PCD defines the video horizontal resolution. # This PCD could be set to 0 then video resolution could be at highest resolution. gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|0 @@ -638,10 +644,14 @@ MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf +!if $(BOOTLOADER) == "COREBOOT" + DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.inf +!endif MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + NULL|EmbeddedPkg/Library/NvVarStoreFormattedLib/NvVarStoreFormattedLib.inf } # @@ -738,13 +748,6 @@ DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf - # - # SMMSTORE - # -!if $(BOOTLOADER) == "COREBOOT" - DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf -!endif - # # Network Support # diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 34db09c392..037948ba0a 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -87,13 +87,10 @@ READ_LOCK_CAP = TRUE READ_LOCK_STATUS = TRUE APRIORI DXE { + INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf -!if $(BOOTLOADER) == "COREBOOT" - # Initialize VariableStore and update PCDs before VariableRuntimeDxe - INF DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf -!endif } # @@ -119,6 +116,11 @@ INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf + +!if $(BOOTLOADER) == "COREBOOT" + # Initialize VariableStore and update PCDs before VariableRuntimeDxe + INF DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.inf +!endif INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -133,9 +135,6 @@ INF DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf INF MdeModulePkg/Logo/LogoDxe.inf INF MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.inf -!if $(BOOTLOADER) == "COREBOOT" -INF DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf -!endif # # ACPI Support @@ -354,20 +353,6 @@ INF RuleOverride = BINARY USE = X64 ShellBinPkg/UefiShell/UefiShell.inf !endif !endif -# Constrains: -# PcdFlashNvStorageVariableSize <= FtwMaxBlockSize -# GetNonVolatileMaxVariableSize () < (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)) -DEFINE BLOCK_SIZE = 0x10000 - -SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase = 0 -SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize = $(BLOCK_SIZE) - -SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase = gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize -SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize = $(BLOCK_SIZE) - -SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase = gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize -SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize = $(BLOCK_SIZE) - ################################################################################ # # Rules are use with the [FV] section's module INF type to define diff --git a/DasharoPayloadPkg/Include/Guid/SMMSTOREInfoGuid.h b/DasharoPayloadPkg/Include/Guid/SmmStoreInfoGuid.h similarity index 54% rename from DasharoPayloadPkg/Include/Guid/SMMSTOREInfoGuid.h rename to DasharoPayloadPkg/Include/Guid/SmmStoreInfoGuid.h index 552f86115b..d5dcb8218f 100644 --- a/DasharoPayloadPkg/Include/Guid/SMMSTOREInfoGuid.h +++ b/DasharoPayloadPkg/Include/Guid/SmmStoreInfoGuid.h @@ -1,18 +1,18 @@ /** @file - This file defines the hob structure for system tables like ACPI, SMBIOS tables. + This file defines the hob structure for coreboot's SmmStore. - Copyright (c) 2020, 9elements Agency GmbH
+ Copyright (c) 2022, 9elements GmbH
SPDX-License-Identifier: BSD-2-Clause-Patent **/ -#ifndef __SMMSTORE_GUID_H__ -#define __SMMSTORE_GUID_H__ +#ifndef SMMSTORE_GUID_H_ +#define SMMSTORE_GUID_H_ /// /// System Table Information GUID /// -extern EFI_GUID gEfiSMMSTOREInfoHobGuid; +extern EFI_GUID gEfiSmmStoreInfoHobGuid; typedef struct { UINT64 ComBuffer; @@ -24,4 +24,4 @@ typedef struct { UINT8 Reserved0[3]; } SMMSTORE_INFO; -#endif +#endif // SMMSTORE_GUID_H_ diff --git a/DasharoPayloadPkg/Include/Library/BlParseLib.h b/DasharoPayloadPkg/Include/Library/BlParseLib.h index bbaf2490ad..2e513484fe 100644 --- a/DasharoPayloadPkg/Include/Library/BlParseLib.h +++ b/DasharoPayloadPkg/Include/Library/BlParseLib.h @@ -12,7 +12,7 @@ #include #include #include -#include +#include #include #include diff --git a/DasharoPayloadPkg/Include/Library/SMMStoreLib.h b/DasharoPayloadPkg/Include/Library/SMMStoreLib.h deleted file mode 100644 index be7b9a54a1..0000000000 --- a/DasharoPayloadPkg/Include/Library/SMMStoreLib.h +++ /dev/null @@ -1,98 +0,0 @@ -/** @file SMMStoreLib.h - - Copyright (c) 2020, 9elements Agency GmbH
- - SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#ifndef __SMM_STORE_LIB_H__ -#define __SMM_STORE_LIB_H__ - -#include -#include -#include - -#define SMMSTORE_COMBUF_SIZE 16 - -/** - Read from SMMStore - - @param[in] Lba The starting logical block index to read from. - @param[in] Offset Offset into the block at which to begin reading. - @param[in] NumBytes On input, indicates the requested read size. On - output, indicates the actual number of bytes read - @param[in] Buffer Pointer to the buffer to read into. - -**/ -EFI_STATUS -SMMStoreRead ( - IN EFI_LBA Lba, - IN UINTN Offset, - IN UINTN *NumBytes, - IN UINT8 *Buffer - ); - - -/** - Write to SMMStore - - @param[in] Lba The starting logical block index to write to. - @param[in] Offset Offset into the block at which to begin writing. - @param[in] NumBytes On input, indicates the requested write size. On - output, indicates the actual number of bytes written - @param[in] Buffer Pointer to the data to write. - -**/ -EFI_STATUS -SMMStoreWrite ( - IN EFI_LBA Lba, - IN UINTN Offset, - IN UINTN *NumBytes, - IN UINT8 *Buffer - ); - - -/** - Erase a block using the SMMStore - - @param Lba The logical block index to erase. - -**/ -EFI_STATUS -SMMStoreEraseBlock ( - IN EFI_LBA Lba - ); - - -/** - Notify the SMMStore Library about a VirtualNotify - -**/ - -VOID -EFIAPI -SMMStoreVirtualNotifyEvent ( - IN EFI_EVENT Event, - IN VOID *Context - ); - -/** - Initializes SMMStore support - - @param[in] Ptr A runtime buffer where arguments are stored - for SMM communication - @param[in] SmmStoreInfoHob A runtime buffer with a copy of the - SmmStore Info Hob - - @retval EFI_WRITE_PROTECTED The SMMSTORE is not present. - @retval EFI_SUCCESS The SMMSTORE is supported. - -**/ -EFI_STATUS -SMMStoreInitialize ( - IN VOID *Ptr, - IN SMMSTORE_INFO *SmmStoreInfoHob - ); - -#endif /* __SMM_STORE_LIB_H__ */ diff --git a/DasharoPayloadPkg/Include/Library/SmmStoreLib.h b/DasharoPayloadPkg/Include/Library/SmmStoreLib.h new file mode 100644 index 0000000000..6ade375b1d --- /dev/null +++ b/DasharoPayloadPkg/Include/Library/SmmStoreLib.h @@ -0,0 +1,120 @@ +/** @file SmmStoreLib.h + + Copyright (c) 2022, 9elements GmbH
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef SMM_STORE_LIB_H_ +#define SMM_STORE_LIB_H_ + +#include +#include +#include + +#define SMMSTORE_COMBUF_SIZE 16 + +/** + Get the SmmStore block size + + @param BlockSize The pointer to store the block size in. + +**/ +EFI_STATUS +SmmStoreLibGetBlockSize ( + OUT UINTN *BlockSize + ); + +/** + Get the SmmStore number of blocks + + @param NumBlocks The pointer to store the number of blocks in. + +**/ +EFI_STATUS +SmmStoreLibGetNumBlocks ( + OUT UINTN *NumBlocks + ); + +/** + Get the SmmStore MMIO address + + @param MmioAddress The pointer to store the address in. + +**/ +EFI_STATUS +SmmStoreLibGetMmioAddress ( + OUT EFI_PHYSICAL_ADDRESS *MmioAddress + ); + +/** + Read from SmmStore + + @param[in] Lba The starting logical block index to read from. + @param[in] Offset Offset into the block at which to begin reading. + @param[in] NumBytes On input, indicates the requested read size. On + output, indicates the actual number of bytes read + @param[in] Buffer Pointer to the buffer to read into. + +**/ +EFI_STATUS +SmmStoreLibRead ( + IN EFI_LBA Lba, + IN UINTN Offset, + IN UINTN *NumBytes, + IN UINT8 *Buffer + ); + +/** + Write to SmmStore + + @param[in] Lba The starting logical block index to write to. + @param[in] Offset Offset into the block at which to begin writing. + @param[in] NumBytes On input, indicates the requested write size. On + output, indicates the actual number of bytes written + @param[in] Buffer Pointer to the data to write. + +**/ +EFI_STATUS +SmmStoreLibWrite ( + IN EFI_LBA Lba, + IN UINTN Offset, + IN UINTN *NumBytes, + IN UINT8 *Buffer + ); + +/** + Erase a block using the SmmStore + + @param Lba The logical block index to erase. + +**/ +EFI_STATUS +SmmStoreLibEraseBlock ( + IN EFI_LBA Lba + ); + +/** + Initializes SmmStore support + + @retval EFI_WRITE_PROTECTED The SmmStore is not present. + @retval EFI_UNSUPPORTED The SmmStoreInfo HOB wasn't found. + @retval EFI_SUCCESS The SmmStore is supported. + +**/ +EFI_STATUS +SmmStoreLibInitialize ( + VOID + ); + +/** + Denitializes SmmStore support +**/ +VOID +EFIAPI +SmmStoreLibDeinitialize ( + VOID + ); + +#endif /* SMM_STORE_LIB_H_ */ diff --git a/DasharoPayloadPkg/Library/CbSMMStoreLib/CbSMMStoreLib.inf b/DasharoPayloadPkg/Library/CbSMMStoreLib/CbSMMStoreLib.inf deleted file mode 100644 index 1e07f01d2b..0000000000 --- a/DasharoPayloadPkg/Library/CbSMMStoreLib/CbSMMStoreLib.inf +++ /dev/null @@ -1,28 +0,0 @@ -## @file -# SMMStore library for coreboot -# -# Copyright (c) 2020 9elements Agency GmbH.
-# -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = CbSmmStoreLib - FILE_GUID = 40A2CBC6-CFB8-447b-A90E-298E88FD345E - MODULE_TYPE = BASE - VERSION_STRING = 1.0 - LIBRARY_CLASS = SmmStoreLib - -[Sources] - CorebootSMMStore.c - -[LibraryClasses] - BaseMemoryLib - DebugLib - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - DasharoPayloadPkg/DasharoPayloadPkg.dec diff --git a/DasharoPayloadPkg/Library/CbSMMStoreLib/CorebootSMMStore.c b/DasharoPayloadPkg/Library/CbSMMStoreLib/CorebootSMMStore.c deleted file mode 100644 index 15c69d7bdd..0000000000 --- a/DasharoPayloadPkg/Library/CbSMMStoreLib/CorebootSMMStore.c +++ /dev/null @@ -1,281 +0,0 @@ -/** @file CorebootSMMStoreDxe.c - - Copyright (c) 2020, 9elements Agency GmbH
- - SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ -#include - -#include -#include -#include -#include - -/* - * calls into SMM with the given cmd and subcmd in eax, and arg in ebx - * - * static inline because the resulting assembly is often smaller than - * the call sequence due to constant folding. - */ -static inline UINT32 call_smm(UINT8 cmd, UINT8 subcmd, UINT32 arg) { - UINT32 res = ~0; - __asm__ __volatile__ ( - "outb %b0, $0xb2" - : "=a" (res) - : "a" ((subcmd << 8) | cmd), "b" (arg) - : "memory"); - return res; -} - -#define SMMSTORE_RET_SUCCESS 0 -#define SMMSTORE_RET_FAILURE 1 -#define SMMSTORE_RET_UNSUPPORTED 2 - -/* Version 2 only */ -#define SMMSTORE_CMD_INIT 4 -#define SMMSTORE_CMD_RAW_READ 5 -#define SMMSTORE_CMD_RAW_WRITE 6 -#define SMMSTORE_CMD_RAW_CLEAR 7 - -/* - * This allows the payload to store raw data in the flash regions. - * This can be used by a FaultTolerantWrite implementation, that uses at least - * two regions in an A/B update scheme. - */ - -#pragma pack(1) -/* - * Reads a chunk of raw data with size @bufsize from the block specified by - * @block_id starting at @bufoffset. - * The read data is placed in @buf. - * - * @block_id must be less than num_blocks - * @bufoffset + @bufsize must be less than block_size - */ -struct smmstore_params_raw_write { - UINT32 bufsize; - UINT32 bufoffset; - UINT32 block_id; -}; - -/* - * Writes a chunk of raw data with size @bufsize to the block specified by - * @block_id starting at @bufoffset. - * - * @block_id must be less than num_blocks - * @bufoffset + @bufsize must be less than block_size - */ -struct smmstore_params_raw_read { - UINT32 bufsize; - UINT32 bufoffset; - UINT32 block_id; -}; - -/* - * Erases the specified block. - * - * @block_id must be less than num_blocks - */ -struct smmstore_params_raw_clear { - UINT32 block_id; -}; - -typedef struct smmstore_comm_buffer { - union { - struct smmstore_params_raw_write raw_write; - struct smmstore_params_raw_read raw_read; - struct smmstore_params_raw_clear raw_clear; - }; -} SMMSTORE_COMBUF; -#pragma pack(0) - -/* - * A memory buffer to place arguments in. - */ -STATIC SMMSTORE_COMBUF *mArgComBuf; -STATIC UINT32 mArgComBufPhys; - -/* - * Metadata provided by the first stage bootloader. - */ -STATIC SMMSTORE_INFO *mSmmStoreInfo; - -/** - Read from SMMStore - - @param[in] Lba The starting logical block index to read from. - @param[in] Offset Offset into the block at which to begin reading. - @param[in] NumBytes On input, indicates the requested read size. On - output, indicates the actual number of bytes read - @param[in] Buffer Pointer to the buffer to read into. - -**/ -EFI_STATUS -SMMStoreRead ( - IN EFI_LBA Lba, - IN UINTN Offset, - IN UINTN *NumBytes, - IN UINT8 *Buffer - ) -{ - UINT32 Result; - - if (!mSmmStoreInfo) { - return EFI_NO_MEDIA; - } - if (Lba >= mSmmStoreInfo->NumBlocks) { - return EFI_INVALID_PARAMETER; - } - if ((*NumBytes + Offset) > mSmmStoreInfo->BlockSize || - (*NumBytes + Offset) > mSmmStoreInfo->ComBufferSize) { - return EFI_INVALID_PARAMETER; - } - - mArgComBuf->raw_read.bufsize = *NumBytes; - mArgComBuf->raw_read.bufoffset = Offset; - mArgComBuf->raw_read.block_id = Lba; - - Result = call_smm(mSmmStoreInfo->ApmCmd, SMMSTORE_CMD_RAW_READ, mArgComBufPhys); - if (Result == SMMSTORE_RET_FAILURE) { - return EFI_DEVICE_ERROR; - } else if (Result == SMMSTORE_RET_UNSUPPORTED) { - return EFI_UNSUPPORTED; - } else if (Result != SMMSTORE_RET_SUCCESS) { - return EFI_NO_RESPONSE; - } - - CopyMem (Buffer, (VOID *)(mSmmStoreInfo->ComBuffer + Offset), *NumBytes); - - return EFI_SUCCESS; -} - - -/** - Write to SMMStore - - @param[in] Lba The starting logical block index to write to. - @param[in] Offset Offset into the block at which to begin writing. - @param[in] NumBytes On input, indicates the requested write size. On - output, indicates the actual number of bytes written - @param[in] Buffer Pointer to the data to write. - -**/ -EFI_STATUS -SMMStoreWrite ( - IN EFI_LBA Lba, - IN UINTN Offset, - IN UINTN *NumBytes, - IN UINT8 *Buffer - ) -{ - UINTN Result; - - if (!mSmmStoreInfo) { - return EFI_NO_MEDIA; - } - if (Lba >= mSmmStoreInfo->NumBlocks) { - return EFI_INVALID_PARAMETER; - } - if ((*NumBytes + Offset) > mSmmStoreInfo->BlockSize || - (*NumBytes + Offset) > mSmmStoreInfo->ComBufferSize) { - return EFI_INVALID_PARAMETER; - } - - mArgComBuf->raw_write.bufsize = *NumBytes; - mArgComBuf->raw_write.bufoffset = Offset; - mArgComBuf->raw_write.block_id = Lba; - - CopyMem ((VOID *)(mSmmStoreInfo->ComBuffer + Offset), Buffer, *NumBytes); - - Result = call_smm(mSmmStoreInfo->ApmCmd, SMMSTORE_CMD_RAW_WRITE, mArgComBufPhys); - if (Result == SMMSTORE_RET_FAILURE) { - return EFI_DEVICE_ERROR; - } else if (Result == SMMSTORE_RET_UNSUPPORTED) { - return EFI_UNSUPPORTED; - } else if (Result != SMMSTORE_RET_SUCCESS) { - return EFI_NO_RESPONSE; - } - - return EFI_SUCCESS; -} - - -/** - Erase a SMMStore block - - @param Lba The logical block index to erase. - -**/ -EFI_STATUS -SMMStoreEraseBlock ( - IN EFI_LBA Lba - ) -{ - UINTN Result; - - if (!mSmmStoreInfo) { - return EFI_NO_MEDIA; - } - if (Lba >= mSmmStoreInfo->NumBlocks) { - return EFI_INVALID_PARAMETER; - } - - mArgComBuf->raw_clear.block_id = Lba; - - Result = call_smm(mSmmStoreInfo->ApmCmd, SMMSTORE_CMD_RAW_CLEAR, mArgComBufPhys); - if (Result == SMMSTORE_RET_FAILURE) { - return EFI_DEVICE_ERROR; - } else if (Result == SMMSTORE_RET_UNSUPPORTED) { - return EFI_UNSUPPORTED; - } else if (Result != SMMSTORE_RET_SUCCESS) { - return EFI_NO_RESPONSE; - } - - return EFI_SUCCESS; -} - -VOID -EFIAPI -SMMStoreVirtualNotifyEvent ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - EfiConvertPointer (0x0, (VOID**)&mArgComBuf); - if (mSmmStoreInfo) { - EfiConvertPointer (0x0, (VOID**)&mSmmStoreInfo->ComBuffer); - EfiConvertPointer (0x0, (VOID**)&mSmmStoreInfo); - } - - return; -} - -/** - Initializes SMMStore support - - @param[in] Ptr A runtime buffer where arguments are stored - for SMM communication - @param[in] SmmStoreInfoHob A runtime buffer with a copy of the - SmmStore Info Hob - - @retval EFI_WRITE_PROTECTED The SMMSTORE is not present. - @retval EFI_SUCCESS The SMMSTORE is supported. - -**/ -EFI_STATUS -SMMStoreInitialize ( - IN VOID *Ptr, - IN SMMSTORE_INFO *SmmStoreInfoHob - ) -{ - ASSERT (Ptr != NULL); - ASSERT (SmmStoreInfoHob != NULL); - - mArgComBuf = Ptr; - mArgComBufPhys = (UINT32)(UINTN)mArgComBuf; - - mSmmStoreInfo = SmmStoreInfoHob; - - return EFI_SUCCESS; -} diff --git a/DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStore.c b/DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStore.c deleted file mode 100644 index 733ec7995c..0000000000 --- a/DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStore.c +++ /dev/null @@ -1,102 +0,0 @@ -/** @file CorebootSMMStoreDxe.c - - Copyright (c) 2020, 9elements Agency GmbH
- - SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ -#include - -#include -#include -#include -#include - -/** - Read from SMMStore - - @param[in] Lba The starting logical block index to read from. - @param[in] Offset Offset into the block at which to begin reading. - @param[in] NumBytes On input, indicates the requested read size. On - output, indicates the actual number of bytes read - @param[in] Buffer Pointer to the buffer to read into. - -**/ -EFI_STATUS -SMMStoreRead ( - IN EFI_LBA Lba, - IN UINTN Offset, - IN UINTN *NumBytes, - IN UINT8 *Buffer - ) -{ - return EFI_UNSUPPORTED; -} - - -/** - Write to SMMStore - - @param[in] Lba The starting logical block index to write to. - @param[in] Offset Offset into the block at which to begin writing. - @param[in] NumBytes On input, indicates the requested write size. On - output, indicates the actual number of bytes written - @param[in] Buffer Pointer to the data to write. - -**/ -EFI_STATUS -SMMStoreWrite ( - IN EFI_LBA Lba, - IN UINTN Offset, - IN UINTN *NumBytes, - IN UINT8 *Buffer - ) -{ - return EFI_UNSUPPORTED; -} - - -/** - Erase a SMMStore block - - @param Lba The logical block index to erase. - -**/ -EFI_STATUS -SMMStoreEraseBlock ( - IN EFI_LBA Lba - ) -{ - return EFI_UNSUPPORTED; -} - -VOID -EFIAPI -SMMStoreVirtualNotifyEvent ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - return; -} - -/** - Initializes SMMStore support - - @param[in] Ptr A runtime buffer where arguments are stored - for SMM communication - @param[in] SmmStoreInfoHob A runtime buffer with a copy of the - SmmStore Info Hob - - @retval EFI_WRITE_PROTECTED The SMMSTORE is not present. - @retval EFI_SUCCESS The SMMSTORE is supported. - -**/ -EFI_STATUS -SMMStoreInitialize ( - IN VOID *Ptr, - IN SMMSTORE_INFO *SmmStoreInfoHob - ) -{ - return EFI_UNSUPPORTED; -} diff --git a/DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStoreLib.inf b/DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStoreLib.inf deleted file mode 100644 index 2e9830b461..0000000000 --- a/DasharoPayloadPkg/Library/SblSMMStoreLib/SblSMMStoreLib.inf +++ /dev/null @@ -1,28 +0,0 @@ -## @file -# SMMStore library for Slimbootloader -# -# Copyright (c) 2020 9elements Agency GmbH.
-# -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = SblSmmStoreLib - FILE_GUID = 2CA0BC03-A619-4B88-A0C5-06A1992750C3 - MODULE_TYPE = BASE - VERSION_STRING = 1.0 - LIBRARY_CLASS = SmmStoreLib - -[Sources] - SblSMMStore.c - -[LibraryClasses] - BaseMemoryLib - DebugLib - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - DasharoPayloadPkg/DasharoPayloadPkg.dec diff --git a/DasharoPayloadPkg/Library/SmmStoreLib/SmmStore.c b/DasharoPayloadPkg/Library/SmmStoreLib/SmmStore.c new file mode 100644 index 0000000000..5f50f70809 --- /dev/null +++ b/DasharoPayloadPkg/Library/SmmStoreLib/SmmStore.c @@ -0,0 +1,473 @@ +/** @file SmmStore.c + + Copyright (c) 2022, 9elements GmbH
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "SmmStore.h" + +/* + * A memory buffer to place arguments in. + */ +STATIC SMM_STORE_COM_BUF *mArgComBuf; +STATIC EFI_PHYSICAL_ADDRESS mArgComBufPhys; + +/* + * Metadata provided by the first stage bootloader. + */ +STATIC SMMSTORE_INFO *mSmmStoreInfo; + +STATIC EFI_EVENT mSmmStoreLibVirtualAddrChangeEvent; + +/** + Calls into SMM to use the SMMSTOREv2 implementation for persistent storage. + + @param Cmd The command to write into the APM port. This allows to enter the + Smi special command handler. + @param SubCmd The subcommand to execute in the Smi handler. + @param Arg Optional argument to pass to the Smi handler. Typically a pointer + in 'flat' memory mode, which points to read only memory. + + @retval EFI_NO_RESPONSE The SmmStore is not present or didn't response. + @retval EFI_UNSUPPORTED The request isn't suppored. + @retval EFI_DEVICE_ERROR An error occured while executing the request. + @retval EFI_SUCCESS The operation was executed successfully. +**/ +STATIC +EFI_STATUS +CallSmm ( + UINT8 Cmd, + UINT8 SubCmd, + UINTN Arg + ) +{ + CONST UINTN Rax = ((SubCmd << 8) | Cmd); + CONST UINTN Rbx = Arg; + UINTN Result; + + Result = TriggerSmi (Rax, Rbx, 5); + if (Result == Rax) { + return EFI_NO_RESPONSE; + } else if (Result == SMMSTORE_RET_SUCCESS) { + return EFI_SUCCESS; + } else if (Result == SMMSTORE_RET_UNSUPPORTED) { + return EFI_UNSUPPORTED; + } + + return EFI_DEVICE_ERROR; +} + +/** + Get the SmmStore block size + + @param BlockSize The pointer to store the block size in. + +**/ +EFI_STATUS +SmmStoreLibGetBlockSize ( + OUT UINTN *BlockSize + ) +{ + if (mSmmStoreInfo == NULL) { + return EFI_NO_MEDIA; + } + + if (BlockSize == NULL) { + return EFI_INVALID_PARAMETER; + } + + *BlockSize = mSmmStoreInfo->BlockSize; + + return EFI_SUCCESS; +} + +/** + Get the SmmStore number of blocks + + @param NumBlocks The pointer to store the number of blocks in. + +**/ +EFI_STATUS +SmmStoreLibGetNumBlocks ( + OUT UINTN *NumBlocks + ) +{ + if (mSmmStoreInfo == NULL) { + return EFI_NO_MEDIA; + } + + if (NumBlocks == NULL) { + return EFI_INVALID_PARAMETER; + } + + *NumBlocks = mSmmStoreInfo->NumBlocks; + + return EFI_SUCCESS; +} + +/** + Get the SmmStore MMIO address + + @param MmioAddress The pointer to store the address in. + +**/ +EFI_STATUS +SmmStoreLibGetMmioAddress ( + OUT EFI_PHYSICAL_ADDRESS *MmioAddress + ) +{ + if (mSmmStoreInfo == NULL) { + return EFI_NO_MEDIA; + } + + if (MmioAddress == NULL) { + return EFI_INVALID_PARAMETER; + } + + *MmioAddress = mSmmStoreInfo->MmioAddress; + + return EFI_SUCCESS; +} + +/** + Read from SmmStore + + @param[in] Lba The starting logical block index to read from. + @param[in] Offset Offset into the block at which to begin reading. + @param[in] NumBytes On input, indicates the requested read size. On + output, indicates the actual number of bytes read + @param[in] Buffer Pointer to the buffer to read into. + +**/ +EFI_STATUS +SmmStoreLibRead ( + IN EFI_LBA Lba, + IN UINTN Offset, + IN UINTN *NumBytes, + IN UINT8 *Buffer + ) +{ + EFI_STATUS Status; + + if (mSmmStoreInfo == NULL) { + return EFI_NO_MEDIA; + } + + if (Lba >= mSmmStoreInfo->NumBlocks) { + return EFI_INVALID_PARAMETER; + } + + if (((*NumBytes + Offset) > mSmmStoreInfo->BlockSize) || + ((*NumBytes + Offset) > mSmmStoreInfo->ComBufferSize)) + { + return EFI_INVALID_PARAMETER; + } + + mArgComBuf->Read.BufSize = *NumBytes; + mArgComBuf->Read.BufOffset = Offset; + mArgComBuf->Read.BlockId = Lba; + + Status = CallSmm (mSmmStoreInfo->ApmCmd, SMMSTORE_CMD_RAW_READ, mArgComBufPhys); + if (EFI_ERROR (Status)) { + return Status; + } + + CopyMem (Buffer, (VOID *)(UINTN)(mSmmStoreInfo->ComBuffer + Offset), *NumBytes); + + return EFI_SUCCESS; +} + +/** + Write to SmmStore + + @param[in] Lba The starting logical block index to write to. + @param[in] Offset Offset into the block at which to begin writing. + @param[in] NumBytes On input, indicates the requested write size. On + output, indicates the actual number of bytes written + @param[in] Buffer Pointer to the data to write. + +**/ +EFI_STATUS +SmmStoreLibWrite ( + IN EFI_LBA Lba, + IN UINTN Offset, + IN UINTN *NumBytes, + IN UINT8 *Buffer + ) +{ + if (mSmmStoreInfo == NULL) { + return EFI_NO_MEDIA; + } + + if (Lba >= mSmmStoreInfo->NumBlocks) { + return EFI_INVALID_PARAMETER; + } + + if (((*NumBytes + Offset) > mSmmStoreInfo->BlockSize) || + ((*NumBytes + Offset) > mSmmStoreInfo->ComBufferSize)) + { + return EFI_INVALID_PARAMETER; + } + + mArgComBuf->Write.BufSize = *NumBytes; + mArgComBuf->Write.BufOffset = Offset; + mArgComBuf->Write.BlockId = Lba; + + CopyMem ((VOID *)(UINTN)(mSmmStoreInfo->ComBuffer + Offset), Buffer, *NumBytes); + + return CallSmm (mSmmStoreInfo->ApmCmd, SMMSTORE_CMD_RAW_WRITE, mArgComBufPhys); +} + +/** + Erase a SmmStore block + + @param Lba The logical block index to erase. + +**/ +EFI_STATUS +SmmStoreLibEraseBlock ( + IN EFI_LBA Lba + ) +{ + if (mSmmStoreInfo == NULL) { + return EFI_NO_MEDIA; + } + + if (Lba >= mSmmStoreInfo->NumBlocks) { + return EFI_INVALID_PARAMETER; + } + + mArgComBuf->Clear.BlockId = Lba; + + return CallSmm (mSmmStoreInfo->ApmCmd, SMMSTORE_CMD_RAW_CLEAR, mArgComBufPhys); +} + +/** + Fixup internal data so that EFI can be call in virtual mode. + Call the passed in Child Notify event and convert any pointers in + lib to virtual mode. + + @param[in] Event The Event that is being processed + @param[in] Context Event Context +**/ +STATIC +VOID +EFIAPI +SmmStoreLibVirtualNotifyEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EfiConvertPointer (0x0, (VOID **)&mArgComBuf); + if (mSmmStoreInfo != NULL) { + EfiConvertPointer (0x0, (VOID **)&mSmmStoreInfo->ComBuffer); + EfiConvertPointer (0x0, (VOID **)&mSmmStoreInfo); + } + + return; +} + +/** + Initializes SmmStore support + + @retval EFI_WRITE_PROTECTED The SmmStore is not present. + @retval EFI_OUT_OF_RESOURCES Run out of memory. + @retval EFI_SUCCESS The SmmStore is supported. + +**/ +EFI_STATUS +SmmStoreLibInitialize ( + VOID + ) +{ + EFI_STATUS Status; + VOID *GuidHob; + EFI_GCD_MEMORY_SPACE_DESCRIPTOR GcdDescriptor; + + // + // Find the SmmStore information guid hob + // + GuidHob = GetFirstGuidHob (&gEfiSmmStoreInfoHobGuid); + if (GuidHob == NULL) { + DEBUG ((DEBUG_WARN, "SmmStore not supported! Skipping driver init.\n")); + return EFI_UNSUPPORTED; + } + + // + // Place SmmStore information hob in a runtime buffer + // + mSmmStoreInfo = AllocateRuntimePool (GET_GUID_HOB_DATA_SIZE (GuidHob)); + if (mSmmStoreInfo == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (mSmmStoreInfo, GET_GUID_HOB_DATA (GuidHob), GET_GUID_HOB_DATA_SIZE (GuidHob)); + + // + // Validate input + // + if ((mSmmStoreInfo->MmioAddress == 0) || + (mSmmStoreInfo->ComBuffer == 0) || + (mSmmStoreInfo->BlockSize == 0) || + (mSmmStoreInfo->NumBlocks == 0)) + { + DEBUG ((DEBUG_ERROR, "%a: Invalid data in SmmStore Info hob\n", __FUNCTION__)); + FreePool (mSmmStoreInfo); + mSmmStoreInfo = NULL; + return EFI_WRITE_PROTECTED; + } + + // + // Allocate Communication Buffer for arguments to pass to SMM. + // The argument com buffer is only read by SMM, but never written. + // The FVB data send/retrieved will be placed in a separate bootloader + // pre-allocated memory region, the ComBuffer. + // + if (mSmmStoreInfo->ComBuffer < BASE_4GB) { + // + // Assume that SMM handler is running in 32-bit mode when ComBuffer is + // is placed below BASE_4GB. + // + mArgComBufPhys = BASE_4GB - 1; + } else { + mArgComBufPhys = BASE_8EB - 1; + } + + Status = gBS->AllocatePages ( + AllocateMaxAddress, + EfiRuntimeServicesData, + EFI_SIZE_TO_PAGES (sizeof (SMM_STORE_COM_BUF)), + &mArgComBufPhys + ); + + if (EFI_ERROR (Status)) { + FreePool (mSmmStoreInfo); + mSmmStoreInfo = NULL; + return EFI_OUT_OF_RESOURCES; + } + + mArgComBuf = (VOID *)mArgComBufPhys; + + // + // Register for the virtual address change event + // + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + SmmStoreLibVirtualNotifyEvent, + NULL, + &gEfiEventVirtualAddressChangeGuid, + &mSmmStoreLibVirtualAddrChangeEvent + ); + ASSERT_EFI_ERROR (Status); + + // + // Finally mark the SMM communication buffer provided by CB or SBL as runtime memory + // + Status = gDS->GetMemorySpaceDescriptor (mSmmStoreInfo->ComBuffer, &GcdDescriptor); + if (EFI_ERROR (Status) || (GcdDescriptor.GcdMemoryType != EfiGcdMemoryTypeReserved)) { + DEBUG ( + ( + DEBUG_INFO, + "%a: No memory space descriptor for com buffer found\n", + __FUNCTION__ + ) + ); + + // + // Add a new entry if not covered by existing mapping + // + Status = gDS->AddMemorySpace ( + EfiGcdMemoryTypeReserved, + mSmmStoreInfo->ComBuffer, + mSmmStoreInfo->ComBufferSize, + EFI_MEMORY_WB | EFI_MEMORY_RUNTIME + ); + ASSERT_EFI_ERROR (Status); + } + + // + // Mark as runtime service + // + Status = gDS->SetMemorySpaceAttributes ( + mSmmStoreInfo->ComBuffer, + mSmmStoreInfo->ComBufferSize, + EFI_MEMORY_RUNTIME + ); + ASSERT_EFI_ERROR (Status); + + // + // Mark the memory mapped store as MMIO memory + // + Status = gDS->GetMemorySpaceDescriptor (mSmmStoreInfo->MmioAddress, &GcdDescriptor); + if (EFI_ERROR (Status) || (GcdDescriptor.GcdMemoryType != EfiGcdMemoryTypeMemoryMappedIo)) { + DEBUG ( + ( + DEBUG_INFO, + "%a: No memory space descriptor for MMIO memory found\n", + __FUNCTION__ + ) + ); + + // + // Add a new entry if not covered by existing mapping + // + Status = gDS->AddMemorySpace ( + EfiGcdMemoryTypeMemoryMappedIo, + mSmmStoreInfo->MmioAddress, + mSmmStoreInfo->NumBlocks * mSmmStoreInfo->BlockSize, + EFI_MEMORY_UC | EFI_MEMORY_RUNTIME + ); + ASSERT_EFI_ERROR (Status); + } + + // + // Mark as runtime service + // + Status = gDS->SetMemorySpaceAttributes ( + mSmmStoreInfo->MmioAddress, + mSmmStoreInfo->NumBlocks * mSmmStoreInfo->BlockSize, + EFI_MEMORY_RUNTIME + ); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + +/** + Denitializes SmmStore support by freeing allocated memory and unregistering + the virtual address change event. +**/ +VOID +EFIAPI +SmmStoreLibDeinitialize ( + VOID + ) +{ + if (mArgComBuf != NULL) { + gBS->FreePages (mArgComBufPhys, EFI_SIZE_TO_PAGES (sizeof (SMM_STORE_COM_BUF))); + mArgComBuf = NULL; + } + + if (mSmmStoreInfo != NULL) { + FreePool (mSmmStoreInfo); + mSmmStoreInfo = NULL; + } + + if (mSmmStoreLibVirtualAddrChangeEvent != NULL) { + gBS->CloseEvent (mSmmStoreLibVirtualAddrChangeEvent); + mSmmStoreLibVirtualAddrChangeEvent = NULL; + } +} diff --git a/DasharoPayloadPkg/Library/SmmStoreLib/SmmStore.h b/DasharoPayloadPkg/Library/SmmStoreLib/SmmStore.h new file mode 100644 index 0000000000..619b00fa30 --- /dev/null +++ b/DasharoPayloadPkg/Library/SmmStoreLib/SmmStore.h @@ -0,0 +1,81 @@ +/** @file SmmStore.h + + Copyright (c) 2022, 9elements GmbH
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef COREBOOT_SMMSTORE_H_ +#define COREBOOT_SMMSTORE_H_ + +#define SMMSTORE_RET_SUCCESS 0 +#define SMMSTORE_RET_FAILURE 1 +#define SMMSTORE_RET_UNSUPPORTED 2 + +/* Version 2 only */ +#define SMMSTORE_CMD_INIT 4 +#define SMMSTORE_CMD_RAW_READ 5 +#define SMMSTORE_CMD_RAW_WRITE 6 +#define SMMSTORE_CMD_RAW_CLEAR 7 + +/* + * This allows the payload to store raw data in the flash regions. + * This can be used by a FaultTolerantWrite implementation, that uses at least + * two regions in an A/B update scheme. + */ + +#pragma pack(1) + +/* + * Reads a chunk of raw data with size BufSize from the block specified by + * block_id starting at BufOffset. + * The read data is placed in buf. + * + * block_id must be less than num_blocks + * BufOffset + BufSize must be less than block_size + */ +typedef struct { + UINT32 BufSize; + UINT32 BufOffset; + UINT32 BlockId; +} SMM_STORE_PARAMS_WRITE; + +/* + * Writes a chunk of raw data with size BufSize to the block specified by + * block_id starting at BufOffset. + * + * block_id must be less than num_blocks + * BufOffset + BufSize must be less than block_size + */ +typedef struct { + UINT32 BufSize; + UINT32 BufOffset; + UINT32 BlockId; +} SMM_STORE_PARAMS_READ; + +/* + * Erases the specified block. + * + * block_id must be less than num_blocks + */ +typedef struct { + UINT32 BlockId; +} SMM_STORE_PARAMS_CLEAR; + +typedef union { + SMM_STORE_PARAMS_WRITE Write; + SMM_STORE_PARAMS_READ Read; + SMM_STORE_PARAMS_CLEAR Clear; +} SMM_STORE_COM_BUF; +#pragma pack(0) + +UINTN +EFIAPI +TriggerSmi ( + IN UINTN Cmd, + IN UINTN Arg, + IN UINTN Retry + ); + +#endif // COREBOOT_SMMSTORE_H_ diff --git a/DasharoPayloadPkg/Library/SmmStoreLib/SmmStoreLib.inf b/DasharoPayloadPkg/Library/SmmStoreLib/SmmStoreLib.inf new file mode 100644 index 0000000000..e3ef0d53a2 --- /dev/null +++ b/DasharoPayloadPkg/Library/SmmStoreLib/SmmStoreLib.inf @@ -0,0 +1,41 @@ +## @file +# SmmStore library for coreboot +# +# Copyright (c) 2022 9elements GmbH.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SmmStoreLib + FILE_GUID = 40A2CBC6-CFB8-447b-A90E-298E88FD345E + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = SmmStoreLib + +[Sources] + SmmStore.c + SmmStore.h + +[Sources.X64] + X64/SmmStore.nasm + +[LibraryClasses] + BaseMemoryLib + DebugLib + DxeServicesTableLib + HobLib + MemoryAllocationLib + UefiBootServicesTableLib + UefiRuntimeLib + +[Guids] + gEfiSmmStoreInfoHobGuid ## CONSUMES + gEfiEventVirtualAddressChangeGuid ## CONSUMES + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec diff --git a/DasharoPayloadPkg/Library/SmmStoreLib/X64/SmmStore.nasm b/DasharoPayloadPkg/Library/SmmStoreLib/X64/SmmStore.nasm new file mode 100644 index 0000000000..1a8b5b64c8 --- /dev/null +++ b/DasharoPayloadPkg/Library/SmmStoreLib/X64/SmmStore.nasm @@ -0,0 +1,48 @@ +;------------------------------------------------------------------------------ ; +; Copyright (c) 2022, 9elements GmbH. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +;------------------------------------------------------------------------------- + +%include "Nasm.inc" + +DEFAULT REL +SECTION .text + +;UINTN +;EFIAPI +;TriggerSmi ( +; UINTN Cmd, +; UINTN Arg, +; UINTN Retry +; ) + +global ASM_PFX(TriggerSmi) +ASM_PFX(TriggerSmi): + push rbx + mov rax, rcx ; Smi handler expect Cmd in RAX + mov rbx, rdx ; Smi handler expect Argument in RBX +@Trigger: + out 0b2h, al ; write to APM port to trigger SMI + +; There might ba a delay between writing the Smi trigger register and +; entering SMM, in which case the Smi handler will do nothing as only +; synchronous Smis are handled. In addition when there's no Smi handler +; or the SmmStore feature isn't compiled in, no register will be modified. + +; As there's no livesign from SMM, just wait a bit for the handler to fire, +; and then try again. + + cmp rax, rcx ; Check if rax was modified by SMM + jne @Return ; SMM modified rax, return now + push rcx ; save rcx to stack + mov rcx, 10000 + rep pause ; add a small delay + pop rcx ; restore rcx + cmp r8, 0 + je @Return + dec r8 + jmp @Trigger +@Return: + pop rbx + ret diff --git a/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntime.c b/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntime.c new file mode 100644 index 0000000000..08d5c408fb --- /dev/null +++ b/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntime.c @@ -0,0 +1,282 @@ +/** @file SmmStoreFvbRuntime.c + + Copyright (c) 2022, 9elements GmbH
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "SmmStoreFvbRuntime.h" + +STATIC EFI_EVENT mSmmStoreVirtualAddrChangeEvent; + +// +// Global variable declarations +// +SMMSTORE_INSTANCE *mSmmStoreInstance; + +SMMSTORE_INSTANCE mSmmStoreInstanceTemplate = { + SMMSTORE_SIGNATURE, // Signature + NULL, // Handle ... NEED TO BE FILLED + { + FvbGetAttributes, // GetAttributes + FvbSetAttributes, // SetAttributes + FvbGetPhysicalAddress, // GetPhysicalAddress + FvbGetBlockSize, // GetBlockSize + FvbRead, // Read + FvbWrite, // Write + FvbEraseBlocks, // EraseBlocks + NULL, // ParentHandle + }, // FvbProtoccol + 0, // BlockSize ... NEED TO BE FILLED + 0, // LastBlock ... NEED TO BE FILLED + 0, // MmioAddress ... NEED TO BE FILLED + { + { + { + HARDWARE_DEVICE_PATH, + HW_MEMMAP_DP, + { + (UINT8)(sizeof (MEMMAP_DEVICE_PATH)), + (UINT8)(sizeof (MEMMAP_DEVICE_PATH) >> 8) + } + }, + EfiMemoryMappedIO, + (EFI_PHYSICAL_ADDRESS)0, // NEED TO BE FILLED + (EFI_PHYSICAL_ADDRESS)0, // NEED TO BE FILLED + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + END_DEVICE_PATH_LENGTH, + 0 + } + } + } // DevicePath +}; + +/** + Initialize the SmmStore instance. + + + @param[in] FvBase The physical MMIO base address of the FV containing + the variable store. + + @param[in] NumberofBlocks Number of blocks within the FV. + @param[in] BlockSize The size in bytes of one block within the FV. + @param[in, out] Instance The SmmStore instace to initialize + +**/ +STATIC +EFI_STATUS +SmmStoreInitInstance ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINTN NumberofBlocks, + IN UINTN BlockSize, + IN OUT SMMSTORE_INSTANCE *Instance + ) +{ + EFI_STATUS Status; + FV_MEMMAP_DEVICE_PATH *FvDevicePath; + + ASSERT (Instance != NULL); + + Instance->BlockSize = BlockSize; + Instance->LastBlock = NumberofBlocks - 1; + Instance->MmioAddress = FvBase; + + FvDevicePath = &Instance->DevicePath; + FvDevicePath->MemMapDevPath.StartingAddress = FvBase; + FvDevicePath->MemMapDevPath.EndingAddress = FvBase + BlockSize * NumberofBlocks - 1; + + Status = FvbInitialize (Instance); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = gBS->InstallMultipleProtocolInterfaces ( + &Instance->Handle, + &gEfiDevicePathProtocolGuid, + &Instance->DevicePath, + &gEfiFirmwareVolumeBlockProtocolGuid, + &Instance->FvbProtocol, + NULL + ); + if (EFI_ERROR (Status)) { + return Status; + } + + DEBUG ((DEBUG_INFO, "%a: Created a new instance\n", __FUNCTION__)); + + return Status; +} + +/** + Fixup internal data so that EFI can be call in virtual mode. + Call the passed in Child Notify event and convert any pointers in + lib to virtual mode. + + @param[in] Event The Event that is being processed + @param[in] Context Event Context +**/ +STATIC +VOID +EFIAPI +SmmStoreVirtualNotifyEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + // Convert Fvb + EfiConvertPointer (0x0, (VOID **)&mSmmStoreInstance->FvbProtocol.EraseBlocks); + EfiConvertPointer (0x0, (VOID **)&mSmmStoreInstance->FvbProtocol.GetAttributes); + EfiConvertPointer (0x0, (VOID **)&mSmmStoreInstance->FvbProtocol.GetBlockSize); + EfiConvertPointer (0x0, (VOID **)&mSmmStoreInstance->FvbProtocol.GetPhysicalAddress); + EfiConvertPointer (0x0, (VOID **)&mSmmStoreInstance->FvbProtocol.Read); + EfiConvertPointer (0x0, (VOID **)&mSmmStoreInstance->FvbProtocol.SetAttributes); + EfiConvertPointer (0x0, (VOID **)&mSmmStoreInstance->FvbProtocol.Write); + EfiConvertPointer (0x0, (VOID **)&mSmmStoreInstance->MmioAddress); + EfiConvertPointer (0x0, (VOID **)&mSmmStoreInstance); + + return; +} + +/** + The user Entry Point for module SmmStoreFvbRuntimeDxe. The user code starts with this function. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval other Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +SmmStoreInitialize ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS MmioAddress; + UINTN BlockSize; + UINTN BlockCount; + UINT32 NvStorageBase; + UINT32 NvStorageSize; + UINT32 NvVariableSize; + UINT32 FtwWorkingSize; + UINT32 FtwSpareSize; + + Status = SmmStoreLibInitialize (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Failed to initialize SmmStoreLib\n", __FUNCTION__)); + return Status; + } + + Status = SmmStoreLibGetMmioAddress (&MmioAddress); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Failed to get SmmStore MMIO address\n", __FUNCTION__)); + SmmStoreLibDeinitialize (); + return Status; + } + + Status = SmmStoreLibGetNumBlocks (&BlockCount); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Failed to get SmmStore No. blocks\n", __FUNCTION__)); + SmmStoreLibDeinitialize (); + return Status; + } + + Status = SmmStoreLibGetBlockSize (&BlockSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Failed to get SmmStore block size\n", __FUNCTION__)); + SmmStoreLibDeinitialize (); + return Status; + } + + NvStorageSize = BlockCount * BlockSize; + NvStorageBase = MmioAddress; + + FtwSpareSize = (BlockCount / 2) * BlockSize; + FtwWorkingSize = BlockSize; + NvVariableSize = NvStorageSize - FtwSpareSize - FtwWorkingSize; + DEBUG ((DEBUG_INFO, "NvStorageBase:0x%x, NvStorageSize:0x%x\n", NvStorageBase, NvStorageSize)); + + if (NvVariableSize >= 0x80000000) { + SmmStoreLibDeinitialize (); + return EFI_INVALID_PARAMETER; + } + + Status = PcdSet32S (PcdFlashNvStorageVariableSize, NvVariableSize); + ASSERT_EFI_ERROR (Status); + Status = PcdSet32S (PcdFlashNvStorageVariableBase, NvStorageBase); + ASSERT_EFI_ERROR (Status); + Status = PcdSet64S (PcdFlashNvStorageVariableBase64, NvStorageBase); + ASSERT_EFI_ERROR (Status); + + Status = PcdSet32S (PcdFlashNvStorageFtwWorkingSize, FtwWorkingSize); + ASSERT_EFI_ERROR (Status); + Status = PcdSet32S (PcdFlashNvStorageFtwWorkingBase, NvStorageBase + NvVariableSize); + ASSERT_EFI_ERROR (Status); + Status = PcdSet64S (PcdFlashNvStorageFtwWorkingBase64, NvStorageBase + NvVariableSize); + ASSERT_EFI_ERROR (Status); + + Status = PcdSet32S (PcdFlashNvStorageFtwSpareSize, FtwSpareSize); + ASSERT_EFI_ERROR (Status); + Status = PcdSet32S (PcdFlashNvStorageFtwSpareBase, NvStorageBase + NvVariableSize + FtwWorkingSize); + ASSERT_EFI_ERROR (Status); + Status = PcdSet64S (PcdFlashNvStorageFtwSpareBase64, NvStorageBase + NvVariableSize + FtwWorkingSize); + ASSERT_EFI_ERROR (Status); + + mSmmStoreInstance = AllocateRuntimeCopyPool (sizeof (SMMSTORE_INSTANCE), &mSmmStoreInstanceTemplate); + if (mSmmStoreInstance == NULL) { + SmmStoreLibDeinitialize (); + DEBUG ((DEBUG_ERROR, "%a: Out of resources\n", __FUNCTION__)); + return EFI_OUT_OF_RESOURCES; + } + + Status = SmmStoreInitInstance ( + MmioAddress, + BlockCount, + BlockSize, + mSmmStoreInstance + ); + if (EFI_ERROR (Status)) { + DEBUG ( + ( + DEBUG_ERROR, + "%a: Fail to create instance for SmmStore\n", + __FUNCTION__ + ) + ); + FreePool (mSmmStoreInstance); + SmmStoreLibDeinitialize (); + return Status; + } + + // + // Register for the virtual address change event + // + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + SmmStoreVirtualNotifyEvent, + NULL, + &gEfiEventVirtualAddressChangeGuid, + &mSmmStoreVirtualAddrChangeEvent + ); + ASSERT_EFI_ERROR (Status); + + return Status; +} diff --git a/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntime.h b/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntime.h new file mode 100644 index 0000000000..8015d12d13 --- /dev/null +++ b/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntime.h @@ -0,0 +1,111 @@ +/** @file SmmStoreFvbRuntime.h + + Copyright (c) 2022, 9elements GmbH
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef SMM_STORE_DXE_H_ +#define SMM_STORE_DXE_H_ + +#include +#include + +#include + +#include + +#include +#include +#include +#include + +#define SMMSTORE_SIGNATURE SIGNATURE_32('S', 'M', 'M', 'S') +#define INSTANCE_FROM_FVB_THIS(a) CR(a, SMMSTORE_INSTANCE, FvbProtocol, SMMSTORE_SIGNATURE) + +typedef struct _SMMSTORE_INSTANCE SMMSTORE_INSTANCE; + +typedef struct { + MEMMAP_DEVICE_PATH MemMapDevPath; + EFI_DEVICE_PATH_PROTOCOL EndDevPath; +} FV_MEMMAP_DEVICE_PATH; + +struct _SMMSTORE_INSTANCE { + UINT32 Signature; + EFI_HANDLE Handle; + EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL FvbProtocol; + UINTN BlockSize; + UINTN LastBlock; + EFI_PHYSICAL_ADDRESS MmioAddress; + FV_MEMMAP_DEVICE_PATH DevicePath; +}; + +// +// SmmStoreFvbRuntimeDxe.c +// + +EFI_STATUS +EFIAPI +FvbInitialize ( + IN SMMSTORE_INSTANCE *Instance + ); + +EFI_STATUS +EFIAPI +FvbGetAttributes ( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + OUT EFI_FVB_ATTRIBUTES_2 *Attributes + ); + +EFI_STATUS +EFIAPI +FvbSetAttributes ( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN OUT EFI_FVB_ATTRIBUTES_2 *Attributes + ); + +EFI_STATUS +EFIAPI +FvbGetPhysicalAddress ( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + OUT EFI_PHYSICAL_ADDRESS *Address + ); + +EFI_STATUS +EFIAPI +FvbGetBlockSize ( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN EFI_LBA Lba, + OUT UINTN *BlockSize, + OUT UINTN *NumberOfBlocks + ); + +EFI_STATUS +EFIAPI +FvbRead ( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN EFI_LBA Lba, + IN UINTN Offset, + IN OUT UINTN *NumBytes, + IN OUT UINT8 *Buffer + ); + +EFI_STATUS +EFIAPI +FvbWrite ( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN EFI_LBA Lba, + IN UINTN Offset, + IN OUT UINTN *NumBytes, + IN UINT8 *Buffer + ); + +EFI_STATUS +EFIAPI +FvbEraseBlocks ( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + ... + ); + +#endif // SMM_STORE_DXE_H_ diff --git a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreFvbDxe.c b/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.c similarity index 58% rename from DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreFvbDxe.c rename to DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.c index cdd1690cd8..bf8538f703 100644 --- a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreFvbDxe.c +++ b/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.c @@ -1,10 +1,10 @@ -/*++ @file BlSMMStoreFvbDxe.c +/** @file SmmStoreFvbRuntimeDxe.c - Copyright (c) 2020, 9elements Agency GmbH
+ Copyright (c) 2022, 9elements GmbH
- SPDX-License-Identifier: BSD-2-Clause-Patent + SPDX-License-Identifier: BSD-2-Clause-Patent - --*/ +**/ #include @@ -16,16 +16,13 @@ #include #include #include -#include +#include #include #include #include -#include "BlSMMStoreDxe.h" - -STATIC EFI_EVENT mFvbVirtualAddrChangeEvent; -STATIC UINTN mFlashNvStorageVariableBase; +#include "SmmStoreFvbRuntime.h" /// /// The Firmware Volume Block Protocol is the low-level interface @@ -41,147 +38,143 @@ STATIC UINTN mFlashNvStorageVariableBase; Initialises the FV Header and Variable Store Header to support variable operations. - @param[in] Ptr - Location to initialise the headers + @param[in] Instance - Pointer to SmmStore instance **/ EFI_STATUS InitializeFvAndVariableStoreHeaders ( - IN SMMSTORE_INSTANCE *Instance + IN SMMSTORE_INSTANCE *Instance ) { - EFI_STATUS Status; - VOID* Headers; - UINTN HeadersLength; - EFI_FIRMWARE_VOLUME_HEADER *FirmwareVolumeHeader; - VARIABLE_STORE_HEADER *VariableStoreHeader; - - HeadersLength = sizeof(EFI_FIRMWARE_VOLUME_HEADER) + sizeof(EFI_FV_BLOCK_MAP_ENTRY) + sizeof(VARIABLE_STORE_HEADER); - Headers = AllocateZeroPool(HeadersLength); + EFI_STATUS Status; + VOID *Headers; + UINTN HeadersLength; + EFI_FIRMWARE_VOLUME_HEADER *FirmwareVolumeHeader; + VARIABLE_STORE_HEADER *VariableStoreHeader; + UINT32 NvStorageFtwSpareSize; + UINT32 NvStorageFtwWorkingSize; + UINT32 NvStorageVariableSize; + UINT64 NvStorageFtwSpareBase; + UINT64 NvStorageFtwWorkingBase; + UINT64 NvStorageVariableBase; + + HeadersLength = sizeof (EFI_FIRMWARE_VOLUME_HEADER) + sizeof (EFI_FV_BLOCK_MAP_ENTRY) + sizeof (VARIABLE_STORE_HEADER); + Headers = AllocateZeroPool (HeadersLength); + + NvStorageFtwWorkingSize = PcdGet32 (PcdFlashNvStorageFtwWorkingSize); + NvStorageFtwSpareSize = PcdGet32 (PcdFlashNvStorageFtwSpareSize); + NvStorageVariableSize = PcdGet32 (PcdFlashNvStorageVariableSize); + + NvStorageFtwSpareBase = (PcdGet64 (PcdFlashNvStorageFtwSpareBase64) != 0) ? + PcdGet64 (PcdFlashNvStorageFtwSpareBase64) : PcdGet32 (PcdFlashNvStorageFtwSpareBase); + NvStorageFtwWorkingBase = (PcdGet64 (PcdFlashNvStorageFtwWorkingBase64) != 0) ? + PcdGet64 (PcdFlashNvStorageFtwWorkingBase64) : PcdGet32 (PcdFlashNvStorageFtwWorkingBase); + NvStorageVariableBase = (PcdGet64 (PcdFlashNvStorageVariableBase64) != 0) ? + PcdGet64 (PcdFlashNvStorageVariableBase64) : PcdGet32 (PcdFlashNvStorageVariableBase); // FirmwareVolumeHeader->FvLength is declared to have the Variable area AND the FTW working area AND the FTW Spare contiguous. - ASSERT(PcdGet32(PcdFlashNvStorageVariableBase) + PcdGet32(PcdFlashNvStorageVariableSize) == PcdGet32(PcdFlashNvStorageFtwWorkingBase)); - ASSERT(PcdGet32(PcdFlashNvStorageFtwWorkingBase) + PcdGet32(PcdFlashNvStorageFtwWorkingSize) == PcdGet32(PcdFlashNvStorageFtwSpareBase)); + if ((NvStorageVariableBase + NvStorageVariableSize) != NvStorageFtwWorkingBase) { + DEBUG (( + DEBUG_ERROR, + "%a: NvStorageFtwWorkingBase is not contiguous with NvStorageVariableBase region\n", + __FUNCTION__ + )); + return EFI_INVALID_PARAMETER; + } + + if ((NvStorageFtwWorkingBase + NvStorageFtwWorkingSize) != NvStorageFtwSpareBase) { + DEBUG (( + DEBUG_ERROR, + "%a: NvStorageFtwSpareBase is not contiguous with NvStorageFtwWorkingBase region\n", + __FUNCTION__ + )); + return EFI_INVALID_PARAMETER; + } // Check if the size of the area is at least one block size - ASSERT((PcdGet32(PcdFlashNvStorageVariableSize) > 0) && (PcdGet32(PcdFlashNvStorageVariableSize) / Instance->Media.BlockSize > 0)); - ASSERT((PcdGet32(PcdFlashNvStorageFtwWorkingSize) > 0) && (PcdGet32(PcdFlashNvStorageFtwWorkingSize) / Instance->Media.BlockSize > 0)); - ASSERT((PcdGet32(PcdFlashNvStorageFtwSpareSize) > 0) && (PcdGet32(PcdFlashNvStorageFtwSpareSize) / Instance->Media.BlockSize > 0)); + if ((NvStorageVariableSize <= 0) || (NvStorageVariableSize / Instance->BlockSize <= 0)) { + DEBUG (( + DEBUG_ERROR, + "%a: NvStorageVariableSize is 0x%x, should be atleast one block size\n", + __FUNCTION__, + NvStorageVariableSize + )); + return EFI_INVALID_PARAMETER; + } - // Ensure the Variable area Base Addresses are aligned on a block size boundaries - ASSERT(PcdGet32(PcdFlashNvStorageVariableBase) % Instance->Media.BlockSize == 0); - ASSERT(PcdGet32(PcdFlashNvStorageFtwWorkingBase) % Instance->Media.BlockSize == 0); - ASSERT(PcdGet32(PcdFlashNvStorageFtwSpareBase) % Instance->Media.BlockSize == 0); + if ((NvStorageFtwWorkingSize <= 0) || (NvStorageFtwWorkingSize / Instance->BlockSize <= 0)) { + DEBUG (( + DEBUG_ERROR, + "%a: NvStorageFtwWorkingSize is 0x%x, should be atleast one block size\n", + __FUNCTION__, + NvStorageFtwWorkingSize + )); + return EFI_INVALID_PARAMETER; + } + + if ((NvStorageFtwSpareSize <= 0) || (NvStorageFtwSpareSize / Instance->BlockSize <= 0)) { + DEBUG (( + DEBUG_ERROR, + "%a: NvStorageFtwSpareSize is 0x%x, should be atleast one block size\n", + __FUNCTION__, + NvStorageFtwSpareSize + )); + return EFI_INVALID_PARAMETER; + } // // EFI_FIRMWARE_VOLUME_HEADER // - FirmwareVolumeHeader = (EFI_FIRMWARE_VOLUME_HEADER*)Headers; + FirmwareVolumeHeader = (EFI_FIRMWARE_VOLUME_HEADER *)Headers; CopyGuid (&FirmwareVolumeHeader->FileSystemGuid, &gEfiSystemNvDataFvGuid); FirmwareVolumeHeader->FvLength = - PcdGet32(PcdFlashNvStorageVariableSize) + - PcdGet32(PcdFlashNvStorageFtwWorkingSize) + - PcdGet32(PcdFlashNvStorageFtwSpareSize); - FirmwareVolumeHeader->Signature = EFI_FVH_SIGNATURE; - FirmwareVolumeHeader->Attributes = (EFI_FVB_ATTRIBUTES_2) ( - EFI_FVB2_READ_ENABLED_CAP | // Reads may be enabled - EFI_FVB2_READ_STATUS | // Reads are currently enabled - EFI_FVB2_STICKY_WRITE | // A block erase is required to flip bits into EFI_FVB2_ERASE_POLARITY - EFI_FVB2_MEMORY_MAPPED | // It is memory mapped - EFI_FVB2_ERASE_POLARITY | // After erasure all bits take this value (i.e. '1') - EFI_FVB2_WRITE_STATUS | // Writes are currently enabled - EFI_FVB2_WRITE_ENABLED_CAP // Writes may be enabled - ); - FirmwareVolumeHeader->HeaderLength = sizeof(EFI_FIRMWARE_VOLUME_HEADER) + sizeof(EFI_FV_BLOCK_MAP_ENTRY); - FirmwareVolumeHeader->Revision = EFI_FVH_REVISION; - FirmwareVolumeHeader->BlockMap[0].NumBlocks = Instance->Media.LastBlock + 1; - FirmwareVolumeHeader->BlockMap[0].Length = Instance->Media.BlockSize; + PcdGet32 (PcdFlashNvStorageVariableSize) + + PcdGet32 (PcdFlashNvStorageFtwWorkingSize) + + PcdGet32 (PcdFlashNvStorageFtwSpareSize); + FirmwareVolumeHeader->Signature = EFI_FVH_SIGNATURE; + FirmwareVolumeHeader->Attributes = (EFI_FVB_ATTRIBUTES_2)( + EFI_FVB2_READ_ENABLED_CAP | // Reads may be enabled + EFI_FVB2_READ_STATUS | // Reads are currently enabled + EFI_FVB2_STICKY_WRITE | // A block erase is required to flip bits into EFI_FVB2_ERASE_POLARITY + EFI_FVB2_MEMORY_MAPPED | // It is memory mapped + EFI_FVB2_ERASE_POLARITY | // After erasure all bits take this value (i.e. '1') + EFI_FVB2_WRITE_STATUS | // Writes are currently enabled + EFI_FVB2_WRITE_ENABLED_CAP // Writes may be enabled + ); + FirmwareVolumeHeader->HeaderLength = sizeof (EFI_FIRMWARE_VOLUME_HEADER) + sizeof (EFI_FV_BLOCK_MAP_ENTRY); + FirmwareVolumeHeader->Revision = EFI_FVH_REVISION; + FirmwareVolumeHeader->BlockMap[0].NumBlocks = Instance->LastBlock + 1; + FirmwareVolumeHeader->BlockMap[0].Length = Instance->BlockSize; FirmwareVolumeHeader->BlockMap[1].NumBlocks = 0; - FirmwareVolumeHeader->BlockMap[1].Length = 0; - FirmwareVolumeHeader->Checksum = CalculateCheckSum16 ((UINT16*)FirmwareVolumeHeader,FirmwareVolumeHeader->HeaderLength); + FirmwareVolumeHeader->BlockMap[1].Length = 0; + FirmwareVolumeHeader->Checksum = CalculateCheckSum16 ((UINT16 *)FirmwareVolumeHeader, FirmwareVolumeHeader->HeaderLength); // // VARIABLE_STORE_HEADER // - VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)Headers + FirmwareVolumeHeader->HeaderLength); - CopyGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid); - VariableStoreHeader->Size = PcdGet32(PcdFlashNvStorageVariableSize) - FirmwareVolumeHeader->HeaderLength; - VariableStoreHeader->Format = VARIABLE_STORE_FORMATTED; - VariableStoreHeader->State = VARIABLE_STORE_HEALTHY; + VariableStoreHeader = (VARIABLE_STORE_HEADER *)((UINTN)Headers + FirmwareVolumeHeader->HeaderLength); + CopyGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid); + VariableStoreHeader->Size = PcdGet32 (PcdFlashNvStorageVariableSize) - FirmwareVolumeHeader->HeaderLength; + VariableStoreHeader->Format = VARIABLE_STORE_FORMATTED; + VariableStoreHeader->State = VARIABLE_STORE_HEALTHY; - // Install the combined super-header in the store + // Install the combined super-header in the NorFlash Status = FvbWrite (&Instance->FvbProtocol, 0, 0, &HeadersLength, Headers); FreePool (Headers); return Status; } -/** - - This function dump raw data. - - @param Data raw data - @param Size raw data size - -**/ -VOID -InternalDumpData ( - IN UINT8 *Data, - IN UINTN Size - ) -{ - UINTN Index; - for (Index = 0; Index < Size; Index++) { - DEBUG ((EFI_D_INFO, "%02x", (UINTN)Data[Index])); - } -} - -/** - - This function dump raw data with colume format. - - @param Data raw data - @param Size raw data size - -**/ -VOID -InternalDumpHex ( - IN UINT8 *Data, - IN UINTN Size - ) -{ - UINTN Index; - UINTN Count; - UINTN Left; - -#define COLUME_SIZE (16 * 2) - - Count = Size / COLUME_SIZE; - Left = Size % COLUME_SIZE; - for (Index = 0; Index < Count; Index++) { - DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); - InternalDumpData (Data + Index * COLUME_SIZE, COLUME_SIZE); - DEBUG ((EFI_D_INFO, "\n")); - } - - if (Left != 0) { - DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); - InternalDumpData (Data + Index * COLUME_SIZE, Left); - DEBUG ((EFI_D_INFO, "\n")); - } -} - /** Check the integrity of firmware volume header. - @param[in] FwVolHeader - A pointer to a firmware volume header - @retval EFI_SUCCESS - The firmware volume is consistent @retval EFI_NOT_FOUND - The firmware volume has been corrupted. **/ EFI_STATUS ValidateFvHeader ( - IN SMMSTORE_INSTANCE *Instance + VOID ) { UINT16 Checksum; @@ -193,81 +186,102 @@ ValidateFvHeader ( UINTN BufferSize; UINTN BufferSizeReqested; - BufferSizeReqested = sizeof(EFI_FIRMWARE_VOLUME_HEADER); - FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER*)AllocatePool(BufferSizeReqested); + BufferSizeReqested = sizeof (EFI_FIRMWARE_VOLUME_HEADER); + FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER *)AllocatePool (BufferSizeReqested); if (!FwVolHeader) { - DEBUG((DEBUG_ERROR, "%a: Failed to allocate pool for FVB header\n", __FUNCTION__)); return EFI_OUT_OF_RESOURCES; } + BufferSize = BufferSizeReqested; - TempStatus = SMMStoreRead (0, 0, &BufferSize, (UINT8 *)FwVolHeader); - if (EFI_ERROR (TempStatus) || BufferSizeReqested != BufferSize) { - DEBUG((DEBUG_ERROR, "%a: Failed to read current FVB header\n", __FUNCTION__)); + TempStatus = SmmStoreLibRead (0, 0, &BufferSize, (UINT8 *)FwVolHeader); + if (EFI_ERROR (TempStatus) || (BufferSizeReqested != BufferSize)) { FreePool (FwVolHeader); return EFI_DEVICE_ERROR; } - DEBUG((DEBUG_INFO, "%a: FVB header:\n", __FUNCTION__)); - InternalDumpHex ((UINT8 *)FwVolHeader, BufferSizeReqested); - FvLength = PcdGet32(PcdFlashNvStorageVariableSize) + PcdGet32(PcdFlashNvStorageFtwWorkingSize) + - PcdGet32(PcdFlashNvStorageFtwSpareSize); + FvLength = PcdGet32 (PcdFlashNvStorageVariableSize) + PcdGet32 (PcdFlashNvStorageFtwWorkingSize) + + PcdGet32 (PcdFlashNvStorageFtwSpareSize); // // Verify the header revision, header signature, length // Length of FvBlock cannot be 2**64-1 // HeaderLength cannot be an odd number // - if ( (FwVolHeader->Revision != EFI_FVH_REVISION) - || (FwVolHeader->Signature != EFI_FVH_SIGNATURE) - || (FwVolHeader->FvLength != FvLength) - ) + if ( (FwVolHeader->Revision != EFI_FVH_REVISION) + || (FwVolHeader->Signature != EFI_FVH_SIGNATURE) + || (FwVolHeader->FvLength != FvLength) + ) { - DEBUG ((EFI_D_INFO, "%a: No Firmware Volume header present\n", - __FUNCTION__)); + DEBUG (( + DEBUG_INFO, + "%a: No Firmware Volume header present\n", + __FUNCTION__ + )); FreePool (FwVolHeader); return EFI_NOT_FOUND; } // Check the Firmware Volume Guid - if( CompareGuid (&FwVolHeader->FileSystemGuid, &gEfiSystemNvDataFvGuid) == FALSE ) { - DEBUG ((EFI_D_INFO, "%a: Firmware Volume Guid non-compatible\n", - __FUNCTION__)); + if ( CompareGuid (&FwVolHeader->FileSystemGuid, &gEfiSystemNvDataFvGuid) == FALSE ) { + DEBUG (( + DEBUG_INFO, + "%a: Firmware Volume Guid non-compatible\n", + __FUNCTION__ + )); FreePool (FwVolHeader); return EFI_NOT_FOUND; } + BufferSizeReqested = FwVolHeader->HeaderLength; + FreePool (FwVolHeader); + FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER *)AllocatePool (BufferSizeReqested); + if (!FwVolHeader) { + return EFI_OUT_OF_RESOURCES; + } + + BufferSize = BufferSizeReqested; + TempStatus = SmmStoreLibRead (0, 0, &BufferSize, (UINT8 *)FwVolHeader); + if (EFI_ERROR (TempStatus) || (BufferSizeReqested != BufferSize)) { + FreePool (FwVolHeader); + return EFI_DEVICE_ERROR; + } + // Verify the header checksum - Checksum = CalculateSum16((UINT16*)FwVolHeader, FwVolHeader->HeaderLength); + Checksum = CalculateSum16 ((UINT16 *)FwVolHeader, FwVolHeader->HeaderLength); if (Checksum != 0) { - DEBUG ((EFI_D_INFO, "%a: FV checksum is invalid (Checksum:0x%X)\n", - __FUNCTION__, Checksum)); + DEBUG (( + DEBUG_INFO, + "%a: FV checksum is invalid (Checksum:0x%X)\n", + __FUNCTION__, + Checksum + )); FreePool (FwVolHeader); return EFI_NOT_FOUND; } - BufferSizeReqested = sizeof(VARIABLE_STORE_HEADER); - VariableStoreHeader = (VARIABLE_STORE_HEADER*)AllocatePool(BufferSizeReqested); + BufferSizeReqested = sizeof (VARIABLE_STORE_HEADER); + VariableStoreHeader = (VARIABLE_STORE_HEADER *)AllocatePool (BufferSizeReqested); if (!VariableStoreHeader) { - DEBUG((DEBUG_ERROR, "%a: Failed to allocate pool for varstore header\n", __FUNCTION__)); return EFI_OUT_OF_RESOURCES; } + BufferSize = BufferSizeReqested; - TempStatus = SMMStoreRead (0, FwVolHeader->HeaderLength, &BufferSize, (UINT8 *)VariableStoreHeader); - if (EFI_ERROR (TempStatus) || BufferSizeReqested != BufferSize) { - DEBUG((DEBUG_ERROR, "%a: Failed to read current varstore header\n", __FUNCTION__)); + TempStatus = SmmStoreLibRead (0, FwVolHeader->HeaderLength, &BufferSize, (UINT8 *)VariableStoreHeader); + if (EFI_ERROR (TempStatus) || (BufferSizeReqested != BufferSize)) { FreePool (VariableStoreHeader); FreePool (FwVolHeader); return EFI_DEVICE_ERROR; } - DEBUG((DEBUG_INFO, "%a: Varstore header:\n", __FUNCTION__)); - InternalDumpHex ((UINT8 *)VariableStoreHeader, BufferSizeReqested); - // Check the Variable Store Guid if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) && - !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) { - DEBUG ((EFI_D_INFO, "%a: Variable Store Guid non-compatible\n", - __FUNCTION__)); + !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) + { + DEBUG (( + DEBUG_INFO, + "%a: Variable Store Guid non-compatible\n", + __FUNCTION__ + )); FreePool (FwVolHeader); FreePool (VariableStoreHeader); return EFI_NOT_FOUND; @@ -275,8 +289,11 @@ ValidateFvHeader ( VariableStoreLength = PcdGet32 (PcdFlashNvStorageVariableSize) - FwVolHeader->HeaderLength; if (VariableStoreHeader->Size != VariableStoreLength) { - DEBUG ((EFI_D_INFO, "%a: Variable Store Length does not match\n", - __FUNCTION__)); + DEBUG (( + DEBUG_INFO, + "%a: Variable Store Length does not match\n", + __FUNCTION__ + )); FreePool (FwVolHeader); FreePool (VariableStoreHeader); return EFI_NOT_FOUND; @@ -303,33 +320,20 @@ ValidateFvHeader ( **/ EFI_STATUS EFIAPI -FvbGetAttributes( - IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, - OUT EFI_FVB_ATTRIBUTES_2 *Attributes +FvbGetAttributes ( + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + OUT EFI_FVB_ATTRIBUTES_2 *Attributes ) { EFI_FVB_ATTRIBUTES_2 FlashFvbAttributes; - SMMSTORE_INSTANCE *Instance; - - Instance = INSTANCE_FROM_FVB_THIS(This); - - FlashFvbAttributes = (EFI_FVB_ATTRIBUTES_2) ( - - EFI_FVB2_READ_ENABLED_CAP | // Reads may be enabled - EFI_FVB2_READ_STATUS | // Reads are currently enabled - EFI_FVB2_STICKY_WRITE | // A block erase is required to flip bits into EFI_FVB2_ERASE_POLARITY - EFI_FVB2_MEMORY_MAPPED | // It is memory mapped - EFI_FVB2_ERASE_POLARITY // After erasure all bits take this value (i.e. '1') - ); - - // Check if it is write protected - if (Instance->Media.ReadOnly != TRUE) { - - FlashFvbAttributes = FlashFvbAttributes | - EFI_FVB2_WRITE_STATUS | // Writes are currently enabled - EFI_FVB2_WRITE_ENABLED_CAP; // Writes may be enabled - } + FlashFvbAttributes = (EFI_FVB_ATTRIBUTES_2)( + EFI_FVB2_READ_STATUS | // Reads are currently enabled + EFI_FVB2_WRITE_STATUS | // Writes are enabled + EFI_FVB2_STICKY_WRITE | // A block erase is required to flip bits into EFI_FVB2_ERASE_POLARITY + EFI_FVB2_MEMORY_MAPPED | // It is memory mapped + EFI_FVB2_ERASE_POLARITY // After erasure all bits take this value (i.e. '1') + ); *Attributes = FlashFvbAttributes; @@ -359,12 +363,12 @@ FvbGetAttributes( **/ EFI_STATUS EFIAPI -FvbSetAttributes( +FvbSetAttributes ( IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, IN OUT EFI_FVB_ATTRIBUTES_2 *Attributes ) { - DEBUG ((DEBUG_BLKIO, "FvbSetAttributes(0x%X) is not supported\n",*Attributes)); + DEBUG ((DEBUG_ERROR, "FvbSetAttributes(0x%X) is not supported\n", *Attributes)); return EFI_UNSUPPORTED; } @@ -392,9 +396,13 @@ FvbGetPhysicalAddress ( OUT EFI_PHYSICAL_ADDRESS *Address ) { - ASSERT(Address != NULL); + SMMSTORE_INSTANCE *Instance; + + Instance = INSTANCE_FROM_FVB_THIS (This); + + ASSERT (Address != NULL); + *Address = Instance->MmioAddress; - *Address = mFlashNvStorageVariableBase; return EFI_SUCCESS; } @@ -433,19 +441,19 @@ FvbGetBlockSize ( OUT UINTN *NumberOfBlocks ) { - EFI_STATUS Status; - SMMSTORE_INSTANCE *Instance; + EFI_STATUS Status; + SMMSTORE_INSTANCE *Instance; - Instance = INSTANCE_FROM_FVB_THIS(This); + Instance = INSTANCE_FROM_FVB_THIS (This); - DEBUG ((DEBUG_BLKIO, "FvbGetBlockSize(Lba=%ld, BlockSize=0x%x, LastBlock=%ld)\n", Lba, Instance->Media.BlockSize, Instance->Media.LastBlock)); + DEBUG ((DEBUG_BLKIO, "FvbGetBlockSize(Lba=%ld, BlockSize=0x%x, LastBlock=%ld)\n", Lba, Instance->BlockSize, Instance->LastBlock)); - if (Lba > Instance->Media.LastBlock) { - DEBUG ((EFI_D_ERROR, "FvbGetBlockSize: ERROR - Parameter LBA %ld is beyond the last Lba (%ld).\n", Lba, Instance->Media.LastBlock)); + if (Lba > Instance->LastBlock) { + DEBUG ((DEBUG_ERROR, "FvbGetBlockSize: ERROR - Parameter LBA %ld is beyond the last Lba (%ld).\n", Lba, Instance->LastBlock)); Status = EFI_INVALID_PARAMETER; } else { - *BlockSize = (UINTN) Instance->Media.BlockSize; - *NumberOfBlocks = (UINTN) (Instance->Media.LastBlock - Lba + 1); + *BlockSize = (UINTN)Instance->BlockSize; + *NumberOfBlocks = (UINTN)(Instance->LastBlock - Lba + 1); DEBUG ((DEBUG_BLKIO, "FvbGetBlockSize: *BlockSize=0x%x, *NumberOfBlocks=0x%x.\n", *BlockSize, *NumberOfBlocks)); @@ -499,31 +507,30 @@ FvbGetBlockSize ( EFI_STATUS EFIAPI FvbRead ( - IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, - IN EFI_LBA Lba, - IN UINTN Offset, - IN OUT UINTN *NumBytes, - IN OUT UINT8 *Buffer + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN EFI_LBA Lba, + IN UINTN Offset, + IN OUT UINTN *NumBytes, + IN OUT UINT8 *Buffer ) { - UINTN BlockSize; - SMMSTORE_INSTANCE *Instance; + UINTN BlockSize; + SMMSTORE_INSTANCE *Instance; - Instance = INSTANCE_FROM_FVB_THIS(This); + Instance = INSTANCE_FROM_FVB_THIS (This); DEBUG ((DEBUG_BLKIO, "FvbRead(Parameters: Lba=%ld, Offset=0x%x, *NumBytes=0x%x, Buffer @ 0x%08x)\n", Lba, Offset, *NumBytes, Buffer)); // Cache the block size to avoid de-referencing pointers all the time - BlockSize = Instance->Media.BlockSize; - - DEBUG ((DEBUG_BLKIO, "FvbRead: Check if (Offset=0x%x + NumBytes=0x%x) <= BlockSize=0x%x\n", Offset, *NumBytes, BlockSize )); + BlockSize = Instance->BlockSize; // The read must not span block boundaries. // We need to check each variable individually because adding two large values together overflows. if ((Offset >= BlockSize) || (*NumBytes > BlockSize) || - ((Offset + *NumBytes) > BlockSize)) { - DEBUG ((EFI_D_ERROR, "FvbRead: ERROR - EFI_BAD_BUFFER_SIZE: (Offset=0x%x + NumBytes=0x%x) > BlockSize=0x%x\n", Offset, *NumBytes, BlockSize )); + ((Offset + *NumBytes) > BlockSize)) + { + DEBUG ((DEBUG_ERROR, "FvbRead: ERROR - EFI_BAD_BUFFER_SIZE: (Offset=0x%x + NumBytes=0x%x) > BlockSize=0x%x\n", Offset, *NumBytes, BlockSize)); return EFI_BAD_BUFFER_SIZE; } @@ -532,7 +539,7 @@ FvbRead ( return EFI_BAD_BUFFER_SIZE; } - return SMMStoreRead (Lba, Offset, NumBytes, Buffer); + return SmmStoreLibRead (Lba, Offset, NumBytes, Buffer); } /** @@ -592,29 +599,30 @@ FvbRead ( EFI_STATUS EFIAPI FvbWrite ( - IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, - IN EFI_LBA Lba, - IN UINTN Offset, - IN OUT UINTN *NumBytes, - IN UINT8 *Buffer + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN EFI_LBA Lba, + IN UINTN Offset, + IN OUT UINTN *NumBytes, + IN UINT8 *Buffer ) { - UINTN BlockSize; - SMMSTORE_INSTANCE *Instance; + UINTN BlockSize; + SMMSTORE_INSTANCE *Instance; - Instance = INSTANCE_FROM_FVB_THIS(This); + Instance = INSTANCE_FROM_FVB_THIS (This); DEBUG ((DEBUG_BLKIO, "FvbWrite(Parameters: Lba=%ld, Offset=0x%x, *NumBytes=0x%x, Buffer @ 0x%08x)\n", Lba, Offset, *NumBytes, Buffer)); // Cache the block size to avoid de-referencing pointers all the time - BlockSize = Instance->Media.BlockSize; + BlockSize = Instance->BlockSize; // The read must not span block boundaries. // We need to check each variable individually because adding two large values together overflows. if ((Offset >= BlockSize) || (*NumBytes > BlockSize) || - ((Offset + *NumBytes) > BlockSize)) { - DEBUG ((EFI_D_ERROR, "FvbRead: ERROR - EFI_BAD_BUFFER_SIZE: (Offset=0x%x + NumBytes=0x%x) > BlockSize=0x%x\n", Offset, *NumBytes, BlockSize )); + ((Offset + *NumBytes) > BlockSize)) + { + DEBUG ((DEBUG_ERROR, "FvbRead: ERROR - EFI_BAD_BUFFER_SIZE: (Offset=0x%x + NumBytes=0x%x) > BlockSize=0x%x\n", Offset, *NumBytes, BlockSize)); return EFI_BAD_BUFFER_SIZE; } @@ -623,7 +631,7 @@ FvbWrite ( return EFI_BAD_BUFFER_SIZE; } - return SMMStoreWrite (Lba, Offset, NumBytes, Buffer); + return SmmStoreLibWrite (Lba, Offset, NumBytes, Buffer); } /** @@ -672,29 +680,20 @@ FvbWrite ( EFI_STATUS EFIAPI FvbEraseBlocks ( - IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This, ... ) { - EFI_STATUS Status; - VA_LIST Args; - EFI_LBA StartingLba; // Lba from which we start erasing - UINTN NumOfLba; // Number of Lba blocks to erase - SMMSTORE_INSTANCE *Instance; - - Instance = INSTANCE_FROM_FVB_THIS(This); + EFI_STATUS Status; + VA_LIST Args; + EFI_LBA StartingLba; // Lba from which we start erasing + UINTN NumOfLba; // Number of Lba blocks to erase + SMMSTORE_INSTANCE *Instance; - DEBUG ((DEBUG_BLKIO, "FvbEraseBlocks()\n")); + Instance = INSTANCE_FROM_FVB_THIS (This); Status = EFI_SUCCESS; - // Detect WriteDisabled state - if (Instance->Media.ReadOnly == TRUE) { - // Firmware volume is in WriteDisabled state - DEBUG ((EFI_D_ERROR, "FvbEraseBlocks: ERROR - Device is in WriteDisabled state.\n")); - return EFI_ACCESS_DENIED; - } - // Before erasing, check the entire list of parameters to ensure all specified blocks are valid VA_START (Args, This); @@ -704,7 +703,7 @@ FvbEraseBlocks ( // Have we reached the end of the list? if (StartingLba == EFI_LBA_LIST_TERMINATOR) { - //Exit the while loop + // Exit the while loop break; } @@ -717,15 +716,16 @@ FvbEraseBlocks ( "FvbEraseBlocks: Check if: ( StartingLba=%ld + NumOfLba=%Lu - 1 ) > LastBlock=%ld.\n", StartingLba, (UINT64)NumOfLba, - Instance->Media.LastBlock + Instance->LastBlock )); - if ((NumOfLba == 0) || ((StartingLba + NumOfLba - 1) > Instance->Media.LastBlock)) { + if ((NumOfLba == 0) || ((StartingLba + NumOfLba - 1) > Instance->LastBlock)) { VA_END (Args); - DEBUG ((EFI_D_ERROR, "FvbEraseBlocks: ERROR - Lba range goes past the last Lba.\n")); + DEBUG ((DEBUG_ERROR, "FvbEraseBlocks: ERROR - Lba range goes past the last Lba.\n")); Status = EFI_INVALID_PARAMETER; goto EXIT; } } while (TRUE); + VA_END (Args); // @@ -749,8 +749,8 @@ FvbEraseBlocks ( while (NumOfLba > 0) { // Erase it DEBUG ((DEBUG_BLKIO, "FvbEraseBlocks: Erasing Lba=%ld\n", StartingLba)); - Status = SMMStoreEraseBlock (StartingLba); - if (EFI_ERROR(Status)) { + Status = SmmStoreLibEraseBlock (StartingLba); + if (EFI_ERROR (Status)) { VA_END (Args); Status = EFI_DEVICE_ERROR; goto EXIT; @@ -761,6 +761,7 @@ FvbEraseBlocks ( NumOfLba--; } } while (TRUE); + VA_END (Args); EXIT: @@ -768,73 +769,59 @@ FvbEraseBlocks ( } /** - Fixup internal data so that EFI can be call in virtual mode. - Call the passed in Child Notify event and convert any pointers in - lib to virtual mode. + Initialized the Firmware Volume if necessary and installs the + gEdkiiNvVarStoreFormattedGuid protocol. - @param[in] Event The Event that is being processed - @param[in] Context Event Context -**/ -VOID -EFIAPI -FvbVirtualNotifyEvent ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - EfiConvertPointer (0x0, (VOID**)&mFlashNvStorageVariableBase); - return; -} + @param Instance Pointer to SmmStore instance + **/ EFI_STATUS EFIAPI -SMMStoreFvbInitialize ( - IN SMMSTORE_INSTANCE* Instance +FvbInitialize ( + IN SMMSTORE_INSTANCE *Instance ) { - EFI_STATUS Status; - UINT32 FvbNumLba; - EFI_BOOT_MODE BootMode; - - DEBUG((DEBUG_BLKIO,"NorFlashFvbInitialize\n")); - ASSERT((Instance != NULL)); + EFI_STATUS Status; + UINT32 FvbNumLba; + EFI_BOOT_MODE BootMode; - mFlashNvStorageVariableBase = PcdGet32 (PcdFlashNvStorageVariableBase); + ASSERT ((Instance != NULL)); BootMode = GetBootModeHob (); if (BootMode == BOOT_WITH_DEFAULT_SETTINGS) { Status = EFI_INVALID_PARAMETER; } else { // Determine if there is a valid header at the beginning of the NorFlash - Status = ValidateFvHeader (Instance); + Status = ValidateFvHeader (); } // Install the Default FVB header if required - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { // There is no valid header, so time to install one. - DEBUG ((EFI_D_INFO, "%a: The FVB Header is not valid.\n", __FUNCTION__)); - DEBUG ((EFI_D_INFO, "%a: Installing a correct one for this volume.\n", - __FUNCTION__)); + DEBUG ((DEBUG_INFO, "%a: The FVB Header is not valid.\n", __FUNCTION__)); + DEBUG (( + DEBUG_INFO, + "%a: Installing a correct one for this volume.\n", + __FUNCTION__ + )); // Erase all the NorFlash that is reserved for variable storage - FvbNumLba = (PcdGet32(PcdFlashNvStorageVariableSize) + - PcdGet32(PcdFlashNvStorageFtwWorkingSize) + - PcdGet32(PcdFlashNvStorageFtwSpareSize)) / Instance->Media.BlockSize; + FvbNumLba = (PcdGet32 (PcdFlashNvStorageVariableSize) + + PcdGet32 (PcdFlashNvStorageFtwWorkingSize) + + PcdGet32 (PcdFlashNvStorageFtwSpareSize)) / Instance->BlockSize; Status = FvbEraseBlocks (&Instance->FvbProtocol, (EFI_LBA)0, FvbNumLba, EFI_LBA_LIST_TERMINATOR); - if (EFI_ERROR(Status)) { - DEBUG((DEBUG_ERROR, "%a: Failed to erase blocks for FVB header\n", __FUNCTION__)); + if (EFI_ERROR (Status)) { return Status; } // Install all appropriate headers Status = InitializeFvAndVariableStoreHeaders (Instance); - if (EFI_ERROR(Status)) { - DEBUG((DEBUG_ERROR, "%a: Failed to install FVB headers\n", __FUNCTION__)); + if (EFI_ERROR (Status)) { return Status; } } else { - DEBUG((DEBUG_INFO, "%a: FVB header is valid\n", __FUNCTION__)); + DEBUG ((DEBUG_INFO, "%a: FVB header is valid\n", __FUNCTION__)); } // @@ -849,18 +836,5 @@ SMMStoreFvbInitialize ( ); ASSERT_EFI_ERROR (Status); - // - // Register for the virtual address change event - // - Status = gBS->CreateEventEx ( - EVT_NOTIFY_SIGNAL, - TPL_NOTIFY, - FvbVirtualNotifyEvent, - NULL, - &gEfiEventVirtualAddressChangeGuid, - &mFvbVirtualAddrChangeEvent - ); - ASSERT_EFI_ERROR (Status); - return Status; } diff --git a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf b/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.inf similarity index 61% rename from DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf rename to DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.inf index 0bcaff65a6..75e004d097 100644 --- a/DasharoPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf +++ b/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.inf @@ -1,24 +1,24 @@ -#/** @file +## @file +# This is the component description file for SmmStore module. # -# Component description file for SMMSTORE module -# -# Copyright (c) 2020, 9elements Agency GmbH
+# Copyright (c) 2022, 9elements GmbH.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # -#**/ +## + [Defines] INF_VERSION = 0x00010005 - BASE_NAME = UefiPayloadBlSMMStoreDxe + BASE_NAME = SmmStoreFvbRuntimeDxe FILE_GUID = A0402FCA-6B25-4CEA-B7DD-C08F99714B29 MODULE_TYPE = DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 - ENTRY_POINT = BlSMMSTOREInitialise + ENTRY_POINT = SmmStoreInitialize [Sources.common] - BlSMMStoreDxe.h - BlSMMStoreDxe.c - BlSMMStoreFvbDxe.c + SmmStoreFvbRuntimeDxe.c + SmmStoreFvbRuntime.h + SmmStoreFvbRuntime.c [Packages] MdePkg/MdePkg.dec @@ -27,7 +27,6 @@ DasharoPayloadPkg/DasharoPayloadPkg.dec [LibraryClasses] - IoLib BaseLib DebugLib HobLib @@ -40,17 +39,14 @@ [Guids] gEfiSystemNvDataFvGuid - gEfiVariableGuid + gEfiVariableGuid ## PRODUCES ## PROTOCOL gEfiAuthenticatedVariableGuid gEfiEventVirtualAddressChangeGuid gEdkiiNvVarStoreFormattedGuid ## PRODUCES ## PROTOCOL - gEfiSMMSTOREInfoHobGuid [Protocols] - gEfiBlockIoProtocolGuid - gEfiDevicePathProtocolGuid - gEfiFirmwareVolumeBlockProtocolGuid ## PRODUCES - gEfiDiskIoProtocolGuid + gEfiDevicePathProtocolGuid ## BY_START + gEfiFirmwareVolumeBlockProtocolGuid ## BY_START [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase @@ -59,7 +55,9 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize - gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 [Depex] - gEfiCpuArchProtocolGuid + TRUE From 9df5cb998fe167d37cfe4329ac3127b5cad8068e Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Mon, 11 May 2020 16:21:38 +0200 Subject: [PATCH 169/357] DasharoPayloadPkg: Use provided memory ranges in a smarter way Signed-off-by: Patrick Rudolph --- DasharoPayloadPkg/BlSupportPei/BlSupportPei.c | 59 ++++++++++++++++--- .../Library/CbParseLib/CbParseLib.c | 30 +++++++++- .../Library/SblParseLib/SblParseLib.c | 19 +++++- 3 files changed, 99 insertions(+), 9 deletions(-) diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c index 48602ca0b2..a2bbcb77ee 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c @@ -306,13 +306,14 @@ MemInfoCallback ( ) { PAYLOAD_MEM_INFO *MemInfo; - UINTN Attribue; + UINTN Attribute; EFI_PHYSICAL_ADDRESS Base; EFI_RESOURCE_TYPE Type; UINT64 Size; UINT32 SystemLowMemTop; + UINT8 Flag; - Attribue = EFI_RESOURCE_ATTRIBUTE_PRESENT | + Attribute = EFI_RESOURCE_ATTRIBUTE_PRESENT | EFI_RESOURCE_ATTRIBUTE_INITIALIZED | EFI_RESOURCE_ATTRIBUTE_TESTED | EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE | @@ -321,9 +322,10 @@ MemInfoCallback ( EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE; MemInfo = (PAYLOAD_MEM_INFO *)Params; - Type = (MemoryMapEntry->Type == 1) ? EFI_RESOURCE_SYSTEM_MEMORY : EFI_RESOURCE_MEMORY_RESERVED; + Type = MemoryMapEntry->Type; Base = MemoryMapEntry->Base; Size = MemoryMapEntry->Size; + Flag = MemoryMapEntry->Flag; if ((Base < 0x100000) && ((Base + Size) > 0x100000)) { Size -= (0x100000 - Base); @@ -331,31 +333,74 @@ MemInfoCallback ( } if (Base >= 0x100000) { - if (Type == EFI_RESOURCE_SYSTEM_MEMORY) { + if (!(Flag & EFI_RESOURCE_ATTRIBUTE_PRESENT)) { + BuildResourceDescriptorHob ( + Type, + 0, + (EFI_PHYSICAL_ADDRESS)Base, + Size + ); + } else if (Type == EFI_RESOURCE_SYSTEM_MEMORY) { if (Base < 0x100000000ULL) { MemInfo->UsableLowMemTop = (UINT32)(Base + Size); } else { - Attribue &= ~EFI_RESOURCE_ATTRIBUTE_TESTED; + Attribute &= ~EFI_RESOURCE_ATTRIBUTE_TESTED; } BuildResourceDescriptorHob ( EFI_RESOURCE_SYSTEM_MEMORY, - Attribue, + Attribute, (EFI_PHYSICAL_ADDRESS)Base, Size ); } else if (Type == EFI_RESOURCE_MEMORY_RESERVED) { BuildResourceDescriptorHob ( EFI_RESOURCE_MEMORY_RESERVED, - Attribue, + Attribute, (EFI_PHYSICAL_ADDRESS)Base, Size ); + BuildMemoryAllocationHob ( + (EFI_PHYSICAL_ADDRESS)Base, + Size, + EfiACPIReclaimMemory + ); if (Base < 0x100000000ULL) { SystemLowMemTop = ((UINT32)(Base + Size) + 0x0FFFFFFF) & 0xF0000000; if (SystemLowMemTop > MemInfo->SystemLowMemTop) { MemInfo->SystemLowMemTop = SystemLowMemTop; } } + } else if (Type == EFI_RESOURCE_MEMORY_MAPPED_IO) { + BuildResourceDescriptorHob ( + EFI_RESOURCE_MEMORY_RESERVED, + (EFI_RESOURCE_ATTRIBUTE_PRESENT | + EFI_RESOURCE_ATTRIBUTE_INITIALIZED | + EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE | + EFI_RESOURCE_ATTRIBUTE_TESTED), + (EFI_PHYSICAL_ADDRESS)Base, + Size + ); + + BuildMemoryAllocationHob ( + (EFI_PHYSICAL_ADDRESS)Base, + Size, + EfiMemoryMappedIO + ); + } else if (Type == EFI_RESOURCE_FIRMWARE_DEVICE) { + BuildResourceDescriptorHob ( + EFI_RESOURCE_FIRMWARE_DEVICE, + (EFI_RESOURCE_ATTRIBUTE_PRESENT | + EFI_RESOURCE_ATTRIBUTE_INITIALIZED | + EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE | + EFI_RESOURCE_ATTRIBUTE_TESTED), + (EFI_PHYSICAL_ADDRESS)Base, + Size + ); + BuildMemoryAllocationHob ( + (EFI_PHYSICAL_ADDRESS)Base, + Size, + EfiACPIMemoryNVS + ); } } diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c index 9d1cf84aff..b8fa29a40a 100644 --- a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c @@ -398,7 +398,35 @@ ParseMemoryInfo ( MemoryMap.Base = cb_unpack64(Range->start); MemoryMap.Size = cb_unpack64(Range->size); MemoryMap.Type = (UINT8)Range->type; - MemoryMap.Flag = 0; + + switch (Range->type) { + case CB_MEM_RAM: + MemoryMap.Type = EFI_RESOURCE_SYSTEM_MEMORY; + MemoryMap.Flag = EFI_RESOURCE_ATTRIBUTE_PRESENT; + break; + /* Only MMIO is marked reserved */ + case CB_MEM_RESERVED: + MemoryMap.Type = EFI_RESOURCE_MEMORY_MAPPED_IO; + MemoryMap.Flag = EFI_RESOURCE_ATTRIBUTE_PRESENT; + break; + case CB_MEM_UNUSABLE: + MemoryMap.Type = EFI_RESOURCE_MEMORY_RESERVED; + MemoryMap.Flag = 0; + break; + case CB_MEM_VENDOR_RSVD: + MemoryMap.Type = EFI_RESOURCE_FIRMWARE_DEVICE; + MemoryMap.Flag = EFI_RESOURCE_ATTRIBUTE_PRESENT; + break; + /* ACPI/SMBIOS/CBMEM has it's own tag */ + case CB_MEM_ACPI: + case CB_MEM_TABLE: + MemoryMap.Type = EFI_RESOURCE_MEMORY_RESERVED; + MemoryMap.Flag = EFI_RESOURCE_ATTRIBUTE_PRESENT; + break; + default: + continue; + } + DEBUG ((DEBUG_INFO, "%d. %016lx - %016lx [%02x]\n", Index, MemoryMap.Base, MemoryMap.Base + MemoryMap.Size - 1, MemoryMap.Type)); diff --git a/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c b/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c index 5c6a405daf..6f6d6ed3a5 100644 --- a/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c +++ b/DasharoPayloadPkg/Library/SblParseLib/SblParseLib.c @@ -94,6 +94,7 @@ ParseMemoryInfo ( ) { MEMROY_MAP_INFO *MemoryMapInfo; + MEMROY_MAP_ENTRY MemoryMap; UINTN Idx; MemoryMapInfo = (MEMROY_MAP_INFO *) GetGuidHobDataFromSbl (&gLoaderMemoryMapInfoGuid); @@ -103,7 +104,23 @@ ParseMemoryInfo ( } for (Idx = 0; Idx < MemoryMapInfo->Count; Idx++) { - MemInfoCallback (&MemoryMapInfo->Entry[Idx], Params); + MemoryMap.Base = MemoryMapInfo->Entry[Idx].Base; + MemoryMap.Size = MemoryMapInfo->Entry[Idx].Size; + + switch (MemoryMapInfo->Entry[Idx].Type) { + case 1: + MemoryMap.Type = EFI_RESOURCE_SYSTEM_MEMORY; + MemoryMap.Flag = EFI_RESOURCE_ATTRIBUTE_PRESENT; + break; + case 2: + MemoryMap.Type = EFI_RESOURCE_MEMORY_RESERVED; + MemoryMap.Flag = EFI_RESOURCE_ATTRIBUTE_PRESENT; + break; + default: + continue; + } + + MemInfoCallback (&MemoryMap, Params); } return RETURN_SUCCESS; From fab6e7a97692fec24e4699655730965bda9a3372 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 24 Nov 2022 12:44:14 +0100 Subject: [PATCH 170/357] DasharoPayloadPkg: report MMIO resources MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/BlSupportPei/BlSupportPei.c | 16 +--------------- .../Library/CbParseLib/CbParseLib.c | 17 +++++++++++++++-- .../Library/CbParseLib/CbParseLib.inf | 1 + 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c index a2bbcb77ee..2d4ca1bff4 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c @@ -371,21 +371,7 @@ MemInfoCallback ( } } } else if (Type == EFI_RESOURCE_MEMORY_MAPPED_IO) { - BuildResourceDescriptorHob ( - EFI_RESOURCE_MEMORY_RESERVED, - (EFI_RESOURCE_ATTRIBUTE_PRESENT | - EFI_RESOURCE_ATTRIBUTE_INITIALIZED | - EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE | - EFI_RESOURCE_ATTRIBUTE_TESTED), - (EFI_PHYSICAL_ADDRESS)Base, - Size - ); - - BuildMemoryAllocationHob ( - (EFI_PHYSICAL_ADDRESS)Base, - Size, - EfiMemoryMappedIO - ); + BuildMemoryMappedIoRangeHob((EFI_PHYSICAL_ADDRESS)Base, Size); } else if (Type == EFI_RESOURCE_FIRMWARE_DEVICE) { BuildResourceDescriptorHob ( EFI_RESOURCE_FIRMWARE_DEVICE, diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c index b8fa29a40a..63ffa63984 100644 --- a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -384,6 +385,9 @@ ParseMemoryInfo ( struct cb_memory_range *Range; UINTN Index; MEMROY_MAP_ENTRY MemoryMap; + UINT32 Tolud; + + Tolud = PciRead32(PCI_LIB_ADDRESS(0,0,0,0xbc)) & 0xFFF00000; // // Get the coreboot memory table @@ -406,8 +410,17 @@ ParseMemoryInfo ( break; /* Only MMIO is marked reserved */ case CB_MEM_RESERVED: - MemoryMap.Type = EFI_RESOURCE_MEMORY_MAPPED_IO; - MemoryMap.Flag = EFI_RESOURCE_ATTRIBUTE_PRESENT; + /* + * Reserved memory Below TOLUD can't be MMIO except legacy VGA which + * is reported elsewhere as reserved. + */ + if (MemoryMap.Base < Tolud) { + MemoryMap.Type = EFI_RESOURCE_MEMORY_RESERVED; + MemoryMap.Flag = EFI_RESOURCE_ATTRIBUTE_PRESENT; + } else { + MemoryMap.Type = EFI_RESOURCE_MEMORY_MAPPED_IO; + MemoryMap.Flag = EFI_RESOURCE_ATTRIBUTE_PRESENT; + } break; case CB_MEM_UNUSABLE: MemoryMap.Type = EFI_RESOURCE_MEMORY_RESERVED; diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf index a77d1672ee..5289968299 100644 --- a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf @@ -34,6 +34,7 @@ IoLib DebugLib PcdLib + PciLib [Pcd] gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadStackTop From 3c7ac2574d5d0698e7fdc51492485b821f84eb1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sun, 18 Dec 2022 10:02:58 +0100 Subject: [PATCH 171/357] MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenu.c: add arrow for selected item and better contrast MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../BootManagerMenuApp/BootManagerMenu.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenu.c b/MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenu.c index ef19319614..4e9e126e69 100644 --- a/MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenu.c +++ b/MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenu.c @@ -517,7 +517,8 @@ BootMenuSelectItem ( } for (Index = 0; Index < ItemCountPerScreen; Index++) { - PrintStringAt (PrintCol, PrintRow + Index, String); + PrintStringAt (PrintCol, PrintRow, L" "); + PrintStringAt (PrintCol + 2, PrintRow + Index, String); } FreePool (String); @@ -526,7 +527,8 @@ BootMenuSelectItem ( // for (Index = 0; Index < ItemCountPerScreen; Index++, PrintRow++) { String = HiiGetString (gStringPackHandle, BootMenuData->PtrTokens[Index + FirstItem], NULL); - PrintStringAt (PrintCol, PrintRow, String); + PrintStringAt (PrintCol, PrintRow, L" "); + PrintStringAt (PrintCol + 2, PrintRow, String); FreePool (String); } @@ -543,18 +545,21 @@ BootMenuSelectItem ( String = HiiGetString (gStringPackHandle, BootMenuData->PtrTokens[BootMenuData->SelectItem], NULL); PrintCol = StartCol + 1; PrintRow = StartRow + 3 + BootMenuData->SelectItem - FirstItem; - PrintStringAt (PrintCol, PrintRow, String); + PrintStringAt (PrintCol, PrintRow, L" "); + PrintStringAt (PrintCol + 2, PrintRow, String); FreePool (String); } // // Print want to select item // - gST->ConOut->SetAttribute (gST->ConOut, EFI_WHITE | EFI_BACKGROUND_BLACK); + FirstItem = BootMenuData->ScrollBarControl.FirstItem; + gST->ConOut->SetAttribute (gST->ConOut, EFI_YELLOW | EFI_BRIGHT | EFI_BACKGROUND_BLUE); String = HiiGetString (gStringPackHandle, BootMenuData->PtrTokens[WantSelectItem], NULL); PrintCol = StartCol + 1; PrintRow = StartRow + TITLE_TOKEN_COUNT + 2 + WantSelectItem - FirstItem; - PrintStringAt (PrintCol, PrintRow, String); + PrintStringAt (PrintCol, PrintRow, L"→"); + PrintStringAt (PrintCol + 2, PrintRow, String); FreePool (String); gST->ConOut->SetAttribute (gST->ConOut, SavedAttribute); @@ -688,7 +693,8 @@ DrawBootPopupMenu ( PrintRow = StartRow + TITLE_TOKEN_COUNT + 2; for (Index = 0; Index < ItemCountPerScreen; Index++, PrintRow++) { String = HiiGetString (gStringPackHandle, BootMenuData->PtrTokens[Index], NULL); - PrintStringAt (PrintCol, PrintRow, String); + PrintStringAt (PrintCol, PrintRow, L" "); + PrintStringAt (PrintCol + 2, PrintRow, String); FreePool (String); } From 701da9cfbdf47172dde390b40d025e8164191081 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 12 Jan 2023 10:49:50 +0100 Subject: [PATCH 172/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: register iPXE when vars are not populated but network boot is enabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../PlatformBootManager.c | 20 ++++++++++++++----- .../PlatformBootManagerLib.inf | 1 + 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index fa7aee2a49..acb4fcfa3d 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -844,21 +844,31 @@ PlatformBootManagerAfterConsole ( &NetBootEnabled ); + // + // Register iPXE + // if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(NetBootEnabled))) { if (NetBootEnabled) { - // - // Register iPXE - // - DEBUG((DEBUG_INFO, "Registering iPXE boot option\n")); + DEBUG((DEBUG_INFO, "Registering iPXE boot option by variable\n")); PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), (CHAR16 *) PcdGetPtr(PcdiPXEOptionName), LOAD_OPTION_ACTIVE); } else { - DEBUG((DEBUG_INFO, "Unregistering iPXE boot option\n")); + DEBUG((DEBUG_INFO, "Unregistering iPXE boot option by variable\n")); PlatformUnregisterFvBootOption (PcdGetPtr (PcdiPXEFile), (CHAR16 *) PcdGetPtr(PcdiPXEOptionName), LOAD_OPTION_ACTIVE); } + } else if ((Status == EFI_NOT_FOUND) && FixedPcdGetBool(PcdDefaultNetworkBootEnable)) { + DEBUG((DEBUG_INFO, "Registering iPXE boot option by policy\n")); + PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), + (CHAR16 *) PcdGetPtr(PcdiPXEOptionName), + LOAD_OPTION_ACTIVE); + } else { + DEBUG((DEBUG_INFO, "Unregistering iPXE boot option\n")); + PlatformUnregisterFvBootOption (PcdGetPtr (PcdiPXEFile), + (CHAR16 *) PcdGetPtr(PcdiPXEOptionName), + LOAD_OPTION_ACTIVE); } // // Register UEFI Shell diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index a3ffd4aae7..f57caeed22 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -97,3 +97,4 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey gEfiMdeModulePkgTokenSpaceGuid.PcdFastPS2Detection gEfiMdeModulePkgTokenSpaceGuid.PcdDetectPs2KbOnCmdAck + gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable From 13e23a2f0460ba05b144f7caf9b72515dc22badd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 12 Jan 2023 12:33:43 +0100 Subject: [PATCH 173/357] DasharoPayloadPkg: always compile and include Dasharo Boot Policies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 -- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 4 +--- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index e56aa2e38c..82c2722065 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -760,9 +760,7 @@ } !endif -!if $(DASHARO_SYSTEM_FEATURES_ENABLE) == TRUE DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf -!endif # # Random Number Generator diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 037948ba0a..1ff957d520 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -295,9 +295,7 @@ INF SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf } !endif -!if $(DASHARO_SYSTEM_FEATURES_ENABLE) == TRUE - INF DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf -!endif +INF DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf # # Random Number Generator From 5ca8789fe0e4bd105742c8a75d5ba3e6e05b54ac Mon Sep 17 00:00:00 2001 From: Kacper Stojek Date: Tue, 14 Feb 2023 15:26:49 +0100 Subject: [PATCH 174/357] DasharoPayloadPkg/DasharoPayloadPkg.dsc: Add PcdVTdPolicyPropertyMask Signed-off-by: Kacper Stojek --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + 1 file changed, 1 insertion(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 82c2722065..7a8033d4b2 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -524,6 +524,7 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|0 gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy|0 gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|0 + gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask|1 [PcdsDynamicHii] !if $(TPM_ENABLE) == TRUE From 8a82a453b8b8212b168ba38688160f2b10a9f16c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 21 Feb 2023 16:53:44 +0100 Subject: [PATCH 175/357] DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.c: set gEfiAuthenticatedVariableGuid as header MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.c b/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.c index bf8538f703..0b9654a2a6 100644 --- a/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.c +++ b/DasharoPayloadPkg/SmmStoreFvb/SmmStoreFvbRuntimeDxe.c @@ -153,7 +153,7 @@ InitializeFvAndVariableStoreHeaders ( // VARIABLE_STORE_HEADER // VariableStoreHeader = (VARIABLE_STORE_HEADER *)((UINTN)Headers + FirmwareVolumeHeader->HeaderLength); - CopyGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid); + CopyGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid); VariableStoreHeader->Size = PcdGet32 (PcdFlashNvStorageVariableSize) - FirmwareVolumeHeader->HeaderLength; VariableStoreHeader->Format = VARIABLE_STORE_FORMATTED; VariableStoreHeader->State = VARIABLE_STORE_HEALTHY; From 28b45657d3b699a8037ea3f0f372b5a12e337972 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 28 Feb 2023 14:49:12 +0100 Subject: [PATCH 176/357] DasharoPayloadPkg: add USB mouse driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + DasharoPayloadPkg/DasharoPayloadPkg.fdf | 1 + 2 files changed, 2 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 7a8033d4b2..050ce077d6 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -726,6 +726,7 @@ MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf + MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouseDxe.inf MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf MdeModulePkg/Bus/Usb/UsbMouseAbsolutePointerDxe/UsbMouseAbsolutePointerDxe.inf diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 1ff957d520..046a8fdc35 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -216,6 +216,7 @@ INF MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf INF MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf INF MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf +INF MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouseDxe.inf INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf INF MdeModulePkg/Bus/Usb/UsbMouseAbsolutePointerDxe/UsbMouseAbsolutePointerDxe.inf From df34c769e1970974081a9ec6ca5692779d78bc58 Mon Sep 17 00:00:00 2001 From: Karol Zmyslowski Date: Mon, 20 Feb 2023 14:31:52 +0100 Subject: [PATCH 177/357] DasharoPayloadPkg: hook up BootManagerEnable efivar MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Karol Zmyslowski Signed-off-by: Michał Kopeć Signed-off-by: Michał Żygowski --- .../PlatformBootManager.c | 79 +++++++++++++++++-- 1 file changed, 74 insertions(+), 5 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index acb4fcfa3d..524962f77f 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -253,6 +253,11 @@ RegisterBootManagerMenuAppBootOption ( EFI_BOOT_MANAGER_LOAD_OPTION NewOption; EFI_DEVICE_PATH_PROTOCOL *DevicePath; UINTN OptionNumber; + UINTN BootOptionCount; + BOOLEAN BootMenuEnable; + UINTN VarSize; + INTN OptionIndex; + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; DevicePath = FvFilePath (&mBootMenuFile); // Use LOAD_OPTION_HIDDEN to not display Boot Manager Menu App in @@ -270,7 +275,39 @@ RegisterBootManagerMenuAppBootOption ( ASSERT_EFI_ERROR (Status); FreePool (DevicePath); - Status = EfiBootManagerAddLoadOptionVariable (&NewOption, MAX_UINTN); + VarSize = sizeof (BootMenuEnable); + Status = gRT->GetVariable( + L"BootManagerEnabled", + &gDasharoSystemFeaturesGuid, + NULL, + &VarSize, + &BootMenuEnable + ); + + if (EFI_ERROR(Status) || VarSize != sizeof (BootMenuEnable)) { + DEBUG((EFI_D_ERROR, "Boot Manager option failure: %r, Size: %x, Enabled: %d\n", + Status, VarSize, BootMenuEnable)); + BootMenuEnable = TRUE; + } + + if (BootMenuEnable){ + DEBUG((EFI_D_INFO, "Registering Boot Manager app option\n")); + Status = EfiBootManagerAddLoadOptionVariable (&NewOption, MAX_UINTN); + } else { + DEBUG((EFI_D_INFO, "Unregistering Boot Manager app option\n")); + BootOptions = EfiBootManagerGetLoadOptions ( + &BootOptionCount, LoadOptionTypeBoot + ); + + OptionIndex = EfiBootManagerFindLoadOption ( + &NewOption, BootOptions, BootOptionCount + ); + + if (OptionIndex >= 0 && OptionIndex < BootOptionCount) { + Status = EfiBootManagerDeleteLoadOptionVariable (BootOptions[OptionIndex].OptionNumber, + BootOptions[OptionIndex].OptionType); + } + } ASSERT_EFI_ERROR (Status); OptionNumber = NewOption.OptionNumber; @@ -570,6 +607,11 @@ PlatformBootManagerBeforeConsole ( EFI_BOOT_MANAGER_LOAD_OPTION BootOption; UINTN OptionNumber; + // For Boot Menu Enabled functionality + EFI_STATUS Status; + BOOLEAN BootMenuEnable; + UINTN VarSize; + // // Register ENTER as CONTINUE key // @@ -579,7 +621,7 @@ PlatformBootManagerBeforeConsole ( // // Map ESC to Boot Manager Menu // - Esc.ScanCode = FixedPcdGet16(PcdSetupMenuKey);; + Esc.ScanCode = FixedPcdGet16(PcdSetupMenuKey); Esc.UnicodeChar = CHAR_NULL; EfiBootManagerGetBootManagerMenu (&BootOption); EfiBootManagerAddKeyOptionVariable (NULL, (UINT16) BootOption.OptionNumber, 0, &Esc, NULL); @@ -590,7 +632,21 @@ PlatformBootManagerBeforeConsole ( F12.ScanCode = FixedPcdGet16(PcdBootMenuKey); F12.UnicodeChar = CHAR_NULL; OptionNumber = GetBootManagerMenuAppOption (); - EfiBootManagerAddKeyOptionVariable (NULL, (UINT16)OptionNumber, 0, &F12, NULL); + + VarSize = sizeof (BootMenuEnable); + Status = gRT->GetVariable ( + L"BootManagerEnabled", + &gDasharoSystemFeaturesGuid, + NULL, + &VarSize, + &BootMenuEnable + ); + if (EFI_ERROR(Status) || VarSize != sizeof(BootMenuEnable) || BootMenuEnable) { + DEBUG((EFI_D_INFO, "Registering Boot Manager key option\n")); + EfiBootManagerAddKeyOptionVariable (NULL, (UINT16)OptionNumber, 0, &F12, NULL); + } else { + EfiBootManagerDeleteKeyOptionVariable(NULL, 0, &F12, NULL); + } // // Install ready to lock. @@ -814,6 +870,7 @@ PlatformBootManagerAfterConsole ( CHAR16 *BootMenuKey; CHAR16 *SetupMenuKey; BOOLEAN NetBootEnabled; + BOOLEAN BootMenuEnable; UINTN VarSize; Black.Blue = Black.Green = Black.Red = Black.Reserved = 0; @@ -879,8 +936,20 @@ PlatformBootManagerAfterConsole ( BootMenuKey = GetKeyStringFromScanCode (FixedPcdGet16(PcdBootMenuKey), L"F12"); SetupMenuKey = GetKeyStringFromScanCode (FixedPcdGet16(PcdSetupMenuKey), L"ESC"); - Print (L"%-5s to enter Setup\n%-5s to enter Boot Manager Menu\nENTER to boot directly", - SetupMenuKey, BootMenuKey); + VarSize = sizeof (BootMenuEnable); + Status = gRT->GetVariable ( + L"BootManagerEnabled", + &gDasharoSystemFeaturesGuid, + NULL, + &VarSize, + &BootMenuEnable + ); + Print (L"%-5s to enter Setup\n", SetupMenuKey); + + if (EFI_ERROR(Status) || VarSize != sizeof(BootMenuEnable) || BootMenuEnable) + Print (L"%-5s to enter Boot Manager Menu\n", BootMenuKey); + + Print (L"ENTER to boot directly\n"); } /** From c699643f187c6d4fa585c4ccb7f01102d57468b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 9 Mar 2023 11:55:20 +0100 Subject: [PATCH 178/357] DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c: add more debug logs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../Library/PlatformBootManagerLib/PlatformBootManager.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 524962f77f..73e971e49c 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -380,7 +380,10 @@ GetBootManagerMenuAppOption ( // // If not found the BootManagerMenuApp, create it. // + DEBUG((EFI_D_INFO, "Creating Boot Manager option\n")); OptionNumber = (UINT16) RegisterBootManagerMenuAppBootOption (); + } else { + DEBUG((EFI_D_INFO, "Boot Manager option number %d\n", OptionNumber)); } return OptionNumber; @@ -641,10 +644,15 @@ PlatformBootManagerBeforeConsole ( &VarSize, &BootMenuEnable ); + + DEBUG((EFI_D_ERROR, "Boot Manager option: %r, Size: %x, Enabled: %d\n", + Status, VarSize, BootMenuEnable)); + if (EFI_ERROR(Status) || VarSize != sizeof(BootMenuEnable) || BootMenuEnable) { DEBUG((EFI_D_INFO, "Registering Boot Manager key option\n")); EfiBootManagerAddKeyOptionVariable (NULL, (UINT16)OptionNumber, 0, &F12, NULL); } else { + DEBUG((EFI_D_INFO, "Unregistering Boot Manager key option\n")); EfiBootManagerDeleteKeyOptionVariable(NULL, 0, &F12, NULL); } From ee559db6b6c692179b3481ece45155407d379b0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 9 Mar 2023 12:43:49 +0100 Subject: [PATCH 179/357] DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c: reorganize Boot Manager registration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../PlatformBootManager.c | 92 +++++++++++-------- 1 file changed, 54 insertions(+), 38 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 73e971e49c..66ff7665e6 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -253,11 +253,6 @@ RegisterBootManagerMenuAppBootOption ( EFI_BOOT_MANAGER_LOAD_OPTION NewOption; EFI_DEVICE_PATH_PROTOCOL *DevicePath; UINTN OptionNumber; - UINTN BootOptionCount; - BOOLEAN BootMenuEnable; - UINTN VarSize; - INTN OptionIndex; - EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; DevicePath = FvFilePath (&mBootMenuFile); // Use LOAD_OPTION_HIDDEN to not display Boot Manager Menu App in @@ -275,46 +270,66 @@ RegisterBootManagerMenuAppBootOption ( ASSERT_EFI_ERROR (Status); FreePool (DevicePath); - VarSize = sizeof (BootMenuEnable); - Status = gRT->GetVariable( - L"BootManagerEnabled", - &gDasharoSystemFeaturesGuid, - NULL, - &VarSize, - &BootMenuEnable - ); + DEBUG((EFI_D_INFO, "Registering Boot Manager app option\n")); + Status = EfiBootManagerAddLoadOptionVariable (&NewOption, MAX_UINTN); + ASSERT_EFI_ERROR (Status); - if (EFI_ERROR(Status) || VarSize != sizeof (BootMenuEnable)) { - DEBUG((EFI_D_ERROR, "Boot Manager option failure: %r, Size: %x, Enabled: %d\n", - Status, VarSize, BootMenuEnable)); - BootMenuEnable = TRUE; - } + OptionNumber = NewOption.OptionNumber; - if (BootMenuEnable){ - DEBUG((EFI_D_INFO, "Registering Boot Manager app option\n")); - Status = EfiBootManagerAddLoadOptionVariable (&NewOption, MAX_UINTN); - } else { - DEBUG((EFI_D_INFO, "Unregistering Boot Manager app option\n")); - BootOptions = EfiBootManagerGetLoadOptions ( - &BootOptionCount, LoadOptionTypeBoot - ); + EfiBootManagerFreeLoadOption (&NewOption); - OptionIndex = EfiBootManagerFindLoadOption ( - &NewOption, BootOptions, BootOptionCount - ); + return OptionNumber; +} - if (OptionIndex >= 0 && OptionIndex < BootOptionCount) { - Status = EfiBootManagerDeleteLoadOptionVariable (BootOptions[OptionIndex].OptionNumber, - BootOptions[OptionIndex].OptionType); - } - } +/** + Delete one boot option for BootManagerMenuApp. + + @retval OptionNumber Return the option number info. + +**/ +EFI_STATUS +UnregisterBootManagerMenuAppBootOption ( + VOID + ) +{ + EFI_STATUS Status; + EFI_BOOT_MANAGER_LOAD_OPTION NewOption; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + UINTN BootOptionCount; + INTN OptionIndex; + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; + + DevicePath = FvFilePath (&mBootMenuFile); + // Use LOAD_OPTION_HIDDEN to not display Boot Manager Menu App in + // "One Time Boot" menu. + Status = EfiBootManagerInitializeLoadOption ( + &NewOption, + LoadOptionNumberUnassigned, + LoadOptionTypeBoot, + LOAD_OPTION_CATEGORY_APP | LOAD_OPTION_HIDDEN, + L"UEFI BootManagerMenuApp", + DevicePath, + NULL, + 0 + ); ASSERT_EFI_ERROR (Status); + FreePool (DevicePath); - OptionNumber = NewOption.OptionNumber; + DEBUG((EFI_D_INFO, "Unregistering Boot Manager app option\n")); + BootOptions = EfiBootManagerGetLoadOptions ( + &BootOptionCount, LoadOptionTypeBoot + ); - EfiBootManagerFreeLoadOption (&NewOption); + OptionIndex = EfiBootManagerFindLoadOption ( + &NewOption, BootOptions, BootOptionCount + ); - return OptionNumber; + if (OptionIndex >= 0 && OptionIndex < BootOptionCount) { + Status = EfiBootManagerDeleteLoadOptionVariable (BootOptions[OptionIndex].OptionNumber, + BootOptions[OptionIndex].OptionType); + } + + return Status; } /** @@ -634,7 +649,6 @@ PlatformBootManagerBeforeConsole ( // F12.ScanCode = FixedPcdGet16(PcdBootMenuKey); F12.UnicodeChar = CHAR_NULL; - OptionNumber = GetBootManagerMenuAppOption (); VarSize = sizeof (BootMenuEnable); Status = gRT->GetVariable ( @@ -650,10 +664,12 @@ PlatformBootManagerBeforeConsole ( if (EFI_ERROR(Status) || VarSize != sizeof(BootMenuEnable) || BootMenuEnable) { DEBUG((EFI_D_INFO, "Registering Boot Manager key option\n")); + OptionNumber = GetBootManagerMenuAppOption (); EfiBootManagerAddKeyOptionVariable (NULL, (UINT16)OptionNumber, 0, &F12, NULL); } else { DEBUG((EFI_D_INFO, "Unregistering Boot Manager key option\n")); EfiBootManagerDeleteKeyOptionVariable(NULL, 0, &F12, NULL); + UnregisterBootManagerMenuAppBootOption (); } // From fdccfd50ce6ae0cb8dc55ea9f207297ef69cd7c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Fri, 10 Mar 2023 16:50:38 +0100 Subject: [PATCH 180/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: add PCD to skip PS/2 detection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dec | 8 ++++++-- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 ++ .../PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + .../Library/PlatformBootManagerLib/PlatformConsole.c | 3 +++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index b643fe318c..099ab8ca8f 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -74,8 +74,12 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0x04|UINT32|0x100 gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0x04|UINT32|0x00000014 gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0xC0|UINT32|0x00000015 gDasharoPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x80|UINT32|0x00000016 - -gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|TRUE|BOOLEAN|0x00000017 +## Used to block PCI OptionROM loading +gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|TRUE|BOOLEAN|0x10000017 +## Used to skip PS/2 keyboard detection. +# Useful for laptops where the PS/2 keyboard is always connected. +# If set to TRUE, Boot Manager will unconditionally add PS keyboard to ConIn. +gDasharoPayloadPkgTokenSpaceGuid.PcdSkipPs2Detect|FALSE|BOOLEAN|0x10000018 [PcdsFixedAtBuild] ## Specifies the initial value for Register_A in RTC. diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 050ce077d6..6877750039 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -480,6 +480,8 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|$(MAX_LOGICAL_PROCESSORS) + gDasharoPayloadPkgTokenSpaceGuid.PcdSkipPs2Detect|FALSE + ################################################################################ # diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index f57caeed22..9999ed94d3 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -97,4 +97,5 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey gEfiMdeModulePkgTokenSpaceGuid.PcdFastPS2Detection gEfiMdeModulePkgTokenSpaceGuid.PcdDetectPs2KbOnCmdAck + gDasharoPayloadPkgTokenSpaceGuid.PcdSkipPs2Detect gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c index a80f195d1a..4a008a5eab 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c @@ -145,6 +145,9 @@ DetectPs2Keyboard ( TimeOut = 0; RegEmptied = 0; + if (PcdGetBool (PcdSkipPs2Detect)) + return TRUE; + // // Wait for input buffer empty // From 3cc082942ef64bf290ea382fea35a5f4c968b8f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 13 Mar 2023 15:26:38 +0100 Subject: [PATCH 181/357] DasharoPayloadPkg: add System76 EC logging driver from system76/edk2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 4 + .../Library/System76EcLib/System76EcLib.c | 144 ++++++++++++++++++ .../Library/System76EcLib/System76EcLib.inf | 28 ++++ .../Library/System76EcLib/System76EcLib.uni | 13 ++ 4 files changed, 189 insertions(+) create mode 100644 DasharoPayloadPkg/Library/System76EcLib/System76EcLib.c create mode 100644 DasharoPayloadPkg/Library/System76EcLib/System76EcLib.inf create mode 100644 DasharoPayloadPkg/Library/System76EcLib/System76EcLib.uni diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 6877750039..ed78ec614b 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -93,6 +93,7 @@ DEFINE DASHARO_SYSTEM_FEATURES_ENABLE = FALSE DEFINE SETUP_PASSWORD_ENABLE = FALSE DEFINE USE_CBMEM_FOR_CONSOLE = FALSE + DEFINE SYSTEM76_EC_LOGGING = FALSE DEFINE ABOVE_4G_MEMORY = TRUE DEFINE IOMMU_ENABLE = FALSE @@ -224,6 +225,9 @@ !if $(USE_CBMEM_FOR_CONSOLE) == TRUE SerialPortLib|UefiPayloadPkg/Library/CbSerialPortLib/CbSerialPortLib.inf PlatformHookLib|MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf +!elseif $(SYSTEM76_EC_LOGGING) == TRUE + SerialPortLib|DasharoPayloadPkg/Library/System76EcLib/System76EcLib.inf + PlatformHookLib|DasharoPayloadPkg/Library/System76EcLib/System76EcLib.inf !else SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf PlatformHookLib|DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf diff --git a/DasharoPayloadPkg/Library/System76EcLib/System76EcLib.c b/DasharoPayloadPkg/Library/System76EcLib/System76EcLib.c new file mode 100644 index 0000000000..9bb7a90606 --- /dev/null +++ b/DasharoPayloadPkg/Library/System76EcLib/System76EcLib.c @@ -0,0 +1,144 @@ +/** @file + System76 EC logging + + Copyright (c) 2020 System76, Inc. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +// From coreboot/src/drivers/system76_ec/system76_ec.c { +#define SYSTEM76_EC_BASE 0x0E00 + +static inline UINT8 system76_ec_read(UINT8 addr) { + return IoRead8(SYSTEM76_EC_BASE + (UINT16)addr); +} + +static inline void system76_ec_write(UINT8 addr, UINT8 data) { + IoWrite8(SYSTEM76_EC_BASE + (UINT16)addr, data); +} + +void system76_ec_init(void) { + // Clear entire command region + for (int i = 0; i < 256; i++) { + system76_ec_write((UINT8)i, 0); + } +} + +void system76_ec_flush(void) { + // Send command + system76_ec_write(0, 4); + + // Wait for command completion + while (system76_ec_read(0) != 0) {} + + // Clear length + system76_ec_write(3, 0); +} + +void system76_ec_print(UINT8 byte) { + // Read length + UINT8 len = system76_ec_read(3); + // Write data at offset + system76_ec_write(len + 4, byte); + // Update length + system76_ec_write(3, len + 1); + + // If we hit the end of the buffer, or were given a newline, flush + if (byte == '\n' || len >= 128) { + system76_ec_flush(); + } +} +// } From coreboot/src/drivers/system76_ec/system76_ec.c + +// Implement SerialPortLib { +#include + +RETURN_STATUS +EFIAPI +SerialPortInitialize ( + VOID + ) +{ + system76_ec_init(); + return RETURN_SUCCESS; +} + +UINTN +EFIAPI +SerialPortWrite ( + IN UINT8 *Buffer, + IN UINTN NumberOfBytes + ) +{ + if (Buffer == NULL) { + return 0; + } + + if (NumberOfBytes == 0) { + system76_ec_flush(); + return 0; + } + + for(UINTN i = 0; i < NumberOfBytes; i++) { + system76_ec_print(Buffer[i]); + } + + return NumberOfBytes; +} + +BOOLEAN +EFIAPI +SerialPortPoll ( + VOID + ) +{ + return FALSE; +} + +RETURN_STATUS +EFIAPI +SerialPortGetControl ( + OUT UINT32 *Control + ) +{ + return RETURN_UNSUPPORTED; +} + +RETURN_STATUS +EFIAPI +SerialPortSetControl ( + IN UINT32 Control + ) +{ + return RETURN_UNSUPPORTED; +} + +RETURN_STATUS +EFIAPI +SerialPortSetAttributes ( + IN OUT UINT64 *BaudRate, + IN OUT UINT32 *ReceiveFifoDepth, + IN OUT UINT32 *Timeout, + IN OUT EFI_PARITY_TYPE *Parity, + IN OUT UINT8 *DataBits, + IN OUT EFI_STOP_BITS_TYPE *StopBits + ) +{ + return RETURN_UNSUPPORTED; +} +// } Implement SerialPortLib + +// Implement PlatformHookLib { +#include + +RETURN_STATUS +EFIAPI +PlatformHookSerialPortInitialize ( + VOID + ) +{ + return RETURN_SUCCESS; +} +// } Implement PlatformHookLib diff --git a/DasharoPayloadPkg/Library/System76EcLib/System76EcLib.inf b/DasharoPayloadPkg/Library/System76EcLib/System76EcLib.inf new file mode 100644 index 0000000000..69f0e17831 --- /dev/null +++ b/DasharoPayloadPkg/Library/System76EcLib/System76EcLib.inf @@ -0,0 +1,28 @@ +## @file +# System76 EC logging. +# +# Copyright (c) 2020, System76, Inc. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = System76EcLib + MODULE_UNI_FILE = System76EcLib.uni + FILE_GUID = 76ECF0DD-148B-4E48-8589-FC998823F8C2 + MODULE_TYPE = BASE + VERSION_STRING = 0.1 + LIBRARY_CLASS = System76EcLib + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec + +[LibraryClasses] + IoLib + +[Sources] + System76EcLib.c + +[Pcd] diff --git a/DasharoPayloadPkg/Library/System76EcLib/System76EcLib.uni b/DasharoPayloadPkg/Library/System76EcLib/System76EcLib.uni new file mode 100644 index 0000000000..f0db62f232 --- /dev/null +++ b/DasharoPayloadPkg/Library/System76EcLib/System76EcLib.uni @@ -0,0 +1,13 @@ +// /** @file +// System76 EC logging. +// +// Copyright (c) 2020, System76, Inc. +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "System76 EC logging" + +#string STR_MODULE_DESCRIPTION #language en-US "System76 EC logging." + From 7854a5e6c322a89ac3b7241b60ab2d780f8927f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 21 Mar 2023 16:37:31 +0100 Subject: [PATCH 182/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: add SOL strings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dec | 2 + .../PlatformBootManager.c | 157 ++++++++++++++++++ .../PlatformBootManager.h | 3 + .../PlatformBootManagerLib.inf | 2 + 4 files changed, 164 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index 099ab8ca8f..073f008c45 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -95,3 +95,5 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey|0x0016|UINT16|0x00000007 ## Specifies the scan code of the key to enter boot menu gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey|0x0017|UINT16|0x00000008 + +gDasharoPayloadPkgTokenSpaceGuid.PcdPrintSolStrings|FALSE|BOOLEAN|0x0000000A diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 66ff7665e6..463ec7b903 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -872,6 +872,159 @@ WarnIfRecoveryBoot ( BootLogoEnableLogo (); } +/** + + Acquire the string associated with the Index from smbios structure and return it. + The caller is responsible for free the string buffer. + + @param OptionalStrStart The start position to search the string + @param Index The index of the string to extract + @param String The string that is extracted + + @retval EFI_SUCCESS The function returns EFI_SUCCESS always. + +**/ +EFI_STATUS +GetOptionalStringByIndex ( + IN CHAR8 *OptionalStrStart, + IN UINT8 Index, + OUT CHAR16 **String + ) +{ + UINTN StrSize; + + if (Index == 0) { + *String = AllocateZeroPool (sizeof (CHAR16)); + return EFI_SUCCESS; + } + + StrSize = 0; + do { + Index--; + OptionalStrStart += StrSize; + StrSize = AsciiStrSize (OptionalStrStart); + } while (OptionalStrStart[StrSize] != 0 && Index != 0); + + if ((Index != 0) || (StrSize == 1)) { + // + // Meet the end of strings set but Index is non-zero, or + // Find an empty string + // + *String = NULL; + return EFI_NOT_FOUND; + } else { + *String = AllocatePool (StrSize * sizeof (CHAR16)); + AsciiStrToUnicodeStrS (OptionalStrStart, *String, StrSize); + } + + return EFI_SUCCESS; +} + +STATIC +VOID +PrintSolStrings ( + VOID +) +{ + UINT8 StrIndex; + CHAR16 *FirmwareVersionString; + CHAR16 *EcVersionString; + CHAR16 *EcVariantString; + EFI_STATUS Status; + EFI_SMBIOS_HANDLE SmbiosHandle; + EFI_SMBIOS_PROTOCOL *Smbios; + SMBIOS_TABLE_TYPE0 *Type0Record; + SMBIOS_TABLE_TYPE11 *Type11Record; + EFI_SMBIOS_TABLE_HEADER *Record; + BOOLEAN GotType0; + BOOLEAN GotType11; + UINTN CurrentAttribute; + + GotType0 = FALSE; + GotType11 = FALSE; + + Status = gBS->LocateProtocol (&gEfiSmbiosProtocolGuid, NULL, (VOID **) &Smbios); + + if (EFI_ERROR(Status)) + return; + + SmbiosHandle = SMBIOS_HANDLE_PI_RESERVED; + Status = Smbios->GetNext (Smbios, &SmbiosHandle, NULL, &Record, NULL); + while (!EFI_ERROR(Status)) { + if (Record->Type == SMBIOS_TYPE_BIOS_INFORMATION) { + Type0Record = (SMBIOS_TABLE_TYPE0 *) Record; + StrIndex = Type0Record->BiosVersion; + Status = GetOptionalStringByIndex ((CHAR8*)((UINT8*)Type0Record + Type0Record->Hdr.Length), StrIndex, &FirmwareVersionString); + + if (!EFI_ERROR(Status) && (*FirmwareVersionString != 0x0000)) { + Print (L"Firmware version: %s\n", FirmwareVersionString); + } else { + Print (L"Firmware version: "); + CurrentAttribute = gST->ConOut->Mode->Attribute; + gST->ConOut->SetAttribute (gST->ConOut, EFI_RED | EFI_BRIGHT | EFI_BACKGROUND_BLACK); + Print (L"UNKNOWN\n"); + gST->ConOut->SetAttribute (gST->ConOut, CurrentAttribute); + } + GotType0 = TRUE; + } + + if (Record->Type == SMBIOS_TYPE_OEM_STRINGS) { + Type11Record = (SMBIOS_TABLE_TYPE11 *) Record; + if (Type11Record->StringCount < 2) { + DEBUG((EFI_D_ERROR, "Missing some EC strings\n")); + Print (L"EC firmware version: "); + CurrentAttribute = gST->ConOut->Mode->Attribute; + gST->ConOut->SetAttribute (gST->ConOut, EFI_RED | EFI_BRIGHT | EFI_BACKGROUND_BLACK); + Print (L"UNKNOWN\n"); + Print (L"Unable to detect EC firmware version!\n"); + Print (L"Please update your EC firmware per docs.dasharo.com instructions!\n"); + gST->ConOut->SetAttribute (gST->ConOut, CurrentAttribute); + } else { + // First string should be the EC variant + Status = GetOptionalStringByIndex ((CHAR8*)((UINT8*)Type11Record + Type11Record->Hdr.Length), 1, &EcVariantString); + // If string is not found or not open EC, print error straight away + if (EFI_ERROR(Status) || StrStr(EcVariantString, L"EC: unknown")) { + DEBUG((EFI_D_ERROR, "Missing EC variant string or EC variant reported as unknown\n")); + Print (L"EC firmware version: "); + CurrentAttribute = gST->ConOut->Mode->Attribute; + gST->ConOut->SetAttribute (gST->ConOut, EFI_RED | EFI_BRIGHT | EFI_BACKGROUND_BLACK); + Print (L"UNKNOWN\n"); + Print (L"Unable to detect EC firmware version!\n"); + Print (L"Please update your EC firmware per docs.dasharo.com instructions!\n"); + gST->ConOut->SetAttribute (gST->ConOut, CurrentAttribute); + } else { + // Second string should be the EC firmware version. + // Print it without any error if found, because it has to be open EC now + Status = GetOptionalStringByIndex ((CHAR8*)((UINT8*)Type11Record + Type11Record->Hdr.Length), 2, &EcVersionString); + if (EFI_ERROR(Status) || StrStr(EcVersionString, L"EC firmware version: unknown")) { + DEBUG((EFI_D_ERROR, "Missing EC version string or EC version reported as unknown\n")); + CurrentAttribute = gST->ConOut->Mode->Attribute; + gST->ConOut->SetAttribute (gST->ConOut, EFI_RED | EFI_BRIGHT | EFI_BACKGROUND_BLACK); + Print (L"UNKNOWN\n"); + Print (L"Unable to detect EC firmware version!\n"); + Print (L"Please update your EC firmware per docs.dasharo.com instructions!\n"); + gST->ConOut->SetAttribute (gST->ConOut, CurrentAttribute); + } else { + Print (L"%s\n", EcVersionString); + if (StrStr(EcVariantString, L"EC: proprietary")) { + CurrentAttribute = gST->ConOut->Mode->Attribute; + gST->ConOut->SetAttribute (gST->ConOut, EFI_RED | EFI_BRIGHT | EFI_BACKGROUND_BLACK); + Print (L"Proprietary EC firmware detected!\n"); + Print (L"Please update your EC firmware per docs.dasharo.com instructions!\n"); + gST->ConOut->SetAttribute (gST->ConOut, CurrentAttribute); + } + } + } + } + } + + if (GotType0 && GotType11) + break; + + Status = Smbios->GetNext (Smbios, &SmbiosHandle, NULL, &Record, NULL); + } +} + /** Do the platform specific action after the console is connected. @@ -968,6 +1121,10 @@ PlatformBootManagerAfterConsole ( &VarSize, &BootMenuEnable ); + + if (PcdGetBool (PcdPrintSolStrings)) + PrintSolStrings(); + Print (L"%-5s to enter Setup\n", SetupMenuKey); if (EFI_ERROR(Status) || VarSize != sizeof(BootMenuEnable) || BootMenuEnable) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h index 9697d0514a..9764a382a8 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h @@ -11,6 +11,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +#include +#include + #include #include #include diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 9999ed94d3..cbc072e1c5 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -78,6 +78,7 @@ gEfiSmmAccess2ProtocolGuid gEfiPciRootBridgeIoProtocolGuid ## CONSUMES gEfiDevicePathProtocolGuid ## CONSUMES + gEfiSmbiosProtocolGuid ## CONSUMES [Pcd] gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut @@ -99,3 +100,4 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdDetectPs2KbOnCmdAck gDasharoPayloadPkgTokenSpaceGuid.PcdSkipPs2Detect gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable + gDasharoPayloadPkgTokenSpaceGuid.PcdPrintSolStrings From 268a8b354197cea9c2e3c138a9fa02499befa6e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 12 Apr 2023 12:38:02 +0200 Subject: [PATCH 183/357] DasharoPayloadPkg: hide IOMMU if not enabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + 1 file changed, 1 insertion(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index ed78ec614b..e7e4df873a 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -640,6 +640,7 @@ NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerUiLib.inf gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|$(DASHARO_SYSTEM_FEATURES_ENABLE) + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions|$(IOMMU_ENABLE) } MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf From 2404dc383afa438e1489e3e27680af04b59c4530 Mon Sep 17 00:00:00 2001 From: maheshtammisetti Date: Thu, 9 Mar 2023 22:07:47 +0530 Subject: [PATCH 184/357] OvmfPkg: update OvmfPkgX64 to work with Dasharo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: maheshtammisetti Signed-off-by: Michał Żygowski Signed-off-by: Sergii Dmytruk --- .../Include/Dsc/OvmfTpmComponentsDxe.dsc.inc | 10 +++ .../Include/Dsc/OvmfTpmComponentsPei.dsc.inc | 3 + OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc | 2 +- OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc | 4 + OvmfPkg/Include/Fdf/OvmfTpmPei.fdf.inc | 3 + OvmfPkg/OvmfPkgX64.dsc | 85 ++++++++++++++++++- OvmfPkg/OvmfPkgX64.fdf | 35 ++++++++ 7 files changed, 138 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc index 75ae09571e..e8743b08b8 100644 --- a/OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc +++ b/OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc @@ -15,6 +15,10 @@ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf { + + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + } !if $(TPM1_ENABLE) == TRUE SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { @@ -25,4 +29,10 @@ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf } +!if $(OPAL_PASSWORD_ENABLE) == TRUE + SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf + } +!endif !endif diff --git a/OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc index fa486eed82..3383528036 100644 --- a/OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc +++ b/OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc @@ -23,4 +23,7 @@ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf } +!if $(OPAL_PASSWORD_ENABLE) == TRUE + SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.inf +!endif !endif diff --git a/OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc b/OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc index a65564d8d9..fcafe5b992 100644 --- a/OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc +++ b/OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## - DEFINE TPM2_ENABLE = FALSE + DEFINE TPM2_ENABLE = TRUE # has no effect unless TPM2_ENABLE == TRUE DEFINE TPM1_ENABLE = TRUE diff --git a/OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc b/OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc index 7fc2bf8590..6ae6606f0b 100644 --- a/OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc +++ b/OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc @@ -7,6 +7,10 @@ INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf !endif INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!if $(OPAL_PASSWORD_ENABLE) == TRUE +INF SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf +!endif !endif diff --git a/OvmfPkg/Include/Fdf/OvmfTpmPei.fdf.inc b/OvmfPkg/Include/Fdf/OvmfTpmPei.fdf.inc index 9f8b9bdd5b..c9993e3005 100644 --- a/OvmfPkg/Include/Fdf/OvmfTpmPei.fdf.inc +++ b/OvmfPkg/Include/Fdf/OvmfTpmPei.fdf.inc @@ -12,4 +12,7 @@ INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf !endif INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf +!if $(OPAL_PASSWORD_ENABLE) == TRUE +INF SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.inf +!endif !endif diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index bf4c7906c4..51799a9689 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -29,8 +29,8 @@ # Defines for default states. These can be changed on the command line. # -D FLAG=VALUE # - DEFINE SECURE_BOOT_ENABLE = FALSE - DEFINE SMM_REQUIRE = FALSE + DEFINE SECURE_BOOT_ENABLE = TRUE + DEFINE SMM_REQUIRE = TRUE DEFINE SOURCE_DEBUG_ENABLE = FALSE DEFINE CC_MEASUREMENT_ENABLE = FALSE @@ -41,6 +41,11 @@ # DEFINE BUILD_SHELL = TRUE + DEFINE SATA_PASSWORD_ENABLE = TRUE + DEFINE OPAL_PASSWORD_ENABLE = TRUE + DEFINE DASHARO_SYSTEM_FEATURES_ENABLE = TRUE + DEFINE SETUP_PASSWORD_ENABLE = TRUE + # # Network definition # @@ -210,6 +215,7 @@ LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf CcProbeLib|OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf !else + LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf !endif CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf @@ -227,6 +233,12 @@ DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + +!if $(OPAL_PASSWORD_ENABLE) == TRUE + TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf + TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf +!endif + !if $(NETWORK_TLS_ENABLE) == TRUE OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf !else @@ -344,6 +356,10 @@ MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf +!if $(TPM2_ENABLE) == TRUE + Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf +!endif + [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf @@ -618,6 +634,18 @@ # gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSecurityMenu|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIntelMeMenu|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowUsbMenu|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowNetworkMenu|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE + gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions|TRUE + ################################################################################ # # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform @@ -650,7 +678,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Base|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size|0x800000000 - gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|0 + gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|2 # Set video resolution for text setup. gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution|640 @@ -698,6 +726,8 @@ gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000 + gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask|1 + [PcdsDynamicHii] !include OvmfPkg/Include/Dsc/OvmfTpmPcdsHii.dsc.inc @@ -778,6 +808,10 @@ !include OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc +!if $(SATA_PASSWORD_ENABLE) == TRUE + SecurityPkg/HddPassword/HddPasswordPei.inf +!endif + # # DXE Phase modules # @@ -804,6 +838,13 @@ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc } +!if $(SETUP_PASSWORD_ENABLE) == TRUE + DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf { + + PlatformPasswordLib|DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf + } +!endif + MdeModulePkg/Universal/EbcDxe/EbcDxe.inf UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf @@ -855,13 +896,19 @@ MdeModulePkg/Application/UiApp/UiApp.inf { NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf + NULL|DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerUiLib.inf + + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|$(DASHARO_SYSTEM_FEATURES_ENABLE) } OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf { NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf } + + MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf + OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf OvmfPkg/Virtio10Dxe/Virtio10.inf OvmfPkg/VirtioBlkDxe/VirtioBlk.inf @@ -923,6 +970,7 @@ # # SMBIOS Support # + MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.inf MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf { NULL|OvmfPkg/Library/SmbiosVersionLib/DetectSmbiosVersionLib.inf @@ -946,6 +994,31 @@ OvmfPkg/VirtioNetDxe/VirtioNet.inf + +!if $(DASHARO_SYSTEM_FEATURES_ENABLE) == TRUE + DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf +!endif + + # + # Hash2 + # + SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf { + + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + } + + # + # PKCS7 Verification + # + SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf + + # + # SD/eMMC Support + # + MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf + MdeModulePkg/Bus/Sd/EmmcDxe/EmmcDxe.inf + MdeModulePkg/Bus/Sd/SdDxe/SdDxe.inf + # # Usb Support # @@ -1001,6 +1074,8 @@ !if $(SECURE_BOOT_ENABLE) == TRUE SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf + SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf + SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf !endif @@ -1092,3 +1167,7 @@ # TPM support # !include OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc + +!if $(SATA_PASSWORD_ENABLE) == TRUE + SecurityPkg/HddPassword/HddPasswordDxe.inf +!endif diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index f47ab1727e..e684ff96be 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -190,6 +190,10 @@ INF FILE_GUID = $(UP_CPU_PEI_GUID) UefiCpuPkg/CpuMpPei/CpuMpPei.inf !include OvmfPkg/Include/Fdf/OvmfTpmPei.fdf.inc +!if $(SATA_PASSWORD_ENABLE) == TRUE +INF SecurityPkg/HddPassword/HddPasswordPei.inf +!endif + ################################################################################ [FV.DXEFV] @@ -272,6 +276,8 @@ INF OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf !if $(SECURE_BOOT_ENABLE) == TRUE INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf + INF SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf + INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf !endif INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf @@ -284,6 +290,7 @@ INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf INF MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf INF MdeModulePkg/Application/UiApp/UiApp.inf +INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf INF OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf @@ -308,6 +315,7 @@ INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf INF OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf +INF MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.inf INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf INF OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf @@ -343,6 +351,25 @@ INF OvmfPkg/TdxDxe/TdxDxe.inf !include NetworkPkg/Network.fdf.inc INF OvmfPkg/VirtioNetDxe/VirtioNet.inf +INF DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf + +# +# Hash2 +# +INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf + +# +# PKCS7 Verification +# +INF SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf + +# +# SD/eMMC Support +# +INF MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf +INF MdeModulePkg/Bus/Sd/EmmcDxe/EmmcDxe.inf +INF MdeModulePkg/Bus/Sd/SdDxe/SdDxe.inf + # # Usb Support # @@ -402,6 +429,14 @@ INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf # !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc +!if $(SATA_PASSWORD_ENABLE) == TRUE +INF SecurityPkg/HddPassword/HddPasswordDxe.inf +!endif + +!if $(SETUP_PASSWORD_ENABLE) == TRUE +INF DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf +!endif + ################################################################################ [FV.FVMAIN_COMPACT] From 47973b41300761668fbbdab75cf6ef1e086a7d5d Mon Sep 17 00:00:00 2001 From: Sean Rhodes Date: Fri, 18 Feb 2022 07:52:25 -0700 Subject: [PATCH 185/357] DasharoPayloadPkg: Hookup SD/MMC timeout Hook SD_MMC_TIMEOUT build option to SdMmcGenericTimeoutValue PCD. Cc: Guo Dong Cc: Ray Ni Cc: Maurice Ma Cc: Benjamin You Signed-off-by: Sean Rhodes Reviewed-by: Maurice Ma Reviewed-by: Guo Dong --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index e7e4df873a..07b0b1f504 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -96,6 +96,7 @@ DEFINE SYSTEM76_EC_LOGGING = FALSE DEFINE ABOVE_4G_MEMORY = TRUE DEFINE IOMMU_ENABLE = FALSE + DEFINE SD_MMC_TIMEOUT = 1000000 # # Network definition @@ -423,6 +424,8 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey|$(SETUP_MENU_KEY) gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|$(LOAD_OPTION_ROMS) + gEfiMdeModulePkgTokenSpaceGuid.PcdSdMmcGenericTimeoutValue|$(SD_MMC_TIMEOUT) + !if $(SOURCE_DEBUG_ENABLE) gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 !endif From 3ad1e1b8510c2e3799dff4192fb159e96149c2d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sat, 12 Nov 2022 12:55:18 +0100 Subject: [PATCH 186/357] DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c: display popup before logo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../Library/PlatformBootManagerLib/PlatformBootManager.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 463ec7b903..337405825e 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -869,7 +869,6 @@ WarnIfRecoveryBoot ( gST->ConOut->SetAttribute (gST->ConOut, CurrentAttribute); gST->ConOut->ClearScreen (gST->ConOut); - BootLogoEnableLogo (); } /** @@ -1054,6 +1053,8 @@ PlatformBootManagerAfterConsole ( White.Blue = White.Green = White.Red = White.Reserved = 0xFF; gST->ConOut->ClearScreen (gST->ConOut); + WarnIfRecoveryBoot (); + BootLogoEnableLogo (); // FIXME: USB devices are not being detected unless we wait a bit. @@ -1062,8 +1063,6 @@ PlatformBootManagerAfterConsole ( EfiBootManagerConnectAll (); EfiBootManagerRefreshAllBootOption (); - WarnIfRecoveryBoot (); - // // Process TPM PPI request // From 6a484ff905ce91f9c970dbdf74b9d3cf11b47b04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 13 Jun 2023 15:36:37 +0200 Subject: [PATCH 187/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: clear screen and refresh logo on ReadyToBoot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski Co-authored-by: Krystian Hebel --- .../PlatformBootManager.c | 34 +++++++++++++++---- 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 337405825e..09ed51cb05 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -1024,6 +1024,26 @@ PrintSolStrings ( } } +/** + Refresh the logo on ReadyToBoot event. It will clear the screen from strings + + and progress bar when timeout is reached or continue key is pressed. + + @param Event Event pointer. + @param Context Context pass to this function. +**/ +VOID +EFIAPI +RefreshLogo ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + gBS->CloseEvent (Event); + gST->ConOut->ClearScreen (gST->ConOut); + BootLogoEnableLogo (); +} + /** Do the platform specific action after the console is connected. @@ -1048,6 +1068,7 @@ PlatformBootManagerAfterConsole ( BOOLEAN NetBootEnabled; BOOLEAN BootMenuEnable; UINTN VarSize; + EFI_EVENT Event; Black.Blue = Black.Green = Black.Red = Black.Reserved = 0; White.Blue = White.Green = White.Red = White.Reserved = 0xFF; @@ -1130,6 +1151,13 @@ PlatformBootManagerAfterConsole ( Print (L"%-5s to enter Boot Manager Menu\n", BootMenuKey); Print (L"ENTER to boot directly\n"); + + EfiCreateEventReadyToBootEx ( + TPL_CALLBACK, + RefreshLogo, + NULL, + &Event + ); } /** @@ -1160,12 +1188,6 @@ PlatformBootManagerWaitCallback ( (Timeout - TimeoutRemain) * 100 / Timeout, 0 ); - - if (TimeoutRemain == 0) { - gBS->Stall (100 * 1000); - gST->ConOut->ClearScreen (gST->ConOut); - BootLogoEnableLogo (); - } } /** From 4d12cb6cb1cb76c6df9615b18eba58320f643a57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 13 Jun 2023 16:36:33 +0200 Subject: [PATCH 188/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: disable cursor before clearing the screen MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../Library/PlatformBootManagerLib/PlatformBootManager.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 09ed51cb05..a88ba47ec9 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -1073,7 +1073,9 @@ PlatformBootManagerAfterConsole ( Black.Blue = Black.Green = Black.Red = Black.Reserved = 0; White.Blue = White.Green = White.Red = White.Reserved = 0xFF; + gST->ConOut->EnableCursor (gST->ConOut, FALSE); gST->ConOut->ClearScreen (gST->ConOut); + WarnIfRecoveryBoot (); BootLogoEnableLogo (); From bd391b98293cbf51e652b34560993c16924c5a4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 14 Jun 2023 15:05:31 +0200 Subject: [PATCH 189/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: drain input after closing the pop-up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../Library/PlatformBootManagerLib/PlatformBootManager.c | 1 + 1 file changed, 1 insertion(+) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index a88ba47ec9..bcef6f2dff 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -869,6 +869,7 @@ WarnIfRecoveryBoot ( gST->ConOut->SetAttribute (gST->ConOut, CurrentAttribute); gST->ConOut->ClearScreen (gST->ConOut); + DrainInput (); } /** From 08e095f0ffb8a7fec35553a5e4cdb7cb55226923 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 14 Jun 2023 15:37:53 +0200 Subject: [PATCH 190/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: register continue key after pop-up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../PlatformBootManagerLib/PlatformBootManager.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index bcef6f2dff..2768977f55 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -619,7 +619,6 @@ PlatformBootManagerBeforeConsole ( VOID ) { - EFI_INPUT_KEY Enter; EFI_INPUT_KEY Esc; EFI_INPUT_KEY F12; EFI_BOOT_MANAGER_LOAD_OPTION BootOption; @@ -630,12 +629,6 @@ PlatformBootManagerBeforeConsole ( BOOLEAN BootMenuEnable; UINTN VarSize; - // - // Register ENTER as CONTINUE key - // - Enter.ScanCode = SCAN_NULL; - Enter.UnicodeChar = CHAR_CARRIAGE_RETURN; - EfiBootManagerRegisterContinueKeyOption (0, &Enter, NULL); // // Map ESC to Boot Manager Menu // @@ -1070,6 +1063,7 @@ PlatformBootManagerAfterConsole ( BOOLEAN BootMenuEnable; UINTN VarSize; EFI_EVENT Event; + EFI_INPUT_KEY Enter; Black.Blue = Black.Green = Black.Red = Black.Reserved = 0; White.Blue = White.Green = White.Red = White.Reserved = 0xFF; @@ -1081,6 +1075,13 @@ PlatformBootManagerAfterConsole ( BootLogoEnableLogo (); + // + // Register ENTER as CONTINUE key + // + Enter.ScanCode = SCAN_NULL; + Enter.UnicodeChar = CHAR_CARRIAGE_RETURN; + EfiBootManagerRegisterContinueKeyOption (0, &Enter, NULL); + // FIXME: USB devices are not being detected unless we wait a bit. gBS->Stall (100 * 1000); From c5b7364502981e23f405311fe237d30bf408524b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 11 Jul 2023 12:46:58 +0200 Subject: [PATCH 191/357] DasharoPayloadPkg/Library/LaptopBatteryLib: Add library to query charger state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski Signed-off-by: Michał Kopeć --- .../Include/Library/LaptopBatteryLib.h | 68 ++++ .../LaptopBatteryLib/LaptopBatteryLib.c | 298 ++++++++++++++++++ .../LaptopBatteryLib/LaptopBatteryLib.inf | 33 ++ .../LaptopBatteryLib/LaptopBatteryLibNull.c | 69 ++++ .../LaptopBatteryLib/LaptopBatteryLibNull.inf | 28 ++ 5 files changed, 496 insertions(+) create mode 100644 DasharoPayloadPkg/Include/Library/LaptopBatteryLib.h create mode 100644 DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.c create mode 100644 DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.inf create mode 100644 DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLibNull.c create mode 100644 DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLibNull.inf diff --git a/DasharoPayloadPkg/Include/Library/LaptopBatteryLib.h b/DasharoPayloadPkg/Include/Library/LaptopBatteryLib.h new file mode 100644 index 0000000000..1b4f6b799c --- /dev/null +++ b/DasharoPayloadPkg/Include/Library/LaptopBatteryLib.h @@ -0,0 +1,68 @@ +/** @file + Library that query laptop EC for AC state and battery capacity. + +Copyright (c) 2023, 3mdeb. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include + +#ifndef __LAPTOP_BATTERY_LIB__ +#define __LAPTOP_BATTERY_LIB__ + +/** + This function retrieves the AC adapter connection state from EC. + + @param AcState Pointer to the AC state + + @retval RETURN_SUCCESS Successfully probed the AC connection state. + @retval RETURN_UNSUPPORTED Function is unsupported. + @retval RETURN_TIMEOUT EC cpommunication timeout. + @retval RETURN_INVALID_PARAMETER NULL pointer passed as parameter + +**/ +RETURN_STATUS +EFIAPI +LaptopGetAcState ( + BOOLEAN *AcState + ); + +/** + This function retrieves the battery connection state from EC. + + @param AcState Pointer to the AC state + + @retval RETURN_SUCCESS Successfully probed the battery connection state. + @retval RETURN_UNSUPPORTED Function is unsupported. + @retval RETURN_TIMEOUT EC cpommunication timeout. + @retval RETURN_INVALID_PARAMETER NULL pointer passed as parameter + +**/ +RETURN_STATUS +EFIAPI +LaptopGetBatState ( + BOOLEAN *BatState + ); + +/** + This function retrieves the current battery capacity from EC. + + @param BatteryCapacity Pointer to the battery capacity in percent + + @retval RETURN_SUCCESS Successfully probed the battery capacity. + @retval RETURN_UNSUPPORTED Function is unsupported. + @retval RETURN_TIMEOUT EC cpommunication timeout. + @retval RETURN_INVALID_PARAMETER NULL pointer passed as parameter + +**/ +RETURN_STATUS +EFIAPI +LaptopGetBatteryCapacity ( + UINT32 *BatteryCapacity + ); + +#endif diff --git a/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.c b/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.c new file mode 100644 index 0000000000..d02e7e23a4 --- /dev/null +++ b/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.c @@ -0,0 +1,298 @@ +/** @file + Library that query laptop EC for AC state and battery capacity. + +Copyright (c) 2023, 3mdeb. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#define EC_POLL_DELAY_US 10 +#define EC_SEND_TIMEOUT_US 20000 // 20ms +#define EC_RECV_TIMEOUT_US 320000 // 320ms + +#define EC_SC 0x66 +#define EC_DATA 0x62 + +#define EC_CMD (1 << 3) +#define EC_IBF (1 << 1) +#define EC_OBF (1 << 0) + +#define RD_EC 0x80 + +#define CHARGER_STATE_REG 0x10 +#define AC_STATE (1 << 0) +#define BAT_STATE (1 << 2) +#define BAT_FULL_CAP_REG 0x1a +#define BAT_REMAIN_CAP_REG 0x2e + +RETURN_STATUS +EcScWait ( + UINTN TimeoutUs, + UINT8 Mask, + UINT8 State + ) +{ + while (TimeoutUs > 0 && (IoRead8(EC_SC) & Mask) != State) { + MicroSecondDelay(EC_POLL_DELAY_US); + TimeoutUs -= EC_POLL_DELAY_US; + } + + return TimeoutUs > 0 ? RETURN_SUCCESS : RETURN_TIMEOUT; +} + +RETURN_STATUS +EcReadySend ( + UINTN TimeoutUs + ) +{ + return EcScWait(TimeoutUs, EC_IBF, 0); +} + +RETURN_STATUS +EcReadyRecv ( + UINTN TimeoutUs + ) +{ + return EcScWait(TimeoutUs, EC_OBF, EC_OBF); +} + +RETURN_STATUS +EcRecvDataTimeout ( + UINT8 *Data, + UINTN TimeoutUs + ) +{ + RETURN_STATUS Status; + + if (!Data) + return RETURN_INVALID_PARAMETER; + + Status = EcReadyRecv(TimeoutUs); + + if (Status != RETURN_SUCCESS) + return Status; + + *Data = IoRead8(EC_DATA); + + return RETURN_SUCCESS; +} + +RETURN_STATUS +EcSendDataTimeout ( + UINT8 Data, + UINTN TimeoutUs + ) +{ + RETURN_STATUS Status; + + Status = EcReadySend(TimeoutUs); + + if (Status != RETURN_SUCCESS) + return Status; + + IoWrite8(EC_DATA, Data); + + return RETURN_SUCCESS; +} + +RETURN_STATUS +EcSendCmdTimeout ( + UINT8 Cmd, + UINTN TimeoutUs + ) +{ + RETURN_STATUS Status; + + if (!Cmd) + return RETURN_INVALID_PARAMETER; + + Status = EcReadySend(TimeoutUs); + + if (Status != RETURN_SUCCESS) + return Status; + + IoWrite8(EC_SC, Cmd); + + return RETURN_SUCCESS; +} + +RETURN_STATUS +EcSendCmd ( + UINT8 Cmd + ) +{ + return EcSendCmdTimeout(Cmd, EC_SEND_TIMEOUT_US); +} + +RETURN_STATUS +EcSendData ( + UINT8 Data + ) +{ + return EcSendDataTimeout(Data, EC_SEND_TIMEOUT_US); +} + +RETURN_STATUS +EcRecvData ( + UINT8 *Data + ) +{ + return EcRecvDataTimeout(Data, EC_RECV_TIMEOUT_US); +} + +RETURN_STATUS +EcReadReg ( + UINT8 Reg, + UINT8 *Data + ) +{ + RETURN_STATUS Status; + + Status = EcSendCmd(RD_EC); + + if (Status != RETURN_SUCCESS) + return Status; + + Status = EcSendData(Reg); + + if (Status != RETURN_SUCCESS) + return Status; + + return EcRecvData(Data); +} + +RETURN_STATUS +EcReadReg32 ( + UINT8 Reg, + UINT32 *Data32 + ) +{ + RETURN_STATUS Status; + UINT8 Data8[4]; + UINTN Index; + + if (!Data32) + return RETURN_INVALID_PARAMETER; + + *Data32 = 0; + + for (Index = 0; Index < 4; Index++) { + Status = EcReadReg(Reg + Index, &Data8[Index]); + + if (Status != RETURN_SUCCESS) + return Status; + + *Data32 |= (UINT32)Data8[Index] << (8 * Index); + } + + return RETURN_SUCCESS; +} + +/** + This function retrieves the AC adapter connection state from EC. + + @param AcState Pointer to the AC state + + @retval RETURN_SUCCESS Successfully probed the battery capacity. + @retval RETURN_UNSUPPORTED Function is unsupported. + @retval RETURN_TIMEOUT EC cpommunication timeout. + @retval RETURN_INVALID_PARAMETER NULL pointer passed as parameter + +**/ +RETURN_STATUS +EFIAPI +LaptopGetAcState ( + BOOLEAN *AcState + ) +{ + RETURN_STATUS Status; + UINT8 ChargerState; + + Status = EcReadReg(CHARGER_STATE_REG, &ChargerState); + + if (Status != RETURN_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Failed to read AC adapter state: %r\n", Status)); + return Status; + } + + *AcState = (ChargerState & AC_STATE) ? TRUE : FALSE; + + return RETURN_SUCCESS; +} + +/** + This function retrieves the battery connection state from EC. + + @param AcState Pointer to the AC state + + @retval RETURN_SUCCESS Successfully probed the battery connection state. + @retval RETURN_UNSUPPORTED Function is unsupported. + @retval RETURN_TIMEOUT EC cpommunication timeout. + @retval RETURN_INVALID_PARAMETER NULL pointer passed as parameter + +**/ +RETURN_STATUS +EFIAPI +LaptopGetBatState ( + BOOLEAN *BatState + ) +{ + RETURN_STATUS Status; + UINT8 ChargerState; + + Status = EcReadReg(CHARGER_STATE_REG, &ChargerState); + + if (Status != RETURN_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Failed to read battery connection state: %r\n", Status)); + return Status; + } + + *BatState = (ChargerState & BAT_STATE) ? TRUE : FALSE; + + return RETURN_SUCCESS; +} + +/** + This function retrieves the current battery capacity from EC. + + @param BatteryCapacity Pointer to the battery capacity in percent + + @retval RETURN_SUCCESS Successfully probed the battery capacity. + @retval RETURN_UNSUPPORTED Function is unsupported. + @retval RETURN_TIMEOUT EC cpommunication timeout. + @retval RETURN_INVALID_PARAMETER NULL pointer passed as parameter + +**/ +RETURN_STATUS +EFIAPI +LaptopGetBatteryCapacity ( + UINT32 *BatteryCapacity + ) +{ + RETURN_STATUS Status; + UINT32 LastFullChargeCap; + UINT32 RemainingCap; + + Status = EcReadReg32(BAT_FULL_CAP_REG, &LastFullChargeCap); + + if (Status != RETURN_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Failed to read battery last full charge capacity: %r\n", Status)); + return Status; + } + + Status = EcReadReg32(BAT_REMAIN_CAP_REG, &RemainingCap); + + if (Status != RETURN_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Failed to read battery remaining capacity: %r\n", Status)); + return Status; + } + + *BatteryCapacity = RemainingCap * 100 / LastFullChargeCap; + + if (*BatteryCapacity > 100) + DEBUG ((DEBUG_WARN, "Battery capacity over 100%%: %d%%\n", *BatteryCapacity)); + + return RETURN_SUCCESS; +} diff --git a/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.inf b/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.inf new file mode 100644 index 0000000000..cd6a6ae619 --- /dev/null +++ b/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.inf @@ -0,0 +1,33 @@ +## @file +# Include all platform specific features which can be customized by IBV/OEM. +# +# Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = LaptopBatteryLib + FILE_GUID = 5D0D7B0F-E2BB-499A-B658-18B93068BC22 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = LaptopBatteryLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + LaptopBatteryLib.c + +[Packages] + MdePkg/MdePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec + +[LibraryClasses] + IoLib + TimerLib + DebugLib diff --git a/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLibNull.c b/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLibNull.c new file mode 100644 index 0000000000..268bdbbd56 --- /dev/null +++ b/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLibNull.c @@ -0,0 +1,69 @@ +/** @file + Library that query laptop EC for AC state and battery capacity. + +Copyright (c) 2023, 3mdeb. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +/** + This function retrieves the AC adapter connection state from EC. + + @param AcState Pointer to the AC state + + @retval RETURN_SUCCESS Successfully probed the battery capacity. + @retval RETURN_UNSUPPORTED Function is unsupported. + @retval RETURN_TIMEOUT EC cpommunication timeout. + @retval RETURN_INVALID_PARAMETER NULL pointer passed as parameter + +**/ +RETURN_STATUS +EFIAPI +LaptopGetAcState ( + BOOLEAN *AcState + ) +{ + return RETURN_UNSUPPORTED; +} + +/** + This function retrieves the battery connection state from EC. + + @param AcState Pointer to the AC state + + @retval RETURN_SUCCESS Successfully probed the battery connection state. + @retval RETURN_UNSUPPORTED Function is unsupported. + @retval RETURN_TIMEOUT EC cpommunication timeout. + @retval RETURN_INVALID_PARAMETER NULL pointer passed as parameter + +**/ +RETURN_STATUS +EFIAPI +LaptopGetBatState ( + BOOLEAN *BatState + ) +{ + return RETURN_UNSUPPORTED; +} + +/** + This function retrieves the current battery capacity from EC. + + @param BatteryCapacity Pointer to the battery capacity in percent + + @retval RETURN_SUCCESS Successfully probed the battery capacity. + @retval RETURN_UNSUPPORTED Function is unsupported. + @retval RETURN_TIMEOUT EC cpommunication timeout. + @retval RETURN_INVALID_PARAMETER NULL pointer passed as parameter + +**/ +RETURN_STATUS +EFIAPI +LaptopGetBatteryCapacity ( + UINT32 *BatteryCapacity + ) +{ + return RETURN_UNSUPPORTED; +} diff --git a/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLibNull.inf b/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLibNull.inf new file mode 100644 index 0000000000..fbe651994d --- /dev/null +++ b/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLibNull.inf @@ -0,0 +1,28 @@ +## @file +# Include all platform specific features which can be customized by IBV/OEM. +# +# Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = LaptopBatteryLib + FILE_GUID = 5D0D7B0F-E2BB-499A-B658-18B93068BC22 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = LaptopBatteryLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + LaptopBatteryLibNull.c + +[Packages] + MdePkg/MdePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec From b4a816c3f8b5daa8add286caff6b404a5e8bb27a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 11 Jul 2023 12:48:46 +0200 Subject: [PATCH 192/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: Add battery warning pop-up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 6 + .../PlatformBootManager.c | 187 ++++++++++++++++++ .../PlatformBootManager.h | 2 + .../PlatformBootManagerLib.inf | 1 + 4 files changed, 196 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 07b0b1f504..46eeff020c 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -97,6 +97,7 @@ DEFINE ABOVE_4G_MEMORY = TRUE DEFINE IOMMU_ENABLE = FALSE DEFINE SD_MMC_TIMEOUT = 1000000 + DEFINE BATTERY_CHECK = FALSE # # Network definition @@ -376,6 +377,11 @@ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf !endif +!if $(BATTERY_CHECK) + LaptopBatteryLib|DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.inf +!else + LaptopBatteryLib|DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLibNull.inf +!endif [LibraryClasses.common.DXE_RUNTIME_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 2768977f55..43c504f378 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -865,6 +865,192 @@ WarnIfRecoveryBoot ( DrainInput (); } +STATIC +VOID +WarnIfBatteryLow ( + VOID +) +{ + EFI_STATUS Status; + EFI_EVENT TimerEvent; + EFI_EVENT Events[2]; + UINTN Index; + EFI_INPUT_KEY Key; + RETURN_STATUS RetStatus; + UINT32 BatteryCapacity; + BOOLEAN AcConnected; + BOOLEAN BatteryConnected; + BOOLEAN BatteryTooLow; + CHAR16 BatteryCapLine[81]; + CHAR16 DelayLine[81]; + BOOLEAN CursorVisible; + BOOLEAN EcReadDataFailure; + UINTN CurrentAttribute; + UINTN SecondsLeft; + EFI_TPL OriginalTPL; + + BatteryTooLow = FALSE; + EcReadDataFailure = FALSE; + + OriginalTPL = gBS->RaiseTPL (TPL_HIGH_LEVEL); + RetStatus = LaptopGetAcState(&AcConnected); + + if (RetStatus == RETURN_UNSUPPORTED) { + gBS->RestoreTPL (OriginalTPL); + return; + } + + if (RetStatus != RETURN_SUCCESS) + EcReadDataFailure = TRUE; + + RetStatus = LaptopGetBatState(&BatteryConnected); + if (RetStatus != RETURN_SUCCESS) + EcReadDataFailure = TRUE; + + /* We only need the baterry capacity if AC not connected */ + if (!EcReadDataFailure && !AcConnected && BatteryConnected) { + RetStatus = LaptopGetBatteryCapacity(&BatteryCapacity); + if (RetStatus != RETURN_SUCCESS) + EcReadDataFailure = TRUE; + } + + gBS->RestoreTPL (OriginalTPL); + + /* Check if there is a need to display a warning */ + if (!EcReadDataFailure && BatteryConnected) { + if(AcConnected) + return; + if(!AcConnected && BatteryCapacity >= 5) + return; + } + + if (!EcReadDataFailure && !AcConnected && + BatteryConnected && BatteryCapacity < 5) + BatteryTooLow = TRUE; + + Status = gBS->CreateEvent ( + EVT_TIMER, + TPL_CALLBACK, + NULL, + NULL, + &TimerEvent + ); + ASSERT_EFI_ERROR (Status); + + CurrentAttribute = gST->ConOut->Mode->Attribute; + CursorVisible = gST->ConOut->Mode->CursorVisible; + + gST->ConOut->EnableCursor (gST->ConOut, FALSE); + + DrainInput (); + gBS->SetTimer (TimerEvent, TimerPeriodic, 1 * 1000 * 1000 * 10); + + Events[0] = gST->ConIn->WaitForKey; + Events[1] = TimerEvent; + + SecondsLeft = 10; + while (SecondsLeft > 0) { + if (BatteryTooLow) { + UnicodeSPrint ( + BatteryCapLine, + sizeof (BatteryCapLine), + L"Current battery capacity: %d%%", + BatteryCapacity + ); + + UnicodeSPrint ( + DelayLine, + sizeof (DelayLine), + L"(The laptop will shut down automatically in %d second%a.)", + SecondsLeft, + SecondsLeft == 1 ? "" : "s" + ); + + CreateMultiStringPopUp ( + 78, + 11, + L"!!! WARNING !!!", + L"", + L"The laptop's current battery is critically low (< 5%).", + L"To protect your disk data from corruption due to abrupt shut down,", + L"the laptop will power off now. Please plug the AC adapter and power", + L"the laptop on again to boot.", + L"", + BatteryCapLine, + L"", + L"Press ENTER key to shut down immediately.", + DelayLine + ); + } else if (!EcReadDataFailure && AcConnected && !BatteryConnected) { + UnicodeSPrint ( + DelayLine, + sizeof (DelayLine), + L"(The boot process will continue automatically in %d second%a.)", + SecondsLeft, + SecondsLeft == 1 ? "" : "s" + ); + + CreateMultiStringPopUp ( + 78, + 7, + L"!!! WARNING !!!", + L"", + L"The laptop's battery is not detected!", + L"Please check the battery connection or contact the manufacturer.", + L"", + L"Press ENTER key to continue.", + DelayLine + ); + } else if (EcReadDataFailure) { + UnicodeSPrint ( + DelayLine, + sizeof (DelayLine), + L"(The boot process will continue automatically in %d second%a.)", + SecondsLeft, + SecondsLeft == 1 ? "" : "s" + ); + + CreateMultiStringPopUp ( + 78, + 7, + L"!!! ERROR !!!", + L"", + L"Could not retrieve information about AC and battery state!", + L"Please contact the manufacturer.", + L"", + L"Press ENTER key to continue.", + DelayLine + ); + } + + Status = gBS->WaitForEvent (2, Events, &Index); + ASSERT_EFI_ERROR (Status); + + if (Index == 0) { + Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); + ASSERT_EFI_ERROR (Status); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + break; + } + } else { + SecondsLeft--; + } + } + + Status = gBS->CloseEvent (TimerEvent); + ASSERT_EFI_ERROR (Status); + + if (BatteryTooLow) + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + + gST->ConOut->EnableCursor (gST->ConOut, CursorVisible); + gST->ConOut->SetAttribute (gST->ConOut, CurrentAttribute); + + gST->ConOut->ClearScreen (gST->ConOut); + DrainInput (); +} + /** Acquire the string associated with the Index from smbios structure and return it. @@ -1071,6 +1257,7 @@ PlatformBootManagerAfterConsole ( gST->ConOut->EnableCursor (gST->ConOut, FALSE); gST->ConOut->ClearScreen (gST->ConOut); + WarnIfBatteryLow (); WarnIfRecoveryBoot (); BootLogoEnableLogo (); diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h index 9764a382a8..a886ee75a9 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h @@ -32,6 +32,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +#include + typedef struct { EFI_DEVICE_PATH_PROTOCOL *DevicePath; UINTN ConnectType; diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index cbc072e1c5..3057ee2a7f 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -53,6 +53,7 @@ PlatformHookLib Tcg2PhysicalPresenceLib CustomizedDisplayLib + LaptopBatteryLib [Guids] gEfiEndOfDxeEventGroupGuid From debf3c3a6dff61357f1a73aa4780d129064e1d96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 11 Jul 2023 13:08:23 +0200 Subject: [PATCH 193/357] DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.c: Debug charger state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../LaptopBatteryLib/LaptopBatteryLib.c | 32 ++++++++++++------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.c b/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.c index d02e7e23a4..7beafde4a0 100644 --- a/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.c +++ b/DasharoPayloadPkg/Library/LaptopBatteryLib/LaptopBatteryLib.c @@ -64,7 +64,7 @@ EcRecvDataTimeout ( UINTN TimeoutUs ) { - RETURN_STATUS Status; + EFI_STATUS Status; if (!Data) return RETURN_INVALID_PARAMETER; @@ -85,7 +85,7 @@ EcSendDataTimeout ( UINTN TimeoutUs ) { - RETURN_STATUS Status; + EFI_STATUS Status; Status = EcReadySend(TimeoutUs); @@ -103,7 +103,7 @@ EcSendCmdTimeout ( UINTN TimeoutUs ) { - RETURN_STATUS Status; + EFI_STATUS Status; if (!Cmd) return RETURN_INVALID_PARAMETER; @@ -148,17 +148,21 @@ EcReadReg ( UINT8 *Data ) { - RETURN_STATUS Status; + EFI_STATUS Status; Status = EcSendCmd(RD_EC); - if (Status != RETURN_SUCCESS) - return Status; + if (Status != RETURN_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Failed to send read EC command for reg %02x: %r\n", Reg, Status)); + return Status; + } Status = EcSendData(Reg); - if (Status != RETURN_SUCCESS) - return Status; + if (Status != RETURN_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Failed to send read EC address %02x: %r\n", Reg, Status)); + return Status; + } return EcRecvData(Data); } @@ -207,7 +211,7 @@ LaptopGetAcState ( BOOLEAN *AcState ) { - RETURN_STATUS Status; + EFI_STATUS Status; UINT8 ChargerState; Status = EcReadReg(CHARGER_STATE_REG, &ChargerState); @@ -219,6 +223,8 @@ LaptopGetAcState ( *AcState = (ChargerState & AC_STATE) ? TRUE : FALSE; + DEBUG ((DEBUG_INFO, "AC adapter %aconnected\n", *AcState ? "" : "dis")); + return RETURN_SUCCESS; } @@ -239,7 +245,7 @@ LaptopGetBatState ( BOOLEAN *BatState ) { - RETURN_STATUS Status; + EFI_STATUS Status; UINT8 ChargerState; Status = EcReadReg(CHARGER_STATE_REG, &ChargerState); @@ -251,6 +257,8 @@ LaptopGetBatState ( *BatState = (ChargerState & BAT_STATE) ? TRUE : FALSE; + DEBUG ((DEBUG_INFO, "Battery %aconnected\n", *BatState ? "" : "dis")); + return RETURN_SUCCESS; } @@ -271,7 +279,7 @@ LaptopGetBatteryCapacity ( UINT32 *BatteryCapacity ) { - RETURN_STATUS Status; + EFI_STATUS Status; UINT32 LastFullChargeCap; UINT32 RemainingCap; @@ -293,6 +301,8 @@ LaptopGetBatteryCapacity ( if (*BatteryCapacity > 100) DEBUG ((DEBUG_WARN, "Battery capacity over 100%%: %d%%\n", *BatteryCapacity)); + else + DEBUG ((DEBUG_INFO, "Battery capacity: %d%%\n", *BatteryCapacity)); return RETURN_SUCCESS; } From b14e620e609edd06faa3b65a105aedfca9db5608 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 18 Jul 2023 13:34:09 +0200 Subject: [PATCH 194/357] MdePkg,NetwokrPkg: Do not use AIP InformationBlock if its size is 0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- MdePkg/Library/DxeHstiLib/HstiDxe.c | 2 +- NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 13 +++++++++++++ .../WifiConnectionMgrImpl.c | 8 ++++++-- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/MdePkg/Library/DxeHstiLib/HstiDxe.c b/MdePkg/Library/DxeHstiLib/HstiDxe.c index d895599cd4..e5aae13931 100644 --- a/MdePkg/Library/DxeHstiLib/HstiDxe.c +++ b/MdePkg/Library/DxeHstiLib/HstiDxe.c @@ -105,7 +105,7 @@ InternalHstiFindAip ( &InformationBlock, &InformationBlockSize ); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || InformationBlockSize == 0) { continue; } diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c index fd4a9e15a8..3b93d6c9e8 100644 --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c @@ -2641,6 +2641,13 @@ NetLibDetectMediaWaitTimeout ( &DataSize ); if (!EFI_ERROR (Status)) { + if (DataSize == 0) { + if (MediaInfo != NULL) { + FreePool (MediaInfo); + } + return EFI_NOT_FOUND; + } + *MediaState = MediaInfo->MediaState; FreePool (MediaInfo); if ((*MediaState != EFI_NOT_READY) || (Timeout < MEDIA_STATE_DETECT_TIME_INTERVAL)) { @@ -2704,6 +2711,12 @@ NetLibDetectMediaWaitTimeout ( &DataSize ); if (!EFI_ERROR (Status)) { + if (DataSize == 0) { + if (MediaInfo != NULL) { + FreePool (MediaInfo); + } + return EFI_NOT_FOUND; + } *MediaState = MediaInfo->MediaState; FreePool (MediaInfo); } else { diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c index 4c5460b65c..b6140605b4 100644 --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c @@ -830,8 +830,12 @@ WifiMgrGetLinkState ( gBS->RestoreTPL (OldTpl); - CopyMem (LinkState, UndiState, sizeof (EFI_ADAPTER_INFO_MEDIA_STATE)); - FreePool (UndiState); + if (DataSize != 0) { + CopyMem (LinkState, UndiState, sizeof (EFI_ADAPTER_INFO_MEDIA_STATE)); + FreePool (UndiState); + } else { + return EFI_NOT_FOUND; + } return EFI_SUCCESS; } From 3c925ebd6fdbaeb716080dd2fb33d7c20b518f88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 18 Jul 2023 14:47:28 +0200 Subject: [PATCH 195/357] SecurityPkg/Tcg/Opal/OpalPassword: check for both BLOCK_IO and BLOCK_IO2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../Tcg/Opal/OpalPassword/OpalDriver.c | 98 +++++++++++++------ .../Tcg/Opal/OpalPassword/OpalDriver.h | 1 + .../Tcg/Opal/OpalPassword/OpalPasswordDxe.inf | 1 + 3 files changed, 69 insertions(+), 31 deletions(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c index fc90cb0a6b..4c61dcb726 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -2418,6 +2418,13 @@ OpalDriverStopDevice ( Dev->Handle ); + gBS->CloseProtocol( + Dev->Handle, + &gEfiBlockIo2ProtocolGuid, + gOpalDriverBinding.DriverBindingHandle, + Dev->Handle + ); + FreePool (Dev); } @@ -2789,11 +2796,13 @@ OpalEfiDriverBindingStart ( IN EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath ) { - EFI_STATUS Status; - EFI_BLOCK_IO_PROTOCOL *BlkIo; - OPAL_DRIVER_DEVICE *Dev; - OPAL_DRIVER_DEVICE *Itr; - BOOLEAN Result; + EFI_STATUS Status; + EFI_STATUS Status2; + EFI_BLOCK_IO_PROTOCOL *BlkIo; + EFI_BLOCK_IO2_PROTOCOL *BlkIo2; + OPAL_DRIVER_DEVICE *Dev; + OPAL_DRIVER_DEVICE *Itr; + BOOLEAN Result; Itr = mOpalDriver.DeviceList; while (Itr != NULL) { @@ -2832,8 +2841,8 @@ OpalEfiDriverBindingStart ( } // - // Open EFI_BLOCK_IO_PROTOCOL on controller Handle, required by EFI_STORAGE_SECURITY_COMMAND_PROTOCOL - // function APIs + // Open EFI_BLOCK_IO_PROTOCOL or EFI_BLOCK_IO2_PROTOCOL on controller + // Handle, required by EFI_STORAGE_SECURITY_COMMAND_PROTOCOL function APIs // Status = gBS->OpenProtocol ( Controller, @@ -2843,43 +2852,70 @@ OpalEfiDriverBindingStart ( Controller, EFI_OPEN_PROTOCOL_BY_DRIVER ); + + if (Status == EFI_UNSUPPORTED) + BlkIo = NULL; + if (EFI_ERROR (Status)) { - // - // Block_IO not supported on handle - // - if (Status == EFI_UNSUPPORTED) { - BlkIo = NULL; - } else { + Status2 = gBS->OpenProtocol( + Controller, + &gEfiBlockIo2ProtocolGuid, + (VOID **)&BlkIo2, + This->DriverBindingHandle, + Controller, + EFI_OPEN_PROTOCOL_BY_DRIVER + ); + + if (EFI_ERROR (Status2)) { // - // Close storage security that was opened + // Block_IO not supported on handle // - gBS->CloseProtocol ( - Controller, - &gEfiStorageSecurityCommandProtocolGuid, - This->DriverBindingHandle, - Controller - ); + if (Status2 == EFI_UNSUPPORTED) + BlkIo2 = NULL; - FreePool (Dev); - return Status; + if (Status != EFI_UNSUPPORTED && Status2 != EFI_UNSUPPORTED) { + // + // Close storage security that was opened + // + gBS->CloseProtocol ( + Controller, + &gEfiStorageSecurityCommandProtocolGuid, + This->DriverBindingHandle, + Controller + ); + + FreePool (Dev); + return Status; + } } } // // Save mediaId // - if (BlkIo == NULL) { + if (BlkIo == NULL && BlkIo2 == NULL) { // If no Block IO present, use defined MediaId value. Dev->MediaId = 0x0; } else { - Dev->MediaId = BlkIo->Media->MediaId; - - gBS->CloseProtocol ( - Controller, - &gEfiBlockIoProtocolGuid, - This->DriverBindingHandle, - Controller - ); + if (BlkIo) { + Dev->MediaId = BlkIo->Media->MediaId; + + gBS->CloseProtocol ( + Controller, + &gEfiBlockIoProtocolGuid, + This->DriverBindingHandle, + Controller + ); + } else if (BlkIo2) { + Dev->MediaId = BlkIo2->Media->MediaId; + + gBS->CloseProtocol ( + Controller, + &gEfiBlockIo2ProtocolGuid, + This->DriverBindingHandle, + Controller + ); + } } // diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h index 2089bd81b6..d8b2aaec9a 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include #include diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf index 87519198c0..b7a573e065 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf @@ -65,6 +65,7 @@ gEfiComponentNameProtocolGuid ## PRODUCES gEfiComponentName2ProtocolGuid ## PRODUCES gEfiBlockIoProtocolGuid ## CONSUMES + gEfiBlockIo2ProtocolGuid ## CONSUMES [Guids] gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event From 1e4b984ed43ddb0e029a2f36b8cf5a7b9c2ab06b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 18 Jul 2023 15:33:44 +0200 Subject: [PATCH 196/357] MdePkg/Include/Uefi/UefiSpec.h: Bump UEFI specification version to 2.8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- MdePkg/Include/Uefi/UefiSpec.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdePkg/Include/Uefi/UefiSpec.h b/MdePkg/Include/Uefi/UefiSpec.h index 7fcdeab93e..0945cb93e8 100644 --- a/MdePkg/Include/Uefi/UefiSpec.h +++ b/MdePkg/Include/Uefi/UefiSpec.h @@ -1852,7 +1852,7 @@ EFI_STATUS #define EFI_2_00_SYSTEM_TABLE_REVISION ((2 << 16) | (00)) #define EFI_1_10_SYSTEM_TABLE_REVISION ((1 << 16) | (10)) #define EFI_1_02_SYSTEM_TABLE_REVISION ((1 << 16) | (02)) -#define EFI_SYSTEM_TABLE_REVISION EFI_2_70_SYSTEM_TABLE_REVISION +#define EFI_SYSTEM_TABLE_REVISION EFI_2_80_SYSTEM_TABLE_REVISION #define EFI_SPECIFICATION_VERSION EFI_SYSTEM_TABLE_REVISION #define EFI_RUNTIME_SERVICES_SIGNATURE SIGNATURE_64 ('R','U','N','T','S','E','R','V') From 7a71a5bb213bb8e5fdddffb848e547790f31f2c5 Mon Sep 17 00:00:00 2001 From: Krystian Hebel Date: Fri, 11 Aug 2023 17:19:47 +0200 Subject: [PATCH 197/357] DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c: add FUM popup Warn user when Firmware Update Mode is enabled. Booting with firmware protections disabled may pose a security threat, so user has to confirm booting with key randomly chosen on each boot with FUM enabled. Signed-off-by: Krystian Hebel --- .../PlatformBootManager.c | 138 ++++++++++++++++++ 1 file changed, 138 insertions(+) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 43c504f378..7f145c631e 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -1051,6 +1051,143 @@ WarnIfBatteryLow ( DrainInput (); } +STATIC +VOID +WarnIfFirmwareUpdateMode ( + VOID +) +{ + EFI_STATUS Status; + EFI_EVENT TimerEvent; + EFI_EVENT Events[2]; + UINTN Index; + EFI_INPUT_KEY Key; + EFI_TIME Time; + CHAR16 RandomDigit; + CHAR16 DelayLine[81]; + CHAR16 PressKeyLine[81]; + BOOLEAN CursorVisible; + UINTN CurrentAttribute; + UINTN SecondsLeft; + UINTN VarSize; + BOOLEAN FUMEnabled; + + VarSize = sizeof (FUMEnabled); + + Status = gRT->GetVariable ( + L"FirmwareUpdateMode", + &gDasharoSystemFeaturesGuid, + NULL, + &VarSize, + &FUMEnabled + ); + + if (EFI_ERROR(Status) || VarSize != sizeof(FUMEnabled) || !FUMEnabled) { + return; + } + + // + // Remove variable to disable FUM on next boot + // + Status = gRT->SetVariable ( + L"FirmwareUpdateMode", + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + 0, + NULL + ); + + Status = gBS->CreateEvent ( + EVT_TIMER, + TPL_CALLBACK, + NULL, + NULL, + &TimerEvent + ); + ASSERT_EFI_ERROR (Status); + + Status = gRT->GetTime (&Time, NULL); + // + // Don't check status, even if the call failed we still have "random" data + // from stack where Time is located. It is better than nothing, and we don't + // need more. + // + RandomDigit = L'0' + (Time.Second % 10); + + UnicodeSPrint ( + PressKeyLine, + sizeof (PressKeyLine), + L"Press %c to continue.", + RandomDigit + ); + + CurrentAttribute = gST->ConOut->Mode->Attribute; + CursorVisible = gST->ConOut->Mode->CursorVisible; + + gST->ConOut->EnableCursor (gST->ConOut, FALSE); + + DrainInput (); + gBS->SetTimer (TimerEvent, TimerPeriodic, 1 * 1000 * 1000 * 10); + + Events[0] = gST->ConIn->WaitForKey; + Events[1] = TimerEvent; + + SecondsLeft = 30; + while (SecondsLeft > 0) { + UnicodeSPrint ( + DelayLine, + sizeof (DelayLine), + L"automatically in %d second%a.)", + SecondsLeft, + SecondsLeft == 1 ? "" : "s" + ); + + CreateMultiStringPopUp ( + 78, + 11, + L"!!! WARNING !!!", + L"", + L"This message is displayed because the platform has booted in Firmware", + L"Update Mode. All firmware write protections are disabled in this mode.", + L"If you intend to update the firmware, press the key listed below to", + L"proceed; otherwise, press any other key or wait for the timeout.", + L"", + PressKeyLine, + L"", + L"(The platform will automatically reboot and disable Firmware Update Mode", + DelayLine + ); + + Status = gBS->WaitForEvent (2, Events, &Index); + ASSERT_EFI_ERROR (Status); + + if (Index == 0) { + Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); + ASSERT_EFI_ERROR (Status); + + if (Key.UnicodeChar == RandomDigit) { + break; + } else { + gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); + } + } else { + SecondsLeft--; + } + } + + if (SecondsLeft == 0) { + gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); + } + + Status = gBS->CloseEvent (TimerEvent); + ASSERT_EFI_ERROR (Status); + + gST->ConOut->EnableCursor (gST->ConOut, CursorVisible); + gST->ConOut->SetAttribute (gST->ConOut, CurrentAttribute); + + gST->ConOut->ClearScreen (gST->ConOut); + DrainInput (); +} /** Acquire the string associated with the Index from smbios structure and return it. @@ -1259,6 +1396,7 @@ PlatformBootManagerAfterConsole ( WarnIfBatteryLow (); WarnIfRecoveryBoot (); + WarnIfFirmwareUpdateMode (); BootLogoEnableLogo (); From d7d969d11224a2d44f3a787b358a2d583731803b Mon Sep 17 00:00:00 2001 From: Krystian Hebel Date: Mon, 14 Aug 2023 15:01:00 +0200 Subject: [PATCH 198/357] SecurityPkg/AuthVariableLib: disable Secure Boot in Firmware Update Mode Signed-off-by: Krystian Hebel --- SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c | 10 +++++++++- .../Library/AuthVariableLib/AuthVariableLib.inf | 4 ++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c index dc11f38cb3..0167422299 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -230,10 +230,18 @@ AuthVariableLibInitialize ( } } + Status = AuthServiceInternalFindVariable (L"FirmwareUpdateMode", &gDasharoSystemFeaturesGuid, + (VOID **) &Data, &DataSize); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", L"FirmwareUpdateMode")); + } else { + DEBUG ((EFI_D_INFO, "Variable %s exists.\n", L"FirmwareUpdateMode")); + } + // // Create "SecureBoot" variable with BS+RT attribute set. // - if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE)) { + if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE) && EFI_ERROR (Status)) { SecureBootMode = SECURE_BOOT_MODE_ENABLE; } else { SecureBootMode = SECURE_BOOT_MODE_DISABLE; diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf index e5985c5f8b..d630d4d806 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf @@ -34,6 +34,7 @@ MdeModulePkg/MdeModulePkg.dec SecurityPkg/SecurityPkg.dec CryptoPkg/CryptoPkg.dec + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] BaseLib @@ -82,6 +83,9 @@ ## CONSUMES ## Variable:L"AuthVarKeyDatabase" ## PRODUCES ## Variable:L"AuthVarKeyDatabase" gEfiAuthenticatedVariableGuid + + ## CONSUMES ## Variable:L"FirmwareUpdateMode" + gDasharoSystemFeaturesGuid gEfiCertTypeRsa2048Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate. gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate. From 9edab613d65af1455e01c49af226b1596bbb9ef3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 28 Aug 2023 15:14:26 +0200 Subject: [PATCH 199/357] MdeModulePkg/Library/UefiBootManagerLib: Create Boot Options for pre-installed OSes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Scans only ESPs. * Use BlockIO handle of the partition for description. MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c: add pre-installed entries for Qubes OS Signed-off-by: Michał Żygowski --- .../Library/UefiBootManagerLib/BmBoot.c | 396 +++++++++++++++++- .../Library/UefiBootManagerLib/InternalBm.h | 1 + .../UefiBootManagerLib/UefiBootManagerLib.inf | 2 + 3 files changed, 398 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c index 2f2318da0e..c9f612bf92 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c @@ -2499,6 +2499,399 @@ BdsLibGetBootableHandle ( return ReturnHandle; } +typedef struct { + CHAR16* FileName; + CHAR16* BootOptionFmt; +} PRE_INSTALLED_BOOT_OPT; + +STATIC CONST PRE_INSTALLED_BOOT_OPT PreInstalledBootOpts[] = { + { L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", L"Windows Boot Manager (on %s)" }, + { L"\\EFI\\Suse\\elilo.efi", L"Suse Boot Manager (on %s)" }, + { L"\\EFI\\Redhat\\elilo.efi", L"RedHat Boot Manager (on %s)" }, +}; + +STATIC CONST PRE_INSTALLED_BOOT_OPT PreInstalledBootOptsShim[] = { + { L"\\EFI\\ubuntu\\shimx64.efi", L"Ubuntu (on %s)" }, + { L"\\EFI\\redhat\\shimx64.efi", L"RedHat (on %s)" }, + { L"\\EFI\\fedora\\shimx64.efi", L"Fedora (on %s)" }, + { L"\\EFI\\centos\\shimx64.efi", L"CentOS (on %s)" }, + { L"\\EFI\\opensuse\\shimx64.efi", L"OpenSuse (on %s)" }, + { L"\\EFI\\debian\\shimx64.efi", L"Debian (on %s)" }, + { L"\\EFI\\qubes\\shimx64.efi", L"Qubes OS (on %s)" }, +}; + +STATIC CONST PRE_INSTALLED_BOOT_OPT PreInstalledBootOptsGrub[] = { + { L"\\EFI\\ubuntu\\grubx64.efi", L"Ubuntu (on %s)" }, + { L"\\EFI\\redhat\\grubx64.efi", L"RedHat (on %s)" }, + { L"\\EFI\\fedora\\grubx64.efi", L"Fedora (on %s)" }, + { L"\\EFI\\centos\\grubx64.efi", L"CentOS (on %s)" }, + { L"\\EFI\\opensuse\\grubx64.efi", L"OpenSuse (on %s)" }, + { L"\\EFI\\debian\\grubx64.efi", L"Debian (on %s)" }, + { L"\\EFI\\qubes\\grubx64.efi", L"Qubes OS (on %s)" }, +}; + +STATIC CONST PRE_INSTALLED_BOOT_OPT DtsBootOpt = { + L"\\EFI\\DTS\\grubx64.efi", L"Dasharo Tools Suite (on %s)" +}; + +EFI_HANDLE +GetDiskHandleByFsHandle ( + EFI_HANDLE FsHandle +) +{ + UINTN HandleCount; + EFI_HANDLE *Handles; + EFI_HANDLE DiskHandle; + UINTN Index; + EFI_DEVICE_PATH_PROTOCOL *DiskDevicePath; + EFI_DEVICE_PATH_PROTOCOL *FileSystemDevicePath; + EFI_DEVICE_PATH_PROTOCOL *TempFileSystemDevicePath; + BOOLEAN FoundMatch; + + FoundMatch = FALSE; + FileSystemDevicePath = DevicePathFromHandle (FsHandle); + + gBS->LocateHandleBuffer ( + ByProtocol, + &gEfiBlockIoProtocolGuid, + NULL, + &HandleCount, + &Handles + ); + for (Index = 0; Index < HandleCount; Index++) { + + DiskDevicePath = DevicePathFromHandle (Handles[Index]); + TempFileSystemDevicePath = FileSystemDevicePath; + + while (!IsDevicePathEnd (DiskDevicePath) && !IsDevicePathEnd (TempFileSystemDevicePath)) { + + if (!CompareMem(TempFileSystemDevicePath, DiskDevicePath, DevicePathNodeLength(TempFileSystemDevicePath))) { + if ((DevicePathType (DiskDevicePath) == MEDIA_DEVICE_PATH) && + (DevicePathSubType (DiskDevicePath) == MEDIA_HARDDRIVE_DP)) { + // If DiskDevicePath has HardDrive DP, it is not the one we look for + break; + } + // Continue search + TempFileSystemDevicePath = NextDevicePathNode (TempFileSystemDevicePath); + DiskDevicePath = NextDevicePathNode (DiskDevicePath); + + // If we reached the end, check for a match, because the loop will not check it on next iteration + if (IsDevicePathEnd (DiskDevicePath)) { + if ((DevicePathType (TempFileSystemDevicePath) == MEDIA_DEVICE_PATH) && + (DevicePathSubType (TempFileSystemDevicePath) == MEDIA_HARDDRIVE_DP)) { + FoundMatch = TRUE; + DiskHandle = Handles[Index]; + } + } + } else { + // If we found first uncommon node and it is HardDrive DP, then we have a match + if ((DevicePathType (TempFileSystemDevicePath) == MEDIA_DEVICE_PATH) && + (DevicePathSubType (TempFileSystemDevicePath) == MEDIA_HARDDRIVE_DP)) { + FoundMatch = TRUE; + DiskHandle = Handles[Index]; + } + break; + } + } + + if (FoundMatch) { + if (HandleCount != 0) + FreePool (Handles); + + return DiskHandle; + } + + } + + if (HandleCount != 0) + FreePool (Handles); + + // No match, return the FS handle. Description will not be the one we would like to be though. + return FsHandle; +} + +VOID +StrStripTrailingSpaces ( + CHAR16 *String +) +{ + UINTN Idx; + + for (Idx = StrLen(String) - 1; Idx > 0; Idx--) { + if(String[Idx] == 0x0020) + String[Idx] = 0; + else + break; + } +} + +EFI_BOOT_MANAGER_LOAD_OPTION * +CreatePreInstalledBootOption ( + IN OUT EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions, + IN OUT UINTN *BootOptionCount, + IN EFI_HANDLE Handle, + IN CONST PRE_INSTALLED_BOOT_OPT *BootOpt +) +{ + EFI_STATUS Status; + UINTN OptNameSize; + CHAR16 *Description; + CHAR16 *FullOptionName; + CHAR16 *DevPathStr; + EFI_DEVICE_PATH_PROTOCOL *OptDevicePath; + + Description = BmGetBootDescription (GetDiskHandleByFsHandle(Handle)); + BootOptions = ReallocatePool ( + sizeof (EFI_BOOT_MANAGER_LOAD_OPTION) * (*BootOptionCount), + sizeof (EFI_BOOT_MANAGER_LOAD_OPTION) * (*BootOptionCount + 1), + BootOptions + ); + ASSERT (BootOptions != NULL); + + if (Description != NULL && StrLen(Description) != 0) { + // Some descriptions have a space character at the end, strip it + StrStripTrailingSpaces(Description); + OptNameSize = StrLen(BootOpt->BootOptionFmt) + StrLen(Description); + } else { + OptNameSize = StrLen(BootOpt->BootOptionFmt) + StrLen(L"Unknown"); + } + + FullOptionName = AllocatePool(OptNameSize * sizeof(CHAR16)); + ASSERT (FullOptionName != NULL); + + UnicodeSPrint( + FullOptionName, + OptNameSize * sizeof(CHAR16), + BootOpt->BootOptionFmt, + Description ? Description : L"Unknown"); + + OptDevicePath = FileDevicePath (Handle, BootOpt->FileName); + ASSERT (OptDevicePath != NULL); + + DevPathStr = ConvertDevicePathToText(OptDevicePath, FALSE, FALSE); + + DEBUG ((EFI_D_INFO, "%a: Creating boot option:\n %s (%s)\n", __FUNCTION__, + FullOptionName, DevPathStr ? DevPathStr : L"")); + + if (DevPathStr) + FreePool(DevPathStr); + + Status = EfiBootManagerInitializeLoadOption ( + &BootOptions[(*BootOptionCount)++], + LoadOptionNumberUnassigned, + LoadOptionTypeBoot, + LOAD_OPTION_ACTIVE, + FullOptionName, + OptDevicePath, + NULL, + 0 + ); + ASSERT_EFI_ERROR (Status); + FreePool (FullOptionName); + FreePool (OptDevicePath); + + if (Description != NULL) + FreePool (Description); + + return BootOptions; +} + +/** + Check if the SimpleFileSystem handle is an EFI system Partition. + + @param FsHandle The handle with SimpleFileSystem. + + @retval TRUE FsHandle is an ESP. + @retval FALSE FsHandle is not a an ESP. + +**/ +BOOLEAN +IsEfiSysPartition ( + IN EFI_HANDLE FsHandle + ) +{ + EFI_STATUS Status; + EFI_PARTITION_INFO_PROTOCOL *PartitionInfo; + + // + // PartitionInfo protocol should be present if the SimpleFS protocol is present. + // + Status = gBS->HandleProtocol ( + FsHandle, + &gEfiPartitionInfoProtocolGuid, + (VOID**)&PartitionInfo + ); + + if (!EFI_ERROR (Status)) + return (PartitionInfo->System == 1); + + return FALSE; +} + +EFI_BOOT_MANAGER_LOAD_OPTION * +CheckIfFilesExistAndCreateBootOptions ( + IN OUT EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions, + IN OUT UINTN *BootOptionCount, + IN EFI_HANDLE Handle, + IN CONST PRE_INSTALLED_BOOT_OPT *BootOptsArray, + IN CONST UINTN BootOptsCount, + IN CONST PRE_INSTALLED_BOOT_OPT *BootOptsArray2 OPTIONAL, + IN CONST UINTN BootOptsCount2 OPTIONAL +) +{ + EFI_STATUS Status; + UINTN OsIdx; + EFI_IMAGE_DOS_HEADER DosHeader; + EFI_IMAGE_OPTIONAL_HEADER_UNION HdrData; + EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr; + + if (BootOptsArray2 != NULL) + ASSERT (BootOptsCount == BootOptsCount2); + + for (OsIdx = 0; OsIdx < BootOptsCount; OsIdx++) { + + Hdr.Union = &HdrData; + Status = BdsLibGetImageHeader ( + Handle, + BootOptsArray[OsIdx].FileName, + &DosHeader, + Hdr + ); + if (!EFI_ERROR (Status) && + EFI_IMAGE_MACHINE_TYPE_SUPPORTED (Hdr.Pe32->FileHeader.Machine) && + Hdr.Pe32->OptionalHeader.Subsystem == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION) { + BootOptions = CreatePreInstalledBootOption( + BootOptions, + BootOptionCount, + Handle, + &BootOptsArray[OsIdx] + ); + } else { + if (BootOptsArray2 == NULL) + continue; + + /* Shimx64.efi not found or any other error, try grubx64.efi */ + Hdr.Union = &HdrData; + Status = BdsLibGetImageHeader ( + Handle, + BootOptsArray2[OsIdx].FileName, + &DosHeader, + Hdr + ); + if (!EFI_ERROR (Status) && + EFI_IMAGE_MACHINE_TYPE_SUPPORTED (Hdr.Pe32->FileHeader.Machine) && + Hdr.Pe32->OptionalHeader.Subsystem == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION) { + BootOptions = CreatePreInstalledBootOption( + BootOptions, + BootOptionCount, + Handle, + &BootOptsArray2[OsIdx] + ); + } + } + + } // for OsIdx + + return BootOptions; +} + +EFI_BOOT_MANAGER_LOAD_OPTION * +BmEnumeratePreInstalledBootOptions ( + IN OUT UINTN *BootOptionCount + ) +{ + EFI_STATUS Status; + UINTN HandleCount; + EFI_HANDLE *Handles; + EFI_BLOCK_IO_PROTOCOL *BlkIo; + UINTN Index; + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; + CHAR16 *DevPathStr; + + ASSERT (BootOptionCount != NULL); + + BootOptions = NULL; + DEBUG ((EFI_D_INFO, "%a\n", __FUNCTION__)); + // + // Parse gEfiPartTypeSystemPartGuid handles + // + gBS->LocateHandleBuffer ( + ByProtocol, + &gEfiSimpleFileSystemProtocolGuid, + NULL, + &HandleCount, + &Handles + ); + for (Index = 0; Index < HandleCount; Index++) { + + DevPathStr = ConvertDevicePathToText(DevicePathFromHandle (Handles[Index]), FALSE, FALSE); + + DEBUG ((EFI_D_INFO, "%a: Processing file system:\n %s\n", __FUNCTION__, + DevPathStr ? DevPathStr : L"")); + + if (DevPathStr) + FreePool(DevPathStr); + + /* Skip non-ESP */ + if (!IsEfiSysPartition(Handles[Index])) { + DEBUG ((EFI_D_INFO, "%a: Skipping, not an ESP\n", __FUNCTION__)); + continue; + } + + // + // Skip the removable media, except if DTS. + // + BootOptions = CheckIfFilesExistAndCreateBootOptions ( + BootOptions, + BootOptionCount, + Handles[Index], + &DtsBootOpt, + 1, + NULL, + 0 + ); + + Status = gBS->HandleProtocol ( + Handles[Index], + &gEfiBlockIoProtocolGuid, + (VOID **) &BlkIo + ); + if (!EFI_ERROR (Status) && BlkIo->Media->RemovableMedia) { + DEBUG ((EFI_D_INFO, "%a: Skipping, media removable\n", __FUNCTION__)); + continue; + } + + // Custom boot managers first + BootOptions = CheckIfFilesExistAndCreateBootOptions ( + BootOptions, + BootOptionCount, + Handles[Index], + PreInstalledBootOpts, + ARRAY_SIZE (PreInstalledBootOpts), + NULL, + 0 + ); + + // Linux installations with shim and GRUB or GRUB only + BootOptions = CheckIfFilesExistAndCreateBootOptions ( + BootOptions, + BootOptionCount, + Handles[Index], + PreInstalledBootOptsShim, + ARRAY_SIZE (PreInstalledBootOptsShim), + PreInstalledBootOptsGrub, + ARRAY_SIZE (PreInstalledBootOptsGrub) + ); + + } // for Handles + + if (HandleCount != 0) { + FreePool (Handles); + } + + return BootOptions; +} + /** Emuerate all possible bootable medias in the following order: 1. Removable BlockIo - The boot option only points to the removable media @@ -2534,7 +2927,8 @@ BmEnumerateBootOptions ( ASSERT (BootOptionCount != NULL); *BootOptionCount = 0; - BootOptions = NULL; + + BootOptions = BmEnumeratePreInstalledBootOptions(BootOptionCount); // // Parse removable block io followed by fixed block io diff --git a/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h b/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h index b7dfe2a7e0..86ed697442 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h +++ b/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h @@ -42,6 +42,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include diff --git a/MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf b/MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf index 2fc0a80a4e..605ce8fe43 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf +++ b/MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf @@ -86,6 +86,7 @@ gEfiDiskInfoScsiInterfaceGuid ## SOMETIMES_CONSUMES ## GUID gEfiDiskInfoSdMmcInterfaceGuid ## SOMETIMES_CONSUMES ## GUID gEfiDiskInfoUfsInterfaceGuid ## SOMETIMES_CONSUMES ## GUID + gEfiPartTypeSystemPartGuid ## CONSUMES ## GUID [Protocols] gEfiPciRootBridgeIoProtocolGuid ## CONSUMES @@ -111,6 +112,7 @@ gEfiRamDiskProtocolGuid ## SOMETIMES_CONSUMES gEfiDeferredImageLoadProtocolGuid ## SOMETIMES_CONSUMES gEdkiiPlatformBootManagerProtocolGuid ## SOMETIMES_CONSUMES + gEfiPartitionInfoProtocolGuid ## SOMETIMES_CONSUMES [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange ## SOMETIMES_CONSUMES From 70f14c4d7bf5e2b112002c33b0bceb19f9233ffd Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 2 Sep 2023 00:24:37 +0300 Subject: [PATCH 200/357] DasharoPayloadPkg/PciPlatformDxe: dynamic OptionROM loading control Signed-off-by: Sergii Dmytruk --- .../PciPlatformDxe/PciPlatformDxe.c | 79 ++++++++++++++++++- .../PciPlatformDxe/PciPlatformDxe.inf | 5 ++ 2 files changed, 83 insertions(+), 1 deletion(-) diff --git a/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c index 014af92013..1d0c17a9bd 100644 --- a/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c +++ b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c @@ -10,6 +10,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "PciPlatformDxe.h" #include #include +#include +#include // // The driver should only start on one graphics controller. @@ -43,6 +45,81 @@ PciPlatformPrepController( return EFI_UNSUPPORTED; } +STATIC +BOOLEAN +IsVgaDevice ( + IN EFI_HANDLE PciHandle + ) +{ + EFI_STATUS Status; + BOOLEAN LoadOptionRom; + EFI_PCI_IO_PROTOCOL *PciIo; + PCI_TYPE00 PciConfHeader; + + LoadOptionRom = FALSE; + + Status = gBS->HandleProtocol ( + PciHandle, + &gEfiPciIoProtocolGuid, + (VOID **) &PciIo + ); + if (EFI_ERROR (Status)) { + return FALSE; + } + + // + // Read the PCI Configuration Header from the PCI Device + // + Status = PciIo->Pci.Read ( + PciIo, + EfiPciIoWidthUint32, + 0, + sizeof (PciConfHeader) / sizeof (UINT32), + &PciConfHeader + ); + if (!EFI_ERROR (Status)) { + LoadOptionRom = IS_PCI_DISPLAY (&PciConfHeader); + } + + return LoadOptionRom; +} + +STATIC +BOOLEAN +ShouldLoadOptionRom ( + IN EFI_HANDLE PciHandle + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + UINT8 OptionRomPolicy; + + BufferSize = sizeof (OptionRomPolicy); + Status = gRT->GetVariable ( + L"OptionRomPolicy", + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &OptionRomPolicy + ); + if (EFI_ERROR (Status)) { + // Fallback to PCD. + return PcdGetBool (PcdLoadOptionRoms); + } + + switch (OptionRomPolicy) { + case DASHARO_OPTION_ROM_POLICY_ENABLE_ALL: + return TRUE; + case DASHARO_OPTION_ROM_POLICY_DISABLE_ALL: + return FALSE; + case DASHARO_OPTION_ROM_POLICY_VGA_ONLY: + return IsVgaDevice (PciHandle); + } + + DEBUG ((EFI_D_WARN, "Warning: Unhandled Option ROM Policy value: %d\n", OptionRomPolicy)); + return FALSE; +} + EFI_STATUS EFIAPI PciGetPciRom ( @@ -81,7 +158,7 @@ PciGetPciRom ( *RomImage = NULL; *RomSize = 0; - if (!PcdGetBool(PcdLoadOptionRoms)) { + if (!ShouldLoadOptionRom (PciHandle)) { return EFI_NOT_FOUND; } diff --git a/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf index df36f1daf2..739de0ce00 100644 --- a/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf +++ b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf @@ -27,6 +27,7 @@ PciPlatformDxe.c [Packages] + DasharoModulePkg/DasharoModulePkg.dec MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -34,6 +35,7 @@ [LibraryClasses] UefiDriverEntryPoint UefiBootServicesTableLib + UefiRuntimeServicesTableLib DxeServicesTableLib DebugLib MemoryAllocationLib @@ -43,6 +45,9 @@ HobLib PcdLib +[Guids] + gDasharoSystemFeaturesGuid + [Protocols] gEfiPciPlatformProtocolGuid ## PRODUCES gEfiPciIoProtocolGuid ## COMSUMES From dfb829049aaf07e2a44ea26b23eb8c2df21ffe64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sat, 9 Sep 2023 12:51:28 +0200 Subject: [PATCH 201/357] DasharoPayloadPkg/DasharoPayloadPkg.dsc: make the max string length bigger for 4K displays MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 46eeff020c..8af049490e 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -426,6 +426,8 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 + # 4K displays may need bigger buffers for the option strings in forms + gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|2000000 gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey|$(BOOT_MENU_KEY) gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey|$(SETUP_MENU_KEY) gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|$(LOAD_OPTION_ROMS) From 970693d3c705f7171b01289e41f62a2410f4981e Mon Sep 17 00:00:00 2001 From: Krystian Hebel Date: Fri, 15 Sep 2023 14:43:38 +0200 Subject: [PATCH 202/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: set runtime FUM variable Bootloaders and operating systems can test for presence of this variable to detect whether platform is in firmware update mode. Signed-off-by: Krystian Hebel --- .../PlatformBootManagerLib/PlatformBootManager.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 7f145c631e..0e4e4b22d0 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -1097,6 +1097,17 @@ WarnIfFirmwareUpdateMode ( NULL ); + // + // Create volatile runtime variable so applications can detect FUM + // + Status = gRT->SetVariable ( + L"FirmwareUpdateMode", + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + VarSize, + &FUMEnabled + ); + Status = gBS->CreateEvent ( EVT_TIMER, TPL_CALLBACK, From 2d238f002f934d176d18d4730671dbc14f5a7d05 Mon Sep 17 00:00:00 2001 From: Krystian Hebel Date: Fri, 15 Sep 2023 14:48:11 +0200 Subject: [PATCH 203/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: enable and start iPXE in FUM When firmware update mode is enabled, iPXE is automatically enabled and started. Initial attempt was to set iPXE as BootNext option, but BootNext was cached by common BDS code before platform library could update it. Hence instead of returning to BDS, iPXE is started directly by platform code. Signed-off-by: Krystian Hebel --- .../PlatformBootManager.c | 34 ++++++++++++++----- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 0e4e4b22d0..54f9f40f4f 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -95,7 +95,8 @@ VOID PlatformRegisterFvBootOption ( EFI_GUID *FileGuid, CHAR16 *Description, - UINT32 Attributes + UINT32 Attributes, + BOOLEAN BootNow ) { EFI_STATUS Status; @@ -136,6 +137,9 @@ PlatformRegisterFvBootOption ( ASSERT_EFI_ERROR (Status); FreePool (DevicePath); + if (BootNow) + EfiBootManagerBoot (&NewOption); + BootOptions = EfiBootManagerGetLoadOptions ( &BootOptionCount, LoadOptionTypeBoot ); @@ -148,6 +152,7 @@ PlatformRegisterFvBootOption ( Status = EfiBootManagerAddLoadOptionVariable (&NewOption, MAX_UINTN); ASSERT_EFI_ERROR (Status); } + EfiBootManagerFreeLoadOption (&NewOption); EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); } @@ -1052,7 +1057,7 @@ WarnIfBatteryLow ( } STATIC -VOID +BOOLEAN WarnIfFirmwareUpdateMode ( VOID ) @@ -1083,7 +1088,7 @@ WarnIfFirmwareUpdateMode ( ); if (EFI_ERROR(Status) || VarSize != sizeof(FUMEnabled) || !FUMEnabled) { - return; + return FALSE; } // @@ -1198,6 +1203,7 @@ WarnIfFirmwareUpdateMode ( gST->ConOut->ClearScreen (gST->ConOut); DrainInput (); + return TRUE; } /** @@ -1394,6 +1400,7 @@ PlatformBootManagerAfterConsole ( CHAR16 *BootMenuKey; CHAR16 *SetupMenuKey; BOOLEAN NetBootEnabled; + BOOLEAN FUMEnabled; BOOLEAN BootMenuEnable; UINTN VarSize; EFI_EVENT Event; @@ -1407,7 +1414,7 @@ PlatformBootManagerAfterConsole ( WarnIfBatteryLow (); WarnIfRecoveryBoot (); - WarnIfFirmwareUpdateMode (); + FUMEnabled = WarnIfFirmwareUpdateMode (); BootLogoEnableLogo (); @@ -1441,12 +1448,19 @@ PlatformBootManagerAfterConsole ( // // Register iPXE // - if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(NetBootEnabled))) { + if (FUMEnabled) { + DEBUG((DEBUG_INFO, "Registering iPXE boot option for FUM\n")); + PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), + (CHAR16 *) PcdGetPtr(PcdiPXEOptionName), + LOAD_OPTION_ACTIVE, + TRUE); + } else if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(NetBootEnabled))) { if (NetBootEnabled) { DEBUG((DEBUG_INFO, "Registering iPXE boot option by variable\n")); PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), (CHAR16 *) PcdGetPtr(PcdiPXEOptionName), - LOAD_OPTION_ACTIVE); + LOAD_OPTION_ACTIVE, + FALSE); } else { DEBUG((DEBUG_INFO, "Unregistering iPXE boot option by variable\n")); PlatformUnregisterFvBootOption (PcdGetPtr (PcdiPXEFile), @@ -1457,7 +1471,8 @@ PlatformBootManagerAfterConsole ( DEBUG((DEBUG_INFO, "Registering iPXE boot option by policy\n")); PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), (CHAR16 *) PcdGetPtr(PcdiPXEOptionName), - LOAD_OPTION_ACTIVE); + LOAD_OPTION_ACTIVE, + FALSE); } else { DEBUG((DEBUG_INFO, "Unregistering iPXE boot option\n")); PlatformUnregisterFvBootOption (PcdGetPtr (PcdiPXEFile), @@ -1468,7 +1483,10 @@ PlatformBootManagerAfterConsole ( // Register UEFI Shell // DEBUG((DEBUG_INFO, "Registering UEFI Shell boot option\n")); - PlatformRegisterFvBootOption (PcdGetPtr (PcdShellFile), L"UEFI Shell", LOAD_OPTION_ACTIVE); + PlatformRegisterFvBootOption (PcdGetPtr (PcdShellFile), + L"UEFI Shell", + LOAD_OPTION_ACTIVE, + FALSE); BootMenuKey = GetKeyStringFromScanCode (FixedPcdGet16(PcdBootMenuKey), L"F12"); SetupMenuKey = GetKeyStringFromScanCode (FixedPcdGet16(PcdSetupMenuKey), L"ESC"); From fd24869f06b3d86affab7169a19a1fe3ce5902d9 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Wed, 20 Sep 2023 10:44:34 +0200 Subject: [PATCH 204/357] pre-commit: add config Signed-off-by: Maciej Pijanowski Signed-off-by: Sergii Dmytruk --- .conform.yaml | 16 ++++++++++++++++ .pre-commit-config.yaml | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 .conform.yaml create mode 100644 .pre-commit-config.yaml diff --git a/.conform.yaml b/.conform.yaml new file mode 100644 index 0000000000..f96e4e0940 --- /dev/null +++ b/.conform.yaml @@ -0,0 +1,16 @@ +--- +policies: + - type: commit + spec: + header: + length: 80 + imperative: false + invalidLastCharacters: . + body: + required: false + dco: true + gpg: + required: true + spellcheck: + locale: US + maximumOfOneCommit: false diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000000..bf175a1643 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,40 @@ +--- +default_stages: [pre-commit] + +default_install_hook_types: [pre-commit, commit-msg] + +ci: + autoupdate_commit_msg: 'pre-commit: autoupdate hooks' + autofix_prs: false + +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: check-added-large-files + files: ^DasharoModulePkg/ + - id: check-merge-conflict + files: ^DasharoModulePkg/ + - id: check-symlinks + files: ^DasharoModulePkg/ + - id: detect-private-key + files: ^DasharoModulePkg/ + - id: end-of-file-fixer + files: ^DasharoModulePkg/ + - id: trailing-whitespace + files: ^DasharoModulePkg/ + - id: mixed-line-ending + files: ^DasharoModulePkg/ + + - repo: https://github.com/talos-systems/conform + rev: v0.1.0-alpha.27 + hooks: + - id: conform + stages: + - commit-msg + + - repo: https://github.com/codespell-project/codespell + rev: v2.2.5 + hooks: + - id: codespell + files: ^DasharoModulePkg/ From 85e3c484813267c637491714c07126365d3f2585 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 23 Sep 2023 18:04:04 +0300 Subject: [PATCH 205/357] MdeModulePkg/Application/UiApp/FrontPage.c: display memory speed Signed-off-by: Sergii Dmytruk --- MdeModulePkg/Application/UiApp/FrontPage.c | 37 ++++++++++++++++++---- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/MdeModulePkg/Application/UiApp/FrontPage.c b/MdeModulePkg/Application/UiApp/FrontPage.c index 0e784fb327..3858571f9f 100644 --- a/MdeModulePkg/Application/UiApp/FrontPage.c +++ b/MdeModulePkg/Application/UiApp/FrontPage.c @@ -425,24 +425,37 @@ ConvertProcessorToString ( } /** - Convert Memory Size to a string. + Convert Memory Info to a string. @param MemorySize The size of the memory to process + @param MemorySpeed The speed of the memory to process @param String The string that is created **/ VOID -ConvertMemorySizeToString ( +ConvertMemoryInfoToString ( IN UINT32 MemorySize, + IN UINT16 MemorySpeed, OUT CHAR16 **String ) { CHAR16 *StringBuffer; + CHAR16 SpeedBuffer[8]; - StringBuffer = AllocateZeroPool (0x24); + StringBuffer = AllocateZeroPool (0x34); ASSERT (StringBuffer != NULL); - UnicodeValueToStringS (StringBuffer, 0x24, LEFT_JUSTIFY, MemorySize, 10); - StrCatS (StringBuffer, 0x24 / sizeof (CHAR16), L" MB RAM"); + UnicodeValueToStringS (StringBuffer, 0x34, LEFT_JUSTIFY, MemorySize, 10); + StrCatS (StringBuffer, 0x34 / sizeof (CHAR16), L" MB RAM"); + + // + // Some FSPs don't report speed in the memory HOB properly. + // + if (MemorySpeed != 0) { + UnicodeValueToStringS (SpeedBuffer, 8 * sizeof (CHAR16), LEFT_JUSTIFY, MemorySpeed, 10); + StrCatS (StringBuffer, 0x34 / sizeof (CHAR16), L" @ "); + StrCatS (StringBuffer, 0x34 / sizeof (CHAR16), SpeedBuffer); + StrCatS (StringBuffer, 0x34 / sizeof (CHAR16), L" MHz"); + } *String = (CHAR16 *)StringBuffer; @@ -515,12 +528,15 @@ UpdateFrontPageBannerStrings ( SMBIOS_TABLE_TYPE0 *Type0Record; SMBIOS_TABLE_TYPE1 *Type1Record; SMBIOS_TABLE_TYPE4 *Type4Record; + SMBIOS_TABLE_TYPE17 *Type17Record; SMBIOS_TABLE_TYPE19 *Type19Record; EFI_SMBIOS_TABLE_HEADER *Record; UINT64 InstalledMemory; + UINT16 MemorySpeed; BOOLEAN FoundCpu; InstalledMemory = 0; + MemorySpeed = 0; FoundCpu = 0; // @@ -633,6 +649,13 @@ UpdateFrontPageBannerStrings ( } } + if ( Record->Type == SMBIOS_TYPE_MEMORY_DEVICE ) { + Type17Record = (SMBIOS_TABLE_TYPE17 *) Record; + if (Type17Record->ConfiguredMemoryClockSpeed > MemorySpeed) { + MemorySpeed = Type17Record->ConfiguredMemoryClockSpeed; + } + } + if ( Record->Type == SMBIOS_TYPE_MEMORY_ARRAY_MAPPED_ADDRESS ) { Type19Record = (SMBIOS_TABLE_TYPE19 *)Record; if (Type19Record->StartingAddress != 0xFFFFFFFF ) { @@ -654,9 +677,9 @@ UpdateFrontPageBannerStrings ( } // - // Now update the total installed RAM size + // Now update the total installed RAM size and its speed // - ConvertMemorySizeToString ((UINT32)InstalledMemory, &NewString); + ConvertMemoryInfoToString ((UINT32)InstalledMemory, MemorySpeed, &NewString); UiCustomizeFrontPageBanner (3, FALSE, &NewString); HiiSetString (gFrontPagePrivate.HiiHandle, STRING_TOKEN (STR_FRONT_PAGE_MEMORY_SIZE), NewString, NULL); FreePool (NewString); From 56a598c2a113dd704bf0de322601910b9cef7e6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 26 Sep 2023 12:37:11 +0200 Subject: [PATCH 206/357] MdeModulePkg: Control pre-installed boot options creation with PCD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c | 5 ++++- .../Library/UefiBootManagerLib/UefiBootManagerLib.inf | 1 + MdeModulePkg/MdeModulePkg.dec | 7 +++++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c index c9f612bf92..61238dbf39 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c @@ -2928,7 +2928,10 @@ BmEnumerateBootOptions ( *BootOptionCount = 0; - BootOptions = BmEnumeratePreInstalledBootOptions(BootOptionCount); + if (PcdGetBool (PcdCreatePreInstalledBootOptions)) + BootOptions = BmEnumeratePreInstalledBootOptions(BootOptionCount); + else + BootOptions = NULL; // // Parse removable block io followed by fixed block io diff --git a/MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf b/MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf index 605ce8fe43..2655d5c5e4 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf +++ b/MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf @@ -122,3 +122,4 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdDriverHealthConfigureForm ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdMaxRepairCount ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdCreatePreInstalledBootOptions ## CONSUMES diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 6034a0df7d..2dd524fda9 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -2169,6 +2169,13 @@ # @Prompt The value is use for Usb Network rate limiting supported. gEfiMdeModulePkgTokenSpaceGuid.PcdUsbNetworkRateLimitingFactor|100|UINT32|0x10000028 + ## Controls whether to scan ESP partitions to detect pre-installed OSes and create boot options + # from it. + # TRUE - Create boot options for pre-installed OSes.
+ # FALSE - Do not create boot options for pre-installed OSes. + # @Prompt Create boot options for pre-installed OSes. + gEfiMdeModulePkgTokenSpaceGuid.PcdCreatePreInstalledBootOptions|FALSE|BOOLEAN|0x0001007a + [PcdsPatchableInModule] ## Specify memory size with page number for PEI code when # Loading Module at Fixed Address feature is enabled. From f6f5da4afdcd4b2b6be39e0fc86b5c17c139f302 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 26 Sep 2023 12:22:23 +0200 Subject: [PATCH 207/357] MdeModulePkg: Ensure boot timeout is taken from Timeout EFI variable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../BootMaintenance.c | 20 +++++++++-- MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 33 ++++++++++--------- 2 files changed, 35 insertions(+), 18 deletions(-) diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c index 774269dd87..7a00869bc3 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c @@ -882,8 +882,8 @@ BootMaintRouteConfig ( } if (CompareMem (&NewBmmData->BootTimeOut, &OldBmmData->BootTimeOut, sizeof (NewBmmData->BootTimeOut)) != 0) { - Status = gRT->SetVariable ( - L"Timeout", + Status = gRT->SetVariable( + EFI_TIME_OUT_VARIABLE_NAME, &gEfiGlobalVariableGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (UINT16), @@ -1504,6 +1504,9 @@ InitializeBmmConfig ( BM_MENU_ENTRY *NewMenuEntry; BM_LOAD_CONTEXT *NewLoadContext; UINT16 Index; + EFI_STATUS Status; + UINTN DataSize; + UINT16 BootTimeout = 0xFFFF; ASSERT (CallbackData != NULL); @@ -1521,6 +1524,19 @@ InitializeBmmConfig ( } } + DataSize = sizeof(BootTimeout); + Status = gRT->GetVariable( + EFI_TIME_OUT_VARIABLE_NAME, + &gEfiGlobalVariableGuid, + NULL, + &DataSize, + &BootTimeout + ); + if (!EFI_ERROR (Status) && BootTimeout != 0xFFFF) { + DEBUG ((EFI_D_INFO, "%a: Timeout from variable: %d\n", __FUNCTION__, BootTimeout)); + PcdSet16S (PcdPlatformBootTimeOut, BootTimeout); + } + CallbackData->BmmFakeNvData.BootTimeOut = PcdGet16 (PcdPlatformBootTimeOut); // diff --git a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c index 9a16832f1b..5ab3343a82 100644 --- a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c +++ b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c @@ -696,6 +696,7 @@ BdsEntry ( HotkeyTriggered = NULL; Status = EFI_SUCCESS; BootSuccess = FALSE; + BootTimeOut = 0xFFFF; // // Insert the performance probe @@ -746,31 +747,31 @@ BdsEntry ( InitializeHwErrRecSupport (); + DataSize = sizeof(BootTimeOut); Status = gRT->GetVariable( - L"Timeout", + EFI_TIME_OUT_VARIABLE_NAME, &gEfiGlobalVariableGuid, NULL, &DataSize, &BootTimeOut ); - if (!EFI_ERROR (Status) && BootTimeOut != 0 && BootTimeOut != 0xFFFF) { + if (!EFI_ERROR (Status) && BootTimeOut != 0xFFFF) { PcdSet16S (PcdPlatformBootTimeOut, BootTimeOut); } else { BootTimeOut = PcdGet16 (PcdPlatformBootTimeOut); - } - - if (BootTimeOut != 0xFFFF) { - // - // If time out value equal 0xFFFF, no need set to 0xFFFF to variable area because UEFI specification - // define same behavior between no value or 0xFFFF value for L"Timeout". - // - BdsDxeSetVariableAndReportStatusCodeOnError ( - EFI_TIME_OUT_VARIABLE_NAME, - &gEfiGlobalVariableGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (UINT16), - &BootTimeOut - ); + if (BootTimeOut != 0xFFFF) { + // + // If time out value equal 0xFFFF, no need set to 0xFFFF to variable area because UEFI specification + // define same behavior between no value or 0xFFFF value for L"Timeout". + // + BdsDxeSetVariableAndReportStatusCodeOnError ( + EFI_TIME_OUT_VARIABLE_NAME, + &gEfiGlobalVariableGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (UINT16), + &BootTimeOut + ); + } } // From 0eec053b0ee05c51734da60738c8800f1c9af495 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 26 Sep 2023 15:28:40 +0200 Subject: [PATCH 208/357] DasharoPayloadPkg: Support multiple consoles and debug interfaces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 8af049490e..2038a1f36c 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -224,7 +224,7 @@ # TimerLib|DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf ResetSystemLib|DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf -!if $(USE_CBMEM_FOR_CONSOLE) == TRUE +!if (($(USE_CBMEM_FOR_CONSOLE) == TRUE) && ($(TARGET) == RELEASE)) SerialPortLib|UefiPayloadPkg/Library/CbSerialPortLib/CbSerialPortLib.inf PlatformHookLib|MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf !elseif $(SYSTEM76_EC_LOGGING) == TRUE @@ -751,7 +751,18 @@ # # ISA Support # - MdeModulePkg/Universal/SerialDxe/SerialDxe.inf + MdeModulePkg/Universal/SerialDxe/SerialDxe.inf { + + !if $(SYSTEM76_EC_LOGGING) == TRUE + SerialPortLib|DasharoPayloadPkg/Library/System76EcLib/System76EcLib.inf + PlatformHookLib|DasharoPayloadPkg/Library/System76EcLib/System76EcLib.inf + !else + SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf + PlatformHookLib|DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf + !endif + } + + !if $(PS2_KEYBOARD_ENABLE) == TRUE OvmfPkg/SioBusDxe/SioBusDxe.inf MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf From 16681bd83f3ba6c03716aefa81c2fa0551435f11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 5 Sep 2023 13:24:44 +0200 Subject: [PATCH 209/357] CrScreenshotDxe: add submodule MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .gitmodules | 3 +++ CrScreenshotDxe | 1 + 2 files changed, 4 insertions(+) create mode 160000 CrScreenshotDxe diff --git a/.gitmodules b/.gitmodules index 60d54b45eb..8b93c1e68f 100644 --- a/.gitmodules +++ b/.gitmodules @@ -35,3 +35,6 @@ [submodule "CryptoPkg/Library/MbedTlsLib/mbedtls"] path = CryptoPkg/Library/MbedTlsLib/mbedtls url = https://github.com/ARMmbed/mbedtls +[submodule "CrScreenshotDxe"] + path = CrScreenshotDxe + url = https://github.com/LongSoft/CrScreenshotDxe.git diff --git a/CrScreenshotDxe b/CrScreenshotDxe new file mode 160000 index 0000000000..cf2fc003bf --- /dev/null +++ b/CrScreenshotDxe @@ -0,0 +1 @@ +Subproject commit cf2fc003bf08a4badc3efe3540c109fa88fb0008 From 2eb5f21e1b840533612a0e4303aee6dacad43e90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 5 Sep 2023 13:24:58 +0200 Subject: [PATCH 210/357] DasharoPayloadPkg/DasharoPayloadPkg.dsc: enable CrScreenshotDxe MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + DasharoPayloadPkg/DasharoPayloadPkg.fdf | 2 ++ 2 files changed, 3 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 2038a1f36c..5fd89cf693 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -692,6 +692,7 @@ MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.inf DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf + CrScreenshotDxe/CrScreenshotDxe.inf # # SMBIOS Support diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 046a8fdc35..b3bac6ae0b 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -352,6 +352,8 @@ INF RuleOverride = BINARY USE = X64 ShellBinPkg/UefiShell/UefiShell.inf !endif !endif +INF CrScreenshotDxe/CrScreenshotDxe.inf + ################################################################################ # # Rules are use with the [FV] section's module INF type to define From 63d92beff944dde1051ad0e64eefe781ed94eb9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 5 Sep 2023 15:17:19 +0200 Subject: [PATCH 211/357] MdeModulePkg/Library/CustomizedDisplayLib: add helptext for screenshots MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../CustomizedDisplayLib.c | 52 +++++++++++-------- .../CustomizedDisplayLib.uni | 1 + .../CustomizedDisplayLibInternal.c | 3 ++ .../CustomizedDisplayLibInternal.h | 3 +- 4 files changed, 36 insertions(+), 23 deletions(-) diff --git a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.c b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.c index 77e217539f..8c984b5025 100644 --- a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.c +++ b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.c @@ -134,6 +134,7 @@ RefreshKeyHelp ( UINTN ThdCol; UINTN RightColumnOfHelp; UINTN TopRowOfHelp; + UINTN MiddleRowOfHelp; UINTN BottomRowOfHelp; UINTN StartColumnOfHelp; EFI_IFR_NUMERIC *NumericOp; @@ -167,6 +168,7 @@ RefreshKeyHelp ( StartColumnOfHelp = gScreenDimensions.LeftColumn + 2; RightColumnOfHelp = gScreenDimensions.RightColumn - 1; TopRowOfHelp = gScreenDimensions.BottomRow - STATUS_BAR_HEIGHT - gFooterHeight + 1; + MiddleRowOfHelp = gScreenDimensions.BottomRow - STATUS_BAR_HEIGHT - gFooterHeight + 2; BottomRowOfHelp = gScreenDimensions.BottomRow - STATUS_BAR_HEIGHT - 2; ColumnWidth1 = SecCol - StartColumnOfHelp; @@ -179,22 +181,28 @@ RefreshKeyHelp ( // // Clean the space at gScreenDimensions.LeftColumn + 1. // - PrintStringAtWithWidth (StartColumnOfHelp - 1, BottomRowOfHelp, gLibEmptyString, 1); PrintStringAtWithWidth (StartColumnOfHelp - 1, TopRowOfHelp, gLibEmptyString, 1); + PrintStringAtWithWidth (StartColumnOfHelp - 1, MiddleRowOfHelp, gLibEmptyString, 1); + PrintStringAtWithWidth (StartColumnOfHelp - 1, BottomRowOfHelp, gLibEmptyString, 1); + + // + // Always print screenshot helptext + // + PrintStringAtWithWidth (StartColumnOfHelp, BottomRowOfHelp, gScreenshotString, ColumnWidth1); if (Statement == NULL) { // // Print Key for Form without showable statement. // PrintHotKeyHelpString (FormData, TRUE); - PrintStringAtWithWidth (StartColumnOfHelp, BottomRowOfHelp, gLibEmptyString, ColumnWidth1); - PrintStringAtWithWidth (SecCol, BottomRowOfHelp, gLibEmptyString, ColumnWidth2); + PrintStringAtWithWidth (StartColumnOfHelp, MiddleRowOfHelp, gLibEmptyString, ColumnWidth1); + PrintStringAtWithWidth (SecCol, MiddleRowOfHelp, gLibEmptyString, ColumnWidth2); PrintStringAtWithWidth (StartColumnOfHelp, TopRowOfHelp, gLibEmptyString, ColumnWidth1); if (gClassOfVfr == FORMSET_CLASS_PLATFORM_SETUP) { ColumnStr3 = gEscapeString; } - PrintStringAtWithWidth (ThdCol, BottomRowOfHelp, ColumnStr3, ColumnWidth3); + PrintStringAtWithWidth (ThdCol, MiddleRowOfHelp, ColumnStr3, ColumnWidth3); return; } @@ -227,7 +235,7 @@ RefreshKeyHelp ( ColumnStr3 = gEscapeString; } - PrintStringAtWithWidth (ThdCol, BottomRowOfHelp, ColumnStr3, ColumnWidth3); + PrintStringAtWithWidth (ThdCol, MiddleRowOfHelp, ColumnStr3, ColumnWidth3); if ((Statement->OpCode->OpCode == EFI_IFR_DATE_OP) || (Statement->OpCode->OpCode == EFI_IFR_TIME_OP)) @@ -235,7 +243,7 @@ RefreshKeyHelp ( PrintAt ( ColumnWidth1, StartColumnOfHelp, - BottomRowOfHelp, + MiddleRowOfHelp, L"%c%c%c%c%s", ARROW_UP, ARROW_DOWN, @@ -243,20 +251,20 @@ RefreshKeyHelp ( ARROW_LEFT, gMoveHighlight ); - PrintStringAtWithWidth (SecCol, BottomRowOfHelp, gEnterString, ColumnWidth2); + PrintStringAtWithWidth (SecCol, MiddleRowOfHelp, gEnterString, ColumnWidth2); PrintStringAtWithWidth (StartColumnOfHelp, TopRowOfHelp, gAdjustNumber, ColumnWidth1); } else { - PrintAt (ColumnWidth1, StartColumnOfHelp, BottomRowOfHelp, L"%c%c%s", ARROW_UP, ARROW_DOWN, gMoveHighlight); + PrintAt (ColumnWidth1, StartColumnOfHelp, MiddleRowOfHelp, L"%c%c%s", ARROW_UP, ARROW_DOWN, gMoveHighlight); if ((Statement->OpCode->OpCode == EFI_IFR_NUMERIC_OP) && (NumericOp != NULL) && (LibGetFieldFromNum (Statement->OpCode) != 0)) { ColumnStr1 = gAdjustNumber; } PrintStringAtWithWidth (StartColumnOfHelp, TopRowOfHelp, ColumnStr1, ColumnWidth1); - PrintStringAtWithWidth (SecCol, BottomRowOfHelp, gEnterString, ColumnWidth2); + PrintStringAtWithWidth (SecCol, MiddleRowOfHelp, gEnterString, ColumnWidth2); } } else { PrintHotKeyHelpString (FormData, FALSE); - PrintStringAtWithWidth (SecCol, BottomRowOfHelp, gEnterCommitString, ColumnWidth2); + PrintStringAtWithWidth (SecCol, MiddleRowOfHelp, gEnterCommitString, ColumnWidth2); // // If it is a selected numeric with manual input, display different message @@ -266,9 +274,9 @@ RefreshKeyHelp ( (Statement->OpCode->OpCode == EFI_IFR_TIME_OP)) { ColumnStr2 = HexDisplay ? gHexNumericInput : gDecNumericInput; - PrintStringAtWithWidth (StartColumnOfHelp, BottomRowOfHelp, gLibEmptyString, ColumnWidth1); + PrintStringAtWithWidth (StartColumnOfHelp, MiddleRowOfHelp, gLibEmptyString, ColumnWidth1); } else { - PrintAt (ColumnWidth1, StartColumnOfHelp, BottomRowOfHelp, L"%c%c%s", ARROW_UP, ARROW_DOWN, gMoveHighlight); + PrintAt (ColumnWidth1, StartColumnOfHelp, MiddleRowOfHelp, L"%c%c%s", ARROW_UP, ARROW_DOWN, gMoveHighlight); } if (Statement->OpCode->OpCode == EFI_IFR_ORDERED_LIST_OP) { @@ -280,7 +288,7 @@ RefreshKeyHelp ( PrintStringAtWithWidth (ThdCol, TopRowOfHelp, ColumnStr3, ColumnWidth3); PrintStringAtWithWidth (SecCol, TopRowOfHelp, ColumnStr2, ColumnWidth2); - PrintStringAtWithWidth (ThdCol, BottomRowOfHelp, gEnterEscapeString, ColumnWidth3); + PrintStringAtWithWidth (ThdCol, MiddleRowOfHelp, gEnterEscapeString, ColumnWidth3); } break; @@ -292,10 +300,10 @@ RefreshKeyHelp ( ColumnStr3 = gEscapeString; } - PrintStringAtWithWidth (ThdCol, BottomRowOfHelp, ColumnStr3, ColumnWidth3); + PrintStringAtWithWidth (ThdCol, MiddleRowOfHelp, ColumnStr3, ColumnWidth3); - PrintAt (ColumnWidth1, StartColumnOfHelp, BottomRowOfHelp, L"%c%c%s", ARROW_UP, ARROW_DOWN, gMoveHighlight); - PrintStringAtWithWidth (SecCol, BottomRowOfHelp, gToggleCheckBox, ColumnWidth2); + PrintAt (ColumnWidth1, StartColumnOfHelp, MiddleRowOfHelp, L"%c%c%s", ARROW_UP, ARROW_DOWN, gMoveHighlight); + PrintStringAtWithWidth (SecCol, MiddleRowOfHelp, gToggleCheckBox, ColumnWidth2); PrintStringAtWithWidth (StartColumnOfHelp, TopRowOfHelp, gLibEmptyString, ColumnWidth1); break; @@ -313,14 +321,14 @@ RefreshKeyHelp ( ColumnStr3 = gEscapeString; } - PrintStringAtWithWidth (ThdCol, BottomRowOfHelp, ColumnStr3, ColumnWidth3); + PrintStringAtWithWidth (ThdCol, MiddleRowOfHelp, ColumnStr3, ColumnWidth3); - PrintAt (ColumnWidth1, StartColumnOfHelp, BottomRowOfHelp, L"%c%c%s", ARROW_UP, ARROW_DOWN, gMoveHighlight); + PrintAt (ColumnWidth1, StartColumnOfHelp, MiddleRowOfHelp, L"%c%c%s", ARROW_UP, ARROW_DOWN, gMoveHighlight); if ((Statement->OpCode->OpCode != EFI_IFR_TEXT_OP) && (Statement->OpCode->OpCode != EFI_IFR_SUBTITLE_OP)) { ColumnStr2 = gEnterString; } - PrintStringAtWithWidth (SecCol, BottomRowOfHelp, ColumnStr2, ColumnWidth2); + PrintStringAtWithWidth (SecCol, MiddleRowOfHelp, ColumnStr2, ColumnWidth2); PrintStringAtWithWidth (StartColumnOfHelp, TopRowOfHelp, ColumnStr1, ColumnWidth1); } else { PrintHotKeyHelpString (FormData, FALSE); @@ -330,9 +338,9 @@ RefreshKeyHelp ( } PrintStringAtWithWidth (StartColumnOfHelp, TopRowOfHelp, ColumnStr1, ColumnWidth1); - PrintStringAtWithWidth (StartColumnOfHelp, BottomRowOfHelp, ColumnStr1, ColumnWidth1); - PrintStringAtWithWidth (SecCol, BottomRowOfHelp, ColumnStr2, ColumnWidth2); - PrintStringAtWithWidth (ThdCol, BottomRowOfHelp, ColumnStr3, ColumnWidth3); + PrintStringAtWithWidth (StartColumnOfHelp, MiddleRowOfHelp, ColumnStr1, ColumnWidth1); + PrintStringAtWithWidth (SecCol, MiddleRowOfHelp, ColumnStr2, ColumnWidth2); + PrintStringAtWithWidth (ThdCol, MiddleRowOfHelp, ColumnStr3, ColumnWidth3); } break; diff --git a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.uni b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.uni index 3f2efa5626..2df5afbd22 100644 --- a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.uni +++ b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.uni @@ -55,3 +55,4 @@ #language fr-FR "Enregistrer les modifications et quitter?" #string ARE_YOU_SURE #language en-US "Press 'Y' to save and exit, 'N' to discard and exit, 'ESC' to cancel." #language fr-FR "Pressez 'Y' pour sauvegarder et quitter, 'N' de se défaire et de sortie" +#string SCREENSHOT_STRING #language en-US "LCtrl+LAlt+F12=Save screenshot" diff --git a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c index 6a80d23bdb..49143469ab 100644 --- a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c +++ b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c @@ -25,6 +25,7 @@ CHAR16 *gMoveHighlight; CHAR16 *gDecNumericInput; CHAR16 *gHexNumericInput; CHAR16 *gToggleCheckBox; +CHAR16 *gScreenshotString; CHAR16 *gLibEmptyString; CHAR16 *gAreYouSure; CHAR16 *gYesResponse; @@ -722,6 +723,7 @@ InitializeLibStrings ( gDecNumericInput = LibGetToken (STRING_TOKEN (DEC_NUMERIC_INPUT), mCDLStringPackHandle); gHexNumericInput = LibGetToken (STRING_TOKEN (HEX_NUMERIC_INPUT), mCDLStringPackHandle); gToggleCheckBox = LibGetToken (STRING_TOKEN (TOGGLE_CHECK_BOX), mCDLStringPackHandle); + gScreenshotString = LibGetToken (STRING_TOKEN (SCREENSHOT_STRING), mCDLStringPackHandle); gAreYouSure = LibGetToken (STRING_TOKEN (ARE_YOU_SURE), mCDLStringPackHandle); gYesResponse = LibGetToken (STRING_TOKEN (ARE_YOU_SURE_YES), mCDLStringPackHandle); @@ -762,6 +764,7 @@ FreeLibStrings ( FreePool (gDecNumericInput); FreePool (gHexNumericInput); FreePool (gToggleCheckBox); + FreePool (gScreenshotString); FreePool (gAreYouSure); FreePool (gYesResponse); diff --git a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.h b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.h index 82bf3b797e..8b2e0e4e38 100644 --- a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.h +++ b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.h @@ -50,7 +50,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define FRONT_PAGE_HEADER_HEIGHT 6 #define NONE_FRONT_PAGE_HEADER_HEIGHT 3 -#define FOOTER_HEIGHT 4 +#define FOOTER_HEIGHT 5 #define STATUS_BAR_HEIGHT 1 // @@ -95,6 +95,7 @@ extern CHAR16 *gMoveHighlight; extern CHAR16 *gDecNumericInput; extern CHAR16 *gHexNumericInput; extern CHAR16 *gToggleCheckBox; +extern CHAR16 *gScreenshotString; extern CHAR16 *gLibEmptyString; extern CHAR16 *gAreYouSure; extern CHAR16 *gYesResponse; From edfbb98171b078ab2be6460268757a35747727fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 2 Oct 2023 10:16:37 +0200 Subject: [PATCH 212/357] OvmfPkg/OvmfPkgX64: Add ScreenshotDxe MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- OvmfPkg/OvmfPkgX64.dsc | 5 +++++ OvmfPkg/OvmfPkgX64.fdf | 2 ++ 2 files changed, 7 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 51799a9689..ce5779a135 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -1171,3 +1171,8 @@ !if $(SATA_PASSWORD_ENABLE) == TRUE SecurityPkg/HddPassword/HddPasswordDxe.inf !endif + + CrScreenshotDxe/CrScreenshotDxe.inf { + + GCC:*_*_*_CC_FLAGS = -mmmx -msse + } diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index e684ff96be..47f25979f5 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -437,6 +437,8 @@ INF SecurityPkg/HddPassword/HddPasswordDxe.inf INF DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf !endif +INF CrScreenshotDxe/CrScreenshotDxe.inf + ################################################################################ [FV.FVMAIN_COMPACT] From df109924c5f294a31189b0255bc650dde93fb217 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 27 Sep 2023 17:28:40 +0200 Subject: [PATCH 213/357] DasharoPayloadPkg/DasharoPayloadPkg.dsc: Add build options for FPDT and CPU_TIMER_LIB MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 20 ++++++++++++++++++-- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 2 ++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 5fd89cf693..8d39ccfd04 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -82,6 +82,11 @@ # DEFINE SHELL_TYPE = BUILD_SHELL + # For recent X86 CPU, 0x15 CPUID instruction will return Time Stamp Counter Frequence. + # This is how BaseCpuTimerLib works, and a recommended way to get Frequence, so set the default value as TRUE. + # Note: for emulation platform such as QEMU, this may not work and should set it as FALSE + DEFINE CPU_TIMER_LIB_ENABLE = TRUE + # # Security options: # @@ -98,6 +103,7 @@ DEFINE IOMMU_ENABLE = FALSE DEFINE SD_MMC_TIMEOUT = 1000000 DEFINE BATTERY_CHECK = FALSE + DEFINE PERFORMANCE_MEASUREMENT_ENABLE = FALSE # # Network definition @@ -222,7 +228,11 @@ # # Platform # +!if $(CPU_TIMER_LIB_ENABLE) == TRUE + TimerLib|UefiCpuPkg/Library/CpuTimerLib/BaseCpuTimerLib.inf +!else TimerLib|DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.inf +!endif ResetSystemLib|DasharoPayloadPkg/Library/ResetSystemLib/ResetSystemLib.inf !if (($(USE_CBMEM_FOR_CONSOLE) == TRUE) && ($(TARGET) == RELEASE)) SerialPortLib|UefiPayloadPkg/Library/CbSerialPortLib/CbSerialPortLib.inf @@ -438,6 +448,10 @@ gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 !endif +!if $(PERFORMANCE_MEASUREMENT_ENABLE) + gEfiMdePkgTokenSpaceGuid.PcdPerformanceLibraryPropertyMask|0x1 +!endif + [PcdsPatchableInModule.common] !if ($(TARGET) == DEBUG || $(USE_CBMEM_FOR_CONSOLE) == TRUE) gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|TRUE @@ -689,8 +703,6 @@ MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf - MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.inf - DasharoPayloadPkg/BlSupportDxe/BlSupportDxe.inf CrScreenshotDxe/CrScreenshotDxe.inf @@ -852,6 +864,10 @@ IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxe.inf !endif +!if $(PERFORMANCE_MEASUREMENT_ENABLE) + MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.inf +!endif + #------------------------------ # Build the shell #------------------------------ diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index b3bac6ae0b..2ebb092db0 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -100,7 +100,9 @@ INF MdeModulePkg/Core/Dxe/DxeMain.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) INF MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.inf +!endif INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf INF UefiCpuPkg/CpuDxe/CpuDxe.inf From 54cd59294d8305d851ec4b968c237322ab324bd2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 27 Sep 2023 18:04:32 +0200 Subject: [PATCH 214/357] DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c: Fix ResetEnd timestamp reporting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c index 63ffa63984..383582e9d7 100644 --- a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c @@ -951,6 +951,7 @@ ParseTimestampTable ( return RETURN_NOT_FOUND; } - Performance->ResetEnd = CbTsRec->base_time; + /* ResetEnd must be reported in nanoseconds, not ticks */ + Performance->ResetEnd = DivU64x32(CbTsRec->base_time, CbTsRec->tick_freq_mhz); return RETURN_SUCCESS; } From 96128c4558c0af6b7e68b48c47100f84ca4bad68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 3 Oct 2023 00:07:28 +0200 Subject: [PATCH 215/357] MdeModulePkg/Universal/Acpi/AcpiTableDxe: copy XFirmwareCtl unconditionally MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../Acpi/AcpiTableDxe/AcpiTableProtocol.c | 30 ++++++++----------- 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableProtocol.c b/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableProtocol.c index e09bc9b704..83b81002c2 100644 --- a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableProtocol.c +++ b/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableProtocol.c @@ -705,16 +705,13 @@ AddTableToList ( // if ((UINT64)(UINTN)AcpiTableInstance->Facs3 < BASE_4GB) { AcpiTableInstance->Fadt3->FirmwareCtrl = (UINT32)(UINTN)AcpiTableInstance->Facs3; - ZeroMem (&AcpiTableInstance->Fadt3->XFirmwareCtrl, sizeof (UINT64)); - } else { - Buffer64 = (UINT64)(UINTN)AcpiTableInstance->Facs3; - CopyMem ( - &AcpiTableInstance->Fadt3->XFirmwareCtrl, - &Buffer64, - sizeof (UINT64) - ); - AcpiTableInstance->Fadt3->FirmwareCtrl = 0; } + Buffer64 = (UINT64) (UINTN) AcpiTableInstance->Facs3; + CopyMem ( + &AcpiTableInstance->Fadt3->XFirmwareCtrl, + &Buffer64, + sizeof (UINT64) + ); if ((UINT64)(UINTN)AcpiTableInstance->Dsdt3 < BASE_4GB) { AcpiTableInstance->Fadt3->Dsdt = (UINT32)(UINTN)AcpiTableInstance->Dsdt3; @@ -863,16 +860,13 @@ AddTableToList ( // if ((UINT64)(UINTN)AcpiTableInstance->Facs3 < BASE_4GB) { AcpiTableInstance->Fadt3->FirmwareCtrl = (UINT32)(UINTN)AcpiTableInstance->Facs3; - ZeroMem (&AcpiTableInstance->Fadt3->XFirmwareCtrl, sizeof (UINT64)); - } else { - Buffer64 = (UINT64)(UINTN)AcpiTableInstance->Facs3; - CopyMem ( - &AcpiTableInstance->Fadt3->XFirmwareCtrl, - &Buffer64, - sizeof (UINT64) - ); - AcpiTableInstance->Fadt3->FirmwareCtrl = 0; } + Buffer64 = (UINT64) (UINTN) AcpiTableInstance->Facs3; + CopyMem ( + &AcpiTableInstance->Fadt3->XFirmwareCtrl, + &Buffer64, + sizeof (UINT64) + ); // // Checksum FADT table From 561cb9c27b546d8d58db3416d5beddc2ddb330b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 28 Sep 2023 17:08:37 +0200 Subject: [PATCH 216/357] DasharoPayloadPkg/Library/PlatformBootManagerLib: Save SMBIOS data in variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../PlatformBootManager.c | 115 ++++++++++++++++++ 1 file changed, 115 insertions(+) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 54f9f40f4f..b950ad9c64 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -1358,6 +1358,119 @@ PrintSolStrings ( } } +STATIC +VOID +SaveSmBiosFieldToEfiVar ( + IN VOID *FieldValue, + IN UINTN FieldSize, + IN CHAR16* VarName +) +{ + VOID *CurrentValue; + EFI_STATUS Status; + UINTN CurrentSize; + BOOLEAN NeedUpdate; + + NeedUpdate = FALSE; + CurrentSize = FieldSize; + CurrentValue = AllocatePool (FieldSize); + + if (!CurrentValue) + return; + + Status = gRT->GetVariable ( + VarName, + &gDasharoSystemFeaturesGuid, + NULL, + &CurrentSize, + CurrentValue + ); + + if (EFI_ERROR (Status)) { + NeedUpdate = TRUE; + } else { + if (CurrentSize != FieldSize) + NeedUpdate = TRUE; + else if (CompareMem (CurrentValue, FieldValue, FieldSize) != 0) + NeedUpdate = TRUE; + } + + if (NeedUpdate) { + DEBUG ((EFI_D_INFO, "%s variable needs update\n", VarName)); + Status = gRT->SetVariable ( + VarName, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + FieldSize, + FieldValue + ); + } + + FreePool(CurrentValue); +} + +STATIC +VOID +SaveSMBIOSFields ( + VOID +) +{ + UINT8 StrIndex; + EFI_STATUS Status; + EFI_SMBIOS_HANDLE SmbiosHandle; + EFI_SMBIOS_PROTOCOL *Smbios; + SMBIOS_TABLE_TYPE1 *Type1Record; + SMBIOS_TABLE_TYPE2 *Type2Record; + EFI_SMBIOS_TABLE_HEADER *Record; + BOOLEAN GotType1; + BOOLEAN GotType2; + CHAR8 *OptionalStrStart; + UINTN StrSize; + + GotType1 = FALSE; + GotType2 = FALSE; + + Status = gBS->LocateProtocol (&gEfiSmbiosProtocolGuid, NULL, (VOID **) &Smbios); + + if (EFI_ERROR(Status)) + return; + + + SmbiosHandle = SMBIOS_HANDLE_PI_RESERVED; + Status = Smbios->GetNext (Smbios, &SmbiosHandle, NULL, &Record, NULL); + while (!EFI_ERROR(Status)) { + if (Record->Type == SMBIOS_TYPE_SYSTEM_INFORMATION) { + Type1Record = (SMBIOS_TABLE_TYPE1 *) Record; + SaveSmBiosFieldToEfiVar((VOID *)&Type1Record->Uuid, sizeof(Type1Record->Uuid), L"Type1UUID"); + GotType1 = TRUE; + } + + if (Record->Type == SMBIOS_TYPE_BASEBOARD_INFORMATION) { + Type2Record = (SMBIOS_TABLE_TYPE2 *) Record; + StrIndex = Type2Record->SerialNumber; + OptionalStrStart = (CHAR8*)((UINT8*)Type2Record + Type2Record->Hdr.Length); + StrSize = 0; + do { + StrIndex--; + OptionalStrStart += StrSize; + StrSize = AsciiStrSize (OptionalStrStart); + } while (OptionalStrStart[StrSize] != 0 && StrIndex != 0); + + if ((StrIndex != 0) || (StrSize == 1)) + DEBUG((EFI_D_INFO, "SMBIOS Type2 Serial Number missing\n")); + else + SaveSmBiosFieldToEfiVar((VOID *)OptionalStrStart, StrSize, L"Type2SN"); + + GotType2 = TRUE; + } + + if (GotType1 && GotType2) + break; + + Status = Smbios->GetNext (Smbios, &SmbiosHandle, NULL, &Record, NULL); + } +} + /** Refresh the logo on ReadyToBoot event. It will clear the screen from strings @@ -1436,6 +1549,8 @@ PlatformBootManagerAfterConsole ( // Tcg2PhysicalPresenceLibProcessRequest (NULL); + SaveSMBIOSFields(); + VarSize = sizeof (NetBootEnabled); Status = gRT->GetVariable ( L"NetworkBoot", From f92fde29d44accd1d7a1883bc354880db072e0de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Fri, 29 Sep 2023 15:30:03 +0200 Subject: [PATCH 217/357] Add option to control serial console MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 1 + MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 8d39ccfd04..2ce089e374 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -666,6 +666,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|$(DASHARO_SYSTEM_FEATURES_ENABLE) gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions|$(IOMMU_ENABLE) + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSerialPortMenu|$(SERIAL_TERMINAL) } MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf index b2a8aeba85..fe7fce636f 100644 --- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf +++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf @@ -42,6 +42,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] DevicePathLib @@ -96,3 +97,6 @@ [UserExtensions.TianoCore."ExtraFiles"] TerminalDxeExtra.uni + +[Depex] + gDasharoSerialRedirectionPolicyGuid From d8340b3e7d3f069404ff64ee10f2f743982ee5f7 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Sun, 8 Oct 2023 11:18:08 +0200 Subject: [PATCH 218/357] .github/workflows/build.yml: add for buiding OVMF firmware Signed-off-by: Maciej Pijanowski --- .github/scripts/build-qemu.sh | 19 +++++++++++++ .github/workflows/build.yml | 51 +++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100755 .github/scripts/build-qemu.sh create mode 100644 .github/workflows/build.yml diff --git a/.github/scripts/build-qemu.sh b/.github/scripts/build-qemu.sh new file mode 100755 index 0000000000..9b49b06643 --- /dev/null +++ b/.github/scripts/build-qemu.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +make -C BaseTools +source ./edksetup.sh + +export EDK2_PLATFORMS_PATH="$WORKSPACE/edk2-platforms" +export PACKAGES_PATH="$WORKSPACE:\ +$EDK2_PLATFORMS_PATH/Platform/Intel:\ +$EDK2_PLATFORMS_PATH/Silicon/Intel:\ +$EDK2_PLATFORMS_PATH/Features/Intel:\ +$EDK2_PLATFORMS_PATH/Features/Intel/Debugging:\ +$EDK2_PLATFORMS_PATH/Features/Intel/Network:\ +$EDK2_PLATFORMS_PATH/Features/Intel/OutOfBandManagement:\ +$EDK2_PLATFORMS_PATH/Features/Intel/PowerManagement:\ +$EDK2_PLATFORMS_PATH/Features/Intel/SystemInformation:\ +$EDK2_PLATFORMS_PATH/Features/Intel/UserInterface" + +build -a IA32 -a X64 -t GCC5 -b RELEASE -p OvmfPkg/OvmfPkgX64.dsc +build -a IA32 -a X64 -t GCC5 -b DEBUG -p OvmfPkg/OvmfPkgX64.dsc diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000000..e0fa7c6bfd --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,51 @@ +name: Check EDK2 QEMU Build + +on: + push: + branches: + - dasharo + pull_request: + branches: + - dasharo + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v2 + with: + submodules: 'recursive' # Checkout submodules recursively. + + - name: Clone edk2-platforms Repository + run: | + git clone https://github.com/Dasharo/edk2-platforms.git && \ + cd edk2-platforms && \ + git checkout 3323ed481d35096fb6a7eae7b49f35eff00f86cf && \ + cd - + + - name: Build OVMF Firmware Image + run: | + docker run --rm -i -v $PWD:/home/coreboot/coreboot:rw \ + -u $(id -u):$(id -g) -w /home/coreboot/coreboot \ + coreboot/coreboot-sdk:2021-09-23_b0d87f753c \ + ./.github/scripts/build-qemu.sh + + - name: Check RELEASE build Artifacts + run: | + if [ -f "Build/OvmfX64/RELEASE_GCC5/FV/OVMF_CODE.fd" ] && [ -f "Build/OvmfX64/RELEASE_GCC5/FV/OVMF_VARS.fd" ]; then + echo "RELEASE build successful. OVMF firmware image files found." + else + echo "RELEASE build failed. OVMF firmware image files not found." + exit 1 + fi + + - name: Check DEBUG build Artifacts + run: | + if [ -f "Build/OvmfX64/DEBUG_GCC5/FV/OVMF_CODE.fd" ] && [ -f "Build/OvmfX64/DEBUG_GCC5/FV/OVMF_VARS.fd" ]; then + echo "DEBUG build successful. OVMF firmware image files found." + else + echo "DEBUG build failed. OVMF firmware image files not found." + exit 1 + fi From 6a61b966b4bcd441fb5f53a09a3cc6471d29095a Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Tue, 10 Oct 2023 14:31:50 +0200 Subject: [PATCH 219/357] .github/workflows/build.yml: store OVMF artifacts Signed-off-by: Maciej Pijanowski --- .github/workflows/build.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e0fa7c6bfd..db8dc2f21a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -49,3 +49,13 @@ jobs: echo "DEBUG build failed. OVMF firmware image files not found." exit 1 fi + + - name: Upload Artifacts + uses: actions/upload-artifact@v2 + with: + name: ovmf-artifacts # Name for the artifact + path: | + Build/OvmfX64/RELEASE_GCC5/FV/OVMF_CODE.fd + Build/OvmfX64/RELEASE_GCC5/FV/OVMF_VARS.fd + Build/OvmfX64/DEBUG_GCC5/FV/OVMF_CODE.fd + Build/OvmfX64/DEBUG_GCC5/FV/OVMF_VARS.fd From b2fb8a6825b51272c0a4787403860406c7eda864 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Mon, 9 Oct 2023 13:19:43 +0200 Subject: [PATCH 220/357] .github/scripts/run-qemu.sh: add This script can be useful for testing in OSFV. The serial port can be accessed with: telnet 127.0.0.1 1234 This way, we can control the edk2 menus in tests. Signed-off-by: Maciej Pijanowski --- .github/scripts/run-qemu.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100755 .github/scripts/run-qemu.sh diff --git a/.github/scripts/run-qemu.sh b/.github/scripts/run-qemu.sh new file mode 100755 index 0000000000..a4e71907d5 --- /dev/null +++ b/.github/scripts/run-qemu.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +cp ./Build/OvmfX64/RELEASE_GCC5/FV/OVMF_VARS.fd /tmp/OVMF_VARS.fd + +qemu-system-x86_64 -machine q35,smm=on \ + -global driver=cfi.pflash01,property=secure,value=on \ + -drive if=pflash,format=raw,unit=0,file=Build/OvmfX64/RELEASE_GCC5/FV/OVMF_CODE.fd,readonly=on \ + -drive if=pflash,format=raw,unit=1,file=/tmp/OVMF_VARS.fd \ + -debugcon file:debug.log -global isa-debugcon.iobase=0x402 \ + -global ICH9-LPC.disable_s3=1 \ + -qmp unix:/tmp/qmp-socket,server,nowait \ + -net none \ + -serial telnet:localhost:1234,server,nowait \ + -nographic From 3c375bd8463e076124086d1060b99d398abc473d Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Mon, 15 Apr 2024 19:39:19 +0300 Subject: [PATCH 221/357] OvmfPkg: always enable serial console redirection Signed-off-by: Maciej Pijanowski --- OvmfPkg/OvmfPkgX64.dsc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index ce5779a135..1eb2c1358e 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -645,6 +645,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise|TRUE gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState|TRUE ################################################################################ # @@ -901,6 +902,7 @@ NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerUiLib.inf gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|$(DASHARO_SYSTEM_FEATURES_ENABLE) + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSerialPortMenu|TRUE } OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf { From f5ac6fa13099db4891377d7ac7dca841f43e09d1 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Wed, 11 Oct 2023 00:10:42 +0200 Subject: [PATCH 222/357] OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c: print setup keys Our tests expect these strings to be there, as they are for the DasharoPayloadPkg as well. Signed-off-by: Maciej Pijanowski --- OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index d9f61757cf..6eefb691bd 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -1778,6 +1778,12 @@ PlatformBootManagerAfterConsole ( DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n")); + // This is probably the earliest we can print this, as before the console is + // not ready yet. + Print(L"ESC to enter Setup\n"); + Print(L"F2 to enter Boot Manager Menu\n"); + Print(L"ENTER to boot directly\n"); + if (PcdGetBool (PcdOvmfFlashVariablesEnable)) { DEBUG (( DEBUG_INFO, From 8a070fb919172f3ca499a14490e39f44450d3e63 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Wed, 11 Oct 2023 00:37:58 +0200 Subject: [PATCH 223/357] OvmfPkg: register BootManagerMenuApp Ported from EmulatorPkg. Signed-off-by: Maciej Pijanowski --- .../PlatformBootManagerLib/BdsPlatform.c | 150 +++++++++++++++++- 1 file changed, 149 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index 6eefb691bd..41f41f03aa 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -15,6 +15,10 @@ #include #include +EFI_GUID mBootMenuFile = { + 0xEEC25BDC, 0x67F2, 0x4D95, { 0xB1, 0xD5, 0xF8, 0x1B, 0x20, 0x39, 0xD1, 0x1D } +}; + // // Global data // @@ -82,6 +86,148 @@ InstallDevicePathCallback ( VOID ); +EFI_DEVICE_PATH * +FvFilePath ( + EFI_GUID *FileGuid + ) +{ + + EFI_STATUS Status; + EFI_LOADED_IMAGE_PROTOCOL *LoadedImage; + MEDIA_FW_VOL_FILEPATH_DEVICE_PATH FileNode; + + EfiInitializeFwVolDevicepathNode (&FileNode, FileGuid); + + Status = gBS->HandleProtocol ( + gImageHandle, + &gEfiLoadedImageProtocolGuid, + (VOID **) &LoadedImage + ); + ASSERT_EFI_ERROR (Status); + return AppendDevicePathNode ( + DevicePathFromHandle (LoadedImage->DeviceHandle), + (EFI_DEVICE_PATH_PROTOCOL *) &FileNode + ); +} + +/** + Create one boot option for BootManagerMenuApp. + + @param FileGuid Input file guid for the BootManagerMenuApp. + @param Description Description of the BootManagerMenuApp boot option. + @param Position Position of the new load option to put in the ****Order variable. + @param IsBootCategory Whether this is a boot category. + + + @retval OptionNumber Return the option number info. + +**/ +UINTN +RegisterBootManagerMenuAppBootOption ( + EFI_GUID *FileGuid, + CHAR16 *Description, + UINTN Position, + BOOLEAN IsBootCategory + ) +{ + EFI_STATUS Status; + EFI_BOOT_MANAGER_LOAD_OPTION NewOption; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + UINTN OptionNumber; + + DevicePath = FvFilePath (FileGuid); + Status = EfiBootManagerInitializeLoadOption ( + &NewOption, + LoadOptionNumberUnassigned, + LoadOptionTypeBoot, + IsBootCategory ? LOAD_OPTION_ACTIVE : LOAD_OPTION_CATEGORY_APP, + Description, + DevicePath, + NULL, + 0 + ); + ASSERT_EFI_ERROR (Status); + FreePool (DevicePath); + + Status = EfiBootManagerAddLoadOptionVariable (&NewOption, Position); + ASSERT_EFI_ERROR (Status); + + OptionNumber = NewOption.OptionNumber; + + EfiBootManagerFreeLoadOption (&NewOption); + + return OptionNumber; +} + +/** + Check if it's a Device Path pointing to BootManagerMenuApp. + + @param DevicePath Input device path. + + @retval TRUE The device path is BootManagerMenuApp File Device Path. + @retval FALSE The device path is NOT BootManagerMenuApp File Device Path. +**/ +BOOLEAN +IsBootManagerMenuAppFilePath ( + EFI_DEVICE_PATH_PROTOCOL *DevicePath +) +{ + EFI_HANDLE FvHandle; + VOID *NameGuid; + EFI_STATUS Status; + + Status = gBS->LocateDevicePath (&gEfiFirmwareVolume2ProtocolGuid, &DevicePath, &FvHandle); + if (!EFI_ERROR (Status)) { + NameGuid = EfiGetNameGuidFromFwVolDevicePathNode ((CONST MEDIA_FW_VOL_FILEPATH_DEVICE_PATH *) DevicePath); + if (NameGuid != NULL) { + return CompareGuid (NameGuid, &mBootMenuFile); + } + } + + return FALSE; +} + +/** + Return the boot option number to the BootManagerMenuApp. + + If not found it in the current boot option, create a new one. + + @retval OptionNumber Return the boot option number to the BootManagerMenuApp. + +**/ +UINTN +GetBootManagerMenuAppOption ( + VOID + ) +{ + UINTN BootOptionCount; + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; + UINTN Index; + UINTN OptionNumber; + + OptionNumber = 0; + + BootOptions = EfiBootManagerGetLoadOptions (&BootOptionCount, LoadOptionTypeBoot); + + for (Index = 0; Index < BootOptionCount; Index++) { + if (IsBootManagerMenuAppFilePath (BootOptions[Index].FilePath)) { + OptionNumber = BootOptions[Index].OptionNumber; + break; + } + } + + EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); + + if (Index >= BootOptionCount) { + // + // If not found the BootManagerMenuApp, create it. + // + OptionNumber = (UINT16) RegisterBootManagerMenuAppBootOption (&mBootMenuFile, L"UEFI BootManagerMenuApp", (UINTN) -1, FALSE); + } + + return OptionNumber; +} + VOID PlatformRegisterFvBootOption ( EFI_GUID *FileGuid, @@ -341,6 +487,7 @@ PlatformRegisterOptionsAndKeys ( EFI_INPUT_KEY F2; EFI_INPUT_KEY Esc; EFI_BOOT_MANAGER_LOAD_OPTION BootOption; + UINTN OptionNumber; // // Register ENTER as CONTINUE key @@ -359,9 +506,10 @@ PlatformRegisterOptionsAndKeys ( Esc.UnicodeChar = CHAR_NULL; Status = EfiBootManagerGetBootManagerMenu (&BootOption); ASSERT_EFI_ERROR (Status); + OptionNumber = GetBootManagerMenuAppOption (); Status = EfiBootManagerAddKeyOptionVariable ( NULL, - (UINT16)BootOption.OptionNumber, + (UINT16)OptionNumber, 0, &F2, NULL From a0f8373b0436022e4bf6f1b7c51352deea2f2ae6 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Wed, 11 Oct 2023 13:07:39 +0200 Subject: [PATCH 224/357] OvmfPkg: set terminal type to EFI_TTY_TERM Signed-off-by: Maciej Pijanowski --- OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 6 ++++++ .../PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + 2 files changed, 7 insertions(+) diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index 41f41f03aa..0244ae22a9 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -14,6 +14,7 @@ #include #include #include +#include EFI_GUID mBootMenuFile = { 0xEEC25BDC, 0x67F2, 0x4D95, { 0xB1, 0xD5, 0xF8, 0x1B, 0x20, 0x39, 0xD1, 0x1D } @@ -846,6 +847,7 @@ PrepareLpcBridgeDevicePath ( EFI_STATUS Status; EFI_DEVICE_PATH_PROTOCOL *DevicePath; EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; + EFI_GUID TerminalTypeGuid; CHAR16 *DevPathStr; DevicePath = NULL; @@ -884,6 +886,10 @@ PrepareLpcBridgeDevicePath ( DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode ); + + TerminalTypeGuid = gEfiTtyTermGuid; + CopyGuid (&gTerminalTypeDeviceNode.Guid, &TerminalTypeGuid); + DevicePath = AppendDevicePathNode ( DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index c6ffc1ed9e..db20f66dbc 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -87,3 +87,4 @@ gRootBridgesConnectedEventGroupGuid gUefiShellFileGuid gGrubFileGuid + gEfiTtyTermGuid From 130ac267c92b2c99caa59d989e7af12a1406e808 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Wed, 11 Oct 2023 13:28:16 +0200 Subject: [PATCH 225/357] OvmfPkg: sync the UEFI Shel entry name with UefiPayload Signed-off-by: Maciej Pijanowski --- OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index 0244ae22a9..ad75807c00 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -1999,7 +1999,7 @@ PlatformBootManagerAfterConsole ( // PlatformRegisterFvBootOption ( &gUefiShellFileGuid, - L"EFI Internal Shell", + L"UEFI Shell", LOAD_OPTION_ACTIVE ); From 05ae0306c0c8887bc4adc7ecc857e832e7824ac4 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Wed, 11 Oct 2023 15:26:27 +0200 Subject: [PATCH 226/357] OvmfPkg: swap ESC and F2 mapping We want the following: - ESC - one time boot menu - F2 - setup menu See the discussion in Github: https://github.com/Dasharo/edk2/pull/91#issuecomment-1757624392 Signed-off-by: Maciej Pijanowski --- OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index ad75807c00..d5d7145276 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -512,7 +512,7 @@ PlatformRegisterOptionsAndKeys ( NULL, (UINT16)OptionNumber, 0, - &F2, + &Esc, NULL ); ASSERT (Status == EFI_SUCCESS || Status == EFI_ALREADY_STARTED); @@ -520,7 +520,7 @@ PlatformRegisterOptionsAndKeys ( NULL, (UINT16)BootOption.OptionNumber, 0, - &Esc, + &F2, NULL ); ASSERT (Status == EFI_SUCCESS || Status == EFI_ALREADY_STARTED); @@ -1934,8 +1934,8 @@ PlatformBootManagerAfterConsole ( // This is probably the earliest we can print this, as before the console is // not ready yet. - Print(L"ESC to enter Setup\n"); - Print(L"F2 to enter Boot Manager Menu\n"); + Print(L"F2 to enter Setup\n"); + Print(L"ESC to enter Boot Manager Menu\n"); Print(L"ENTER to boot directly\n"); if (PcdGetBool (PcdOvmfFlashVariablesEnable)) { From 43b7c321b8e9385d9517a49378fc02ff9a856c29 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Wed, 11 Oct 2023 15:47:10 +0200 Subject: [PATCH 227/357] .github/scripts/run-qemu.sh: run with graphic ON by default Signed-off-by: Maciej Pijanowski --- .github/scripts/run-qemu.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/scripts/run-qemu.sh b/.github/scripts/run-qemu.sh index a4e71907d5..4a2e44a38c 100755 --- a/.github/scripts/run-qemu.sh +++ b/.github/scripts/run-qemu.sh @@ -2,7 +2,7 @@ cp ./Build/OvmfX64/RELEASE_GCC5/FV/OVMF_VARS.fd /tmp/OVMF_VARS.fd -qemu-system-x86_64 -machine q35,smm=on \ +q35_params="-machine q35,smm=on \ -global driver=cfi.pflash01,property=secure,value=on \ -drive if=pflash,format=raw,unit=0,file=Build/OvmfX64/RELEASE_GCC5/FV/OVMF_CODE.fd,readonly=on \ -drive if=pflash,format=raw,unit=1,file=/tmp/OVMF_VARS.fd \ @@ -10,5 +10,10 @@ qemu-system-x86_64 -machine q35,smm=on \ -global ICH9-LPC.disable_s3=1 \ -qmp unix:/tmp/qmp-socket,server,nowait \ -net none \ - -serial telnet:localhost:1234,server,nowait \ - -nographic + -serial telnet:localhost:1234,server,nowait" + +if [ "$1" == "nographic" ]; then + qemu-system-x86_64 $q35_params -nographic +else + qemu-system-x86_64 $q35_params +fi From 37ba93ed2502d98ba959990c89446c9685762cc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 18 Oct 2023 12:25:05 +0200 Subject: [PATCH 228/357] MdeModulePkg/Library/CustomizedDisplayLib: Fix hotkey positioning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c index 49143469ab..9eeea21792 100644 --- a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c +++ b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c @@ -583,7 +583,7 @@ PrintHotKeyHelpString ( CopyMem (&LocalScreen, &gScreenDimensions, sizeof (EFI_SCREEN_DESCRIPTOR)); ColumnWidth = (LocalScreen.RightColumn - LocalScreen.LeftColumn) / 3; - BottomRowOfHotKeyHelp = LocalScreen.BottomRow - STATUS_BAR_HEIGHT - 3; + BottomRowOfHotKeyHelp = LocalScreen.BottomRow - STATUS_BAR_HEIGHT - 4; ColumnStr = gLibEmptyString; // From 27f10b5dfc09784fe97c5a65cb4d9b3732093645 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 18 Oct 2023 11:32:30 +0200 Subject: [PATCH 229/357] MdeModulePkg/BootMaintenanceManagerUiLib: Produce default opcode for timeout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../BootMaintenanceManagerCustomizedUiSupport.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerCustomizedUiSupport.c b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerCustomizedUiSupport.c index e16936041a..48c424c941 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerCustomizedUiSupport.c +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerCustomizedUiSupport.c @@ -120,6 +120,18 @@ BmmCreateTimeOutMenu ( IN VOID *StartOpCodeHandle ) { + VOID *DefaultOpCodeHandle; + + DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); + ASSERT (DefaultOpCodeHandle != NULL); + + HiiCreateDefaultOpCode ( + DefaultOpCodeHandle, + EFI_HII_DEFAULT_CLASS_STANDARD, + EFI_IFR_TYPE_NUM_SIZE_16, + PcdGet16 (PcdPlatformBootTimeOut) + ); + HiiCreateNumericOpCode ( StartOpCodeHandle, (EFI_QUESTION_ID)FORM_TIME_OUT_ID, @@ -132,8 +144,10 @@ BmmCreateTimeOutMenu ( 0, 65535, 0, - NULL + DefaultOpCodeHandle ); + + HiiFreeOpCodeHandle (DefaultOpCodeHandle); } /** From 9785a614fb968958a29d1ad13d4554d1e2872a91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 18 Oct 2023 11:33:15 +0200 Subject: [PATCH 230/357] Ensure the PcdPlatformBootTimeOut is not updated to make it the default value MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../PlatformBootManager.c | 18 +++++- .../BootMaintenance.c | 9 ++- MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 23 +++++-- .../PlatformBootManagerLib/BdsPlatform.c | 64 +++++++++++++------ 4 files changed, 81 insertions(+), 33 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index b950ad9c64..2a30fd4ff9 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -1647,8 +1647,22 @@ PlatformBootManagerWaitCallback ( EFI_GRAPHICS_OUTPUT_BLT_PIXEL_UNION Black; EFI_GRAPHICS_OUTPUT_BLT_PIXEL_UNION White; UINT16 Timeout; - - Timeout = PcdGet16 (PcdPlatformBootTimeOut); + UINTN DataSize; + EFI_STATUS Status; + + DEBUG ((EFI_D_INFO, "[Bds]BdsWait ...Zzzzzzzzzzzz...\n")); + + DataSize = sizeof(Timeout); + Status = gRT->GetVariable( + EFI_TIME_OUT_VARIABLE_NAME, + &gEfiGlobalVariableGuid, + NULL, + &DataSize, + &Timeout + ); + if (EFI_ERROR (Status)) { + Timeout = PcdGet16 (PcdPlatformBootTimeOut); + } Black.Raw = 0x00000000; White.Raw = 0x00FFFFFF; diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c index 7a00869bc3..8f2a31a3e8 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c @@ -894,7 +894,6 @@ BootMaintRouteConfig ( goto Exit; } - PcdSet16S (PcdPlatformBootTimeOut, NewBmmData->BootTimeOut); Private->BmmOldFakeNVData.BootTimeOut = NewBmmData->BootTimeOut; } @@ -1532,13 +1531,13 @@ InitializeBmmConfig ( &DataSize, &BootTimeout ); - if (!EFI_ERROR (Status) && BootTimeout != 0xFFFF) { + if (!EFI_ERROR (Status)) { DEBUG ((EFI_D_INFO, "%a: Timeout from variable: %d\n", __FUNCTION__, BootTimeout)); - PcdSet16S (PcdPlatformBootTimeOut, BootTimeout); + CallbackData->BmmFakeNvData.BootTimeOut = BootTimeout; + } else { + CallbackData->BmmFakeNvData.BootTimeOut = PcdGet16 (PcdPlatformBootTimeOut); } - CallbackData->BmmFakeNvData.BootTimeOut = PcdGet16 (PcdPlatformBootTimeOut); - // // Initialize data which located in Boot Options Menu // diff --git a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c index 5ab3343a82..3670ae6f28 100644 --- a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c +++ b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c @@ -318,10 +318,25 @@ BdsWait ( { EFI_STATUS Status; UINT16 TimeoutRemain; + UINT16 BootTimeout; + UINTN DataSize; DEBUG ((DEBUG_INFO, "[Bds]BdsWait ...Zzzzzzzzzzzz...\n")); - TimeoutRemain = PcdGet16 (PcdPlatformBootTimeOut); + DataSize = sizeof(BootTimeout); + Status = gRT->GetVariable( + EFI_TIME_OUT_VARIABLE_NAME, + &gEfiGlobalVariableGuid, + NULL, + &DataSize, + &BootTimeout + ); + if (EFI_ERROR (Status)) { + BootTimeout = PcdGet16 (PcdPlatformBootTimeOut); + } + + TimeoutRemain = BootTimeout; + while (TimeoutRemain != 0) { DEBUG ((DEBUG_INFO, "[Bds]BdsWait(%d)..Zzzz...\n", (UINTN)TimeoutRemain)); PlatformBootManagerWaitCallback (TimeoutRemain); @@ -354,7 +369,7 @@ BdsWait ( // Note that the (TimeoutRemain == 0) condition excludes // PcdPlatformBootTimeOut=0xFFFF, and that's deliberate. // - if ((PcdGet16 (PcdPlatformBootTimeOut) != 0) && (TimeoutRemain == 0)) { + if ((BootTimeout != 0) && (TimeoutRemain == 0)) { PlatformBootManagerWaitCallback (0); } @@ -755,9 +770,7 @@ BdsEntry ( &DataSize, &BootTimeOut ); - if (!EFI_ERROR (Status) && BootTimeOut != 0xFFFF) { - PcdSet16S (PcdPlatformBootTimeOut, BootTimeOut); - } else { + if (EFI_ERROR (Status)) { BootTimeOut = PcdGet16 (PcdPlatformBootTimeOut); if (BootTimeOut != 0xFFFF) { // diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index d5d7145276..fafb2983f7 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -575,7 +575,7 @@ PlatformBootManagerBeforeConsole ( EFI_HANDLE Handle; EFI_STATUS Status; UINT16 FrontPageTimeout; - RETURN_STATUS PcdStatus; + UINTN DataSize; DEBUG ((DEBUG_INFO, "PlatformBootManagerBeforeConsole\n")); InstallDevicePathCallback (); @@ -651,29 +651,37 @@ PlatformBootManagerBeforeConsole ( XenDetected () ? gXenPlatformConsole : gPlatformConsole ); - FrontPageTimeout = GetFrontPageTimeoutFromQemu (); - PcdStatus = PcdSet16S (PcdPlatformBootTimeOut, FrontPageTimeout); - ASSERT_RETURN_ERROR (PcdStatus); - // - // Reflect the PCD in the standard Timeout variable. - // - Status = gRT->SetVariable ( + DataSize = sizeof(FrontPageTimeout); + Status = gRT->GetVariable( EFI_TIME_OUT_VARIABLE_NAME, &gEfiGlobalVariableGuid, - (EFI_VARIABLE_NON_VOLATILE | - EFI_VARIABLE_BOOTSERVICE_ACCESS | - EFI_VARIABLE_RUNTIME_ACCESS), - sizeof FrontPageTimeout, + NULL, + &DataSize, &FrontPageTimeout ); - DEBUG (( - EFI_ERROR (Status) ? DEBUG_ERROR : DEBUG_VERBOSE, - "%a: SetVariable(%s, %u): %r\n", - __func__, - EFI_TIME_OUT_VARIABLE_NAME, - FrontPageTimeout, - Status - )); + if (EFI_ERROR (Status)) { + FrontPageTimeout = GetFrontPageTimeoutFromQemu (); + // + // Reflect the PCD in the standard Timeout variable. + // + Status = gRT->SetVariable ( + EFI_TIME_OUT_VARIABLE_NAME, + &gEfiGlobalVariableGuid, + (EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS), + sizeof FrontPageTimeout, + &FrontPageTimeout + ); + DEBUG (( + EFI_ERROR (Status) ? DEBUG_ERROR : DEBUG_VERBOSE, + "%a: SetVariable(%s, %u): %r\n", + __FUNCTION__, + EFI_TIME_OUT_VARIABLE_NAME, + FrontPageTimeout, + Status + )); + } if (!FeaturePcdGet (PcdBootRestrictToFirmware)) { PlatformRegisterOptionsAndKeys (); @@ -2137,8 +2145,22 @@ PlatformBootManagerWaitCallback ( EFI_GRAPHICS_OUTPUT_BLT_PIXEL_UNION Black; EFI_GRAPHICS_OUTPUT_BLT_PIXEL_UNION White; UINT16 TimeoutInitial; + UINTN DataSize; + EFI_STATUS Status; + + DEBUG ((EFI_D_INFO, "[Bds]BdsWait ...Zzzzzzzzzzzz...\n")); - TimeoutInitial = PcdGet16 (PcdPlatformBootTimeOut); + DataSize = sizeof (TimeoutInitial); + Status = gRT->GetVariable( + EFI_TIME_OUT_VARIABLE_NAME, + &gEfiGlobalVariableGuid, + NULL, + &DataSize, + &TimeoutInitial + ); + if (EFI_ERROR (Status)) { + TimeoutInitial = PcdGet16 (PcdPlatformBootTimeOut); + } // // If PcdPlatformBootTimeOut is set to zero, then we consider From 20922751bb72a04e355cb7c2fac3f52308d077b1 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Fri, 13 Oct 2023 11:31:26 +0200 Subject: [PATCH 231/357] OvmfPkg: enable all recent Dasharo System Feautures This will allow us testing easily more menus in QEMU Signed-off-by: Maciej Pijanowski --- OvmfPkg/OvmfPkgX64.dsc | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 1eb2c1358e..4365df0946 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -645,7 +645,16 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise|TRUE gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowSleepType|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPciMenu|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdPciMenuShowResizeableBars|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowBatteryThresholds|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMemoryMenu|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSerialPortMenu|TRUE gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowWiFiBtOption|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowCameraOption|TRUE ################################################################################ # From 4506bd8387244c7f4bec5b9cb89539efd6267608 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Fri, 13 Oct 2023 11:38:36 +0200 Subject: [PATCH 232/357] .github/workflows/build.yml: create release on tag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Maciej Pijanowski Signed-off-by: Piotr Król --- .github/workflows/build.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index db8dc2f21a..2f5b40d621 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,6 +4,8 @@ on: push: branches: - dasharo + tags: + - 'qemu_q35_v*' pull_request: branches: - dasharo @@ -59,3 +61,13 @@ jobs: Build/OvmfX64/RELEASE_GCC5/FV/OVMF_VARS.fd Build/OvmfX64/DEBUG_GCC5/FV/OVMF_CODE.fd Build/OvmfX64/DEBUG_GCC5/FV/OVMF_VARS.fd + + - name: Create GitHub Release + uses: softprops/action-gh-release@v1 + if: startsWith(github.event.ref, 'refs/tags/qemu') + with: + files: | + Build/OvmfX64/RELEASE_GCC5/FV/OVMF_CODE.fd + Build/OvmfX64/RELEASE_GCC5/FV/OVMF_VARS.fd + Build/OvmfX64/DEBUG_GCC5/FV/OVMF_CODE.fd + Build/OvmfX64/DEBUG_GCC5/FV/OVMF_VARS.fd From 6bff5bb29e9313e8be08596885fd9565daa22627 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Fri, 13 Oct 2023 12:28:33 +0200 Subject: [PATCH 233/357] .github/workflows/build.yml: unique names for artifacts Signed-off-by: Maciej Pijanowski --- .github/workflows/build.yml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2f5b40d621..71b374f1e2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -38,6 +38,8 @@ jobs: run: | if [ -f "Build/OvmfX64/RELEASE_GCC5/FV/OVMF_CODE.fd" ] && [ -f "Build/OvmfX64/RELEASE_GCC5/FV/OVMF_VARS.fd" ]; then echo "RELEASE build successful. OVMF firmware image files found." + cp Build/OvmfX64/RELEASE_GCC5/FV/OVMF_CODE.fd OVMF_CODE_RELEASE.fd + cp Build/OvmfX64/RELEASE_GCC5/FV/OVMF_VARS.fd OVMF_VARS_RELEASE.fd else echo "RELEASE build failed. OVMF firmware image files not found." exit 1 @@ -47,6 +49,8 @@ jobs: run: | if [ -f "Build/OvmfX64/DEBUG_GCC5/FV/OVMF_CODE.fd" ] && [ -f "Build/OvmfX64/DEBUG_GCC5/FV/OVMF_VARS.fd" ]; then echo "DEBUG build successful. OVMF firmware image files found." + cp Build/OvmfX64/DEBUG_GCC5/FV/OVMF_CODE.fd OVMF_CODE_DEBUG.fd + cp Build/OvmfX64/DEBUG_GCC5/FV/OVMF_VARS.fd OVMF_VARS_DEBUG.fd else echo "DEBUG build failed. OVMF firmware image files not found." exit 1 @@ -57,17 +61,17 @@ jobs: with: name: ovmf-artifacts # Name for the artifact path: | - Build/OvmfX64/RELEASE_GCC5/FV/OVMF_CODE.fd - Build/OvmfX64/RELEASE_GCC5/FV/OVMF_VARS.fd - Build/OvmfX64/DEBUG_GCC5/FV/OVMF_CODE.fd - Build/OvmfX64/DEBUG_GCC5/FV/OVMF_VARS.fd + OVMF_CODE_RELEASE.fd + OVMF_VARS_RELEASE.fd + OVMF_CODE_DEBUG.fd + OVMF_VARS_DEBUG.fd - name: Create GitHub Release uses: softprops/action-gh-release@v1 if: startsWith(github.event.ref, 'refs/tags/qemu') with: files: | - Build/OvmfX64/RELEASE_GCC5/FV/OVMF_CODE.fd - Build/OvmfX64/RELEASE_GCC5/FV/OVMF_VARS.fd - Build/OvmfX64/DEBUG_GCC5/FV/OVMF_CODE.fd - Build/OvmfX64/DEBUG_GCC5/FV/OVMF_VARS.fd + OVMF_CODE_RELEASE.fd + OVMF_VARS_RELEASE.fd + OVMF_CODE_DEBUG.fd + OVMF_VARS_DEBUG.fd From 3e7f667091097134f17e65f3acf806ce8d96cd66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 24 Oct 2023 14:40:28 +0200 Subject: [PATCH 234/357] SecurityPkg/Library/AuthVariableLib: Add support for default SB state in PCD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h | 1 + SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c | 2 +- SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 4 ++++ SecurityPkg/SecurityPkg.dec | 7 +++++++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h index f7bf771d55..2701555859 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h +++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h @@ -27,6 +27,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c index 0167422299..426a8f73c5 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -217,7 +217,7 @@ AuthVariableLibInitialize ( // // "SecureBootEnable" not exist, initialize it in USER_MODE. // - SecureBootEnable = SECURE_BOOT_ENABLE; + SecureBootEnable = FixedPcdGet8 (PcdSecureBootDefaultEnable); Status = AuthServiceInternalUpdateVariable ( EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf index d630d4d806..36497c491e 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf @@ -44,6 +44,10 @@ BaseCryptLib PlatformSecureLib VariablePolicyLib + PcdLib + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable [Guids] ## CONSUMES ## Variable:L"SetupMode" diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 00c4ebdbed..e3c9764692 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -325,6 +325,13 @@ gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A|UINT32|0x00010030 gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B|UINT32|0x00010031 + ## Specifies the Secure Boot state after settings are reset.

+ # If 0, Disable Secure Boot when settings are reset.
+ # If 1, Enable Secure Boot when settings are reset.
+ # @Prompt Secure Boot default state. + # @ValidRange 0x80000001 | 0x00 - 0x1 + gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|1|UINT8|0x0000000A + [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## Image verification policy for OptionRom. Only following values are valid:

# NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.
From 297f5dfcf858625c6b6b3469bee7a6a8dfe69a60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 24 Oct 2023 14:41:14 +0200 Subject: [PATCH 235/357] SecurityPkg/Library/SecureBootVariableProvisionLib: Fix enrolling dbx MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The dbx file from uefi.org page is the complete variable value with a time payload already incorporated. The BIOS is supposed to call the SerVariable with the buffer pointing to the dbx file content: https://uefi.org/revocationlistfile Signed-off-by: Michał Żygowski Signed-off-by: Sergii Dmytruk --- .../SecureBootVariableProvisionLib.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c index d6046c85d2..757cab82c4 100644 --- a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c +++ b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c @@ -23,6 +23,7 @@ #include #include #include +#include /** Create a EFI Signature List with data fetched from section specified as a argument. @@ -79,6 +80,13 @@ SecureBootFetchData ( ); if (Status == EFI_SUCCESS) { + /* dbx file downloaded from uefi.org is a raw variable value, simply return the buffer. */ + if (CompareGuid(KeyFileGuid, &gDefaultdbxFileGuid)) { + *SigListOut = (EFI_SIGNATURE_LIST *)Buffer; + *SigListsSize = Size; + return EFI_SUCCESS; + } + RsaPubKey = NULL; if (RsaGetPublicKeyFromX509 (Buffer, Size, &RsaPubKey) == FALSE) { DEBUG ((DEBUG_ERROR, "%a: Invalid key format: %d\n", __func__, KeyIndex)); @@ -154,6 +162,7 @@ EnrollFromDefault ( ) { VOID *Data; + VOID *EnrollData; UINTN DataSize; EFI_STATUS Status; @@ -166,7 +175,14 @@ EnrollFromDefault ( return Status; } - Status = EnrollFromInput (VariableName, VendorGuid, DataSize, Data); + EnrollData = Data; + /* dbx from uefi.org comes with the time payload. */ + if (StrCmp (DefaultName, EFI_DBX_DEFAULT_VARIABLE_NAME) == 0) { + DataSize -= AUTHINFO2_SIZE (Data); + EnrollData = (UINT8 *) Data + AUTHINFO2_SIZE (Data); + } + + Status = EnrollFromInput (VariableName, VendorGuid, DataSize, EnrollData); if (Data != NULL) { FreePool (Data); From 85f4fa1eb5b71f228d6347c97ce7735e424a5b07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 24 Oct 2023 14:46:05 +0200 Subject: [PATCH 236/357] SecurityPkg/Library/SecureBootVariableLib: Add API to set SB state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../Include/Library/SecureBootVariableLib.h | 15 +++++++ .../SecureBootVariableLib.c | 39 +++++++++++++++++++ 2 files changed, 54 insertions(+) diff --git a/SecurityPkg/Include/Library/SecureBootVariableLib.h b/SecurityPkg/Include/Library/SecureBootVariableLib.h index c486801c31..5bf91cf141 100644 --- a/SecurityPkg/Include/Library/SecureBootVariableLib.h +++ b/SecurityPkg/Include/Library/SecureBootVariableLib.h @@ -30,6 +30,21 @@ SetSecureBootMode ( IN UINT8 SecureBootMode ); +/** + + Set the platform secure boot state into "Enabled" or "Disabled". + + @param[in] SecureBootMode New secure boot state. + + @return EFI_SUCCESS The platform has switched to the new state successfully. + @return other Fail to operate the secure boot state. + +**/ +EFI_STATUS +SetSecureBootState ( + IN UINT8 SecureBootState +); + /** Fetches the value of SetupMode variable. diff --git a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c index 24599c7a0b..7bcb6ed2bf 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c +++ b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c @@ -401,6 +401,45 @@ SetSecureBootMode ( ); } + +/** + + Set the platform secure boot state into "Enabled" or "Disabled". + + @param[in] SecureBootMode New secure boot state. + + @return EFI_SUCCESS The platform has switched to the new state successfully. + @return other Fail to operate the secure boot mode. + +**/ +EFI_STATUS +SetSecureBootState ( + IN UINT8 SecureBootState + ) +{ + EFI_STATUS Status; + + Status = gRT->SetVariable ( + EFI_SECURE_BOOT_MODE_NAME, + &gEfiGlobalVariableGuid, + EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof(UINT8), + &SecureBootState + ); + + if (EFI_ERROR (Status)) { + return Status; + } + + return gRT->SetVariable ( + EFI_SECURE_BOOT_ENABLE_NAME, + &gEfiSecureBootEnableDisableGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof (UINT8), + &SecureBootState + ); +} + /** Fetches the value of SetupMode variable. From 8217277a08de5b4225ad1f739916cd44bb0351e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 24 Oct 2023 14:47:18 +0200 Subject: [PATCH 237/357] SecureBootDefaultKeysDxe: Enroll default keys if boot with default settings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../SecureBootDefaultKeysDxe.c | 104 +++++++++++++++++- .../SecureBootDefaultKeysDxe.inf | 5 + 2 files changed, 108 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c index 2f6f3e6796..0e5044d9e1 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c @@ -12,12 +12,104 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include +#include #include #include #include #include #include +#include + +STATIC +EFI_STATUS +EnrollKeysFromDefaults ( + VOID +) +{ + EFI_STATUS Status; + UINT8 SetupMode; + + Status = EFI_SUCCESS; + + // After PK clear, Setup Mode shall be enabled + Status = GetSetupMode (&SetupMode); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot get SetupMode variable: %r\n", + Status)); + return Status; + } + + if (SetupMode == USER_MODE) { + DEBUG((DEBUG_INFO, "Skipped - USER_MODE\n")); + return EFI_SUCCESS; + } + + Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot set CUSTOM_SECURE_BOOT_MODE: %r\n", + Status)); + return EFI_SUCCESS; + } + + // Enroll all the keys from default variables + Status = EnrollDbFromDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot enroll db: %r\n", Status)); + goto error; + } + + Status = EnrollDbxFromDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot enroll dbx: %r\n", Status)); + } + + Status = EnrollDbtFromDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot enroll dbt: %r\n", Status)); + } + + Status = EnrollKEKFromDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot enroll KEK: %r\n", Status)); + goto cleardbs; + } + + Status = EnrollPKFromDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot enroll PK: %r\n", Status)); + goto clearKEK; + } + + DEBUG ((DEBUG_INFO, "Setting Secure Boot state to: %d\n", FixedPcdGet8(PcdSecureBootDefaultEnable))); + Status = SetSecureBootState (FixedPcdGet8(PcdSecureBootDefaultEnable)); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot set Secure Boot state: %r\n", Status)); + } + + Status = SetSecureBootMode (STANDARD_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot set CustomMode to STANDARD_SECURE_BOOT_MODE\n" + "Please do it manually, otherwise system can be easily compromised\n")); + } + + return Status; + +clearKEK: + DeleteKEK (); + +cleardbs: + DeleteDbt (); + DeleteDbx (); + DeleteDb (); + +error: + if (SetSecureBootMode (STANDARD_SECURE_BOOT_MODE) != EFI_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Cannot set mode to Secure: %r\n", Status)); + } + return Status; +} /** The entry point for SecureBootDefaultKeys driver. @@ -38,7 +130,8 @@ SecureBootDefaultKeysEntryPoint ( IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; + EFI_STATUS Status; + EFI_BOOT_MODE BootMode; Status = SecureBootInitPKDefault (); if (EFI_ERROR (Status)) { @@ -74,5 +167,14 @@ SecureBootDefaultKeysEntryPoint ( return Status; } + BootMode = GetBootModeHob (); + if (BootMode == BOOT_WITH_DEFAULT_SETTINGS || BootMode == BOOT_WITH_MFG_MODE_SETTINGS) { + Status = EnrollKeysFromDefaults (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Cannot enroll keys from defaults: %r\n", __func__, Status)); + return Status; + } + } + return EFI_SUCCESS; } diff --git a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf index 3ed45fa497..e3dcca5da1 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf +++ b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf @@ -30,6 +30,8 @@ MemoryAllocationLib UefiDriverEntryPoint DebugLib + HobLib + PcdLib SecureBootVariableLib SecureBootVariableProvisionLib @@ -41,6 +43,9 @@ ## SOMETIMES_PRODUCES ## Variable:L"dbxDefault" gEfiGlobalVariableGuid +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable + [Depex] gEfiVariableArchProtocolGuid AND gEfiVariableWriteArchProtocolGuid From fbe23a72155fa3c1885c3c808d56e54bf593c71b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 24 Oct 2023 14:48:16 +0200 Subject: [PATCH 238/357] SecurityPkg/VariableAuthenticated/SecureBootConfigDxe: Improve UX MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../SecureBootConfigDxe/SecureBootConfig.vfr | 46 +++++---- .../SecureBootConfigDxe.inf | 1 + .../SecureBootConfigImpl.c | 97 +++++++++++++++++++ .../SecureBootConfigNvData.h | 1 + .../SecureBootConfigStrings.uni | 21 ++-- 5 files changed, 143 insertions(+), 23 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index e4560c592c..5306950fb3 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -32,8 +32,12 @@ formset text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT), text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT); + + suppressif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1; + subtitle text = STRING_TOKEN(STR_ENROLL_PK_MSG); + endif; // - // Display of Check Box: Attempt Secure Boot + // Display of Check Box: Enable Secure Boot // grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1 OR NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1; checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot, @@ -56,24 +60,15 @@ formset option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0; endoneof; - // - // Display of 'Current Secure Boot Mode' - // suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD; - grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1; - goto FORMID_SECURE_BOOT_OPTION_FORM, - prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION), - help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP), - flags = INTERACTIVE, - key = KEY_SECURE_BOOT_OPTION; + grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1; + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION), + help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP), + flags = INTERACTIVE, + key = KEY_SECURE_BOOT_OPTION; + endif; endif; - endif; - - text - help = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS_HELP), - text = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS), - flags = INTERACTIVE, - key = KEY_SECURE_BOOT_RESET_TO_DEFAULT; endform; @@ -85,6 +80,23 @@ formset subtitle text = STRING_TOKEN(STR_NULL); + text + help = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS_HELP), + text = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS), + flags = INTERACTIVE | RESET_REQUIRED, + key = KEY_SECURE_BOOT_RESET_TO_DEFAULT; + + text + help = STRING_TOKEN(STR_SECURE_ERASE_ALL_KEYS_HELP), + text = STRING_TOKEN(STR_SECURE_ERASE_ALL_KEYS), + flags = INTERACTIVE | RESET_REQUIRED, + key = KEY_SECURE_BOOT_ERASE_ALL_KEYS; + + + subtitle text = STRING_TOKEN(STR_NULL); + subtitle text = STRING_TOKEN(STR_SECURE_BOOT_MANUAL_KEY_MGMT); + subtitle text = STRING_TOKEN(STR_NULL); + goto FORMID_SECURE_BOOT_PK_OPTION_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION), help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP), diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf index 0602acf702..aba9ccd796 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf @@ -50,6 +50,7 @@ UefiHiiServicesLib DebugLib HiiLib + PcdLib PlatformSecureLib DevicePathLib FileExplorerLib diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 2c11129526..d9e8a4ce73 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -4487,6 +4487,76 @@ KeyEnrollReset ( return Status; } + +/** + This function reinitializes Secure Boot variables with default values. + + @retval EFI_SUCCESS Success to update the signature list page + @retval others Fail to delete or enroll signature data. +**/ +STATIC EFI_STATUS +EFIAPI +KeyEraseAll ( + VOID + ) +{ + EFI_STATUS Status; + UINT8 SetupMode; + + Status = EFI_SUCCESS; + + Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); + if (EFI_ERROR(Status)) { + return Status; + } + + // Clear all the keys and databases + Status = DeleteDb (); + if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { + DEBUG ((DEBUG_ERROR, "Fail to clear DB: %r\n", Status)); + return Status; + } + + Status = DeleteDbx (); + if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { + DEBUG ((DEBUG_ERROR, "Fail to clear DBX: %r\n", Status)); + return Status; + } + + Status = DeleteDbt (); + if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { + DEBUG ((DEBUG_ERROR, "Fail to clear DBT: %r\n", Status)); + return Status; + } + + Status = DeleteKEK (); + if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { + DEBUG ((DEBUG_ERROR, "Fail to clear KEK: %r\n", Status)); + return Status; + } + + Status = DeletePlatformKey (); + if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { + DEBUG ((DEBUG_ERROR, "Fail to clear PK: %r\n", Status)); + return Status; + } + + // After PK clear, Setup Mode shall be enabled + Status = GetSetupMode (&SetupMode); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot get SetupMode variable: %r\n", + Status)); + return Status; + } + + if (SetupMode == USER_MODE) { + DEBUG((DEBUG_INFO, "Skipped - USER_MODE\n")); + return EFI_SUCCESS; + } + + return Status; +} + /** This function is called to provide results data to the driver. @@ -5140,6 +5210,33 @@ SecureBootCallback ( Status = UpdateSecureBootString (Private); SecureBootExtractConfigFromVariable (Private, IfrNvData); } + break; + } + case KEY_SECURE_BOOT_ERASE_ALL_KEYS: + { + Status = gBS->LocateProtocol (&gEfiHiiPopupProtocolGuid, NULL, (VOID **) &HiiPopup); + if (EFI_ERROR (Status)) { + return Status; + } + Status = HiiPopup->CreatePopup ( + HiiPopup, + EfiHiiPopupStyleInfo, + EfiHiiPopupTypeYesNo, + Private->HiiHandle, + STRING_TOKEN (STR_ERASE_ALL_KEYS_POPUP), + &UserSelection + ); + if (UserSelection == EfiHiiPopupSelectionYes) { + Status = KeyEraseAll (); + } + // + // Update secure boot strings after key reset + // + if (Status == EFI_SUCCESS) { + Status = UpdateSecureBootString (Private); + SecureBootExtractConfigFromVariable (Private, IfrNvData); + } + break; } default: break; diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h index 34720bb5e2..a5ed76b6f8 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h @@ -55,6 +55,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define KEY_VALUE_FROM_DBX_TO_LIST_FORM 0x100f #define KEY_SECURE_BOOT_RESET_TO_DEFAULT 0x1010 +#define KEY_SECURE_BOOT_ERASE_ALL_KEYS 0x1011 #define KEY_SECURE_BOOT_OPTION 0x1100 #define KEY_SECURE_BOOT_PK_OPTION 0x1101 diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni index 177c585837..3534d7c970 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni @@ -18,13 +18,21 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #string STR_SECURE_BOOT_STATE_HELP #language en-US "Current Secure Boot state: enabled or disabled." #string STR_SECURE_BOOT_STATE_CONTENT #language en-US " " -#string STR_SECURE_BOOT_PROMPT #language en-US "Attempt Secure Boot" +#string STR_ENROLL_PK_MSG #language en-US "To enable Secure Boot, set Secure Boot Mode to Custom and enroll the keys/PK first." + +#string STR_SECURE_BOOT_PROMPT #language en-US "Enable Secure Boot" #string STR_SECURE_BOOT_HELP #language en-US "Enable/Disable the Secure Boot feature after platform reset" -#string STR_SECURE_RESET_TO_DEFAULTS_HELP #language en-US "Enroll keys with data from default variables" -#string STR_SECURE_RESET_TO_DEFAULTS #language en-US "Reset Secure Boot Keys" +#string STR_SECURE_RESET_TO_DEFAULTS_HELP #language en-US "Enroll keys with data from default variables.\n\nBecause the PK may also be enrolled, the Secure Boot state may automatically switch to enabled state." +#string STR_SECURE_RESET_TO_DEFAULTS #language en-US "> Reset to default Secure Boot Keys" + #string STR_RESET_TO_DEFAULTS_POPUP #language en-US "Secure Boot Keys & databases will be initialized from defaults.\n Are you sure?" +#string STR_SECURE_ERASE_ALL_KEYS_HELP #language en-US "Erases all Secure Boot keys and leaves the related variables empty.\nYou will need to provision the keys to use Secure Boot again or reset the Secure Boot keys to defaults." +#string STR_SECURE_ERASE_ALL_KEYS #language en-US "> Erase all Secure Boot Keys" + +#string STR_ERASE_ALL_KEYS_POPUP #language en-US "Secure Boot Keys & databases will be erased and Secure Boot disabled.\n Are you sure?" + #string STR_SECURE_BOOT_ENROLL_SIGNATURE #language en-US "Enroll Signature" #string STR_SECURE_BOOT_DELETE_SIGNATURE #language en-US "Delete Signature" #string STR_SECURE_BOOT_DELETE_LIST_FORM #language en-US "Delete Signature List Form" @@ -74,10 +82,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #string STR_STANDARD_MODE #language en-US "Standard Mode" #string STR_CUSTOM_MODE #language en-US "Custom Mode" -#string STR_SECURE_BOOT_OPTION #language en-US "Custom Secure Boot Options" -#string STR_SECURE_BOOT_OPTION_HELP #language en-US "Enter into Custom Secure Boot Options Form" +#string STR_SECURE_BOOT_OPTION #language en-US "Advanced Secure Boot Keys Management" +#string STR_SECURE_BOOT_OPTION_HELP #language en-US "Enter into Advanced Secure Boot Keys Management Form" -#string STR_SECURE_BOOT_OPTION_TITLE #language en-US "Custom Secure Boot Options" +#string STR_SECURE_BOOT_OPTION_TITLE #language en-US "Advanced Secure Boot Keys Management" +#string STR_SECURE_BOOT_MANUAL_KEY_MGMT #language en-US "Individual key management:" #string STR_SECURE_BOOT_PK_OPTION #language en-US "PK Options" #string STR_SECURE_BOOT_PK_OPTION_HELP #language en-US "Enroll/Delete PK" From ba7c4dda1f6c0dd160119c80786a6fd5eff8da61 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Tue, 16 Jun 2020 08:50:52 +0200 Subject: [PATCH 239/357] MdeModulePkg: Be more verbose about SecureBoot and the reason why the boot failed Signed-off-by: Patrick Rudolph --- .../Library/UefiBootManagerLib/BmBoot.c | 26 ++++++++++++++++--- .../Library/UefiBootManagerLib/InternalBm.h | 1 + 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c index 61238dbf39..cbc4be3e78 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c @@ -1855,6 +1855,7 @@ EfiBootManagerBoot ( EFI_EVENT LegacyBootEvent; EFI_INPUT_KEY Key; UINTN Index; + UINT8 *SecureBoot; if (BootOption == NULL) { return; @@ -1996,12 +1997,31 @@ EfiBootManagerBoot ( BmReportLoadFailure (EFI_SW_DXE_BS_EC_BOOT_OPTION_LOAD_ERROR, Status); BootOption->Status = Status; - if (gST->ConIn != NULL) { + if (gST->ConOut != NULL) { gST->ConOut->ClearScreen (gST->ConOut); + + // + // When UEFI Secure Boot is enabled, unsigned modules won't load. + // + SecureBoot = NULL; + GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL); + if ((SecureBoot != NULL) && (*SecureBoot == SECURE_BOOT_MODE_ENABLE)) { + AsciiPrint ("SecureBoot is enabled.\n"); + } else { + AsciiPrint ("SecureBoot is disabled.\n"); + } + + if (SecureBoot != NULL) { + FreePool (SecureBoot); + } + AsciiPrint ( - "Boot Failed. %s\n" + "Booting '%s' failed due to '%r'.\n" "Press any key to continue...\n", - BootOption->Description); + BootOption->Description, BootOption->Status); + + } + if (gST->ConIn != NULL) { Status = gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index); ASSERT_EFI_ERROR (Status); ASSERT (Index == 0); diff --git a/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h b/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h index 86ed697442..33d1534815 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h +++ b/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h @@ -44,6 +44,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +#include #include #include #include From ffadf0ac1df12fcd269133ef946b984ad25bc956 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 24 Oct 2023 14:49:04 +0200 Subject: [PATCH 240/357] MdeModulePkg/Library/UefiBootManagerLib: Be more verbose about boot failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c index cbc4be3e78..61cb0e19ab 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c @@ -2006,9 +2006,17 @@ EfiBootManagerBoot ( SecureBoot = NULL; GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL); if ((SecureBoot != NULL) && (*SecureBoot == SECURE_BOOT_MODE_ENABLE)) { - AsciiPrint ("SecureBoot is enabled.\n"); + AsciiPrint ("Secure Boot is enabled.\n"); } else { - AsciiPrint ("SecureBoot is disabled.\n"); + AsciiPrint ("Secure Boot is disabled.\n"); + } + + if ((BootOption->Status == EFI_ACCESS_DENIED) && + (SecureBoot != NULL) && + (*SecureBoot == SECURE_BOOT_MODE_ENABLE)) { + AsciiPrint ( + "The image signature is invalid or missing!\n" + "Sign the image with a valid key or disable Secure Boot\n"); } if (SecureBoot != NULL) { From 6ef3c536fbf63f6fe9899164f6cf1cbeff8e7166 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 24 Oct 2023 14:49:44 +0200 Subject: [PATCH 241/357] DasharoPayloadPkg/DasharoPayloadPkg.dsc: Allow setting default Secure Boot state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 2ce089e374..6d33b03cf6 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -91,6 +91,7 @@ # Security options: # DEFINE SECURE_BOOT_ENABLE = FALSE + DEFINE SECURE_BOOT_DEFAULT_ENABLE = TRUE DEFINE TPM_ENABLE = TRUE DEFINE SATA_PASSWORD_ENABLE = FALSE DEFINE OPAL_PASSWORD_ENABLE = FALSE @@ -444,6 +445,12 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdSdMmcGenericTimeoutValue|$(SD_MMC_TIMEOUT) +!if $(SECURE_BOOT_DEFAULT_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|1 +!else + gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|0 +!endif + !if $(SOURCE_DEBUG_ENABLE) gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 !endif From 9d2660ac3a3a803e7605267c67a0e2a3b1459812 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 24 Oct 2023 14:50:19 +0200 Subject: [PATCH 242/357] OvmfPkg: Integrate default SB keys and SB state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/OvmfPkgX64.fdf | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 4365df0946..491b68830e 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -656,6 +656,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowWiFiBtOption|TRUE gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowCameraOption|TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|0 ################################################################################ # # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 47f25979f5..08ba2bddbe 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -278,6 +278,31 @@ INF OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf INF SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf + + # gDefaultKEKFileGuid + FILE FREEFORM = 6F64916E-9F7A-4C35-B952-CD041EFB05A3 { + SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/MicCorKEKCA2011_2011-06-24.crt + SECTION UI = "DefaultKekCert" + } + + # gDefaultPKFileGuid + FILE FREEFORM = 85254EA7-4759-4FC4-82D4-5EED5FB0A4A0 { + SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/pk.crt + SECTION UI = "DefaultPkCert" + } + + # gDefaultdbFileGuid + FILE FREEFORM = C491D352-7623-4843-ACCC-2791A7574421 { + SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/MicWinProPCA2011_2011-10-19.crt + SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/MicCorUEFCA2011_2011-06-27.crt + SECTION UI = "DefaultDbCert" + } + + # gDefaultdbxFileGuid + FILE FREEFORM = 5740766A-718E-4DC0-9935-C36F7D3F884F { + SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/DBXUpdate.bin + SECTION UI = "DefaultDbxCert" + } !endif INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf From 0f63aaa02c8de038308a330a2c652f069c7ede8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 24 Oct 2023 15:09:48 +0200 Subject: [PATCH 243/357] DasharoPayloadPkg/BlSupportPei: Validate NV FVH and set boot mode accordingly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/BlSupportPei/BlSupportPei.c | 114 ++++++++++++++++++ DasharoPayloadPkg/BlSupportPei/BlSupportPei.h | 3 + .../BlSupportPei/BlSupportPei.inf | 5 + 3 files changed, 122 insertions(+) diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c index 2d4ca1bff4..237ef11c03 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c @@ -393,6 +393,109 @@ MemInfoCallback ( return EFI_SUCCESS; } +/** + Check the integrity of firmware volume header. + + @retval EFI_SUCCESS - The firmware volume is consistent + @retval EFI_NOT_FOUND - The firmware volume has been corrupted. + +**/ +EFI_STATUS +ValidateFvHeader ( + SMMSTORE_INFO *SmmStoreInfo + ) +{ + UINT16 Checksum; + EFI_FIRMWARE_VOLUME_HEADER *FwVolHeader; + VARIABLE_STORE_HEADER *VariableStoreHeader; + UINTN VariableStoreLength; + UINTN FvLength; + UINT32 NvStorageSize; + UINT32 NvVariableSize; + UINT32 FtwWorkingSize; + UINT32 FtwSpareSize; + + + NvStorageSize = SmmStoreInfo->NumBlocks * SmmStoreInfo->BlockSize; + FtwSpareSize = (SmmStoreInfo->NumBlocks / 2) * SmmStoreInfo->BlockSize; + FtwWorkingSize = SmmStoreInfo->BlockSize; + NvVariableSize = NvStorageSize - FtwSpareSize - FtwWorkingSize; + + FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)SmmStoreInfo->MmioAddress; + if (!FwVolHeader) { + return EFI_OUT_OF_RESOURCES; + } + + + FvLength = FtwSpareSize + FtwWorkingSize + NvVariableSize; + + // + // Verify the header revision, header signature, length + // Length of FvBlock cannot be 2**64-1 + // HeaderLength cannot be an odd number + // + if ( (FwVolHeader->Revision != EFI_FVH_REVISION) + || (FwVolHeader->Signature != EFI_FVH_SIGNATURE) + || (FwVolHeader->FvLength != FvLength) + ) + { + DEBUG (( + DEBUG_INFO, + "%a: No Firmware Volume header present\n", + __FUNCTION__ + )); + return EFI_NOT_FOUND; + } + + // Check the Firmware Volume Guid + if ( CompareGuid (&FwVolHeader->FileSystemGuid, &gEfiSystemNvDataFvGuid) == FALSE ) { + DEBUG (( + DEBUG_INFO, + "%a: Firmware Volume Guid non-compatible\n", + __FUNCTION__ + )); + return EFI_NOT_FOUND; + } + + // Verify the header checksum + Checksum = CalculateSum16 ((UINT16 *)FwVolHeader, FwVolHeader->HeaderLength); + if (Checksum != 0) { + DEBUG (( + DEBUG_INFO, + "%a: FV checksum is invalid (Checksum:0x%X)\n", + __FUNCTION__, + Checksum + )); + return EFI_NOT_FOUND; + } + + VariableStoreHeader = (VARIABLE_STORE_HEADER *)(UINTN)(SmmStoreInfo->MmioAddress + FwVolHeader->HeaderLength); + + // Check the Variable Store Guid + if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) && + !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) + { + DEBUG (( + DEBUG_INFO, + "%a: Variable Store Guid non-compatible\n", + __FUNCTION__ + )); + return EFI_NOT_FOUND; + } + + VariableStoreLength = NvVariableSize - FwVolHeader->HeaderLength; + if (VariableStoreHeader->Size != VariableStoreLength) { + DEBUG (( + DEBUG_INFO, + "%a: Variable Store Length does not match\n", + __FUNCTION__ + )); + return EFI_NOT_FOUND; + } + + return EFI_SUCCESS; +} + /** This is the entrypoint of PEIM @@ -583,6 +686,17 @@ BlPeiEntryPoint ( ASSERT (NewSMMSTOREInfo != NULL); CopyMem (NewSMMSTOREInfo, &SMMSTOREInfo, sizeof (SMMSTOREInfo)); DEBUG ((DEBUG_INFO, "Created SMMSTORE info hob\n")); + + Status = ValidateFvHeader (&SMMSTOREInfo); + if (EFI_ERROR (Status)) { + Status = PeiServicesSetBootMode (BOOT_WITH_DEFAULT_SETTINGS); + DEBUG ((DEBUG_INFO, "BootMode: Boot with default settings\n")); + ASSERT_EFI_ERROR (Status); + } else { + Status = PeiServicesSetBootMode (BOOT_ASSUMING_NO_CONFIGURATION_CHANGES); + DEBUG ((DEBUG_INFO, "BootMode: Boot boot assuming no configuration changes\n")); + ASSERT_EFI_ERROR (Status); + } } // diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h index e1ca2a7c93..8a2f3fc564 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.h @@ -23,6 +23,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include +#include +#include #include #include #include diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf index 626f81b3f5..08a14e0040 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf @@ -31,6 +31,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + EmbeddedPkg/EmbeddedPkg.dec IntelFsp2Pkg/IntelFsp2Pkg.dec IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -59,6 +60,10 @@ gEfiSmmStoreInfoHobGuid gEfiTcgPhysicalPresenceInfoHobGuid gEfiFirmwarePerformanceGuid + gEfiSystemNvDataFvGuid + gEfiVariableGuid + gEfiAuthenticatedVariableGuid + gEdkiiNvVarStoreFormattedGuid [Ppis] gEfiPeiMasterBootModePpiGuid From 38c6f741839214a7bdf751001cc069b9a905974d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 24 Oct 2023 18:32:06 +0200 Subject: [PATCH 244/357] DasharoPayloadPkg: Enable RamDisk support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 5 ++++- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 6d33b03cf6..b09238b582 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -105,6 +105,7 @@ DEFINE SD_MMC_TIMEOUT = 1000000 DEFINE BATTERY_CHECK = FALSE DEFINE PERFORMANCE_MEASUREMENT_ENABLE = FALSE + DEFINE RAM_DISK_ENABLE = FALSE # # Network definition @@ -676,7 +677,9 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSerialPortMenu|$(SERIAL_TERMINAL) } MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf - +!if $(RAM_DISK_ENABLE) == TRUE + MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf +!endif PcAtChipsetPkg/HpetTimerDxe/HpetTimerDxe.inf MdeModulePkg/Universal/Metronome/Metronome.inf MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 2ebb092db0..6cb5238738 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -110,6 +110,9 @@ INF MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf INF MdeModulePkg/Application/UiApp/UiApp.inf INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf +!if $(RAM_DISK_ENABLE) == TRUE +INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf +!endif INF PcAtChipsetPkg/HpetTimerDxe/HpetTimerDxe.inf INF MdeModulePkg/Universal/Metronome/Metronome.inf INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf From cad859f379004272a167c2f5ab51453996e49ff1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Lewi=C5=84ski?= Date: Fri, 20 Oct 2023 14:30:19 +0200 Subject: [PATCH 245/357] MdeModulePkg: reject negative autoboot timeout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Lewiński --- .../Library/CustomizedDisplayLib/CustomizedDisplayLib.uni | 4 ++-- MdeModulePkg/Universal/DisplayEngineDxe/InputHandler.c | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.uni b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.uni index 2df5afbd22..abc03fc2c1 100644 --- a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.uni +++ b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.uni @@ -43,8 +43,8 @@ #language fr-FR "Bascule la Case de pointage" #string NV_UPDATE_MESSAGE #language en-US "Configuration changed" #language fr-FR "Configuration changed" -#string INPUT_ERROR_MESSAGE #language en-US "!!" - #language fr-FR "!!" +#string INPUT_ERROR_MESSAGE #language en-US "Invalid input value!!" + #language fr-FR "Invalid input value!!" #string EMPTY_STRING #language en-US "" #language fr-FR "" #string ARE_YOU_SURE_YES #language en-US "Y" diff --git a/MdeModulePkg/Universal/DisplayEngineDxe/InputHandler.c b/MdeModulePkg/Universal/DisplayEngineDxe/InputHandler.c index f70feeb55f..783672468d 100644 --- a/MdeModulePkg/Universal/DisplayEngineDxe/InputHandler.c +++ b/MdeModulePkg/Universal/DisplayEngineDxe/InputHandler.c @@ -760,6 +760,10 @@ GetNumericInput ( switch (Key.UnicodeChar) { case '+': case '-': + if (ManualInput && ((NumericOp->Flags & EFI_IFR_DISPLAY) == EFI_IFR_DISPLAY_UINT_DEC)) { + UpdateStatusBar(INPUT_ERROR, TRUE); + break; + } if (ManualInput && IntInput) { // // In Manual input mode, check whether input the negative flag. From 1b9f8936114b589ddc83a0f4f2d76dbce6ec1e90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Kr=C3=B3l?= Date: Mon, 23 Oct 2023 17:57:28 +0200 Subject: [PATCH 246/357] OvmfPkg/OvmfPkgX64: add support for ipxe.efi MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend OvmfPkgX64 DSC and FDF to support adding externally build ipxe.efi file in similar way as other Dasharo supported platforms do. This patch requires improvements in PlatformBootmanagerLib to register bootable iPXE option. Despite it does not have that yet it is first step to enable iPXE support in Dasharo EDK II for QEMU Q35. In long run it should allow enabling other Dasharo System Features like enabling/disabling network stack. Signed-off-by: Piotr Król --- OvmfPkg/OvmfPkgX64.dsc | 16 ++++++++++++++++ OvmfPkg/OvmfPkgX64.fdf | 12 ++++++++++++ 2 files changed, 28 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 491b68830e..982ef23c0d 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -49,13 +49,29 @@ # # Network definition # + DEFINE NETWORK_PXE_BOOT = FALSE + DEFINE NETWORK_ENABLE = FALSE DEFINE NETWORK_TLS_ENABLE = FALSE DEFINE NETWORK_IP6_ENABLE = FALSE + DEFINE NETWORK_IP4_ENABLE = TRUE + DEFINE NETWORK_LAN_ROM = FALSE + +!if $(NETWORK_PXE_BOOT) == TRUE + DEFINE NETWORK_SNP_ENABLE = TRUE DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE + DEFINE NETWORK_ISCSI_ENABLE = FALSE +!else + DEFINE NETWORK_SNP_ENABLE = FALSE + DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE DEFINE NETWORK_ISCSI_ENABLE = TRUE +!endif !include NetworkPkg/NetworkDefines.dsc.inc + # + # IPXE support + # + DEFINE NETWORK_IPXE = TRUE # # Device drivers diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 08ba2bddbe..33b5e3e169 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -376,6 +376,18 @@ INF OvmfPkg/TdxDxe/TdxDxe.inf !include NetworkPkg/Network.fdf.inc INF OvmfPkg/VirtioNetDxe/VirtioNet.inf +# +# iPXE support +# +!if $(NETWORK_IPXE) == TRUE + # + # build system or user should put the ipxe.efi file here before EDK2 build + # + FILE FREEFORM = B68653C7-EEA1-4435-A199-A44F59E4476C { + SECTION PE32 = DasharoPayloadPkg/NetworkDrivers/ipxe.efi + } +!endif + INF DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf # From fc6ece7c6b64015371955818c640bf65a9dab238 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Kr=C3=B3l?= Date: Mon, 23 Oct 2023 22:58:23 +0200 Subject: [PATCH 247/357] OvmfPkg: improve PlatformBootManagerLib API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OvmfPkg implementation of PlatformBootManagerLib was different than DasharoPayloadPkg implementation, because of that there were problems in porting one to one code that register and unregister iPXE file as boot option. PlatformBootManagerLib PlatformRegisterFvBootOption gained BootNow parameter and PlatformUnregisterFvBootOption function. Signed-off-by: Piotr Król --- .../PlatformBootManagerLib/BdsPlatform.c | 78 ++++++++++++++++++- 1 file changed, 75 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index fafb2983f7..62edaf2c00 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -233,7 +233,8 @@ VOID PlatformRegisterFvBootOption ( EFI_GUID *FileGuid, CHAR16 *Description, - UINT32 Attributes + UINT32 Attributes, + BOOLEAN BootNow ) { EFI_STATUS Status; @@ -274,6 +275,9 @@ PlatformRegisterFvBootOption ( ASSERT_EFI_ERROR (Status); FreePool (DevicePath); + if (BootNow) + EfiBootManagerBoot (&NewOption); + BootOptions = EfiBootManagerGetLoadOptions ( &BootOptionCount, LoadOptionTypeBoot @@ -294,6 +298,72 @@ PlatformRegisterFvBootOption ( EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); } +VOID +PlatformUnregisterFvBootOption ( + EFI_GUID *FileGuid, + CHAR16 *Description, + UINT32 Attributes + ) +{ + EFI_STATUS Status; + INTN OptionIndex; + EFI_BOOT_MANAGER_LOAD_OPTION NewOption; + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; + UINTN BootOptionCount; + MEDIA_FW_VOL_FILEPATH_DEVICE_PATH FileNode; + EFI_LOADED_IMAGE_PROTOCOL *LoadedImage; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + + Status = gBS->HandleProtocol ( + gImageHandle, + &gEfiLoadedImageProtocolGuid, + (VOID **)&LoadedImage + ); + ASSERT_EFI_ERROR (Status); + + EfiInitializeFwVolDevicepathNode (&FileNode, FileGuid); + DevicePath = DevicePathFromHandle (LoadedImage->DeviceHandle); + ASSERT (DevicePath != NULL); + DevicePath = AppendDevicePathNode ( + DevicePath, + (EFI_DEVICE_PATH_PROTOCOL *)&FileNode + ); + ASSERT (DevicePath != NULL); + + Status = EfiBootManagerInitializeLoadOption ( + &NewOption, + LoadOptionNumberUnassigned, + LoadOptionTypeBoot, + Attributes, + Description, + DevicePath, + NULL, + 0 + ); + ASSERT_EFI_ERROR (Status); + FreePool (DevicePath); + + BootOptions = EfiBootManagerGetLoadOptions ( + &BootOptionCount, + LoadOptionTypeBoot + ); + + OptionIndex = EfiBootManagerFindLoadOption ( + &NewOption, + BootOptions, + BootOptionCount + ); + + if (OptionIndex >= 0 && OptionIndex < BootOptionCount) { + Status = EfiBootManagerDeleteLoadOptionVariable (BootOptions[OptionIndex].OptionNumber, + BootOptions[OptionIndex].OptionType); + ASSERT_EFI_ERROR (Status); + } + + EfiBootManagerFreeLoadOption (&NewOption); + EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); +} + /** Remove all MemoryMapped(...)/FvFile(...) and Fv(...)/FvFile(...) boot options whose device paths do not resolve exactly to an FvFile in the system. @@ -2008,7 +2078,8 @@ PlatformBootManagerAfterConsole ( PlatformRegisterFvBootOption ( &gUefiShellFileGuid, L"UEFI Shell", - LOAD_OPTION_ACTIVE + LOAD_OPTION_ACTIVE, + FALSE ); // @@ -2017,7 +2088,8 @@ PlatformBootManagerAfterConsole ( PlatformRegisterFvBootOption ( &gGrubFileGuid, L"Grub Bootloader", - LOAD_OPTION_ACTIVE + LOAD_OPTION_ACTIVE, + FALSE ); RemoveStaleFvFileOptions (); From 745e27646d16f9a6c249f87a5e185a6dfea9a685 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Kr=C3=B3l?= Date: Mon, 23 Oct 2023 23:01:51 +0200 Subject: [PATCH 248/357] OvmfPkg: register ipxe.efi file as boot option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add ipxe.efi to the firmware volume. * Based on NetBootEnable UEFI variable register or unregister iPXE as boot option. Signed-off-by: Piotr Król --- .../PlatformBootManagerLib/BdsPlatform.c | 40 +++++++++++++++++++ .../PlatformBootManagerLib.inf | 6 +++ OvmfPkg/OvmfPkgX64.fdf | 2 +- 3 files changed, 47 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index 62edaf2c00..9336bcd38b 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -2007,6 +2007,9 @@ PlatformBootManagerAfterConsole ( ) { EFI_BOOT_MODE BootMode; + BOOLEAN NetBootEnabled; + UINTN VarSize; + EFI_STATUS Status; DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n")); @@ -2072,6 +2075,43 @@ PlatformBootManagerAfterConsole ( EfiBootManagerRefreshAllBootOption (); } + VarSize = sizeof (NetBootEnabled); + Status = gRT->GetVariable ( + L"NetworkBoot", + &gDasharoSystemFeaturesGuid, + NULL, + &VarSize, + &NetBootEnabled + ); + + // + // Register iPXE + // + if ((Status != EFI_NOT_FOUND) && (VarSize == sizeof(NetBootEnabled))) { + if (NetBootEnabled) { + DEBUG((DEBUG_INFO, "Registering iPXE boot option by variable\n")); + PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), + (CHAR16 *) PcdGetPtr(PcdiPXEOptionName), + LOAD_OPTION_ACTIVE, + FALSE); + } else { + DEBUG((DEBUG_INFO, "Unregistering iPXE boot option by variable\n")); + PlatformUnregisterFvBootOption (PcdGetPtr (PcdiPXEFile), + (CHAR16 *) PcdGetPtr(PcdiPXEOptionName), + LOAD_OPTION_ACTIVE); + } + } else if ((Status == EFI_NOT_FOUND) && FixedPcdGetBool(PcdDefaultNetworkBootEnable)) { + DEBUG((DEBUG_INFO, "Registering iPXE boot option by policy\n")); + PlatformRegisterFvBootOption (PcdGetPtr (PcdiPXEFile), + (CHAR16 *) PcdGetPtr(PcdiPXEOptionName), + LOAD_OPTION_ACTIVE, + FALSE); + } else { + DEBUG((DEBUG_INFO, "Unregistering iPXE boot option\n")); + PlatformUnregisterFvBootOption (PcdGetPtr (PcdiPXEFile), + (CHAR16 *) PcdGetPtr(PcdiPXEOptionName), + LOAD_OPTION_ACTIVE); + } // // Register UEFI Shell // diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index db20f66dbc..497125a114 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -33,6 +33,8 @@ OvmfPkg/OvmfPkg.dec SecurityPkg/SecurityPkg.dec ShellPkg/ShellPkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] BaseLib @@ -63,6 +65,9 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable + gDasharoPayloadPkgTokenSpaceGuid.PcdiPXEFile + gDasharoPayloadPkgTokenSpaceGuid.PcdiPXEOptionName + gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate ## CONSUMES gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits ## CONSUMES @@ -88,3 +93,4 @@ gUefiShellFileGuid gGrubFileGuid gEfiTtyTermGuid + gDasharoSystemFeaturesGuid diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 33b5e3e169..971e57fbbe 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -384,7 +384,7 @@ INF OvmfPkg/TdxDxe/TdxDxe.inf # build system or user should put the ipxe.efi file here before EDK2 build # FILE FREEFORM = B68653C7-EEA1-4435-A199-A44F59E4476C { - SECTION PE32 = DasharoPayloadPkg/NetworkDrivers/ipxe.efi + SECTION PE32 = ipxe.efi } !endif From 9a929ad094d50299a8d9cfd352077f1199001a0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Kr=C3=B3l?= Date: Mon, 23 Oct 2023 23:22:40 +0200 Subject: [PATCH 249/357] .github/{scripts,worflows}: add support to build ipxe.efi Add support to build ipxe.efi and use it in Dasharo (UEFI) build for QEMU Q35. --- .github/scripts/build-ipxe.sh | 8 ++++++++ .github/scripts/build-qemu.sh | 1 + .github/workflows/build.yml | 18 ++++++++++++++++++ 3 files changed, 27 insertions(+) create mode 100755 .github/scripts/build-ipxe.sh diff --git a/.github/scripts/build-ipxe.sh b/.github/scripts/build-ipxe.sh new file mode 100755 index 0000000000..399fb3f31c --- /dev/null +++ b/.github/scripts/build-ipxe.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +export CROSS_COMPILE="x86_64-elf-" +make -C src bin-x86_64-efi-sb/ipxe.efi EMBED=$PWD/dasharo.ipxe BUILD_ID_CMD="echo 0x1234567890" \ + EXTRA_CFLAGS="-Wno-address-of-packed-member -m64 -fuse-ld=bfd \ + -Wl,--build-id=none -fno-delete-null-pointer-checks -Wlogical-op -march=nocona \ + -malign-data=abi -mcmodel=large -mno-red-zone -fno-pic" + diff --git a/.github/scripts/build-qemu.sh b/.github/scripts/build-qemu.sh index 9b49b06643..6c7abeb5c4 100755 --- a/.github/scripts/build-qemu.sh +++ b/.github/scripts/build-qemu.sh @@ -5,6 +5,7 @@ source ./edksetup.sh export EDK2_PLATFORMS_PATH="$WORKSPACE/edk2-platforms" export PACKAGES_PATH="$WORKSPACE:\ +$WORKSPACE/ipxe/src/bin-x86_64-efi-sb:\ $EDK2_PLATFORMS_PATH/Platform/Intel:\ $EDK2_PLATFORMS_PATH/Silicon/Intel:\ $EDK2_PLATFORMS_PATH/Features/Intel:\ diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 71b374f1e2..97ab29877f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,6 +27,24 @@ jobs: git checkout 3323ed481d35096fb6a7eae7b49f35eff00f86cf && \ cd - + - name: Clone iPXE Repository + run: | + git clone https://git.ipxe.org/ipxe.git && \ + cd ipxe && \ + git checkout 77b07ea4fdc259d7253c6f9df2beda6e6c7a9d85 && \ + sed -i 's|//#define\s*IMAGE_SCRIPT.*|#define IMAGE_SCRIPT|' "src/config/general.h" && \ + sed -i 's|.*DOWNLOAD_PROTO_HTTPS|#define DOWNLOAD_PROTO_HTTPS|g' "src/config/general.h" && \ + wget https://raw.githubusercontent.com/Dasharo/dasharo-blobs/main/dasharo/dasharo.ipxe && \ + cd - + + - name: Build iPXE + run: | + docker run --rm -i -v $PWD/ipxe:/home/coreboot/ipxe:rw \ + -v $PWD/.github:/home/coreboot/ipxe/.github \ + -u $(id -u):$(id -g) -w /home/coreboot/ipxe \ + coreboot/coreboot-sdk:2021-09-23_b0d87f753c \ + ./.github/scripts/build-ipxe.sh + - name: Build OVMF Firmware Image run: | docker run --rm -i -v $PWD:/home/coreboot/coreboot:rw \ From 6d7e7787bde265db62d8db21b60754e2c4dd238e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Lewi=C5=84ski?= Date: Thu, 2 Nov 2023 11:29:49 +0100 Subject: [PATCH 250/357] OvmfPkg/OvmfPkgX64.dsc: enable ESP scanning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Lewiński --- OvmfPkg/OvmfPkgX64.dsc | 1 + 1 file changed, 1 insertion(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 982ef23c0d..1324503a8b 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -541,6 +541,7 @@ [PcdsFixedAtBuild] gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1 + gEfiMdeModulePkgTokenSpaceGuid.PcdCreatePreInstalledBootOptions|TRUE !if $(SMM_REQUIRE) == FALSE gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE !endif From 6541ede9bf084ef75135f86b59cd462c35388f01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Thu, 9 Nov 2023 12:32:49 +0100 Subject: [PATCH 251/357] SetupBrowserDxe/Setup.c: set browser action scope to system level MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Set the browser action scope to system level to make the F9 (Reset to defaults) hotkey work globally. TEST=Boot on NovaCustom NV4x TGL, change some options in Dasharo System Features and Boot Maintenance Manager, then go to the User Password Management form and press F9 to reset to defaults. Verify that changes in Dasharo System Features and Boot Maintenance Manager are reverted. Signed-off-by: Michał Kopeć --- MdeModulePkg/Universal/SetupBrowserDxe/Setup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c index 2f7b11b1aa..0dcfa0a7dc 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c @@ -53,7 +53,7 @@ BOOLEAN gResetRequiredSystemLevel = FALSE; BOOLEAN gExitRequired; BOOLEAN gFlagReconnect; BOOLEAN gCallbackReconnect; -BROWSER_SETTING_SCOPE gBrowserSettingScope = FormSetLevel; +BROWSER_SETTING_SCOPE gBrowserSettingScope = SystemLevel; BOOLEAN mBrowserScopeFirstSet = TRUE; EXIT_HANDLER ExitHandlerFunction = NULL; FORM_BROWSER_FORMSET *mSystemLevelFormSet; From 2d4b22b5ebeff909d751ffe2f0630ba557fa64b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Thu, 9 Nov 2023 15:42:16 +0100 Subject: [PATCH 252/357] SecureBootConfigDxe/SecureBootConfigImpl.c: add default for SB state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes an issue where the setting would not be restored to the default value on pressing F9. Signed-off-by: Michał Kopeć --- .../SecureBootConfigDxe.inf | 3 +++ .../SecureBootConfigImpl.c | 20 ++++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf index aba9ccd796..21be571bf5 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf @@ -58,6 +58,9 @@ SecureBootVariableLib SecureBootVariableProvisionLib +[FixedPcd] + gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable + [Guids] ## SOMETIMES_CONSUMES ## Variable:L"CustomMode" ## SOMETIMES_PRODUCES ## Variable:L"CustomMode" diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index d9e8a4ce73..ac4ac0f307 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include @@ -5242,7 +5243,8 @@ SecureBootCallback ( break; } } else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) { - if (QuestionId == KEY_HIDE_SECURE_BOOT) { + switch (QuestionId) { + case KEY_HIDE_SECURE_BOOT: { GetVariable2 (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **)&Pk, NULL); if (Pk == NULL) { IfrNvData->HideSecureBoot = TRUE; @@ -5252,6 +5254,22 @@ SecureBootCallback ( } Value->b = IfrNvData->HideSecureBoot; + break; + } + case KEY_SECURE_BOOT_ENABLE: { + Value->u8 = FixedPcdGet8 (PcdSecureBootDefaultEnable); + if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Could not restore Secure Boot to default state!", + NULL + ); + } + break; + } + default: + break; } } else if (Action == EFI_BROWSER_ACTION_FORM_CLOSE) { // From c5b9d6c3049120b7ac61e52c0d6954d9fff631c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Thu, 9 Nov 2023 19:27:25 +0100 Subject: [PATCH 253/357] UiApp: remind user to save settings on exit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../Application/UiApp/FrontPageCustomizedUiSupport.c | 7 +++++++ MdeModulePkg/Application/UiApp/UiApp.inf | 1 + 2 files changed, 8 insertions(+) diff --git a/MdeModulePkg/Application/UiApp/FrontPageCustomizedUiSupport.c b/MdeModulePkg/Application/UiApp/FrontPageCustomizedUiSupport.c index 8bc7883bb7..c460feb2c7 100644 --- a/MdeModulePkg/Application/UiApp/FrontPageCustomizedUiSupport.c +++ b/MdeModulePkg/Application/UiApp/FrontPageCustomizedUiSupport.c @@ -11,6 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +#include #include #include @@ -182,6 +183,8 @@ UiSupportLibCallbackHandler ( OUT EFI_STATUS *Status ) { + EDKII_FORM_BROWSER_EXTENSION_PROTOCOL *FormBrowserEx; + if ((QuestionId != FRONT_PAGE_KEY_CONTINUE) && (QuestionId != FRONT_PAGE_KEY_RESET) && (QuestionId != FRONT_PAGE_KEY_LANGUAGE)) @@ -231,6 +234,10 @@ UiSupportLibCallbackHandler ( // // Reset // + *Status = gBS->LocateProtocol (&gEdkiiFormBrowserExProtocolGuid, NULL, (VOID **) &FormBrowserEx); + if (!EFI_ERROR (Status)) + FormBrowserEx->SaveReminder(); + gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); *Status = EFI_UNSUPPORTED; diff --git a/MdeModulePkg/Application/UiApp/UiApp.inf b/MdeModulePkg/Application/UiApp/UiApp.inf index 3b9e048851..0e89a2c04f 100644 --- a/MdeModulePkg/Application/UiApp/UiApp.inf +++ b/MdeModulePkg/Application/UiApp/UiApp.inf @@ -62,6 +62,7 @@ [Protocols] gEfiSmbiosProtocolGuid ## CONSUMES gEfiHiiConfigAccessProtocolGuid ## CONSUMES + gEdkiiFormBrowserExProtocolGuid ## CONSUMES [FeaturePcd] From 6b9c0fe5adf6833cde8c53bb86a4cdd1fd92370a Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Thu, 26 Oct 2023 19:23:13 +0200 Subject: [PATCH 254/357] OvmfPkg/OvmfPkgX64.dsc: enable power state after power failure This makes this option to appear in the Power menu, so it can be tested. Signed-off-by: Maciej Pijanowski --- OvmfPkg/OvmfPkgX64.dsc | 1 + 1 file changed, 1 insertion(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 1324503a8b..ed4b870285 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -659,6 +659,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu|TRUE gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu|TRUE gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultPowerFailureState|0 gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable|FALSE gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise|TRUE gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions|TRUE From 03736179817f601222014f5a2db284850c07f891 Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Thu, 16 Nov 2023 11:34:01 +0100 Subject: [PATCH 255/357] DasharoPayloadPkg/SecureBootDefaultKeys: update keys 16/11/2023 Signed-off-by: Maciej Pijanowski --- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 3 +++ .../SecureBootDefaultKeys/DBXUpdate.bin | Bin 13778 -> 21170 bytes .../SecureBootDefaultKeys/README | 2 +- .../microsoft_corporation_kek_2k_ca_2023.crt | Bin 0 -> 1462 bytes .../microsoft_uefi_ca_2023.crt | Bin 0 -> 1448 bytes .../windows_uefi_ca_2023.crt | Bin 0 -> 1454 bytes OvmfPkg/OvmfPkgX64.fdf | 3 +++ 7 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 DasharoPayloadPkg/SecureBootDefaultKeys/microsoft_corporation_kek_2k_ca_2023.crt create mode 100644 DasharoPayloadPkg/SecureBootDefaultKeys/microsoft_uefi_ca_2023.crt create mode 100644 DasharoPayloadPkg/SecureBootDefaultKeys/windows_uefi_ca_2023.crt diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 6cb5238738..da8b3ebc22 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -246,6 +246,7 @@ INF SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf # gDefaultKEKFileGuid FILE FREEFORM = 6F64916E-9F7A-4C35-B952-CD041EFB05A3 { SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/MicCorKEKCA2011_2011-06-24.crt + SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/microsoft_corporation_kek_2k_ca_2023.crt SECTION UI = "DefaultKekCert" } @@ -259,6 +260,8 @@ INF SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf FILE FREEFORM = C491D352-7623-4843-ACCC-2791A7574421 { SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/MicWinProPCA2011_2011-10-19.crt SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/MicCorUEFCA2011_2011-06-27.crt + SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/windows_uefi_ca_2023.crt + SECTION RAW = DasharoPayloadPkg/SecureBootDefaultKeys/microsoft_uefi_ca_2023.crt SECTION UI = "DefaultDbCert" } diff --git a/DasharoPayloadPkg/SecureBootDefaultKeys/DBXUpdate.bin b/DasharoPayloadPkg/SecureBootDefaultKeys/DBXUpdate.bin index ab95a63894dceea53ffef1c23d8f182bdb016c09..e2f6b0259ae03528a2c84eacf0977f64bafef036 100644 GIT binary patch delta 8466 zcmZXZbyOAm*T!jS6p;q$L&~8Wq)R%bySt@^ZVu9oNT`%bcS*N2NQb0!m%P97zV{C2 zzq8ionP-33?Af#To-x~sLio34I4t{S7u@nh@K50W{bPxDO(o}mva@lsL)oF6oH_(p z?3_?G4z~aOg$9NtvY}`s`oXILS$?fdwD;*V-Q6Lmtx}qZYwxn|8ew|kbbO&im#vL1 zg8ZlD2m=Fr)tU)1Fp{SozZ>JZmQj@^mA z3#QLb>Wf;0TQ&lpZ`ph`brk0nz$=*`3WM!Rs7lz{l#Kc+o0BMha=Ky#wr$;BVGe~HYm@TNfJ=!Lizgy15T@JgIS(6u%sC(1Y#KaERC^dKP5t~v=Ez?2-Rnv z!_k0GE+!EJB!4YwyPkcmOrF)xvPr?&4@iLDiyI2Ndv2UU<{G&O|Coyhsp*N(jMsjA zcV4giMz_J<=Ml-!_uD*z>v22<$X%qGW;Kt?FX;4vC&~A4{+NBrLY%Fk327|Faj_Pk zu_N77ho`sd!Yc;0U@*sPhO_S*m3>1ea6(xv#PbUX_vM+8Eb&)0tZ4*#>Ywo-40R;@I-d9xhdT#n_buvS*$DO0x`b7V(CY<45MO3{(rE0Gen#d6=U^w;Sp z_{T;d+?rIXA_t>@lPz%_g9_l2+NQ-+3VJkeJs!jt6B6Af_apBT^X+_9K<4(V2<*<5 zADXQ)rhLdV^&IHm-)4}_MOh$v2HBDgn#G?IW2vM2Bf)XDvGjfU^fBI{-O*>=CJM@P zjkM)4An{5j(v!IISb#xk-K7sj?iEi!u?{pTMc1QPtPU+v{tms|b(tN2jXr(rmEv_G z6F(v-nI1g%(n44yOtOP*c#VX}#2v)yUrYn)Fq3#{}>7WJDKRmAIOAnUyJX|s;x=FC7^o3kb-2qC)p z2wyz2r~&2)B4*@1kS{vENEzvaD{3Me8kd6DhQQS$lx zTf+3mNFj@_zID@;R7Sg|=}3_H@?-J!tAhq zxOX?Qu-eG>_<~E+?i_G{uA9j#0#~05HUJiWqjV~CLRktWJ-Gx4?^>QzkydV?D7Lrb z?>}Z;4)_}n{3lc6MR$l5ZI4c;nd#quAEhaxpZqv(i+AhquXZ3oZFHahH^G1S#4~E) zbf=GVPwuCT ztc?ZLtPGs#i(tVVxt_6VUaW9U`IntCS+^5&x$c`5kL+;tMz_5U_WGX>_$r!#sBwdh zP$@Jz$xf?mBS;ajchdDGgelqO2x6W3hX?)?ixrZ&n^I}+_!wEww5dJ#IMr0T59N{a z%jU5p$wX?=RDT42_zfO7S~@C{ju+By8s)5EN)#2o5|$Y+ync4szrP=j76tRCGdoiq zw1~*Oqu7mnhX?bl8azquat46pm4+V2Yuedyu;7fOt?qWEVUxsTfPay`7S|$MF)?o3 z_no$jEdLW8F#pu7wqC9R zC=z}%mb!aBj1Ij>_kYc>j(UJ4ps(Jo=<^mVc=k9gR%mdA;+QU_Xv+s-^LmQg|MYY8 zo%&EUePJi;L6Y(s)%M&w$`5IqhX}j~tN2xTuk_V9{T(I4M31{bfFtLBt`GdJUQ1sT zo&@2B6?J=_+x=z?ne0y*aBSb*T1j(=-%j}=Lus`DxJWd%u3BQ(rNf*;T)k<89rIJ&m+I|O!f*s4^I$=&8hfR( zmUnG=8jyJR9;pHi$HrvUgi_4xOuYtQI6xW9!)A&RiLy5*MF$(9XnE!LTB<}AEYZ|A zAMfrFX3(1%nlpfZzA_WJ`WBqv^L{C^GuGsdlH0wSIKY=^!!pIIZP1~++Vuk)WL(jT zZU~n)X@xXO%voI3Jfb5|Qf&9?9%kP;m)>v61M>xyzt?ES^we(js=}c20So@XW(;v@ zOzeIUgwHy4O<))-C<@*b)@nY)>&r`IW5C|>I{{LA$(lL^?Gi;+DY7so!F&~kayFKA zMUtt=^k-)7ifY*j9h)%WBP;RuPi&sx0-9hR7>;^TE(fwQGZ%aSxQUX)Q$-@*zO_moh(?w zD2Qb)fZ0jG%w4oDL@eO_)(r^v-5jQY2Pe3LnsC9e$vQheAO;+eEKPJhmvF5!LgSgG zT#{yO%`^uan49R}2~lCc51E@Bx*^HQ5|}j?OWMh+52J5_2saT{gZTg?>fzdT_Y}$x z%r2QFK<{%k+U(>DGc78)DR^}zAG!&!0FnM;0k>N9;A7Epuqz@*ouP#`T=-&5M8Vz`y!56#b<79XLL3 z#)VqxmE}~J!bU5B8lPue{Z|j1UqS-L{}B9(N4v02VQY{5+QAvWD=%nXcl?Gr#;|Lx z1fvkbGuKRa0_M>LDO?Venp=?!2tBqm8lxr`P|?n9MkT2DKF$D|Wp7~*1SXFjl^*je z+Rbx$O*8lUse_LfXwaPVQEp@(lDdbs?5r;AzWo-5DH6=sEx5J}N(#uN!FZeIdT{~2x z`AU00JyO@6+4VA(0kx^wTHubBPqLY9Z9lLH%=4A(F>pnaAEd0-ax``)lYJ>8er2nS z#gYlocW86z*gR-J5BTMQfdpaL;z)>J||X%N*A`*U<1#gkv=n}xPbeYzKd)&-?$b=%ZfT` z3X78^=2*;X-#uvCebHv>Fg{*EprewYPx=%<2n2C9#>05=#3VrPa3qqz1y(6Da+1E?$9LZppEq0&?K|Y+* z9=@zXagJ&#l>qbM1UAn$Et*kOVY9@>GNb~6i{|^uPt*~w?z_kH?8U$Tn+N_rFve8f zeU3OiO(?YsceX&_wm&Kjp^^_RVd0ZK`@ETTunRVLTM(>jE5_TU+qF0rIo&?)@i;Tv zP&iRF=ZAaego-LZn2%RR8y(5Es{aW!TMU}0#n2u*1n_cskq2LzLB^?PZ@IvN+{fOU ziiv4iT1ZNxQJ-{oakU>4cg&uzU>q@%n!7eJf%$ys-G&~Dw;_gmFBUrVk!1(`uKV&x zrsC?$!zm1*E<`Y2E(=uT1U*@mf!r+P$3h3_h=w@Kn;ipPH$Spqe-Io)`qYv(Jqr_dzcey43^`C<~sRx0ZIOBmVkmk2Z6F06nk)CZ<;~@X>M?NjETkWfgtO;tGxa$9~<} zPg)_Em*;I2n8%i&WGXwwvW;D1BR8dxU0*)Jja0E^h z7Vj@58Qx$6>f5PSXvpwJ(N%%8@u(argf1dTI$I$1aePoLpOM z(m?ybcQDG4YC|wD;E}Rq;=KrMd+E!`ZnD=U#9%DkS%n9p{4Q6+3I4|$ zShmt&kRhL+6TXeGDoE-=hnCRlq8Pu+3wg3jhhr%R=8e_#it(h4Z)FCvy@U0y4=Jjx z_ilj?^uSf{WEB55Lq@Q`nj~LT(aVH3ut_EJ3&sHc4IK-A{+guonl5V|~Ei&6yw`s{`Xvx5~IuPa09oTh2?6W1}V`GpzRtItHHrU|<@K?ej4rKiY9=zL>Sa{p1z_G!)QuWnmdKJL$cQ>iD|PRb{-DE2xYRz+Wg3H*BK)fF`Fc&! zGq7Bbvo}z_pbuI}aXE(u4k!ul>{?qbHRjQ+ZMipTkrd9l_o> zz&|$DIn6~Ha+8fYLVBBU7rpjMx>#OJM{_6WHZGiQ8Tyk1V1qLJMRKM*=M+8_8Y_W- zgZ8j}f0YT&%X`aN*HZ_W(SxL`N`#Hw!;!ciu>EXoX(6+3^aIi&if(?=5~~*O!CR<~ zfDLN=>Lvvf40p@E42x@0*o9sQQ%O2}R-D@RJTF=yeiQ@dJDu=}Q8ubnY57gKxD#aG z42=@iJZ=QwN)P4X;q# zS>U}1Zg7n%g(s(Jao<>d(6_ISM35djCre5qBl)=nVoztRV%_09OZ?J!801tC*7jhB zvpL(`)E%w6_ZpL-mZhI5#WOS7s+>`J@w;2yQ6+0!3pk*o)c4N088t79qdM>XmU@9; z&rk2>Dt|BImDHp8C1~kdf(7@}Rxm%N7(up|RnIo*8#gTk)mH_^BJP<_jlH-~ z#y)-FdO3(cxdfC>J+%DdqrnEp>ZqPlch$4AI~z-qA))R}yEr2Zdfa2KDkPE@G6>;d zKHZK?BU%53J1s18p3w>0cF=>y%Gp-0`6GkgRRkbPg$@?js>=db@jBL?V$n-+lI8d_ zZk?B(xT~9Qd4!Np+YTNW*b^wUTZ;JJIFf(VcXrLVTdfUQ#ak!dI4g#pQx(8Hm?H*~ z3&xh08Fe+kzwQH$slTyXs_n!`jICYUNrahXu7wwY1Df~k9i4x&hE%fTU;+t_h6EItlCdL;i`w>NAbt@*l^~+f zUK^#|B9UGn^y}CO%+GicT$rMjuT!Xdp$=&A?_k3GRz#`a@Qd*Rp+SUVVYOhvAjOL~ zh}tjrzWw5Ey==by57&EIC}!KxwZPXNLmVveVBRO`P}z{DJX4&p0k!3YFdUS(jd@p% z96wtMs|J$`Ulz=djD0#5XxbE00^}SZizik`KB$h@ROa+=adHz}9h?lVz=Ffd?-N~; zUIDAKwJxw4`LT%Vi9Cni;FGo_vZ&+iBnvRV6&PkwyNp+}9)y1VNkJ#%T5Ld{&a_u% zT)QHk-K~N05C7NxpHf5Nxxm#Ki{M!5nBSSnv$i|b+*V6otCN}THnVxn2etk3Bt~g> zduH9hx!`qI>yfj&9%rnf@jF3>6LgWd?@XhA4E}sCfGv8m(<_w7<%byA<@&7VxZLfb zNv6^P#H?nnvT{-V51xV%Ajc2wG4=cR9cKd<3#Aw3afk)q-xyy!L;0P3$_v{E8!%BK zyvyZKwI>_O2``ICysFNP4DW!DM1?t9nJ=o%YJ>Tw?@xU8Ziv+hYHE2_^8@YTCc~!{ Rg01l?D)##B?DDa-{|{D)e{ui- delta 1015 zcmV=I+ub$oeuibh0ia z@4EUHo_b%T!shZ)2WqlKr1;M@jSZY(jIXYW(SUr_3>hP*L8DSyPBQ0>A-FpRH5UUk zo#kU*ce1QLP%pP599iS@$#)Z;>t*CaB=*k)a39r{DV5Oma{(u5?xG1of2Y2|_vU>| zE^gSVSgDRcL#l6L3ukNW>#Ib6Zp-m>{i8#=5X<}?1;W-+)1f(HZ%P>F_`g4-681mA zI`c9F07=raZlZ9-&yi17W*y+wOyj&WncyA)VUVCb$bxEzurlBkCfeP0e(-z?rzum= zArW7PCQI@hY`ELz$M9ze0(`fV&jKzKbv>M`GG(_sugoI(v1_5@jn9o?lMw?!1~fJ| zH90erSOfZhX=W>?WU~%`N8>P#oWBoj5>UO4?9wO5q9eu5&_SbH@12UI8Zpl9b#Y^% zT~FMS6&Tu~aECb}=u;%7(x<|wOGr9MkACnbBP3RhW06XoW|3a$_N2kU@O6@CoEC#R zhX8Eg_E51?6tML3y9+&HJ-2#IQf`gG*)@+UI%;-*W*R|fe@y_Qm!5=^;&BG!wLwi0 z+>y}0+vq-{v51wMNQjeADK=@yzmpZSO)9PrWVens1spUS-hFrM2C7HKsx|PxZ#G3= zycfhVwgij906d7aj|8()+7G_@0HX2&V%TS;O-|*TvHMNLjV8(001SE0DrR$K2g_kZ7YZIAQ@S4A6;s4a_LRVs z<&^0J(?QW!c$&_;^Cz_`kS7r_l|VKnq;WUgjdzq3)6YXq0C(0MG+y6$fb|NuWDg*(T?ORV6!gJ?eG*5P7JnLL$!0aE1WjCH@1fH0%&wX zjB8=bZ|pE%)g9hbvo5W5b=ax6-avWQM{5?_eH#Lr)t`2u?R!%#1?32E>xVqpY=k=* zsp76dD$w!AXn-ar3603%Q8g*%$KYas9vx#cuO9U lj~5DgYfB3h0K1#o=Ud^=hHzXh56JtS(8U33lRJ|VHNY@C-PZsB diff --git a/DasharoPayloadPkg/SecureBootDefaultKeys/README b/DasharoPayloadPkg/SecureBootDefaultKeys/README index 2f1665aa21..d39e547f53 100644 --- a/DasharoPayloadPkg/SecureBootDefaultKeys/README +++ b/DasharoPayloadPkg/SecureBootDefaultKeys/README @@ -4,6 +4,6 @@ * Generate a RSA 2048 x509 certificate * Exponent should be 65537 * Microsoft certificates can be found here: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance -* Date of downloading Microsoft certificates and DBX: 28-10-2022 +* Date of downloading Microsoft certificates and DBX: 16-11-2023 openssl req -outform DER -newkey rsa:2048 -keyout /dev/null -passout file:<(head -c 40 /dev/urandom) -x509 -days 1825 -out pk.crt -subj "/C=PL/ST=Pomerania/L=Gdansk/O=3mdeb Sp. z o.o./CN=Dasharo PK/emailAddress=contact@dasharo.com" diff --git a/DasharoPayloadPkg/SecureBootDefaultKeys/microsoft_corporation_kek_2k_ca_2023.crt b/DasharoPayloadPkg/SecureBootDefaultKeys/microsoft_corporation_kek_2k_ca_2023.crt new file mode 100644 index 0000000000000000000000000000000000000000..e6ffb4f975fae9658631e5ca7697b63d3692b869 GIT binary patch literal 1462 zcmXqLV%=oW#5`*OGZP~dldv%Z1B0-L*p9^9rY3J78^|-@W#iOp^Jx3d%gD&h%3u&> z$Zf#M#vIDRCd?EXY$#_S1LANAi~43J7v&e{r^7bTWt=I0q|8)$;$nT3@Q z@;@`l=OY|zB0gzQ;HRtDxKMt%mMI2ThBBO}A(xQ^~(ox@y5 zUVc5-sQZ!sqnfGtMbF^EjnR{X);|=zf3Mqe?|Prq(%`4JxQu4#8>?;8-Zy3D{5Q7_ z^|6{v66R0dU$UrZg=XD+BSlS)$Rp)Pv?lqqZ(}xpJ?qiolUqC#4<}A}B_6o(xyU1x zWWB4OjxGJPC{8}}SRn6m&EG*>vmbZ7$oRke*QCt#N5uZeK8=5H|4mvbcjBQn)(Uy| zxA4B!K5^lYiC@z+%Xc3QTUl)1Un~24_|(CxJ^I`N8nZoSZ4eMya&yYljOep@&#T_- zS>U;2W$+DO{Y}*;ZtdCh{LktFf%2)Yo`2U~vKK#{HtSQZ*iLa zh_Q$~SY5Pdn%(~$X|rnuqMYqwoI={;4J6?jM3`83GP0x@q!=W@_y$aEVFYbVEh;G{)y@*+Bnixa%uT?cZDnE; z`jx)U-*V*+lRL3m6_V8!@8&f1OFy!)HR6ifAHnuK|3|OH3h9=wvrnz<=5XOt>(#jt zpQo(K{wvx?O|Q(*SugL!3B!Y4mp(CVU-q%|$+Wj@k4{aka9Lqoc17Fw`kp)O)~kIr z*G}u)e)UlQYPZ9&oBzIDI`3=QcJ0>xGZxOzmYHq${T-k9;=gA456^1Mka3u)c8a-o zndz%bT+6$~)+sVF$f@&h=iB6D7^e5^N8c+RlMjCP3k)(@E}p+UC&exQjN;kT?^%s@ zb1b_t-_;`4@6wz}oiB@@RB@Qf`7b-PE8A|ne29tXuPs%lZ!M6IY}D5J)}glHSI(!` z2XCx%e3<`dzwnDZk>}5kGj}`86tG~+E!fL=;$ClU(F%s|KrcGzutFc-y5g~ST4T*&wl5x*VCq7IQx@D z?KiK7B*%@1lMeSIv21gk;J4vjRy z?NuKN{n`=}s&d1QM|0XOdVhs)-lWU&Gr!Hu?nFpB^H literal 0 HcmV?d00001 diff --git a/DasharoPayloadPkg/SecureBootDefaultKeys/microsoft_uefi_ca_2023.crt b/DasharoPayloadPkg/SecureBootDefaultKeys/microsoft_uefi_ca_2023.crt new file mode 100644 index 0000000000000000000000000000000000000000..39a91b31730ad8dfd588a301a066f6f93d90d409 GIT binary patch literal 1448 zcmXqLVqId;#N4xhnTe5!N!XZyfkDh{zgg#e(b6+OHjrn)%f_kI=F#?@mywa1mBAp& zklTQhjX9KsO_(V(*ig@+qlu3fO`m&22^fQVIp+F!&dG@HCx{fPT$yxo5fZNZ6Z?nA!aU=O#Vc&yc&No4KNiQ^K5NyPP?N^Bb0>U# zHZ6JC3w8zZ6O-jGty^+uU2Ww4j<_VAbiRrG-AT^Kv(`Wou0e!}g-4EyA()|*A&J46!O?&pWVSHKY*qtiAY~vA z5>RH5Fc51HX>n;|W0+yDvug9v&d+P~PClE<$!w4cQXtO~XAol$wIE_aSX)R&NlAf~ zzJ7Umxn3?TE$Sub=js<^XXY0a>n9iG=))6&s*wRO83IXYLIm-FNfAgngG52eQ4grW zpoonF=t)*qc1A{)G=mg_BpBa-sV$74jj2T?#iZIQ`D@}bDz+mwBOA< z8ye3&U9$Snf?2P>vfKPq{4wi}q$1Be6`hMQi^RCRU%&B~voX5lHe<@6#|>GlrOuX1 zXIakLzN^6HfBKZ8jcgxIH?mAtSDd-Gy+dS4d+E8xAf$DyAG~b58$X&y4*XG2eC`-DI=v z%!xPkm&!{{zx_PzWOuKORww`B{=Mh4THR(TFY0$XF!S20R{2E9ePX8DOBYOSNM&ok z!fkru$SS^bi@1^#PI+s`sIxS!w~J`5in@_*FA)5dN9?*`q@;(xbK31RAfvORdAUGKbrrWFhiDyB&9+kC`8eiPsA4{j3bFg5OjCaaS z0cL5F-)ZNY^5!|L5H$ak+O5dB-ez)=?dLtsckM$bh+Z;WFZle&sRd0Bcb?xIKKXd4 z`I>si{qoanKC4andE-*3N>|r5#}5z04k%CRDdh6W;*|{jZZ&6;;#5`#MGZP~dldv%Z1A|mY_Y8(GrIv$0Hjrn)%f_kI=F#?@mywa1mBFB~ z!;ss6lZ`o)g-w_#G}utsKoG>?5atR`EY8TxOE1aKGZZl30|~MVvj?T7112aQoLkm+2Bg-gpUSm@**U|vQHSj@oDIq7w8c0K& zAQGOLmy%yztPtwz=BeQ92(%4oPZOgOa#%33GB7tW@-qO%xtN+585#C$GQAj5xuyS1 zqgLK#p=*<;8`N0D?5~_8$;GeB^>6=!6*r9RFRjkcZ#?KLp6PnNwLyJx&1S1- zQ<&~*{+a{+llvk|9oyD$3UGc3ObyujRdKVLW$&sZ6F1*klcLOa)-;~i$#afB@41HN zrpSNyyGvHZom+60>{5BKO^IR78YRAYBLaELsCYKcJ1JffgAp(;jF!jZQ(w(k>nXZws z9#D}%6dMQ7SFEh;jEpRP20jK}Funm(n;q1O^73+QRsfSVKC?@Z(;6_}F*gCjZ2rk@ z|MMQsu@3$AuiNr&B1`^-waI72%e+=NclQ1`_Ngas!ow#SOGV%8xSYV_5H9~a&a^1; z-gLv9$^~D=)_KdkW#oDPJ)GakKqB+U!o_;iC+*lL{ZG3s&dEuzzpub|!t%e2$)8g8 z&wf+ZXzgHB2=}aN3StwS-@J!Un|^P^Eaj!AI^U4@IouIUq#@dW?rvY$Gg7z zw8>2Q(eqe(&NRxbogVU0La#1p!k)l;T72u$UhPTATQD)@iN4T^JyXJ{a;|uKZsmv{d%y-8GB&3!A=A{vWe2ab4;sk;b=`QM1}#B~+i@ z>|bhfYS+T|i@q&ta9!A~-gx$ExrN;+zq=Z*B6b~Jpn0#Yr{m95^}xHUFJFk}EkB;q zAA0@DBEIM+CT=2PvX5o1<<4B|^QN#^fAzUdTQu*58U$Nf8FhbnHK#+!nl(dm|M~VH zf#27J6FxhpeBlUhJUv%%Y2TNp>R%UIy?J8mwf)@B4&M2DPvu_n+7nUMXT&lk@9vlL zx$e1#u4mn8FMPFR|NHdmb9NkWFw@eCJb8d;xyyp$tv%;0qSpP`-8S`u%i6Rm Date: Tue, 21 Nov 2023 13:08:14 +0100 Subject: [PATCH 256/357] Add CI for UEFI DBX MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .github/workflows/dbx.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/dbx.yml diff --git a/.github/workflows/dbx.yml b/.github/workflows/dbx.yml new file mode 100644 index 0000000000..8ab8062895 --- /dev/null +++ b/.github/workflows/dbx.yml @@ -0,0 +1,33 @@ +name: Check if UEFI revocation list is up-to-date + +on: + push: + branches: + - dasharo + pull_request: + branches: + - dasharo + +jobs: + check: + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Check if DBX is up-to-date + run: | + echo 'Fetching DBX from uefi.org' + wget https://uefi.org/sites/default/files/resources/x64_DBXUpdate.bin -o /dev/null + if [ $? -ne 0 ]; then + echo 'Failed to fetch latest DBX.' + exit 1 + fi + diff <(sha256sum x64_DBXUpdate.bin | awk '{ print $1 }') <(sha256sum DasharoPayloadPkg/SecureBootDefaultKeys/DBXUpdate.bin | awk '{ print $1 }') + if [ $? -ne 0 ]; then + echo 'UEFI DBX is out of date.' + exit 1 + else + echo 'UEFI DBX is up-to-date.' + fi From 41968a326e92169a33f6018c1a8fc75d52ee29be Mon Sep 17 00:00:00 2001 From: Maciej Pijanowski Date: Tue, 20 Feb 2024 14:07:06 +0100 Subject: [PATCH 257/357] FUNDING.yml: add Signed-off-by: Maciej Pijanowski --- FUNDING.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 FUNDING.yml diff --git a/FUNDING.yml b/FUNDING.yml new file mode 100644 index 0000000000..4e77cf822a --- /dev/null +++ b/FUNDING.yml @@ -0,0 +1,2 @@ + +open_collective: 3mdeb_com From 6d2f7672a9154d69ed125b5a0cab7e858421573e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Fri, 23 Feb 2024 10:53:13 +0100 Subject: [PATCH 258/357] MdeModulePkg/Library/BootMaintenanceManagerUiLib: Handle timeout statically MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../BootMaintenance.c | 16 +++++++++++++++- .../BootMaintenanceManager.h | 2 +- .../BootMaintenanceManager.vfr | 11 +++++++++++ .../BootMaintenanceManagerCustomizedUi.c | 2 +- 4 files changed, 28 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c index 8f2a31a3e8..0a8a3c3000 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c @@ -1109,7 +1109,9 @@ BootMaintCallback ( UINTN Index; EFI_DEVICE_PATH_PROTOCOL *File; - if ((Action != EFI_BROWSER_ACTION_CHANGING) && (Action != EFI_BROWSER_ACTION_CHANGED) && (Action != EFI_BROWSER_ACTION_FORM_OPEN)) { + if ((Action != EFI_BROWSER_ACTION_CHANGING) && (Action != EFI_BROWSER_ACTION_CHANGED) && + (Action != EFI_BROWSER_ACTION_FORM_OPEN) && (Action != EFI_BROWSER_ACTION_DEFAULT_STANDARD) && + (Action != EFI_BROWSER_ACTION_DEFAULT_MANUFACTURING)) { // // Do nothing for other UEFI Action. Only do call back when data is changed or the form is open. // @@ -1145,6 +1147,18 @@ BootMaintCallback ( OldFakeNVMap = &Private->BmmOldFakeNVData; HiiGetBrowserData (&mBootMaintGuid, mBootMaintStorageName, sizeof (BMM_FAKE_NV_DATA), (UINT8 *)CurrentFakeNVMap); + if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD || Action == EFI_BROWSER_ACTION_DEFAULT_MANUFACTURING) { + if (Value == NULL) + return EFI_INVALID_PARAMETER; + + if (QuestionId == FORM_TIME_OUT_ID) { + CurrentFakeNVMap->BootTimeOut = PcdGet16 (PcdPlatformBootTimeOut); + Value->u16 = PcdGet16 (PcdPlatformBootTimeOut); + } else { + return EFI_UNSUPPORTED; + } + } + if (Action == EFI_BROWSER_ACTION_CHANGING) { if (Value == NULL) { return EFI_INVALID_PARAMETER; diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManager.h b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManager.h index 2e9a70dccb..b776effba9 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManager.h +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManager.h @@ -161,7 +161,7 @@ typedef enum _TYPE_OF_TERMINAL { #define COM1_DATA_RATE_VAR_OFFSET VAR_OFFSET (COM1DataRate) #define COM1_STOP_BITS_VAR_OFFSET VAR_OFFSET (COM1StopBits) #define COM1_PARITY_VAR_OFFSET VAR_OFFSET (COM1Parity) -#define COM1_TERMINAL_VAR_OFFSET VAR_OFFSET (COM2TerminalType) +#define COM1_TERMINAL_VAR_OFFSET VAR_OFFSET (COM1TerminalType) #define COM2_BAUD_RATE_VAR_OFFSET VAR_OFFSET (COM2BaudRate) #define COM2_DATA_RATE_VAR_OFFSET VAR_OFFSET (COM2DataRate) #define COM2_STOP_BITS_VAR_OFFSET VAR_OFFSET (COM2StopBits) diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManager.vfr b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManager.vfr index 69fb606324..93dbf34573 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManager.vfr +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManager.vfr @@ -40,6 +40,17 @@ formset // label LABEL_FORM_MAIN_END; + numeric varid = BmmData.BootTimeOut, + questionid = FORM_TIME_OUT_ID, + prompt = STRING_TOKEN(STR_NUM_AUTO_BOOT), + help = STRING_TOKEN(STR_HLP_AUTO_BOOT), + flags = RESET_REQUIRED | INTERACTIVE | NUMERIC_SIZE_2 | DISPLAY_UINT_DEC, + key = FORM_TIME_OUT_ID, + minimum = 0, + maximum = 65535, + step = 0, + endnumeric; + endform; form formid = FORM_BOOT_SETUP_ID, diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerCustomizedUi.c b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerCustomizedUi.c index d79212e75c..a98d867ba2 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerCustomizedUi.c +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerCustomizedUi.c @@ -58,7 +58,7 @@ UiCustomizeBMMPage ( // // Create "Time Out" menu. // - BmmCreateTimeOutMenu (HiiHandle, StartOpCodeHandle); + // BmmCreateTimeOutMenu (HiiHandle, StartOpCodeHandle); } /** From 939c1bc8d40d445dca2de90fab068463c28e13fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 19 Feb 2024 11:53:31 +0100 Subject: [PATCH 259/357] DasharoPayloadPkg: Handle the PS/2 option properly if not enabled in project MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 5 ++ .../PlatformBootManagerLib.inf | 1 + .../PlatformBootManagerLib/PlatformConsole.c | 71 ++++++++++--------- 3 files changed, 44 insertions(+), 33 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index b09238b582..b52b73ef47 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -517,7 +517,11 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|$(MAX_LOGICAL_PROCESSORS) +!if $(PS2_KEYBOARD_ENABLE) == TRUE gDasharoPayloadPkgTokenSpaceGuid.PcdSkipPs2Detect|FALSE +!else + gDasharoPayloadPkgTokenSpaceGuid.PcdSkipPs2Detect|TRUE +!endif ################################################################################ @@ -675,6 +679,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|$(DASHARO_SYSTEM_FEATURES_ENABLE) gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions|$(IOMMU_ENABLE) gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSerialPortMenu|$(SERIAL_TERMINAL) + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option|$(PS2_KEYBOARD_ENABLE) } MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf !if $(RAM_DISK_ENABLE) == TRUE diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 3057ee2a7f..95bd7d204a 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -101,4 +101,5 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdDetectPs2KbOnCmdAck gDasharoPayloadPkgTokenSpaceGuid.PcdSkipPs2Detect gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option gDasharoPayloadPkgTokenSpaceGuid.PcdPrintSolStrings diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c index 4a008a5eab..b6ea8460a4 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c @@ -264,47 +264,52 @@ PrepareLpcBridgeDevicePath ( if (EFI_ERROR (Status)) { return Status; } - TempDevicePath = DevicePath; - DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gPnpPs2KeyboardDeviceNode); - - VarSize = sizeof (Ps2Enabled); - Status = gRT->GetVariable ( - L"Ps2Controller", - &gDasharoSystemFeaturesGuid, - NULL, - &VarSize, - &Ps2Enabled - ); - - if ((Status == EFI_SUCCESS) && (VarSize == sizeof(Ps2Enabled))) { - if (Ps2Enabled) { - DEBUG ((DEBUG_INFO, "PS/2 controller enabled\n")); + + /* Don't bother with adding PS/2 keyboard if PS/2 not enabled in the project */ + if (PcdGetBool (PcdShowPs2Option)) { + TempDevicePath = DevicePath; + DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gPnpPs2KeyboardDeviceNode); + + VarSize = sizeof (Ps2Enabled); + Status = gRT->GetVariable ( + L"Ps2Controller", + &gDasharoSystemFeaturesGuid, + NULL, + &VarSize, + &Ps2Enabled + ); + + if ((Status == EFI_SUCCESS) && (VarSize == sizeof(Ps2Enabled))) { + if (Ps2Enabled) { + DEBUG ((DEBUG_INFO, "PS/2 controller enabled\n")); + if (DetectPs2Keyboard()) { + // + // Register Keyboard + // + DEBUG ((DEBUG_INFO, "PS/2 keyboard connected\n")); + EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + } else { + // Remove PS/2 Keyboard from ConIn + DEBUG ((DEBUG_INFO, "PS/2 keyboard not connected\n")); + EfiBootManagerUpdateConsoleVariable (ConIn, NULL, DevicePath); + } + } else { + DEBUG ((DEBUG_INFO, "PS/2 controller disabled\n")); + // Remove PS/2 Keyboard from ConIn + EfiBootManagerUpdateConsoleVariable (ConIn, NULL, DevicePath); + } + } else { + DEBUG ((DEBUG_INFO, "PS/2 controller variable status %r\n", Status)); if (DetectPs2Keyboard()) { // // Register Keyboard // DEBUG ((DEBUG_INFO, "PS/2 keyboard connected\n")); EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); - } else { - // Remove PS/2 Keyboard from ConIn - DEBUG ((DEBUG_INFO, "PS/2 keyboard not connected\n")); - EfiBootManagerUpdateConsoleVariable (ConIn, NULL, DevicePath); } - } else { - DEBUG ((DEBUG_INFO, "PS/2 controller disabled\n")); - // Remove PS/2 Keyboard from ConIn - EfiBootManagerUpdateConsoleVariable (ConIn, NULL, DevicePath); } - } else { - DEBUG ((DEBUG_INFO, "PS/2 controller variable status %r\n", Status)); - if (DetectPs2Keyboard()) { - // - // Register Keyboard - // - DEBUG ((DEBUG_INFO, "PS/2 keyboard connected\n")); - EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); - } - } + } // PcdShowPs2Option + // // Register COM1 // From 055cbbe0ac73fc55fd85ca4f4da5bbe0bbe5d949 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 19 Feb 2024 12:45:18 +0100 Subject: [PATCH 260/357] AuthVariableLib,PlatformBootManagerLib: Skip FUM flow if not enabled in project MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski Co-authored-by: Michał Kopeć --- .../Library/PlatformBootManagerLib/PlatformBootManager.c | 3 ++- .../PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c | 6 +++++- SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 1 + 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 2a30fd4ff9..e39d05d14e 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -1527,7 +1527,8 @@ PlatformBootManagerAfterConsole ( WarnIfBatteryLow (); WarnIfRecoveryBoot (); - FUMEnabled = WarnIfFirmwareUpdateMode (); + FUMEnabled = PcdGetBool (PcdShowFum) && WarnIfFirmwareUpdateMode (); + BootLogoEnableLogo (); diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 95bd7d204a..0296705d2e 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -102,4 +102,5 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdSkipPs2Detect gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowFum gDasharoPayloadPkgTokenSpaceGuid.PcdPrintSolStrings diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c index 426a8f73c5..743675958e 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -241,12 +241,16 @@ AuthVariableLibInitialize ( // // Create "SecureBoot" variable with BS+RT attribute set. // - if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE) && EFI_ERROR (Status)) { + if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE)) { SecureBootMode = SECURE_BOOT_MODE_ENABLE; } else { SecureBootMode = SECURE_BOOT_MODE_DISABLE; } + // Disable Secure Boot if FUM enabled in the project and currently active + if (PcdGetBool (PcdShowFum) && !EFI_ERROR (Status)) + SecureBootMode = SECURE_BOOT_MODE_DISABLE; + Status = AuthServiceInternalUpdateVariable ( EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf index 36497c491e..4d3bc7c211 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf @@ -48,6 +48,7 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowFum [Guids] ## CONSUMES ## Variable:L"SetupMode" From b745f7666a8b04f5c0e643ff35016c8e05a28183 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 19 Feb 2024 14:48:55 +0100 Subject: [PATCH 261/357] OvmfPkg/SioBusDxe/SioService.c: Add support for 4 COM ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- OvmfPkg/SioBusDxe/SioService.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/OvmfPkg/SioBusDxe/SioService.c b/OvmfPkg/SioBusDxe/SioService.c index 66c5a08cf9..eea10db5e5 100644 --- a/OvmfPkg/SioBusDxe/SioService.c +++ b/OvmfPkg/SioBusDxe/SioService.c @@ -43,6 +43,24 @@ SIO_RESOURCES_IO mCom2Resources = { { ACPI_END_TAG_DESCRIPTOR, 0 } }; +// +// COM 3 UART Controller +// +GLOBAL_REMOVE_IF_UNREFERENCED +SIO_RESOURCES_IO mCom3Resources = { + { { ACPI_FIXED_LOCATION_IO_PORT_DESCRIPTOR }, 0x3E8, 8 }, + { ACPI_END_TAG_DESCRIPTOR, 0 } +}; + +// +// COM 4 UART Controller +// +GLOBAL_REMOVE_IF_UNREFERENCED +SIO_RESOURCES_IO mCom4Resources = { + { { ACPI_FIXED_LOCATION_IO_PORT_DESCRIPTOR }, 0x2E8, 8 }, + { ACPI_END_TAG_DESCRIPTOR, 0 } +}; + // // PS/2 Keyboard Controller // @@ -69,6 +87,16 @@ SIO_DEVICE_INFO mDevicesInfo[] = { 1, { (ACPI_SMALL_RESOURCE_HEADER *)&mCom2Resources } }, // COM 2 UART Controller + { + EISA_PNP_ID (0x501), + 0, + { (ACPI_SMALL_RESOURCE_HEADER *) &mCom3Resources } + }, // COM 3 UART Controller + { + EISA_PNP_ID (0x501), + 1, + { (ACPI_SMALL_RESOURCE_HEADER *) &mCom4Resources } + }, // COM 4 UART Controller { EISA_PNP_ID (0x303), 0, From f66ec6df7750abaa6d763eb109269457ed0eeb04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 19 Feb 2024 14:50:09 +0100 Subject: [PATCH 262/357] DasharoPayloadPkg: Do not depend SioBusDxe on PS2 keyboard MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 +- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index b52b73ef47..b947916c97 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -792,8 +792,8 @@ } -!if $(PS2_KEYBOARD_ENABLE) == TRUE OvmfPkg/SioBusDxe/SioBusDxe.inf +!if $(PS2_KEYBOARD_ENABLE) == TRUE MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf !endif diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index da8b3ebc22..22dccc2a8a 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -158,8 +158,8 @@ INF MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf # ISA Support # INF MdeModulePkg/Universal/SerialDxe/SerialDxe.inf -!if $(PS2_KEYBOARD_ENABLE) == TRUE INF OvmfPkg/SioBusDxe/SioBusDxe.inf +!if $(PS2_KEYBOARD_ENABLE) == TRUE INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf INF MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf !endif From ea1260047aa762509eba6b7b64fe91c28c502eee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 19 Feb 2024 18:30:07 +0100 Subject: [PATCH 263/357] DasharoPayloadPkg: Add support for second serial port redirection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dec | 1 + DasharoPayloadPkg/DasharoPayloadPkg.dsc | 9 +- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 4 + .../PlatformBootManagerLib.inf | 4 + .../PlatformBootManagerLib/PlatformConsole.c | 147 ++++++++++++++++-- 5 files changed, 148 insertions(+), 17 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index 073f008c45..f4de0f1fd6 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -97,3 +97,4 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdBootMenuKey|0x0016|UINT16|0x00000007 gDasharoPayloadPkgTokenSpaceGuid.PcdSetupMenuKey|0x0017|UINT16|0x00000008 gDasharoPayloadPkgTokenSpaceGuid.PcdPrintSolStrings|FALSE|BOOLEAN|0x0000000A +gDasharoPayloadPkgTokenSpaceGuid.PcdSerialOnSuperIo|FALSE|BOOLEAN|0x0000000B diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index b947916c97..beb68ebae7 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -54,6 +54,8 @@ DEFINE UART_DEFAULT_STOP_BITS = 1 DEFINE DEFAULT_TERMINAL_TYPE = 4 + DEFINE UART_ON_SUPERIO = FALSE + DEFINE BOOT_MENU_KEY = 0x0016 DEFINE SETUP_MENU_KEY = 0x0017 @@ -446,6 +448,8 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdSdMmcGenericTimeoutValue|$(SD_MMC_TIMEOUT) + gDasharoPayloadPkgTokenSpaceGuid.PcdSerialOnSuperIo|$(UART_ON_SUPERIO) + !if $(SECURE_BOOT_DEFAULT_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|1 !else @@ -780,6 +784,9 @@ # # ISA Support # +!if $(UART_ON_SUPERIO) == TRUE && $(SYSTEM76_EC_LOGGING) == FALSE + MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf +!else MdeModulePkg/Universal/SerialDxe/SerialDxe.inf { !if $(SYSTEM76_EC_LOGGING) == TRUE @@ -790,7 +797,7 @@ PlatformHookLib|DasharoPayloadPkg/Library/PlatformHookLib/PlatformHookLib.inf !endif } - +!endif OvmfPkg/SioBusDxe/SioBusDxe.inf !if $(PS2_KEYBOARD_ENABLE) == TRUE diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 22dccc2a8a..4f1d458c0f 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -157,7 +157,11 @@ INF MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf # # ISA Support # +!if $(UART_ON_SUPERIO) == TRUE && $(SYSTEM76_EC_LOGGING) == FALSE +INF MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf +!else INF MdeModulePkg/Universal/SerialDxe/SerialDxe.inf +!endif INF OvmfPkg/SioBusDxe/SioBusDxe.inf !if $(PS2_KEYBOARD_ENABLE) == TRUE INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 0296705d2e..11360551c7 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -104,3 +104,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option gDasharoSystemFeaturesTokenSpaceGuid.PcdShowFum gDasharoPayloadPkgTokenSpaceGuid.PcdPrintSolStrings + gDasharoPayloadPkgTokenSpaceGuid.PcdSerialOnSuperIo + gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState + gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirection2DefaultState + gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c index b6ea8460a4..048a06af20 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c @@ -119,6 +119,7 @@ typedef enum _TYPE_OF_TERMINAL { } TYPE_OF_TERMINAL; ACPI_HID_DEVICE_PATH gPnpPs2KeyboardDeviceNode = gPnpPs2Keyboard; +ACPI_HID_DEVICE_PATH gPnp16550ComPortDeviceNode = gPnp16550ComPort; UART_DEVICE_PATH gUartDeviceNode = gUart; VENDOR_DEVICE_PATH gTerminalTypeDeviceNode = gPcAnsiTerminal; VENDOR_DEVICE_PATH gUartDeviceVendorNode = gUartVendor; @@ -232,6 +233,69 @@ DetectPs2Keyboard ( } } +STATIC +VOID +RegisterUartConsole ( + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, + IN EFI_DEVICE_PATH_PROTOCOL *UartNode, + IN UINT32 UartNumber +) +{ + EFI_STATUS Status; + BOOLEAN UartEnabled; + UINTN VarSize; + CHAR16 *DevPathStr; + + VarSize = sizeof (UartEnabled); + Status = gRT->GetVariable ( + UartNumber == 1 ? L"SerialRedirection2" : L"SerialRedirection", + &gDasharoSystemFeaturesGuid, + NULL, + &VarSize, + &UartEnabled + ); + + if (EFI_ERROR (Status)) { + if (UartNumber == 1) + UartEnabled = PcdGetBool (PcdHave2ndUart) ? PcdGetBool (PcdSerialRedirection2DefaultState) : FALSE; + else + UartEnabled = PcdGetBool (PcdSerialRedirectionDefaultState); + } + + if (PcdGetBool (PcdSerialOnSuperIo)) + DevicePath = AppendDevicePathNode ((EFI_DEVICE_PATH_PROTOCOL *)DevicePath, UartNode); + else + DevicePath = AppendDevicePathNode ((EFI_DEVICE_PATH_PROTOCOL *)NULL, UartNode); + + DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode); + DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode); + + // + // Print Device Path + // + DevPathStr = ConvertDevicePathToText (DevicePath, FALSE, FALSE); + if (DevPathStr != NULL) { + DEBUG(( + EFI_D_INFO, + "%segistering UART Console: COM%d DevPath: %s\n", + UartEnabled ? L"R" : L"Unr", + UartNumber + 1, + DevPathStr + )); + FreePool(DevPathStr); + } + + if (UartEnabled) { + EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL); + } else { + EfiBootManagerUpdateConsoleVariable (ConOut, NULL, DevicePath); + EfiBootManagerUpdateConsoleVariable (ConIn, NULL, DevicePath); + EfiBootManagerUpdateConsoleVariable (ErrOut, NULL, DevicePath); + } +} + /** Add IsaKeyboard to ConIn; add IsaSerial to ConOut, ConIn, ErrOut. @@ -265,9 +329,13 @@ PrepareLpcBridgeDevicePath ( return Status; } + /* Start the drivers for all child devices of this controller/device */ + gBS->ConnectController (DeviceHandle, NULL, NULL, TRUE); + + TempDevicePath = DevicePath; + /* Don't bother with adding PS/2 keyboard if PS/2 not enabled in the project */ if (PcdGetBool (PcdShowPs2Option)) { - TempDevicePath = DevicePath; DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gPnpPs2KeyboardDeviceNode); VarSize = sizeof (Ps2Enabled); @@ -310,13 +378,6 @@ PrepareLpcBridgeDevicePath ( } } // PcdShowPs2Option - // - // Register COM1 - // - DevicePath = TempDevicePath; - DevicePath = AppendDevicePathNode ((EFI_DEVICE_PATH_PROTOCOL *)NULL, (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceVendorNode); - DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode); - switch (PcdGet8 (PcdDefaultTerminalType)) { case TerminalTypePcAnsi: TerminalTypeGuid = gEfiPcAnsiGuid; break; case TerminalTypeVt100: TerminalTypeGuid = gEfiVT100Guid; break; @@ -332,11 +393,31 @@ PrepareLpcBridgeDevicePath ( CopyGuid (&gTerminalTypeDeviceNode.Guid, &TerminalTypeGuid); - DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode); + if (!PcdGetBool (PcdSerialOnSuperIo)) { + // + // Register COM1 + // + DevicePath = TempDevicePath; + + RegisterUartConsole(DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceVendorNode, 0); + } else { + // + // Register COM1 + // + DevicePath = TempDevicePath; + + gPnp16550ComPortDeviceNode.UID = 0; + RegisterUartConsole(DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gPnp16550ComPortDeviceNode, 0); + + // + // Register COM2 + // + DevicePath = TempDevicePath; + gPnp16550ComPortDeviceNode.UID = 1; + + RegisterUartConsole(DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gPnp16550ComPortDeviceNode, 1); - EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); - EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); - EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL); + } return EFI_SUCCESS; } @@ -357,6 +438,9 @@ PreparePciSerialDevicePath ( { EFI_STATUS Status; EFI_DEVICE_PATH_PROTOCOL *DevicePath; + BOOLEAN PciSerialEnabled; + UINTN VarSize; + CHAR16 *DevPathStr; DevicePath = NULL; Status = gBS->HandleProtocol ( @@ -368,12 +452,43 @@ PreparePciSerialDevicePath ( return Status; } + VarSize = sizeof (PciSerialEnabled); + Status = gRT->GetVariable ( + L"SerialRedirection", + &gDasharoSystemFeaturesGuid, + NULL, + &VarSize, + &PciSerialEnabled + ); + + if (EFI_ERROR (Status)) + PciSerialEnabled = PcdGetBool (PcdSerialRedirectionDefaultState); + DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode); DevicePath = AppendDevicePathNode (DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode); + // + // Print Device Path + // + DevPathStr = ConvertDevicePathToText (DevicePath, FALSE, FALSE); + if (DevPathStr != NULL) { + DEBUG(( + EFI_D_INFO, + "%segistering PCI Serial Console, DevPath: %s\n", + PciSerialEnabled ? L"R" : L"Unr", + DevPathStr + )); + FreePool(DevPathStr); + } - EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); - EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); - EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL); + if (PciSerialEnabled) { + EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL); + } else { + EfiBootManagerUpdateConsoleVariable (ConOut, NULL, DevicePath); + EfiBootManagerUpdateConsoleVariable (ConIn, NULL, DevicePath); + EfiBootManagerUpdateConsoleVariable (ErrOut, NULL, DevicePath); + } return EFI_SUCCESS; } @@ -553,7 +668,7 @@ DetectAndPreparePlatformPciDevicePath ( // // Here we decide which Serial device to enable in PCI bus // - if (IS_PCI_16550SERIAL (Pci)) { + if (IS_PCI_16550SERIAL (Pci) && !PcdGetBool (PcdSerialOnSuperIo)) { // // Add them to ConOut, ConIn, ErrOut. // From f6704742574e2f6bb316fc4ded14c286bc0ad3fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 27 Feb 2024 17:12:31 +0100 Subject: [PATCH 264/357] DasharoPayloadPkg: Add Dasharo APU Configuration UI module MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../ApuConfigurationUi/ApuConfigurationUi.c | 176 ++++++++++++++++++ .../ApuConfigurationUi/ApuConfigurationUi.inf | 55 ++++++ .../ApuConfigurationUi/ApuConfigurationUi.uni | 17 ++ .../ApuConfigurationUiStrings.uni | 36 ++++ .../ApuConfigurationUiVfr.Vfr | 59 ++++++ DasharoPayloadPkg/DasharoPayloadPkg.dec | 3 + DasharoPayloadPkg/DasharoPayloadPkg.dsc | 5 + DasharoPayloadPkg/DasharoPayloadPkg.fdf | 4 + .../Include/Guid/ApuConfigurationGuid.h | 26 +++ 9 files changed, 381 insertions(+) create mode 100644 DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.c create mode 100644 DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.inf create mode 100644 DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.uni create mode 100644 DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUiStrings.uni create mode 100644 DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUiVfr.Vfr create mode 100644 DasharoPayloadPkg/Include/Guid/ApuConfigurationGuid.h diff --git a/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.c b/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.c new file mode 100644 index 0000000000..d7386e8364 --- /dev/null +++ b/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.c @@ -0,0 +1,176 @@ +/** @file + Dasharo APU Configuration UI for Setup Front Page. + + Copyright (c) 2024, 3mdeb All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +/// +/// HII specific Vendor Device Path definition. +/// +typedef struct { + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; +} HII_VENDOR_DEVICE_PATH; + +extern UINT8 ApuConfigurationUiVfrBin[]; +extern UINT8 ApuConfigurationUiStrings[]; + +EFI_HANDLE mApuConfigDriverHandle = NULL; +EFI_HII_HANDLE mApuConfigHiiHandle = NULL; + +APU_CONFIGURATION_VARSTORE_DATA mDefaultApuConfig = { + .CorePerfBoost = TRUE, + .WatchdogEnable = FALSE, + .WatchdogTimeout = 60, + .PciePwrMgmt = FALSE, +}; + +HII_VENDOR_DEVICE_PATH mApuConfigVendorDevicePath = { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + APU_CONFIGURATION_FORMSET_GUID + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + (UINT8) (END_DEVICE_PATH_LENGTH), + (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + } + } +}; + + +/** + + Initialize Boot Maintenance Menu library. + + @param ImageHandle The image handle. + @param SystemTable The system table. + + @retval EFI_SUCCESS Install Boot manager menu success. + @retval Other Return error status.gBPDisplayLibGuid + +**/ +EFI_STATUS +EFIAPI +ApuConfigurationUiEntry ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + UINTN Size; + APU_CONFIGURATION_VARSTORE_DATA ApuConfig; + + Size = sizeof (ApuConfig); + Status = gRT->GetVariable ( + APU_CONFIGURATION_VAR, + &gApuConfigurationFormsetGuid, + NULL, + &Size, + &ApuConfig + ); + // + // Ensure the variable exists before changing the form + // + if (EFI_ERROR (Status)) { + Status = gRT->SetVariable ( + APU_CONFIGURATION_VAR, + &gApuConfigurationFormsetGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDefaultApuConfig), + &mDefaultApuConfig + ); + ASSERT_EFI_ERROR (Status); + } + + + Status = gBS->InstallMultipleProtocolInterfaces ( + &mApuConfigDriverHandle, + &gEfiDevicePathProtocolGuid, + &mApuConfigVendorDevicePath, + NULL + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Publish our HII data + // + mApuConfigHiiHandle = HiiAddPackages ( + &gApuConfigurationFormsetGuid, + mApuConfigDriverHandle, + ApuConfigurationUiVfrBin, + ApuConfigurationUiStrings, + NULL + ); + + if (mApuConfigHiiHandle == NULL) { + gBS->UninstallProtocolInterface ( + mApuConfigDriverHandle, + &gEfiDevicePathProtocolGuid, + &mApuConfigVendorDevicePath + ); + + return EFI_OUT_OF_RESOURCES; + } + + return Status; +} + +/** + Destructor of Boot Maintenance menu library. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The destructor completed successfully. + @retval Other value The destructor did not complete successfully. + +**/ +EFI_STATUS +EFIAPI +ApuConfigurationUiUnload ( + IN EFI_HANDLE ImageHandle + ) +{ + + if (mApuConfigDriverHandle != NULL) { + gBS->UninstallProtocolInterface ( + mApuConfigDriverHandle, + &gEfiDevicePathProtocolGuid, + &mApuConfigVendorDevicePath + ); + mApuConfigDriverHandle = NULL; + } + + if (mApuConfigHiiHandle != NULL) { + HiiRemovePackages (mApuConfigHiiHandle); + mApuConfigHiiHandle = NULL; + } + + return EFI_SUCCESS; +} diff --git a/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.inf b/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.inf new file mode 100644 index 0000000000..29d59f1274 --- /dev/null +++ b/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.inf @@ -0,0 +1,55 @@ +## @file +# Driver for DXE phase to publish Dasharo APU Configuration form +# +# Copyright (c) 2024, 3mdeb All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = ApuConfigurationUi + MODULE_UNI_FILE = ApuConfigurationUi.uni + FILE_GUID = D21C607C-B034-4727-AA91-7B156907CDEA + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 2.0 + ENTRY_POINT = ApuConfigurationUiEntry + UNLOAD_IMAGE = ApuConfigurationUiUnload +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + ApuConfigurationUi.c + ApuConfigurationUiStrings.uni + ApuConfigurationUiVfr.Vfr + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec + +[LibraryClasses] + DevicePathLib + BaseLib + UefiRuntimeServicesTableLib + UefiBootServicesTableLib + UefiDriverEntryPoint + DebugLib + HiiLib + UefiLib + BaseMemoryLib + +[Guids] + gApuConfigurationFormsetGuid + gEfiIfrFrontPageGuid + +[Protocols] + gEfiDevicePathProtocolGuid ## PRODUCES + +[Depex] + gEfiHiiDatabaseProtocolGuid AND + gEfiVariableArchProtocolGuid AND + gEfiVariableWriteArchProtocolGuid diff --git a/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.uni b/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.uni new file mode 100644 index 0000000000..5106e3f9ed --- /dev/null +++ b/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.uni @@ -0,0 +1,17 @@ +// /** @file +// Dasharo APU Configuration UI module. +// +// Copyright (c) 2024, 3mdeb All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT +#language en-US "Dasharo APU Configuration UI module." + +#string STR_MODULE_DESCRIPTION +#language en-US "Dasharo APU Configuration UI module." + + diff --git a/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUiStrings.uni b/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUiStrings.uni new file mode 100644 index 0000000000..e209c6500d --- /dev/null +++ b/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUiStrings.uni @@ -0,0 +1,36 @@ +// *++ +// +// Copyright (c) 2024, 3mdeb All rights reserved.
+// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// Module Name: +// +// ApuConfigurationUiStrings.uni +// +// Abstract: +// +// String definitions for Dasharo APU Configuration UI. +// +// --*/ + +/=# + +#langdef en-US "English" + +#string STR_FORM_APU_CONFIG_TITLE #language en-US "Dasharo APU Configuration" + +#string STR_CPB_PROMPT #language en-US "Core Performance Boost" +#string STR_CPB_HELP #language en-US "Enables/disables AMD Core Performance Boost. When enabled, two additional boosted P-states will be available.\n\n" + "The performance of a single core can be raised from 1000MHz up to 1400Mhz if other cores are inactive.\n\n" + + "Disable the feature if you notice system instability." + +#string STR_WATCHDOG_ENABLE_PROMPT #language en-US "Enable watchdog" +#string STR_WATCHDOG_ENABLE_HELP #language en-US "Enables/disables FCH Watchdog Timer during POST.\n\n" + "If the timers expires, for example due to an unexpected hang or lockup, the platform will be reset after specified timeout." + +#string STR_WATCHDOG_TIMEOUT_PROMPT #language en-US "Watchdog timeout value" +#string STR_WATCHDOG_TIMEOUT_HELP #language en-US "Sets the watchdog timer expiration value in seconds. Minimum is 60s, maximum 65535s." + +#string STR_PCIE_PWR_MGMT_PROMPT #language en-US "Enable PCI Express power management features" +#string STR_PCIE_PWR_MGMT_HELP #language en-US "When enabled the Clock Power Management, ASPM L0s and L1 features will be enabled on PCI Express ports." diff --git a/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUiVfr.Vfr b/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUiVfr.Vfr new file mode 100644 index 0000000000..f0a36b59ac --- /dev/null +++ b/DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUiVfr.Vfr @@ -0,0 +1,59 @@ +///** @file +// +// Formset for Dasharo APU Configuration UI +// +// Copyright (c) 2024, 3mdeb All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +//**/ + +#include +#include + +formset + guid = APU_CONFIGURATION_FORMSET_GUID, + title = STRING_TOKEN(STR_FORM_APU_CONFIG_TITLE), + help = STRING_TOKEN(STR_FORM_APU_CONFIG_TITLE), + classguid = gEfiIfrFrontPageGuid, + + efivarstore APU_CONFIGURATION_VARSTORE_DATA, + attribute = EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + name = ApuConfig, + guid = APU_CONFIGURATION_FORMSET_GUID; + + form formid = 0x0001, + title = STRING_TOKEN(STR_FORM_APU_CONFIG_TITLE); + + checkbox varid = ApuConfig.CorePerfBoost, + prompt = STRING_TOKEN(STR_CPB_PROMPT), + help = STRING_TOKEN(STR_CPB_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, + endcheckbox; + + checkbox varid = ApuConfig.WatchdogEnable, + prompt = STRING_TOKEN(STR_WATCHDOG_ENABLE_PROMPT), + help = STRING_TOKEN(STR_WATCHDOG_ENABLE_HELP), + flags = RESET_REQUIRED, + endcheckbox; + + suppressif ideqval ApuConfig.WatchdogEnable == 0; + numeric varid = ApuConfig.WatchdogTimeout, + prompt = STRING_TOKEN(STR_WATCHDOG_TIMEOUT_PROMPT), + help = STRING_TOKEN(STR_WATCHDOG_TIMEOUT_HELP), + flags = NUMERIC_SIZE_2 | DISPLAY_UINT_DEC | RESET_REQUIRED, + minimum = 60, + maximum = 65535, + step = 0, + default = 60, + endnumeric; + endif; + + checkbox varid = ApuConfig.PciePwrMgmt, + prompt = STRING_TOKEN(STR_PCIE_PWR_MGMT_PROMPT), + help = STRING_TOKEN(STR_PCIE_PWR_MGMT_HELP), + flags = RESET_REQUIRED, + endcheckbox; + + endform; +endformset; diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dec b/DasharoPayloadPkg/DasharoPayloadPkg.dec index f4de0f1fd6..9fa3c919d7 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dec +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dec @@ -36,6 +36,9 @@ gEfiSmmStoreInfoHobGuid = { 0xf585ca19, 0x881b, 0x44fb, { 0x3f, 0x3d, 0x81, 0x89, 0x7c, 0x57, 0xbb, 0x01 } } gEfiTcgPhysicalPresenceInfoHobGuid = { 0xf367be59, 0x5891, 0x40eb, { 0x21, 0x44, 0xed, 0x2e, 0xac, 0x57, 0xfd, 0x14 }} + ## GUID used for ApuConfigurationUi FormSet guid and related variables. + gApuConfigurationFormsetGuid = {0x6f4e051b, 0x1c10, 0x422a, {0x98, 0xcf, 0x96, 0x2e, 0x78, 0x36, 0x5c, 0x74} } + [Ppis] gEfiPayLoadHobBasePpiGuid = { 0xdbe23aa1, 0xa342, 0x4b97, {0x85, 0xb6, 0xb2, 0x26, 0xf1, 0x61, 0x73, 0x89} } diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index beb68ebae7..c544bf5564 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -108,6 +108,7 @@ DEFINE BATTERY_CHECK = FALSE DEFINE PERFORMANCE_MEASUREMENT_ENABLE = FALSE DEFINE RAM_DISK_ENABLE = FALSE + DEFINE APU_CONFIG_ENABLE = FALSE # # Network definition @@ -669,6 +670,10 @@ } !endif +!if $(APU_CONFIG_ENABLE) == TRUE + DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.inf +!endif + UefiCpuPkg/CpuDxe/CpuDxe.inf MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 4f1d458c0f..a7f0cb429b 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -339,6 +339,10 @@ INF DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf INF IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxe.inf !endif +!if $(APU_CONFIG_ENABLE) == TRUE +INF DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.inf +!endif + # # Shell # diff --git a/DasharoPayloadPkg/Include/Guid/ApuConfigurationGuid.h b/DasharoPayloadPkg/Include/Guid/ApuConfigurationGuid.h new file mode 100644 index 0000000000..2bd0366a66 --- /dev/null +++ b/DasharoPayloadPkg/Include/Guid/ApuConfigurationGuid.h @@ -0,0 +1,26 @@ +/** @file + Definition for structure & defines exported by APU Configuration UI + + Copyright (c) 2024, 3mdeb All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef APU_CONFIGURATION_UI_H_ +#define APU_CONFIGURATION_UI_H_ + +#define APU_CONFIGURATION_FORMSET_GUID {0x6f4e051b, 0x1c10, 0x422a, { 0x98, 0xcf, 0x96, 0x2e, 0x78, 0x36, 0x5c, 0x74 } } + +#define APU_CONFIGURATION_VAR L"ApuConfig" + +#pragma pack(push,1) +typedef struct { + BOOLEAN CorePerfBoost; + BOOLEAN WatchdogEnable; + UINT16 WatchdogTimeout; + BOOLEAN PciePwrMgmt; +} APU_CONFIGURATION_VARSTORE_DATA; +#pragma pack(pop) + +#endif From dceeca273619a481e70dd913e6c384e6b2c76c65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 28 Feb 2024 10:36:34 +0100 Subject: [PATCH 265/357] OvmfPkg/OvmfPkgX64: Add APU Configuration UI for testing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- OvmfPkg/OvmfPkgX64.dsc | 2 ++ OvmfPkg/OvmfPkgX64.fdf | 2 ++ 2 files changed, 4 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index ed4b870285..45435a6a7d 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -1206,3 +1206,5 @@ GCC:*_*_*_CC_FLAGS = -mmmx -msse } + + DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index f449f41629..c4be74686e 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -479,6 +479,8 @@ INF DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.inf INF CrScreenshotDxe/CrScreenshotDxe.inf +INF DasharoPayloadPkg/ApuConfigurationUi/ApuConfigurationUi.inf + ################################################################################ [FV.FVMAIN_COMPACT] From f964e052ab78563dd9e1841b8adc1b535beefb71 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 9 Mar 2024 21:19:46 +0200 Subject: [PATCH 266/357] MdeModulePkg/Application/UiApp/FrontPage.c: get memory from Table 17 As a fallback if Table 19 is missing. Signed-off-by: Sergii Dmytruk --- MdeModulePkg/Application/UiApp/FrontPage.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/MdeModulePkg/Application/UiApp/FrontPage.c b/MdeModulePkg/Application/UiApp/FrontPage.c index 3858571f9f..f2015ea742 100644 --- a/MdeModulePkg/Application/UiApp/FrontPage.c +++ b/MdeModulePkg/Application/UiApp/FrontPage.c @@ -531,10 +531,14 @@ UpdateFrontPageBannerStrings ( SMBIOS_TABLE_TYPE17 *Type17Record; SMBIOS_TABLE_TYPE19 *Type19Record; EFI_SMBIOS_TABLE_HEADER *Record; + UINT16 MemorySize; + UINT32 ExtendedMemorySize; UINT64 InstalledMemory; UINT16 MemorySpeed; BOOLEAN FoundCpu; + MemorySize = 0xFFFF; // means "unknown" in Type 17 table of SMBIOS + ExtendedMemorySize = 0; InstalledMemory = 0; MemorySpeed = 0; FoundCpu = 0; @@ -654,6 +658,9 @@ UpdateFrontPageBannerStrings ( if (Type17Record->ConfiguredMemoryClockSpeed > MemorySpeed) { MemorySpeed = Type17Record->ConfiguredMemoryClockSpeed; } + + MemorySize = Type17Record->Size; + ExtendedMemorySize = Type17Record->ExtendedSize; } if ( Record->Type == SMBIOS_TYPE_MEMORY_ARRAY_MAPPED_ADDRESS ) { @@ -676,6 +683,19 @@ UpdateFrontPageBannerStrings ( Status = Smbios->GetNext (Smbios, &SmbiosHandle, NULL, &Record, NULL); } + if ( InstalledMemory == 0 && MemorySize != 0xFFFF ) { + if ( MemorySize == 0x7FFF ) { + // There is more than (32GiB - 1MiB) of memory. The size is given in Mebibytes. + InstalledMemory = ExtendedMemorySize; + } else if ( MemorySize & 0x8000 ) { + // The size is given in Kibibytes. + InstalledMemory = RShiftU64 (MemorySize & ~0x8000U, 10); + } else { + // The size is given in Mebibytes. + InstalledMemory = MemorySize; + } + } + // // Now update the total installed RAM size and its speed // From 6c02def2c88d445f621fc09e8799edf1984a8f9e Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 9 Mar 2024 21:20:37 +0200 Subject: [PATCH 267/357] DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c: fallback to FADT->FirmwareCtrl As prescribed by the specification instead of blindly assuming that XFirmwareCtrl field is non-NULL. Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c b/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c index 60b6dfdb70..2f794343a3 100644 --- a/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c +++ b/DasharoPayloadPkg/AcpiPlatformDxe/AcpiPlatform.c @@ -74,7 +74,10 @@ InstallTablesFromXsdt ( FadtTable = (EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *) (UINTN) CurrentTablePointer; DsdtTable = (EFI_ACPI_DESCRIPTION_HEADER *) (UINTN) FadtTable->XDsdt; + FacsTable = (EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE *) (UINTN) FadtTable->XFirmwareCtrl; + if (FacsTable == NULL) + FacsTable = (EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE *) (UINTN) FadtTable->FirmwareCtrl; if (!AsciiStrnCmp ((CHAR8 *) &DsdtTable->Signature, "DSDT", 4)) { // From 6d34a3843eb43f81a80c0701d9c9983946bf3d57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Wed, 3 Apr 2024 13:33:04 +0200 Subject: [PATCH 268/357] Fix compilation with coreboot-sdk:2023-11-24_2731fa619b MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- BaseTools/Source/C/Makefiles/header.makefile | 2 +- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile index d369908a09..3f9999e820 100644 --- a/BaseTools/Source/C/Makefiles/header.makefile +++ b/BaseTools/Source/C/Makefiles/header.makefile @@ -104,7 +104,7 @@ else CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \ -fno-delete-null-pointer-checks -Wall -Werror \ -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \ --Wno-unused-result -nostdlib -g +-Wno-unused-result -nostdlib -g -Wno-vla-parameter -Wno-stringop-overflow -Wno-use-after-free -Wno-dangling-pointer endif endif ifneq ($(CLANG),) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index c544bf5564..006b8c1909 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -139,7 +139,7 @@ DEFINE NETWORK_IPXE = FALSE [BuildOptions] - *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES + *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES -Wno-stringop-overflow !if $(USE_CBMEM_FOR_CONSOLE) == FALSE GCC:RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG INTEL:RELEASE_*_*_CC_FLAGS = /D MDEPKG_NDEBUG From aba21efc7a754e559c74f17906daf2490916a91b Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Wed, 24 Apr 2024 00:49:32 +0300 Subject: [PATCH 269/357] CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf: set -Wno-error=format This warning is suppressed for many configurations, but looks like this flag needs to be added for IA32 GCC in case of OpenSSL 3 to not fail build. The warnings are issued due to the use of `%zu` for `size_t` which is an alias to `unsigned int` instead of `unsigned long`. Both types are of the same width but in general it's an error because this might not hold on some other architecture. Signed-off-by: Sergii Dmytruk --- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf index d414988f78..60ac0e34a3 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -665,7 +665,7 @@ # types appropriate to the format string specified. # -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration). # - GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_NOASM) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable + GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_NOASM) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable -Wno-error=format GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_NOASM) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable -Wno-error=format From 0e2f6a1492d04c0f2129ebfad1567eee507b19c2 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Wed, 1 May 2024 01:06:12 +0300 Subject: [PATCH 270/357] DasharoPayloadPkg: switch from OpenSSL to MbedTls The latter has a noticeably smaller footprint which instead of significantly increasing payload size compared to OpenSSL2, significantly decreases it by about 15% (when compressed with LZMA). Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 006b8c1909..d8aef17bfa 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -296,11 +296,9 @@ # !include NetworkPkg/NetworkLibs.dsc.inc + MbedTlsLib|CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf !if $(NETWORK_TLS_ENABLE) == TRUE - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf -!else - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf !endif !if $(SECURE_BOOT_ENABLE) == TRUE @@ -355,7 +353,7 @@ [LibraryClasses.common.PEIM] !if $(TPM_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf @@ -373,7 +371,7 @@ DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf !endif CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf [LibraryClasses.common.DXE_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -387,7 +385,7 @@ !endif CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf !if $(TPM_ENABLE) == TRUE Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf @@ -404,7 +402,7 @@ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf @@ -414,7 +412,7 @@ ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf ################################################################################ @@ -844,7 +842,7 @@ # SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf { - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf } # From 4445a5fe7fcc55e8576e309e775ce3cb1f1ef3dd Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 15 Jun 2024 16:00:34 +0300 Subject: [PATCH 271/357] OvmfPkg/OvmfPkgX64.dsc: switch from OpenSSL to MbedTls For consistency with DasharoPayloadPkg. Signed-off-by: Sergii Dmytruk --- CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 - OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc | 2 +- OvmfPkg/OvmfPkgX64.dsc | 18 ++++++++---------- 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf index d10c83b53c..20297cd229 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -81,7 +81,6 @@ BaseMemoryLib MemoryAllocationLib DebugLib - OpensslLib IntrinsicLib PrintLib PeiServicesTablePointerLib diff --git a/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc b/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc index 31d2f1b9d8..0353508877 100644 --- a/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc +++ b/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc @@ -27,7 +27,7 @@ [LibraryClasses.common.PEIM] !if $(TPM2_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf !if $(TPM1_ENABLE) == TRUE Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf !endif diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 45435a6a7d..b7d974e6a1 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -255,11 +255,8 @@ TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf !endif -!if $(NETWORK_TLS_ENABLE) == TRUE - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf -!else - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -!endif + MbedTlsLib|CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf + MbedTlsCrtLib|CryptoPkg/Library/MbedTlsCrtLib/MbedTlsCrtLib.inf RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf !if $(SECURE_BOOT_ENABLE) == TRUE @@ -298,7 +295,7 @@ !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc [LibraryClasses.common] - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf @@ -407,13 +404,14 @@ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf !if $(SMM_REQUIRE) == TRUE MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf !endif + MbedTlsCrtLib|CryptoPkg/Library/MbedTlsCrtRuntimeLib/MbedTlsCrtRuntimeLib.inf [LibraryClasses.common.UEFI_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -496,7 +494,7 @@ !if $(SOURCE_DEBUG_ENABLE) == TRUE DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf !endif - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf @@ -775,7 +773,7 @@ NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf } # @@ -1034,7 +1032,7 @@ # SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf { - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf } # From 5968d5eabc6b68c89cce46b1c44d6688fd413261 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Thu, 2 May 2024 00:44:02 +0300 Subject: [PATCH 272/357] DasharoPayloadPkg: disable PcdResetOnMemoryTypeInformationChange It causes warm reboot on attempt to boot any OS. Logs: Memory Previous Current Next Type Pages Pages Pages ====== ======== ======== ======== 09 00000008 00000014 00000019 0A 00000004 00000019 0000001F 00 00000004 0000004D 00000060 06 000000C0 00000199 000001FF 05 00000080 00000031 0000003D Memory Type Information settings change. ...Warm Reset!!! Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index d8aef17bfa..b58c7b45c4 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -549,6 +549,8 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE + ## This PCD defines the video horizontal resolution. # This PCD could be set to 0 then video resolution could be at highest resolution. gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|0 From 753ca23fc98af5f18e11ba1d470376eebeb28cdc Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Fri, 31 May 2024 21:08:54 +0300 Subject: [PATCH 273/357] DasharoPayloadPkg.fdf: run BlSupportPei as soon as possible * MdeModulePkg/Core/Pei/PeiMain.inf is PEI_CORE and is responsible for running PEIMs * MdeModulePkg/Universal/PCD/Pei/Pcd.inf has no dependencies * DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf depends only on Pcd.inf This seems to make a difference at least on PC Engines APU, otherwise PEI dispatcher postpones initialization of BlSupportPei until later which seems to be too late. Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index a7f0cb429b..5fc5e1b872 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -46,9 +46,9 @@ INF DasharoPayloadPkg/SecCore/SecCore.inf INF MdeModulePkg/Core/Pei/PeiMain.inf INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf +INF DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf INF MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei.inf INF MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf -INF DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf INF MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.inf From 58f3d6912ca194fae735835c6b258975c8ab343d Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 1 Jun 2024 00:33:04 +0300 Subject: [PATCH 274/357] DasharoPayloadPkg/AcpiTimerLib: don't crash if there are no HOBs When this library is used by PEI_CORE and HOBs are created by one of PEIMs (e.g., BlSupportPei) not crashing is the best we can do. This function will get called later and HOBs will be available shortly, so the boot will happen. Signed-off-by: Sergii Dmytruk --- .../Library/AcpiTimerLib/AcpiTimerLib.c | 16 ++++++++++++++++ MdePkg/Library/PeiHobLib/HobLib.c | 4 ++++ 2 files changed, 20 insertions(+) diff --git a/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.c b/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.c index b86382d709..5e3b427db0 100644 --- a/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.c +++ b/DasharoPayloadPkg/Library/AcpiTimerLib/AcpiTimerLib.c @@ -38,6 +38,18 @@ AcpiTimerLibConstructor ( EFI_HOB_GUID_TYPE *GuidHob; ACPI_BOARD_INFO *pAcpiBoardInfo; + if (GetHobList () == NULL) { + // When this library is used by PEI_CORE and HOBs are created by one of + // PEIMs (e.g., BlSupportPei) doing nothing is the best we can do. An + // alternative is to crash in GetFirstGuidHob () because it assumes there + // is at least on HOB. + // + // This function will get called later by InternalAcpiGetTimerTick () until + // a successful initialization which practically means several times and + // a non-working timer doesn't cause an infinite loop at that point. + return EFI_SUCCESS; + } + // // Find the acpi board information guid hob // @@ -66,6 +78,10 @@ InternalAcpiGetTimerTick ( { if (mPmTimerReg == 0) { AcpiTimerLibConstructor (); + if (mPmTimerReg == 0) { + // Must be too early, avoid IoRead32 () call below. + return 0; + } } return IoRead32 (mPmTimerReg); } diff --git a/MdePkg/Library/PeiHobLib/HobLib.c b/MdePkg/Library/PeiHobLib/HobLib.c index 4fecd19660..5f25e76aa5 100644 --- a/MdePkg/Library/PeiHobLib/HobLib.c +++ b/MdePkg/Library/PeiHobLib/HobLib.c @@ -42,7 +42,11 @@ GetHobList ( Status = PeiServicesGetHobList (&HobList); ASSERT_EFI_ERROR (Status); + // Workaround for when AcpiTimerLibConstructor() is invoked before loading + // BlSupportPei. +#if 0 ASSERT (HobList != NULL); +#endif return HobList; } From 90673c0776149963414b5d0c2bf95e3797bfa6fa Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Mon, 11 Mar 2024 20:32:11 +0800 Subject: [PATCH 275/357] CryptoPkg: Add AeadAesGcm based on Mbedtls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 AeadAesGcm implementation based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../Cipher/CryptAeadAesGcm.c | 227 ++++++++++++++++++ 1 file changed, 227 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c new file mode 100644 index 0000000000..b49d6f9f87 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c @@ -0,0 +1,227 @@ +/** @file + AEAD (AES-GCM) Wrapper Implementation over MbedTLS. + + RFC 5116 - An Interface and Algorithms for Authenticated Encryption + NIST SP800-38d - Cipher Modes of Operation: Galois / Counter Mode(GCM) and GMAC + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Performs AEAD AES-GCM authenticated encryption on a data buffer and additional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (AAD). + @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes. + @param[in] DataIn Pointer to the input data buffer to be encrypted. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[out] TagOut Pointer to a buffer that receives the authentication tag output. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the encryption output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated encryption succeeded. + @retval FALSE AEAD AES-GCM authenticated encryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmEncrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + OUT UINT8 *TagOut, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + mbedtls_gcm_context Ctx; + INT32 Ret; + + if (DataInSize > INT_MAX) { + return FALSE; + } + + if (ADataSize > INT_MAX) { + return FALSE; + } + + if (IvSize != 12) { + return FALSE; + } + + switch (KeySize) { + case 16: + case 24: + case 32: + break; + default: + return FALSE; + } + + if ((TagSize != 12) && (TagSize != 13) && (TagSize != 14) && (TagSize != 15) && (TagSize != 16)) { + return FALSE; + } + + if (DataOutSize != NULL) { + if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) { + return FALSE; + } + } + + mbedtls_gcm_init (&Ctx); + + Ret = mbedtls_gcm_setkey (&Ctx, MBEDTLS_CIPHER_ID_AES, Key, (UINT32)(KeySize * 8)); + if (Ret != 0) { + return FALSE; + } + + Ret = mbedtls_gcm_crypt_and_tag ( + &Ctx, + MBEDTLS_GCM_ENCRYPT, + (UINT32)DataInSize, + Iv, + (UINT32)IvSize, + AData, + (UINT32)ADataSize, + DataIn, + DataOut, + TagSize, + TagOut + ); + mbedtls_gcm_free (&Ctx); + if (Ret != 0) { + return FALSE; + } + + if (DataOutSize != NULL) { + *DataOutSize = DataInSize; + } + + return TRUE; +} + +/** + Performs AEAD AES-GCM authenticated decryption on a data buffer and additional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + If additional authenticated data verification fails, FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (AAD). + @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes. + @param[in] DataIn Pointer to the input data buffer to be decrypted. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[in] Tag Pointer to a buffer that contains the authentication tag. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the decryption output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated decryption succeeded. + @retval FALSE AEAD AES-GCM authenticated decryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmDecrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + IN CONST UINT8 *Tag, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + mbedtls_gcm_context Ctx; + INT32 Ret; + + if (DataInSize > INT_MAX) { + return FALSE; + } + + if (ADataSize > INT_MAX) { + return FALSE; + } + + if (IvSize != 12) { + return FALSE; + } + + switch (KeySize) { + case 16: + case 24: + case 32: + break; + default: + return FALSE; + } + + if ((TagSize != 12) && (TagSize != 13) && (TagSize != 14) && (TagSize != 15) && (TagSize != 16)) { + return FALSE; + } + + if (DataOutSize != NULL) { + if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) { + return FALSE; + } + } + + mbedtls_gcm_init (&Ctx); + + Ret = mbedtls_gcm_setkey (&Ctx, MBEDTLS_CIPHER_ID_AES, Key, (UINT32)(KeySize * 8)); + if (Ret != 0) { + return FALSE; + } + + Ret = mbedtls_gcm_auth_decrypt ( + &Ctx, + (UINT32)DataInSize, + Iv, + (UINT32)IvSize, + AData, + (UINT32)ADataSize, + Tag, + (UINT32)TagSize, + DataIn, + DataOut + ); + mbedtls_gcm_free (&Ctx); + if (Ret != 0) { + return FALSE; + } + + if (DataOutSize != NULL) { + *DataOutSize = DataInSize; + } + + return TRUE; +} From 5a489593c4e851c225764f5941b8dd1ef08b8040 Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Mon, 11 Mar 2024 20:47:18 +0800 Subject: [PATCH 276/357] CryptoPkg: Add rand function for BaseCryptLibMbedTls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Add rand function for BaseCryptLibMbedTls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- CryptoPkg/Include/Library/BaseCryptLib.h | 2 + .../BaseCryptLibMbedTls/InternalCryptLib.h | 16 +++ .../BaseCryptLibMbedTls/Rand/CryptRand.c | 114 ++++++++++++++++++ .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c | 114 ++++++++++++++++++ 4 files changed, 246 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index a52bd91ad6..31ce363030 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -3022,6 +3022,8 @@ DhComputeKey ( If Seed is NULL, then default seed is used. If this interface is not supported, then return FALSE. + RandomSeed has not been implemented in BaseCryptoLibMbedTls. + @param[in] Seed Pointer to seed value. If NULL, default seed is used. @param[in] SeedSize Size of seed value. diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h index 039aa32028..a30666cef4 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h @@ -22,4 +22,20 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // #include +/** + The MbedTLS function f_rng, which MbedtlsRand implements. + + @param[in] RngState Not used, just for compatibility with mbedlts. + @param[out] Output Pointer to buffer to receive random value. + @param[in] Len Size of random bytes to generate. + + @retval 0 Pseudorandom byte stream generated successfully. + @retval Non-0 Pseudorandom number generator fails to generate due to lack of entropy. +**/ +INT32 +MbedtlsRand ( + VOID *RngState, + UINT8 *Output, + UINTN Len + ); #endif diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c new file mode 100644 index 0000000000..e01aabc0de --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c @@ -0,0 +1,114 @@ +/** @file + Pseudorandom Number Generator Wrapper Implementation over MbedTLS. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Sets up the seed value for the pseudorandom number generator. + + This function sets up the seed value for the pseudorandom number generator. + If Seed is not NULL, then the seed passed in is used. + If Seed is NULL, then default seed is used. + + @param[in] Seed Pointer to seed value. + If NULL, default seed is used. + @param[in] SeedSize Size of seed value. + If Seed is NULL, this parameter is ignored. + + @retval TRUE Pseudorandom number generator has enough entropy for random generation. + @retval FALSE Pseudorandom number generator does not have enough entropy for random generation. + +**/ +BOOLEAN +EFIAPI +RandomSeed ( + IN CONST UINT8 *Seed OPTIONAL, + IN UINTN SeedSize + ) +{ + return TRUE; +} + +/** + Generates a pseudorandom byte stream of the specified size. + + If Output is NULL, then return FALSE. + + @param[out] Output Pointer to buffer to receive random value. + @param[in] Size Size of random bytes to generate. + + @retval TRUE Pseudorandom byte stream generated successfully. + @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy. + +**/ +BOOLEAN +EFIAPI +RandomBytes ( + OUT UINT8 *Output, + IN UINTN Size + ) +{ + BOOLEAN Ret; + volatile UINT64 TempRand; + + // + // Check input parameters. + // + if ((Output == NULL) || (Size > INT_MAX)) { + return FALSE; + } + + Ret = FALSE; + + while (Size > 0) { + // Use RngLib to get random number + Ret = GetRandomNumber64 ((UINT64 *)&TempRand); + + if (!Ret) { + TempRand = 0; + return Ret; + } + + if (Size >= sizeof (TempRand)) { + *((UINT64 *)Output) = TempRand; + Output += sizeof (UINT64); + Size -= sizeof (TempRand); + } else { + CopyMem (Output, (VOID *)&TempRand, Size); + Size = 0; + } + } + + TempRand = 0; + return Ret; +} + +/** + The MbedTLS function f_rng, which MbedtlsRand implements. + + @param[in] RngState Not used, just for compatibility with mbedlts. + @param[out] Output Pointer to buffer to receive random value. + @param[in] Len Size of random bytes to generate. + + @retval 0 Pseudorandom byte stream generated successfully. + @retval Non-0 Pseudorandom number generator fails to generate due to lack of entropy. +**/ +INT32 +MbedtlsRand ( + VOID *RngState, + UINT8 *Output, + UINTN Len + ) +{ + BOOLEAN Result; + + Result = RandomBytes (Output, Len); + + return Result ? 0 : -1; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c new file mode 100644 index 0000000000..e01aabc0de --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c @@ -0,0 +1,114 @@ +/** @file + Pseudorandom Number Generator Wrapper Implementation over MbedTLS. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Sets up the seed value for the pseudorandom number generator. + + This function sets up the seed value for the pseudorandom number generator. + If Seed is not NULL, then the seed passed in is used. + If Seed is NULL, then default seed is used. + + @param[in] Seed Pointer to seed value. + If NULL, default seed is used. + @param[in] SeedSize Size of seed value. + If Seed is NULL, this parameter is ignored. + + @retval TRUE Pseudorandom number generator has enough entropy for random generation. + @retval FALSE Pseudorandom number generator does not have enough entropy for random generation. + +**/ +BOOLEAN +EFIAPI +RandomSeed ( + IN CONST UINT8 *Seed OPTIONAL, + IN UINTN SeedSize + ) +{ + return TRUE; +} + +/** + Generates a pseudorandom byte stream of the specified size. + + If Output is NULL, then return FALSE. + + @param[out] Output Pointer to buffer to receive random value. + @param[in] Size Size of random bytes to generate. + + @retval TRUE Pseudorandom byte stream generated successfully. + @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy. + +**/ +BOOLEAN +EFIAPI +RandomBytes ( + OUT UINT8 *Output, + IN UINTN Size + ) +{ + BOOLEAN Ret; + volatile UINT64 TempRand; + + // + // Check input parameters. + // + if ((Output == NULL) || (Size > INT_MAX)) { + return FALSE; + } + + Ret = FALSE; + + while (Size > 0) { + // Use RngLib to get random number + Ret = GetRandomNumber64 ((UINT64 *)&TempRand); + + if (!Ret) { + TempRand = 0; + return Ret; + } + + if (Size >= sizeof (TempRand)) { + *((UINT64 *)Output) = TempRand; + Output += sizeof (UINT64); + Size -= sizeof (TempRand); + } else { + CopyMem (Output, (VOID *)&TempRand, Size); + Size = 0; + } + } + + TempRand = 0; + return Ret; +} + +/** + The MbedTLS function f_rng, which MbedtlsRand implements. + + @param[in] RngState Not used, just for compatibility with mbedlts. + @param[out] Output Pointer to buffer to receive random value. + @param[in] Len Size of random bytes to generate. + + @retval 0 Pseudorandom byte stream generated successfully. + @retval Non-0 Pseudorandom number generator fails to generate due to lack of entropy. +**/ +INT32 +MbedtlsRand ( + VOID *RngState, + UINT8 *Output, + UINTN Len + ) +{ + BOOLEAN Result; + + Result = RandomBytes (Output, Len); + + return Result ? 0 : -1; +} From 59ec30fad078c9c473925dd847fe8433b82e25d5 Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Tue, 12 Mar 2024 09:19:28 +0800 Subject: [PATCH 277/357] CryptoPkg: Add Pem APIs based on Mbedtls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement Pem API based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../BaseCryptLibMbedTls/Pem/CryptPem.c | 138 ++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c new file mode 100644 index 0000000000..56411174dd --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c @@ -0,0 +1,138 @@ +/** @file + PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over MbedTLS. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include +#include +#include +#include +#include +#include + +/** + Retrieve the RSA Private Key from the password-protected PEM key data. + + @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. + @param[in] PemSize Size of the PEM key data in bytes. + @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. + @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved + RSA private key component. Use RsaFree() function to free the + resource. + + If PemData is NULL, then return FALSE. + If RsaContext is NULL, then return FALSE. + + @retval TRUE RSA Private Key was retrieved successfully. + @retval FALSE Invalid PEM key data or incorrect password. + +**/ +BOOLEAN +EFIAPI +RsaGetPrivateKeyFromPem ( + IN CONST UINT8 *PemData, + IN UINTN PemSize, + IN CONST CHAR8 *Password, + OUT VOID **RsaContext + ) +{ + INT32 Ret; + mbedtls_pk_context Pk; + mbedtls_rsa_context *Rsa; + UINT8 *NewPemData; + UINTN PasswordLen; + + if ((PemData == NULL) || (RsaContext == NULL) || (PemSize > INT_MAX)) { + return FALSE; + } + + NewPemData = NULL; + if (PemData[PemSize - 1] != 0) { + NewPemData = AllocateZeroPool (PemSize + 1); + if (NewPemData == NULL) { + return FALSE; + } + + CopyMem (NewPemData, PemData, PemSize + 1); + NewPemData[PemSize] = 0; + PemData = NewPemData; + PemSize += 1; + } + + mbedtls_pk_init (&Pk); + + if (Password != NULL) { + PasswordLen = AsciiStrLen (Password); + } else { + PasswordLen = 0; + } + + Ret = mbedtls_pk_parse_key (&Pk, PemData, PemSize, (CONST UINT8 *)Password, PasswordLen, NULL, NULL); + + if (NewPemData != NULL) { + FreePool (NewPemData); + NewPemData = NULL; + } + + if (Ret != 0) { + mbedtls_pk_free (&Pk); + return FALSE; + } + + if (mbedtls_pk_get_type (&Pk) != MBEDTLS_PK_RSA) { + mbedtls_pk_free (&Pk); + return FALSE; + } + + Rsa = RsaNew (); + if (Rsa == NULL) { + mbedtls_pk_free (&Pk); + return FALSE; + } + + Ret = mbedtls_rsa_copy (Rsa, mbedtls_pk_rsa (Pk)); + if (Ret != 0) { + RsaFree (Rsa); + mbedtls_pk_free (&Pk); + return FALSE; + } + + mbedtls_pk_free (&Pk); + + *RsaContext = Rsa; + return TRUE; +} + +/** + Retrieve the EC Private Key from the password-protected PEM key data. + + @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. + @param[in] PemSize Size of the PEM key data in bytes. + @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. + @param[out] EcContext Pointer to new-generated EC DSA context which contain the retrieved + EC private key component. Use EcFree() function to free the + resource. + + If PemData is NULL, then return FALSE. + If EcContext is NULL, then return FALSE. + + @retval TRUE EC Private Key was retrieved successfully. + @retval FALSE Invalid PEM key data or incorrect password. + +**/ +BOOLEAN +EFIAPI +EcGetPrivateKeyFromPem ( + IN CONST UINT8 *PemData, + IN UINTN PemSize, + IN CONST CHAR8 *Password, + OUT VOID **EcContext + ) +{ + ASSERT (FALSE); + return FALSE; +} From d23e998ef748869e52441f615dadfd502cd0d86a Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Tue, 12 Mar 2024 19:40:02 +0800 Subject: [PATCH 278/357] CryptoPkg: Add X509 functions based on Mbedtls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 X.509 Certificate Handler Wrapper Implementation over MbedTLS. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../BaseCryptLibMbedTls/Pk/CryptX509.c | 1940 +++++++++++++++++ 1 file changed, 1940 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c new file mode 100644 index 0000000000..84b67c8f0a --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c @@ -0,0 +1,1940 @@ +/** @file + X.509 Certificate Handler Wrapper Implementation over MbedTLS. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include +#include +#include +#include +#include +#include + +/// +/// OID +/// +STATIC CONST UINT8 OID_commonName[] = { + 0x55, 0x04, 0x03 +}; +STATIC CONST UINT8 OID_organizationName[] = { + 0x55, 0x04, 0x0A +}; +STATIC CONST UINT8 OID_extKeyUsage[] = { + 0x55, 0x1D, 0x25 +}; +STATIC CONST UINT8 OID_BasicConstraints[] = { + 0x55, 0x1D, 0x13 +}; + +/* Profile for backward compatibility. Allows RSA 1024, unlike the default + profile. */ +STATIC mbedtls_x509_crt_profile gCompatProfile = +{ + /* Hashes from SHA-256 and above. Note that this selection + * should be aligned with ssl_preset_default_hashes in ssl_tls.c. */ + MBEDTLS_X509_ID_FLAG (MBEDTLS_MD_SHA256) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_MD_SHA384) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_MD_SHA512), + 0xFFFFFFF, /* Any PK alg */ + + /* Curves at or above 128-bit security level. Note that this selection + * should be aligned with ssl_preset_default_curves in ssl_tls.c. */ + MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_SECP256R1) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_SECP384R1) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_SECP521R1) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_BP256R1) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_BP384R1) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_BP512R1) | + 0, + 1024, +}; + +/** + Construct a X509 object from DER-encoded certificate data. + + If Cert is NULL, then return FALSE. + If SingleX509Cert is NULL, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded certificate data. + @param[in] CertSize The size of certificate data in bytes. + @param[out] SingleX509Cert The generated X509 object. + + @retval TRUE The X509 object generation succeeded. + @retval FALSE The operation failed. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificate ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 **SingleX509Cert + ) +{ + mbedtls_x509_crt *MbedTlsCert; + INT32 Ret; + + if ((Cert == NULL) || (SingleX509Cert == NULL) || (CertSize == 0)) { + return FALSE; + } + + MbedTlsCert = AllocateZeroPool (sizeof (mbedtls_x509_crt)); + if (MbedTlsCert == NULL) { + return FALSE; + } + + mbedtls_x509_crt_init (MbedTlsCert); + + *SingleX509Cert = (UINT8 *)(VOID *)MbedTlsCert; + Ret = mbedtls_x509_crt_parse_der (MbedTlsCert, Cert, CertSize); + if (Ret == 0) { + return TRUE; + } else { + mbedtls_x509_crt_free (MbedTlsCert); + FreePool (MbedTlsCert); + return FALSE; + } +} + +/** + Construct a X509 stack object from a list of DER-encoded certificate data. + + If X509Stack is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param[in] Args VA_LIST marker for the variable argument list. + A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). + + @retval TRUE The X509 stack construction succeeded. + @retval FALSE The construction operation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificateStackV ( + IN OUT UINT8 **X509Stack, + IN VA_LIST Args + ) +{ + UINT8 *Cert; + UINTN CertSize; + INT32 Index; + INT32 Ret; + mbedtls_x509_crt *Crt; + + if (X509Stack == NULL) { + return FALSE; + } + + Ret = 0; + Crt = NULL; + if (*X509Stack == NULL) { + Crt = AllocateZeroPool (sizeof (mbedtls_x509_crt)); + if (Crt == NULL) { + return FALSE; + } + + mbedtls_x509_crt_init (Crt); + *X509Stack = (UINT8 *)Crt; + } + + for (Index = 0; ; Index++) { + // + // If Cert is NULL, then it is the end of the list. + // + Cert = VA_ARG (Args, UINT8 *); + if (Cert == NULL) { + break; + } + + CertSize = VA_ARG (Args, UINTN); + if (CertSize == 0) { + break; + } + + Ret = mbedtls_x509_crt_parse_der ((mbedtls_x509_crt *)*X509Stack, Cert, CertSize); + + if (Ret != 0) { + break; + } + } + + if (Ret == 0) { + return TRUE; + } else { + if (Crt != NULL) { + mbedtls_x509_crt_free (Crt); + FreePool (Crt); + *X509Stack = NULL; + } + + return FALSE; + } +} + +/** + Construct a X509 stack object from a list of DER-encoded certificate data. + + If X509Stack is NULL, then return FALSE. + + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param ... A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). + + @retval TRUE The X509 stack construction succeeded. + @retval FALSE The construction operation failed. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificateStack ( + IN OUT UINT8 **X509Stack, + ... + ) +{ + VA_LIST Args; + BOOLEAN Result; + + VA_START (Args, X509Stack); + Result = X509ConstructCertificateStackV (X509Stack, Args); + VA_END (Args); + return Result; +} + +/** + Release the specified X509 object. + + If X509Cert is NULL, then return FALSE. + + @param[in] X509Cert Pointer to the X509 object to be released. + +**/ +VOID +EFIAPI +X509Free ( + IN VOID *X509Cert + ) +{ + if (X509Cert != NULL) { + mbedtls_x509_crt_free (X509Cert); + FreePool (X509Cert); + } +} + +/** + Release the specified X509 stack object. + + If X509Stack is NULL, then return FALSE. + + @param[in] X509Stack Pointer to the X509 stack object to be released. + +**/ +VOID +EFIAPI +X509StackFree ( + IN VOID *X509Stack + ) +{ + if (X509Stack == NULL) { + return; + } + + mbedtls_x509_crt_free (X509Stack); +} + +/** + Retrieve the tag and length of the tag. + + @param Ptr The position in the ASN.1 data + @param End End of data + @param Length The variable that will receive the length + @param Tag The expected tag + + @retval TRUE Get tag successful + @retval FALSe Failed to get tag or tag not match +**/ +BOOLEAN +EFIAPI +Asn1GetTag ( + IN OUT UINT8 **Ptr, + IN CONST UINT8 *End, + OUT UINTN *Length, + IN UINT32 Tag + ) +{ + if (mbedtls_asn1_get_tag (Ptr, End, Length, (INT32)Tag) == 0) { + return TRUE; + } else { + return FALSE; + } +} + +/** + Retrieve the subject bytes from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertSubject Pointer to the retrieved certificate subject bytes. + @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input, + and the size of buffer returned CertSubject on output. + + If Cert is NULL, then return FALSE. + If SubjectSize is NULL, then return FALSE. + + @retval TRUE The certificate subject retrieved successfully. + @retval FALSE Invalid certificate, or the SubjectSize is too small for the result. + The SubjectSize will be updated with the required size. + +**/ +BOOLEAN +EFIAPI +X509GetSubjectName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertSubject, + IN OUT UINTN *SubjectSize + ) +{ + mbedtls_x509_crt Crt; + INT32 Ret; + + if (Cert == NULL) { + return FALSE; + } + + mbedtls_x509_crt_init (&Crt); + + Ret = mbedtls_x509_crt_parse_der (&Crt, Cert, CertSize); + + if (Ret == 0) { + if (CertSubject != NULL) { + CopyMem (CertSubject, Crt.subject_raw.p, Crt.subject_raw.len); + } + + *SubjectSize = Crt.subject_raw.len; + } + + mbedtls_x509_crt_free (&Crt); + + return Ret == 0; +} + +/** + Retrieve a string from one X.509 certificate base on the Request_NID. + + @param[in] Name mbedtls_x509_name + @param[in] Oid Oid + @param[in] OidSize Size of Oid + @param[in,out] CommonName Buffer to contain the retrieved certificate common + name string (UTF8). At most CommonNameSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, + and the size of buffer returned CommonName on output. + If CommonName is NULL then the amount of space needed + in buffer (including the final null) is returned. + + @retval RETURN_SUCCESS The certificate CommonName retrieved successfully. + @retval RETURN_INVALID_PARAMETER If Cert is NULL. + If CommonNameSize is NULL. + If CommonName is not NULL and *CommonNameSize is 0. + If Certificate is invalid. + @retval RETURN_NOT_FOUND If no NID Name entry exists. + @retval RETURN_BUFFER_TOO_SMALL If the CommonName is NULL. The required buffer size + (including the final null) is returned in the + CommonNameSize parameter. + @retval RETURN_UNSUPPORTED The operation is not supported. + +**/ +RETURN_STATUS +EFIAPI +InternalX509GetNIDName ( + IN mbedtls_x509_name *Name, + IN CHAR8 *Oid, + IN UINTN OidSize, + IN OUT CHAR8 *CommonName OPTIONAL, + IN OUT UINTN *CommonNameSize + ) +{ + CONST mbedtls_asn1_named_data *data; + + data = mbedtls_asn1_find_named_data (Name, Oid, OidSize); + if (data != NULL) { + if (*CommonNameSize <= data->val.len) { + *CommonNameSize = data->val.len + 1; + return RETURN_BUFFER_TOO_SMALL; + } + + if (CommonName != NULL) { + CopyMem (CommonName, data->val.p, data->val.len); + CommonName[data->val.len] = '\0'; + } + + *CommonNameSize = data->val.len + 1; + return RETURN_SUCCESS; + } else { + return RETURN_NOT_FOUND; + } +} + +/** + Get X509 SubjectNIDName by OID. + + @param[in] Cert certificate + @param[in] CertSize certificate size. + @param[in] Oid Oid + @param[in] OidSize Size of Oid + @param[in,out] CommonName Buffer to contain the retrieved certificate common + name string (UTF8). At most CommonNameSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, + and the size of buffer returned CommonName on output. + If CommonName is NULL then the amount of space needed + in buffer (including the final null) is returned. + + @retval RETURN_SUCCESS The certificate CommonName retrieved successfully. + @retval RETURN_INVALID_PARAMETER If Cert is NULL. + If CommonNameSize is NULL. + If CommonName is not NULL and *CommonNameSize is 0. + If Certificate is invalid. + @retval RETURN_NOT_FOUND If no NID Name entry exists. + @retval RETURN_BUFFER_TOO_SMALL If the CommonName is NULL. The required buffer size + (including the final null) is returned in the + CommonNameSize parameter. + @retval RETURN_UNSUPPORTED The operation is not supported. + +**/ +RETURN_STATUS +EFIAPI +InternalX509GetSubjectNIDName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CHAR8 *Oid, + IN UINTN OidSize, + IN OUT CHAR8 *CommonName OPTIONAL, + IN OUT UINTN *CommonNameSize + ) +{ + mbedtls_x509_crt Crt; + INT32 Ret; + mbedtls_x509_name *Name; + RETURN_STATUS ReturnStatus; + + if (Cert == NULL) { + return FALSE; + } + + ReturnStatus = RETURN_INVALID_PARAMETER; + + mbedtls_x509_crt_init (&Crt); + + Ret = mbedtls_x509_crt_parse_der (&Crt, Cert, CertSize); + + if (Ret == 0) { + Name = &(Crt.subject); + ReturnStatus = InternalX509GetNIDName (Name, Oid, OidSize, CommonName, CommonNameSize); + } + + mbedtls_x509_crt_free (&Crt); + + return ReturnStatus; +} + +/** + Get X509 IssuerNIDName by OID. + + @param[in] Cert certificate + @param[in] CertSize certificate size. + @param[in] Oid Oid + @param[in] OidSize Size of Oid + @param[out] CommonName Buffer to contain the retrieved certificate common + name string (UTF8). At most CommonNameSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, + and the size of buffer returned CommonName on output. + If CommonName is NULL then the amount of space needed + in buffer (including the final null) is returned. + + @retval RETURN_SUCCESS The certificate CommonName retrieved successfully. + @retval RETURN_INVALID_PARAMETER If Cert is NULL. + If CommonNameSize is NULL. + If CommonName is not NULL and *CommonNameSize is 0. + If Certificate is invalid. + @retval RETURN_NOT_FOUND If no NID Name entry exists. + @retval RETURN_BUFFER_TOO_SMALL If the CommonName is NULL. The required buffer size + (including the final null) is returned in the + CommonNameSize parameter. + @retval RETURN_UNSUPPORTED The operation is not supported. + +**/ +RETURN_STATUS +EFIAPI +InternalX509GetIssuerNIDName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CHAR8 *Oid, + IN UINTN OidSize, + OUT CHAR8 *CommonName OPTIONAL, + IN OUT UINTN *CommonNameSize + ) +{ + mbedtls_x509_crt Crt; + INT32 Ret; + mbedtls_x509_name *Name; + RETURN_STATUS ReturnStatus; + + if (Cert == NULL) { + return FALSE; + } + + ReturnStatus = RETURN_INVALID_PARAMETER; + + mbedtls_x509_crt_init (&Crt); + + Ret = mbedtls_x509_crt_parse_der (&Crt, Cert, CertSize); + + if (Ret == 0) { + Name = &(Crt.issuer); + ReturnStatus = InternalX509GetNIDName (Name, Oid, OidSize, CommonName, CommonNameSize); + } + + mbedtls_x509_crt_free (&Crt); + + return ReturnStatus; +} + +/** + Retrieve the common name (CN) string from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CommonName Buffer to contain the retrieved certificate common + name string. At most CommonNameSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, + and the size of buffer returned CommonName on output. + If CommonName is NULL then the amount of space needed + in buffer (including the final null) is returned. + + @retval RETURN_SUCCESS The certificate CommonName retrieved successfully. + @retval RETURN_INVALID_PARAMETER If Cert is NULL. + If CommonNameSize is NULL. + If CommonName is not NULL and *CommonNameSize is 0. + If Certificate is invalid. + @retval RETURN_NOT_FOUND If no CommonName entry exists. + @retval RETURN_BUFFER_TOO_SMALL If the CommonName is NULL. The required buffer size + (including the final null) is returned in the + CommonNameSize parameter. + @retval RETURN_UNSUPPORTED The operation is not supported. + +**/ +RETURN_STATUS +EFIAPI +X509GetCommonName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT CHAR8 *CommonName OPTIONAL, + IN OUT UINTN *CommonNameSize + ) +{ + return InternalX509GetSubjectNIDName (Cert, CertSize, (CHAR8 *)OID_commonName, sizeof (OID_commonName), CommonName, CommonNameSize); +} + +/** + Retrieve the organization name (O) string from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] NameBuffer Buffer to contain the retrieved certificate organization + name string. At most NameBufferSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] NameBufferSize The size in bytes of the Name buffer on input, + and the size of buffer returned Name on output. + If NameBuffer is NULL then the amount of space needed + in buffer (including the final null) is returned. + + @retval RETURN_SUCCESS The certificate Organization Name retrieved successfully. + @retval RETURN_INVALID_PARAMETER If Cert is NULL. + If NameBufferSize is NULL. + If NameBuffer is not NULL and *CommonNameSize is 0. + If Certificate is invalid. + @retval RETURN_NOT_FOUND If no Organization Name entry exists. + @retval RETURN_BUFFER_TOO_SMALL If the NameBuffer is NULL. The required buffer size + (including the final null) is returned in the + CommonNameSize parameter. + @retval RETURN_UNSUPPORTED The operation is not supported. + +**/ +RETURN_STATUS +EFIAPI +X509GetOrganizationName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT CHAR8 *NameBuffer OPTIONAL, + IN OUT UINTN *NameBufferSize + ) +{ + return InternalX509GetSubjectNIDName (Cert, CertSize, (CHAR8 *)OID_organizationName, sizeof (OID_organizationName), NameBuffer, NameBufferSize); +} + +/** + Retrieve the RSA Public Key from one DER-encoded X509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved + RSA public key component. Use RsaFree() function to free the + resource. + + If Cert is NULL, then return FALSE. + If RsaContext is NULL, then return FALSE. + + @retval TRUE RSA Public Key was retrieved successfully. + @retval FALSE Fail to retrieve RSA public key from X509 certificate. + +**/ +BOOLEAN +EFIAPI +RsaGetPublicKeyFromX509 ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT VOID **RsaContext + ) +{ + mbedtls_x509_crt Crt; + mbedtls_rsa_context *Rsa; + INT32 Ret; + + mbedtls_x509_crt_init (&Crt); + + if (mbedtls_x509_crt_parse_der (&Crt, Cert, CertSize) != 0) { + return FALSE; + } + + if (mbedtls_pk_get_type (&Crt.pk) != MBEDTLS_PK_RSA) { + mbedtls_x509_crt_free (&Crt); + return FALSE; + } + + Rsa = RsaNew (); + if (Rsa == NULL) { + mbedtls_x509_crt_free (&Crt); + return FALSE; + } + + Ret = mbedtls_rsa_copy (Rsa, mbedtls_pk_rsa (Crt.pk)); + if (Ret != 0) { + RsaFree (Rsa); + mbedtls_x509_crt_free (&Crt); + return FALSE; + } + + mbedtls_x509_crt_free (&Crt); + + *RsaContext = Rsa; + return TRUE; +} + +/** + Retrieve the EC Public Key from one DER-encoded X509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] EcContext Pointer to new-generated EC DSA context which contain the retrieved + EC public key component. Use EcFree() function to free the + resource. + + If Cert is NULL, then return FALSE. + If EcContext is NULL, then return FALSE. + + @retval TRUE EC Public Key was retrieved successfully. + @retval FALSE Fail to retrieve EC public key from X509 certificate. + +**/ +BOOLEAN +EFIAPI +EcGetPublicKeyFromX509 ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT VOID **EcContext + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Verify one X509 certificate was issued by the trusted CA. + + @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] CACert Pointer to the DER-encoded trusted CA certificate. + @param[in] CACertSize Size of the CA Certificate in bytes. + + If Cert is NULL, then return FALSE. + If CACert is NULL, then return FALSE. + + @retval TRUE The certificate was issued by the trusted CA. + @retval FALSE Invalid certificate or the certificate was not issued by the given + trusted CA. + +**/ +BOOLEAN +EFIAPI +X509VerifyCert ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *CACert, + IN UINTN CACertSize + ) +{ + INT32 Ret; + mbedtls_x509_crt Ca; + mbedtls_x509_crt End; + UINT32 VFlag; + mbedtls_x509_crt_profile Profile; + + if ((Cert == NULL) || (CACert == NULL)) { + return FALSE; + } + + VFlag = 0; + CopyMem (&Profile, &gCompatProfile, sizeof (mbedtls_x509_crt_profile)); + + mbedtls_x509_crt_init (&Ca); + mbedtls_x509_crt_init (&End); + + Ret = mbedtls_x509_crt_parse_der (&Ca, CACert, CACertSize); + + if (Ret == 0) { + Ret = mbedtls_x509_crt_parse_der (&End, Cert, CertSize); + } + + if (Ret == 0) { + Ret = mbedtls_x509_crt_verify_with_profile (&End, &Ca, NULL, &Profile, NULL, &VFlag, NULL, NULL); + } + + mbedtls_x509_crt_free (&Ca); + mbedtls_x509_crt_free (&End); + + return Ret == 0; +} + +/** + Verify one X509 certificate was issued by the trusted CA. + + @param[in] RootCert Trusted Root Certificate buffer + @param[in] RootCertLength Trusted Root Certificate buffer length + @param[in] CertChain One or more ASN.1 DER-encoded X.509 certificates + where the first certificate is signed by the Root + Certificate or is the Root Cerificate itself. and + subsequent cerificate is signed by the preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain, in bytes. + + @retval TRUE All cerificates was issued by the first certificate in X509Certchain. + @retval FALSE Invalid certificate or the certificate was not issued by the given + trusted CA. +**/ +BOOLEAN +EFIAPI +X509VerifyCertChain ( + IN CONST UINT8 *RootCert, + IN UINTN RootCertLength, + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength + ) +{ + UINTN Asn1Len; + UINTN PrecedingCertLen; + CONST UINT8 *PrecedingCert; + UINTN CurrentCertLen; + CONST UINT8 *CurrentCert; + CONST UINT8 *TmpPtr; + UINT32 Ret; + BOOLEAN VerifyFlag; + + VerifyFlag = FALSE; + PrecedingCert = RootCert; + PrecedingCertLen = RootCertLength; + + CurrentCert = CertChain; + + // + // Get Current certificate from Certificates buffer and Verify with preciding cert + // + do { + TmpPtr = CurrentCert; + Ret = mbedtls_asn1_get_tag ((UINT8 **)&TmpPtr, CertChain + CertChainLength, &Asn1Len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + if (Ret != 0) { + break; + } + + CurrentCertLen = Asn1Len + (TmpPtr - CurrentCert); + + if (!X509VerifyCert (CurrentCert, CurrentCertLen, PrecedingCert, PrecedingCertLen)) { + VerifyFlag = FALSE; + break; + } else { + VerifyFlag = TRUE; + } + + // + // Save preceding certificate + // + PrecedingCert = CurrentCert; + PrecedingCertLen = CurrentCertLen; + + // + // Move current certificate to next; + // + CurrentCert = CurrentCert + CurrentCertLen; + } while (1); + + return VerifyFlag; +} + +/** + Get one X509 certificate from CertChain. + + @param[in] CertChain One or more ASN.1 DER-encoded X.509 certificates + where the first certificate is signed by the Root + Certificate or is the Root Cerificate itself. and + subsequent cerificate is signed by the preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain, in bytes. + + @param[in] CertIndex Index of certificate. + + @param[out] Cert The certificate at the index of CertChain. + @param[out] CertLength The length certificate at the index of CertChain. + + @retval TRUE Success. + @retval FALSE Failed to get certificate from certificate chain. +**/ +BOOLEAN +EFIAPI +X509GetCertFromCertChain ( + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength, + IN CONST INT32 CertIndex, + OUT CONST UINT8 **Cert, + OUT UINTN *CertLength + ) +{ + UINTN Asn1Len; + INT32 CurrentIndex; + UINTN CurrentCertLen; + CONST UINT8 *CurrentCert; + CONST UINT8 *TmpPtr; + INT32 Ret; + + // + // Check input parameters. + // + if ((CertChain == NULL) || (Cert == NULL) || + (CertIndex < -1) || (CertLength == NULL)) + { + return FALSE; + } + + CurrentCert = CertChain; + CurrentIndex = -1; + + // + // Traverse the certificate chain + // + while (TRUE) { + // + // Get asn1 tag len + // + TmpPtr = CurrentCert; + Ret = mbedtls_asn1_get_tag ((UINT8 **)&TmpPtr, CertChain + CertChainLength, &Asn1Len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + if (Ret != 0) { + break; + } + + CurrentCertLen = Asn1Len + (TmpPtr - CurrentCert); + CurrentIndex++; + + if (CurrentIndex == CertIndex) { + *Cert = CurrentCert; + *CertLength = CurrentCertLen; + return TRUE; + } + + // + // Move to next + // + CurrentCert = CurrentCert + CurrentCertLen; + } + + // + // If CertIndex is -1, Return the last certificate + // + if ((CertIndex == -1) && (CurrentIndex >= 0)) { + *Cert = CurrentCert - CurrentCertLen; + *CertLength = CurrentCertLen; + return TRUE; + } + + return FALSE; +} + +/** + Retrieve the TBSCertificate from one given X.509 certificate. + + @param[in] Cert Pointer to the given DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] TBSCert DER-Encoded To-Be-Signed certificate. + @param[out] TBSCertSize Size of the TBS certificate in bytes. + + If Cert is NULL, then return FALSE. + If TBSCert is NULL, then return FALSE. + If TBSCertSize is NULL, then return FALSE. + + @retval TRUE The TBSCertificate was retrieved successfully. + @retval FALSE Invalid X.509 certificate. + +**/ +BOOLEAN +EFIAPI +X509GetTBSCert ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 **TBSCert, + OUT UINTN *TBSCertSize + ) +{ + UINTN Length; + UINTN Ret; + UINT8 *Ptr; + CONST UINT8 *Temp; + CONST UINT8 *End; + + // + // Check input parameters. + // + if ((Cert == NULL) || (TBSCert == NULL) || + (TBSCertSize == NULL) || (CertSize > INT_MAX)) + { + return FALSE; + } + + // + // An X.509 Certificate is: (defined in RFC3280) + // Certificate ::= SEQUENCE { + // tbsCertificate TBSCertificate, + // signatureAlgorithm AlgorithmIdentifier, + // signature BIT STRING } + // + // and + // + // TBSCertificate ::= SEQUENCE { + // version [0] Version DEFAULT v1, + // ... + // } + // + // So we can just ASN1-parse the x.509 DER-encoded data. If we strip + // the first SEQUENCE, the second SEQUENCE is the TBSCertificate. + // + + Length = 0; + + Ptr = (UINT8 *)Cert; + End = Cert + CertSize; + + Ret = mbedtls_asn1_get_tag (&Ptr, End, &Length, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + if (Ret != 0) { + return FALSE; + } + + Temp = Ptr; + End = Ptr + Length; + Ret = mbedtls_asn1_get_tag (&Ptr, End, &Length, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + if (Ret != 0) { + return FALSE; + } + + *TBSCert = (UINT8 *)Temp; + *TBSCertSize = Length + (Ptr - Temp); + + return TRUE; +} + +/** + Retrieve the version from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Version Pointer to the retrieved version integer. + + @retval TRUE The certificate version retrieved successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + @retval FALSE The operation is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetVersion ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Version + ) +{ + mbedtls_x509_crt Crt; + INT32 Ret; + BOOLEAN ReturnStatus; + + if (Cert == NULL) { + return FALSE; + } + + ReturnStatus = FALSE; + + mbedtls_x509_crt_init (&Crt); + + Ret = mbedtls_x509_crt_parse_der (&Crt, Cert, CertSize); + + if (Ret == 0) { + *Version = Crt.version - 1; + ReturnStatus = TRUE; + } + + mbedtls_x509_crt_free (&Crt); + + return ReturnStatus; +} + +/** + Retrieve the serialNumber from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] SerialNumber Pointer to the retrieved certificate SerialNumber bytes. + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber buffer on input, + and the size of buffer returned SerialNumber on output. + + @retval TRUE The certificate serialNumber retrieved successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + If SerialNumberSize is NULL. + If Certificate is invalid. + @retval FALSE If no SerialNumber exists. + @retval FALSE If the SerialNumber is NULL. The required buffer size + (including the final null) is returned in the + SerialNumberSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSerialNumber ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *SerialNumber OPTIONAL, + IN OUT UINTN *SerialNumberSize + ) +{ + mbedtls_x509_crt Crt; + INT32 Ret; + BOOLEAN ReturnStatus; + + if (Cert == NULL) { + return FALSE; + } + + ReturnStatus = FALSE; + + mbedtls_x509_crt_init (&Crt); + + Ret = mbedtls_x509_crt_parse_der (&Crt, Cert, CertSize); + + if (Ret == 0) { + if (*SerialNumberSize <= Crt.serial.len) { + *SerialNumberSize = Crt.serial.len + 1; + ReturnStatus = FALSE; + goto Cleanup; + } + + if (SerialNumber != NULL) { + CopyMem (SerialNumber, Crt.serial.p, Crt.serial.len); + SerialNumber[Crt.serial.len] = '\0'; + } + + *SerialNumberSize = Crt.serial.len + 1; + ReturnStatus = TRUE; + } + +Cleanup: + mbedtls_x509_crt_free (&Crt); + + return ReturnStatus; +} + +/** + Retrieve the issuer bytes from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertIssuer Pointer to the retrieved certificate subject bytes. + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buffer on input, + and the size of buffer returned CertSubject on output. + + @retval TRUE The certificate issuer retrieved successfully. + @retval FALSE Invalid certificate, or the CertIssuerSize is too small for the result. + The CertIssuerSize will be updated with the required size. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetIssuerName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertIssuer, + IN OUT UINTN *CertIssuerSize + ) +{ + mbedtls_x509_crt Crt; + INT32 Ret; + BOOLEAN Status; + + if (Cert == NULL) { + return FALSE; + } + + Status = FALSE; + + mbedtls_x509_crt_init (&Crt); + + Ret = mbedtls_x509_crt_parse_der (&Crt, Cert, CertSize); + + if (Ret == 0) { + if (*CertIssuerSize < Crt.serial.len) { + *CertIssuerSize = Crt.serial.len; + Status = FALSE; + goto Cleanup; + } + + if (CertIssuer != NULL) { + CopyMem (CertIssuer, Crt.serial.p, Crt.serial.len); + } + + *CertIssuerSize = Crt.serial.len; + Status = TRUE; + } + +Cleanup: + mbedtls_x509_crt_free (&Crt); + + return Status; +} + +/** + Retrieve the issuer common name (CN) string from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CommonName Buffer to contain the retrieved certificate issuer common + name string. At most CommonNameSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, + and the size of buffer returned CommonName on output. + If CommonName is NULL then the amount of space needed + in buffer (including the final null) is returned. + + @retval RETURN_SUCCESS The certificate Issuer CommonName retrieved successfully. + @retval RETURN_INVALID_PARAMETER If Cert is NULL. + If CommonNameSize is NULL. + If CommonName is not NULL and *CommonNameSize is 0. + If Certificate is invalid. + @retval RETURN_NOT_FOUND If no CommonName entry exists. + @retval RETURN_BUFFER_TOO_SMALL If the CommonName is NULL. The required buffer size + (including the final null) is returned in the + CommonNameSize parameter. + @retval RETURN_UNSUPPORTED The operation is not supported. + +**/ +RETURN_STATUS +EFIAPI +X509GetIssuerCommonName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT CHAR8 *CommonName OPTIONAL, + IN OUT UINTN *CommonNameSize + ) +{ + return InternalX509GetIssuerNIDName (Cert, CertSize, (CHAR8 *)OID_commonName, sizeof (OID_commonName), CommonName, CommonNameSize); +} + +/** + Retrieve the issuer organization name (O) string from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] NameBuffer Buffer to contain the retrieved certificate issuer organization + name string. At most NameBufferSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] NameBufferSize The size in bytes of the Name buffer on input, + and the size of buffer returned Name on output. + If NameBuffer is NULL then the amount of space needed + in buffer (including the final null) is returned. + + @retval RETURN_SUCCESS The certificate issuer Organization Name retrieved successfully. + @retval RETURN_INVALID_PARAMETER If Cert is NULL. + If NameBufferSize is NULL. + If NameBuffer is not NULL and *CommonNameSize is 0. + If Certificate is invalid. + @retval RETURN_NOT_FOUND If no Organization Name entry exists. + @retval RETURN_BUFFER_TOO_SMALL If the NameBuffer is NULL. The required buffer size + (including the final null) is returned in the + CommonNameSize parameter. + @retval RETURN_UNSUPPORTED The operation is not supported. + +**/ +RETURN_STATUS +EFIAPI +X509GetIssuerOrganizationName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT CHAR8 *NameBuffer OPTIONAL, + IN OUT UINTN *NameBufferSize + ) +{ + return InternalX509GetIssuerNIDName (Cert, CertSize, (CHAR8 *)OID_organizationName, sizeof (OID_organizationName), NameBuffer, NameBufferSize); +} + +/** + Retrieve the Signature Algorithm from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Oid Signature Algorithm Object identifier buffer. + @param[in,out] OidSize Signature Algorithm Object identifier buffer size + + @retval TRUE The certificate Extension data retrieved successfully. + @retval FALSE If Cert is NULL. + If OidSize is NULL. + If Oid is not NULL and *OidSize is 0. + If Certificate is invalid. + @retval FALSE If no SignatureType. + @retval FALSE If the Oid is NULL. The required buffer size + is returned in the OidSize. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSignatureAlgorithm ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Oid OPTIONAL, + IN OUT UINTN *OidSize + ) +{ + mbedtls_x509_crt Crt; + INT32 Ret; + BOOLEAN ReturnStatus; + + if ((Cert == NULL) || (CertSize == 0) || (OidSize == NULL)) { + return FALSE; + } + + ReturnStatus = FALSE; + + mbedtls_x509_crt_init (&Crt); + + Ret = mbedtls_x509_crt_parse_der (&Crt, Cert, CertSize); + + if (Ret == 0) { + if (*OidSize < Crt.sig_oid.len) { + *OidSize = Crt.serial.len; + ReturnStatus = FALSE; + goto Cleanup; + } + + if (Oid != NULL) { + CopyMem (Oid, Crt.sig_oid.p, Crt.sig_oid.len); + } + + *OidSize = Crt.sig_oid.len; + ReturnStatus = TRUE; + } + +Cleanup: + mbedtls_x509_crt_free (&Crt); + + return ReturnStatus; +} + +/** + Find first Extension data match with given OID + + @param[in] Start Pointer to the DER-encoded Extensions Data + @param[in] End Extensions Data size in bytes + @param[in ] Oid OID for match + @param[in ] OidSize OID size in bytes + @param[out] FindExtensionData output matched extension data. + @param[out] FindExtensionDataLen matched extension data size. + + **/ +STATIC +RETURN_STATUS +InternalX509FindExtensionData ( + UINT8 *Start, + UINT8 *End, + CONST UINT8 *Oid, + UINTN OidSize, + UINT8 **FindExtensionData, + UINTN *FindExtensionDataLen + ) +{ + UINT8 *Ptr; + UINT8 *ExtensionPtr; + size_t ObjLen; + INT32 Ret; + RETURN_STATUS ReturnStatus; + size_t FindExtensionLen; + size_t HeaderLen; + + ReturnStatus = RETURN_INVALID_PARAMETER; + Ptr = Start; + + Ret = 0; + + while (TRUE) { + /* + * Extension ::= SEQUENCE { + * extnID OBJECT IDENTIFIER, + * critical BOOLEAN DEFAULT FALSE, + * extnValue OCTET STRING } + */ + ExtensionPtr = Ptr; + Ret = mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + if (Ret == 0) { + HeaderLen = (size_t)(Ptr - ExtensionPtr); + FindExtensionLen = ObjLen; + // Get Object Identifier + Ret = mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_OID); + } else { + break; + } + + if ((Ret == 0) && (CompareMem (Ptr, Oid, OidSize) == 0)) { + Ptr += ObjLen; + + Ret = mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_BOOLEAN); + if (Ret == 0) { + Ptr += ObjLen; + } + + Ret = mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_OCTET_STRING); + } else { + Ret = 1; + } + + if (Ret == 0) { + *FindExtensionData = Ptr; + *FindExtensionDataLen = ObjLen; + ReturnStatus = RETURN_SUCCESS; + break; + } + + // move to next + Ptr = ExtensionPtr + HeaderLen + FindExtensionLen; + Ret = 0; + } + + return ReturnStatus; +} + +/** + Retrieve Extension data from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] Oid Object identifier buffer + @param[in] OidSize Object identifier buffer size + @param[out] ExtensionData Extension bytes. + @param[in, out] ExtensionDataSize Extension bytes size. + + @retval TRUE The certificate Extension data retrieved successfully. + @retval FALSE If Cert is NULL. + If ExtensionDataSize is NULL. + If ExtensionData is not NULL and *ExtensionDataSize is 0. + If Certificate is invalid. + @retval FALSE If no Extension entry match Oid. + @retval FALSE If the ExtensionData is NULL. The required buffer size + is returned in the ExtensionDataSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtensionData ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *Oid, + IN UINTN OidSize, + OUT UINT8 *ExtensionData, + IN OUT UINTN *ExtensionDataSize + ) +{ + mbedtls_x509_crt Crt; + INT32 Ret; + RETURN_STATUS ReturnStatus; + BOOLEAN Status; + UINT8 *Ptr; + UINT8 *End; + size_t ObjLen; + + if ((Cert == NULL) || + (CertSize == 0) || + (Oid == NULL) || + (OidSize == 0) || + (ExtensionDataSize == NULL)) + { + return FALSE; + } + + ReturnStatus = RETURN_INVALID_PARAMETER; + Status = FALSE; + + mbedtls_x509_crt_init (&Crt); + + Ret = mbedtls_x509_crt_parse_der (&Crt, Cert, CertSize); + + if (Ret == 0) { + Ptr = Crt.v3_ext.p; + End = Crt.v3_ext.p + Crt.v3_ext.len; + Ret = mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + } + + if (Ret == 0) { + ReturnStatus = InternalX509FindExtensionData (Ptr, End, Oid, OidSize, &Ptr, &ObjLen); + } + + if (ReturnStatus == RETURN_SUCCESS) { + if (*ExtensionDataSize < ObjLen) { + *ExtensionDataSize = ObjLen; + Status = FALSE; + goto Cleanup; + } + + if (Oid != NULL) { + CopyMem (ExtensionData, Ptr, ObjLen); + } + + *ExtensionDataSize = ObjLen; + Status = TRUE; + } + +Cleanup: + mbedtls_x509_crt_free (&Crt); + + return Status; +} + +/** + Retrieve the Validity from one X.509 certificate + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] From notBefore Pointer to DateTime object. + @param[in,out] FromSize notBefore DateTime object size. + @param[in] To notAfter Pointer to DateTime object. + @param[in,out] ToSize notAfter DateTime object size. + + Note: X509CompareDateTime to compare DateTime oject + x509SetDateTime to get a DateTime object from a DateTimeStr + + @retval TRUE The certificate Validity retrieved successfully. + @retval FALSE Invalid certificate, or Validity retrieve failed. + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetValidity ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN UINT8 *From, + IN OUT UINTN *FromSize, + IN UINT8 *To, + IN OUT UINTN *ToSize + ) +{ + mbedtls_x509_crt Crt; + INT32 Ret; + BOOLEAN Status; + UINTN TSize; + UINTN FSize; + + if (Cert == NULL) { + return FALSE; + } + + Status = FALSE; + + mbedtls_x509_crt_init (&Crt); + + Ret = mbedtls_x509_crt_parse_der (&Crt, Cert, CertSize); + + if (Ret == 0) { + FSize = sizeof (mbedtls_x509_time); + if (*FromSize < FSize) { + *FromSize = FSize; + goto _Exit; + } + + *FromSize = FSize; + if (From != NULL) { + CopyMem (From, &(Crt.valid_from), FSize); + } + + TSize = sizeof (mbedtls_x509_time); + if (*ToSize < TSize) { + *ToSize = TSize; + goto _Exit; + } + + *ToSize = TSize; + if (To != NULL) { + CopyMem (To, &(Crt.valid_to), sizeof (mbedtls_x509_time)); + } + + Status = TRUE; + } + +_Exit: + mbedtls_x509_crt_free (&Crt); + + return Status; +} + +/** + Retrieve the Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage (CRYPTO_X509_KU_*) + + @retval TRUE The certificate Key Usage retrieved successfully. + @retval FALSE Invalid certificate, or Usage is NULL + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Usage + ) +{ + mbedtls_x509_crt Crt; + INT32 Ret; + BOOLEAN Status; + + if (Cert == NULL) { + return FALSE; + } + + Status = FALSE; + + mbedtls_x509_crt_init (&Crt); + + Ret = mbedtls_x509_crt_parse_der (&Crt, Cert, CertSize); + + if (Ret == 0) { + *Usage = Crt.key_usage; + Status = TRUE; + } + + mbedtls_x509_crt_free (&Crt); + + return Status; +} + +/** + Retrieve the Extended Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage bytes. + @param[in, out] UsageSize Key Usage buffer sizs in bytes. + + @retval TRUE The Usage bytes retrieve successfully. + @retval FALSE If Cert is NULL. + If CertSize is NULL. + If Usage is not NULL and *UsageSize is 0. + If Cert is invalid. + @retval FALSE If the Usage is NULL. The required buffer size + is returned in the UsageSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtendedKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Usage, + IN OUT UINTN *UsageSize + ) +{ + BOOLEAN ReturnStatus; + + if ((Cert == NULL) || (CertSize == 0) || (UsageSize == NULL)) { + return FALSE; + } + + ReturnStatus = X509GetExtensionData ((UINT8 *)Cert, CertSize, (UINT8 *)OID_extKeyUsage, sizeof (OID_extKeyUsage), Usage, UsageSize); + + return ReturnStatus; +} + +/** + Compare DateTime1 object and DateTime2 object time. + + @param[in] Before Pointer to a DateTime Ojbect + @param[in] After Pointer to a DateTime Object + + @retval 0 If DateTime1 <= DateTime2 + @retval 1 If DateTime1 > DateTime2 +**/ +STATIC +INTN +InternalX509CheckTime ( + CONST mbedtls_x509_time *Before, + CONST mbedtls_x509_time *After + ) +{ + if (Before->year > After->year) { + return (1); + } + + if ((Before->year == After->year) && + (Before->mon > After->mon)) + { + return (1); + } + + if ((Before->year == After->year) && + (Before->mon == After->mon) && + (Before->day > After->day)) + { + return (1); + } + + if ((Before->year == After->year) && + (Before->mon == After->mon) && + (Before->day == After->day) && + (Before->hour > After->hour)) + { + return (1); + } + + if ((Before->year == After->year) && + (Before->mon == After->mon) && + (Before->day == After->day) && + (Before->hour == After->hour) && + (Before->min > After->min)) + { + return (1); + } + + if ((Before->year == After->year) && + (Before->mon == After->mon) && + (Before->day == After->day) && + (Before->hour == After->hour) && + (Before->min == After->min) && + (Before->sec > After->sec)) + { + return (1); + } + + return (0); +} + +/** + change string to int. + + @param[in] PStart Pointer to a string Start + @param[in] PEnd Pointer to a string End + + @return number +**/ +STATIC +INT32 +InternalAtoI ( + CHAR8 *PStart, + CHAR8 *PEnd + ) +{ + CHAR8 *Ptr; + INT32 Knum; + + Knum = 0; + Ptr = PStart; + + while (Ptr < PEnd) { + /// + /// k = k * 2^3 + k * 2^1 = k * 8 + k * 2 = k * 10 + /// + Knum = (Knum << 3) + (Knum << 1) + (*Ptr) - '0'; + Ptr++; + } + + return Knum; +} + +/** + Format a DateTime object into DataTime Buffer + + If DateTimeStr is NULL, then return FALSE. + If DateTimeSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ + Ref: https://www.w3.org/TR/NOTE-datetime + Z stand for UTC time + @param[in,out] DateTime Pointer to a DateTime object. + @param[in,out] DateTimeSize DateTime object buffer size. + + @retval RETURN_SUCCESS The DateTime object create successfully. + @retval RETURN_INVALID_PARAMETER If DateTimeStr is NULL. + If DateTimeSize is NULL. + If DateTime is not NULL and *DateTimeSize is 0. + If Year Month Day Hour Minute Second combination is invalid datetime. + @retval RETURN_BUFFER_TOO_SMALL If the DateTime is NULL. The required buffer size + (including the final null) is returned in the + DateTimeSize parameter. + @retval RETURN_UNSUPPORTED The operation is not supported. +**/ +RETURN_STATUS +EFIAPI +X509SetDateTime ( + CHAR8 *DateTimeStr, + IN OUT VOID *DateTime, + IN OUT UINTN *DateTimeSize + ) +{ + mbedtls_x509_time Dt; + + INT32 Year; + INT32 Month; + INT32 Day; + INT32 Hour; + INT32 Minute; + INT32 Second; + RETURN_STATUS ReturnStatus; + CHAR8 *Ptr; + + Ptr = DateTimeStr; + + Year = InternalAtoI (Ptr, Ptr + 4); + Ptr += 4; + Month = InternalAtoI (Ptr, Ptr + 2); + Ptr += 2; + Day = InternalAtoI (Ptr, Ptr + 2); + Ptr += 2; + Hour = InternalAtoI (Ptr, Ptr + 2); + Ptr += 2; + Minute = InternalAtoI (Ptr, Ptr + 2); + Ptr += 2; + Second = InternalAtoI (Ptr, Ptr + 2); + Ptr += 2; + Dt.year = (int)Year; + Dt.mon = (int)Month; + Dt.day = (int)Day; + Dt.hour = (int)Hour; + Dt.min = (int)Minute; + Dt.sec = (int)Second; + + if (*DateTimeSize < sizeof (mbedtls_x509_time)) { + *DateTimeSize = sizeof (mbedtls_x509_time); + ReturnStatus = RETURN_BUFFER_TOO_SMALL; + goto Cleanup; + } + + if (DateTime != NULL) { + CopyMem (DateTime, &Dt, sizeof (mbedtls_x509_time)); + } + + *DateTimeSize = sizeof (mbedtls_x509_time); + ReturnStatus = RETURN_SUCCESS; +Cleanup: + return ReturnStatus; +} + +/** + Compare DateTime1 object and DateTime2 object. + + If DateTime1 is NULL, then return -2. + If DateTime2 is NULL, then return -2. + If DateTime1 == DateTime2, then return 0 + If DateTime1 > DateTime2, then return 1 + If DateTime1 < DateTime2, then return -1 + + @param[in] DateTime1 Pointer to a DateTime Ojbect + @param[in] DateTime2 Pointer to a DateTime Object + + @retval 0 If DateTime1 == DateTime2 + @retval 1 If DateTime1 > DateTime2 + @retval -1 If DateTime1 < DateTime2 +**/ +INT32 +EFIAPI +X509CompareDateTime ( + IN CONST VOID *DateTime1, + IN CONST VOID *DateTime2 + ) +{ + if ((DateTime1 == NULL) || (DateTime2 == NULL)) { + return -2; + } + + if (CompareMem (DateTime2, DateTime1, sizeof (mbedtls_x509_time)) == 0) { + return 0; + } + + if (InternalX509CheckTime ((mbedtls_x509_time *)DateTime1, (mbedtls_x509_time *)DateTime2) == 0) { + return -1; + } else { + return 1; + } +} + +/** + Retrieve the basic constraints from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize size of the X509 certificate in bytes. + @param[out] BasicConstraints basic constraints bytes. + @param[in, out] BasicConstraintsSize basic constraints buffer sizs in bytes. + + @retval TRUE The basic constraints retrieve successfully. + @retval FALSE If cert is NULL. + If cert_size is NULL. + If basic_constraints is not NULL and *basic_constraints_size is 0. + If cert is invalid. + @retval FALSE The required buffer size is small. + The return buffer size is basic_constraints_size parameter. + @retval FALSE If no Extension entry match oid. + @retval FALSE The operation is not supported. + **/ +BOOLEAN +EFIAPI +X509GetExtendedBasicConstraints ( + CONST UINT8 *Cert, + UINTN CertSize, + UINT8 *BasicConstraints, + UINTN *BasicConstraintsSize + ) +{ + BOOLEAN Status; + + if ((Cert == NULL) || (CertSize == 0) || (BasicConstraintsSize == NULL)) { + return FALSE; + } + + Status = X509GetExtensionData ( + (UINT8 *)Cert, + CertSize, + OID_BasicConstraints, + sizeof (OID_BasicConstraints), + BasicConstraints, + BasicConstraintsSize + ); + + return Status; +} + +/** + Format a DateTimeStr to DataTime object in DataTime Buffer + + If DateTimeStr is NULL, then return FALSE. + If DateTimeSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ + Ref: https://www.w3.org/TR/NOTE-datetime + Z stand for UTC time + @param[out] DateTime Pointer to a DateTime object. + @param[in,out] DateTimeSize DateTime object buffer size. + + @retval TRUE The DateTime object create successfully. + @retval FALSE If DateTimeStr is NULL. + If DateTimeSize is NULL. + If DateTime is not NULL and *DateTimeSize is 0. + If Year Month Day Hour Minute Second combination is invalid datetime. + @retval FALSE If the DateTime is NULL. The required buffer size + (including the final null) is returned in the + DateTimeSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509FormatDateTime ( + IN CONST CHAR8 *DateTimeStr, + OUT VOID *DateTime, + IN OUT UINTN *DateTimeSize + ) +{ + mbedtls_x509_time *Tm; + + if (*DateTimeSize < sizeof (mbedtls_x509_time)) { + return FALSE; + } + + if (DateTime == NULL) { + return FALSE; + } + + Tm = (mbedtls_x509_time *)DateTime; + + Tm->year = (DateTimeStr[0] + '0') * 1000 + (DateTimeStr[1] + '0') * 100 + + (DateTimeStr[2] + '0') * 10 + (DateTimeStr[3] + '0') * 1; + + Tm->mon = (DateTimeStr[4] + '0') * 10 + (DateTimeStr[5] + '0') * 1; + + Tm->day = (DateTimeStr[6] + '0') * 10 + (DateTimeStr[7] + '0') * 1; + + Tm->hour = (DateTimeStr[8] + '0') * 10 + (DateTimeStr[9] + '0') * 1; + + Tm->min = (DateTimeStr[10] + '0') * 10 + (DateTimeStr[11] + '0') * 1; + + Tm->sec = (DateTimeStr[12] + '0') * 10 + (DateTimeStr[13] + '0') * 1; + + return TRUE; +} From f626979151185838eb22bbd8ec43f5f382d31575 Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Sun, 7 Apr 2024 15:20:48 +0800 Subject: [PATCH 279/357] CryptoPkg: Add Pkcs7 related functions based on Mbedtls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the current Mbedlts pkcs7 library doesn't support authenticatedAttributes and only support 0 or 1 certificates in Signed data, the patch implement Pkcs7 by low Mbedtls Api. And the implementation has pass unit_tes and integration test. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- CryptoPkg/Include/Library/BaseCryptLib.h | 2 + .../BaseCryptLibMbedTls/InternalCryptLib.h | 33 + .../Pk/CryptPkcs7Internal.h | 29 +- .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c | 635 ++++++++ .../Pk/CryptPkcs7VerifyBase.c | 113 ++ .../Pk/CryptPkcs7VerifyCommon.c | 1354 +++++++++++++++++ .../Pk/CryptPkcs7VerifyEku.c | 689 +++++++++ 7 files changed, 2843 insertions(+), 12 deletions(-) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 31ce363030..4dc12346e9 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2234,6 +2234,8 @@ Pkcs7FreeSigners ( unchained to the signer's certificates. The input signed data could be wrapped in a ContentInfo structure. + Pkcs7GetCertificatesList has not been implemented in BaseCryptoLibMbedTls. + @param[in] P7Data Pointer to the PKCS#7 message. @param[in] P7Length Length of the PKCS#7 message in bytes. @param[out] SignerChainCerts Pointer to the certificates list chained to signer's diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h index a30666cef4..c9f19dd0cd 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h @@ -38,4 +38,37 @@ MbedtlsRand ( UINT8 *Output, UINTN Len ); + +/** + Check input P7Data is a wrapped ContentInfo structure or not. If not construct + a new structure to wrap P7Data. + + Caution: This function may receive untrusted input. + UEFI Authenticated Variable is external input, so this function will do basic + check for PKCS#7 data structure. + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise + return FALSE. + @param[out] WrapData If return status of this function is TRUE: + 1) when WrapFlag is TRUE, pointer to P7Data. + 2) when WrapFlag is FALSE, pointer to a new ContentInfo + structure. It's caller's responsibility to free this + buffer. + @param[out] WrapDataSize Length of ContentInfo structure in bytes. + + @retval TRUE The operation is finished successfully. + @retval FALSE The operation is failed due to lack of resources. + +**/ +BOOLEAN +WrapPkcs7Data ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT BOOLEAN *WrapFlag, + OUT UINT8 **WrapData, + OUT UINTN *WrapDataSize + ); + #endif diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h index 207f493cbb..cbdd1dc530 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h @@ -4,7 +4,7 @@ RFC 2315 - PKCS #7: Cryptographic Message Syntax Version 1.5 -Copyright (c) 2023, Intel Corporation. All rights reserved.
+Copyright (c) 2023-2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -31,10 +31,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" #define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" -typedef mbedtls_asn1_buf MBEDTLSPKCS7BUF; -typedef mbedtls_asn1_named_data MBEDTLSPKCS7NAME; -typedef mbedtls_asn1_sequence MBEDTLSPKCS7SEQUENCE; - /// /// PKCS7 SignerInfo type /// https://tools.ietf.org/html/rfc2315#section-9.2 @@ -48,8 +44,8 @@ typedef struct MbedtlsPkcs7SignerInfo { mbedtls_x509_buf SigAlgIdentifier; mbedtls_x509_buf AuthAttr; mbedtls_x509_buf Sig; - struct MBEDTLSPKCS7SIGNERINFO *Next; -} MBEDTLSPKCS7SIGNERINFO; + struct MbedtlsPkcs7SignerInfo *Next; +} MbedtlsPkcs7SignerInfo; /// /// PKCS7 signed data attached data format @@ -57,7 +53,7 @@ typedef struct MbedtlsPkcs7SignerInfo { typedef struct MbedtlsPkcs7Data { mbedtls_asn1_buf Oid; mbedtls_asn1_buf Data; -} MBEDTLSPKCS7DATA; +} MbedtlsPkcs7Data; /// /// Signed Data @@ -66,18 +62,27 @@ typedef struct MbedtlsPkcs7Data { typedef struct MbedtlsPkcs7SignedData { INT32 Version; mbedtls_asn1_buf DigestAlgorithms; - struct MBEDTLSPKCS7DATA ContentInfo; + struct MbedtlsPkcs7Data ContentInfo; mbedtls_x509_crt Certificates; mbedtls_x509_crl Crls; struct MbedtlsPkcs7SignerInfo SignerInfos; -} MBEDTLSPKCS7SIGNEDDATA; +} MbedtlsPkcs7SignedData; /// /// PKCS7 struct, only support SignedData /// typedef struct MbedtlsPkcs7 { mbedtls_asn1_buf ContentTypeOid; - struct MBEDTLSPKCS7SIGNEDDATA SignedData; -} MBEDTLSPKCS7; + struct MbedtlsPkcs7SignedData SignedData; +} MbedtlsPkcs7; + +#define EDKII_ASN1_CHK_ADD(g, f) \ + do \ + { \ + if( ( Ret = (f) ) < 0 ) \ + return( Ret ); \ + else \ + (g) += Ret; \ + } while( 0 ) #endif diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c new file mode 100644 index 0000000000..e3283dad48 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c @@ -0,0 +1,635 @@ +/** @file + PKCS#7 SignedData Sign Wrapper and PKCS#7 SignedData Verification Wrapper + Implementation over mbedtls. + + RFC 8422 - Elliptic Curve Cryptography (ECC) Cipher Suites + FIPS 186-4 - Digital Signature Standard (DSS) + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "CryptPkcs7Internal.h" +#include + +/// +/// Enough to store any signature generated by PKCS7 +/// +#define MAX_SIGNATURE_SIZE 1024 + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 MbedtlsOidDigestAlgSha256[] = MBEDTLS_OID_DIGEST_ALG_SHA256; +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 MbedtlsOidPkcs1Rsa[] = MBEDTLS_OID_PKCS1_RSA; + +/** + Write DigestAlgorithmIdentifier. + + @param[in, out] Ptr The reference to the current position pointer. + @param[in] Start The start of the buffer, for bounds-checking. + @param[in] DigestType Digest Type + + @retval number The number of bytes written to p on success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7WriteDigestAlgorithm ( + UINT8 **Ptr, + UINT8 *Start, + mbedtls_md_type_t DigestType + ) +{ + UINT8 *OidPtr; + UINTN OidLen; + INT32 Ret; + + Ret = mbedtls_oid_get_oid_by_md (DigestType, (CONST CHAR8 **)&OidPtr, &OidLen); + if (Ret == 0) { + return mbedtls_asn1_write_oid (Ptr, (CONST UINT8 *)Start, (CONST CHAR8 *)OidPtr, OidLen); + } + + return 0; +} + +/** + DigestAlgorithmIdentifiers ::= + SET OF DigestAlgorithmIdentifier. + + @param[in, out] Ptr The reference to the current position pointer. + @param[in] Start The start of the buffer, for bounds-checking. + @param[in] DigestTypes Digest Type array. + @param[in] Count The index for Digest Type. + + @retval number The number of bytes written to p on success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7WriteDigestAlgorithmSet ( + UINT8 **Ptr, + UINT8 *Start, + mbedtls_md_type_t *DigestTypes, + INTN Count + ) +{ + INTN Idx; + INT32 Len; + INT32 Ret; + + Len = 0; + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_null (Ptr, Start)); + + for (Idx = 0; Idx < Count; Idx++) { + EDKII_ASN1_CHK_ADD ( + Len, + MbedTlsPkcs7WriteDigestAlgorithm (Ptr, Start, DigestTypes[Idx]) + ); + } + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_len (Ptr, Start, (UINTN)Len)); + + EDKII_ASN1_CHK_ADD ( + Len, + mbedtls_asn1_write_tag ( + Ptr, + Start, + (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) + ) + ); + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_len (Ptr, Start, (UINTN)Len)); + + EDKII_ASN1_CHK_ADD ( + Len, + mbedtls_asn1_write_tag ( + Ptr, + Start, + (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET) + ) + ); + + return Len; +} + +/** + ContentInfo ::= SEQUENCE { + contentType ContentType, + content + [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }. + + @param[in, out] Ptr The reference to the current position pointer. + @param[in] Start The start of the buffer, for bounds-checking. + @param[in] Content ContentInfo. + @param[in] ContentLen Size of ContentInfo. + + @retval number The number of bytes written to p on success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7WriteContentInfo ( + UINT8 **Ptr, + UINT8 *Start, + UINT8 *Content, + INTN ContentLen + ) +{ + INT32 Ret; + INT32 Len; + + Len = 0; + if (Content != NULL) { + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_octet_string (Ptr, Start, Content, ContentLen)); + } + + EDKII_ASN1_CHK_ADD ( + Len, + mbedtls_asn1_write_oid ( + Ptr, + Start, + MBEDTLS_OID_PKCS7_DATA, + sizeof (MBEDTLS_OID_PKCS7_DATA) - 1 + ) + ); + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_len (Ptr, Start, Len)); + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_tag (Ptr, Start, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); + + return Len; +} + +/** + certificates :: SET OF ExtendedCertificateOrCertificate, + ExtendedCertificateOrCertificate ::= CHOICE { + certificate Certificate -- x509, + extendedCertificate[0] IMPLICIT ExtendedCertificate }. + + @param[in, out] Ptr The reference to the current position pointer. + @param[in] Start The start of the buffer, for bounds-checking. + @param[in] Cert Certificate. + @param[in] OtherCerts Ohter Certificate. + + @retval number The number of bytes written to p on success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7WriteCertificates ( + UINT8 **Ptr, + UINT8 *Start, + mbedtls_x509_crt *Cert, + mbedtls_x509_crt *OtherCerts + ) +{ + INT32 Ret; + INT32 Len; + mbedtls_x509_crt *TmpCert; + + Len = 0; + + /// Write OtherCerts + TmpCert = OtherCerts; + while (TmpCert != NULL) { + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_raw_buffer (Ptr, Start, TmpCert->raw.p, TmpCert->raw.len)); + TmpCert = TmpCert->next; + } + + /// Write Cert + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_raw_buffer (Ptr, Start, Cert->raw.p, Cert->raw.len)); + + /// Write NextContext + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_len (Ptr, Start, Len)); + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_tag (Ptr, Start, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)); + return Len; +} + +/** + write Pkcs7 Int. + + @param[in, out] Ptr The reference to the current position pointer. + @param[in] Start The start of the buffer, for bounds-checking. + @param[in] SerialRaw SerialRaw. + @param[in] SerialRawLen Size of SerialRaw. + + @retval number The number of bytes written to p on success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7WriteInt ( + UINT8 **Ptr, + UINT8 *Start, + UINT8 *SerialRaw, + INTN SerialRawLen + ) +{ + INT32 Ret; + UINT8 *Pt; + INT32 Len; + + Len = 0; + Pt = SerialRaw + SerialRawLen; + while (Pt > SerialRaw) { + *--(*Ptr) = *--Pt; + Len++; + } + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_len (Ptr, Start, Len)); + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_tag (Ptr, Start, MBEDTLS_ASN1_INTEGER)); + + return Len; +} + +/** + write Pkcs7 Issuer And SerialNumber. + + @param[in, out] Ptr The reference to the current position pointer. + @param[in] Start The start of the buffer, for bounds-checking. + @param[in] Serial Serial. + @param[in] SerialLen Size of Serial. + @param[in] IssuerRaw IssuerRawLen. + @param[in] IssuerRawLen Size of IssuerRawLen. + + @retval number The number of bytes written to p on success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7WriteIssuerAndSerialNumber ( + UINT8 **Ptr, + UINT8 *Start, + UINT8 *Serial, + INTN SerialLen, + UINT8 *IssuerRaw, + INTN IssuerRawLen + ) +{ + INT32 Ret; + INT32 Len; + + Len = 0; + EDKII_ASN1_CHK_ADD (Len, MbedTlsPkcs7WriteInt (Ptr, Start, Serial, SerialLen)); + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_raw_buffer (Ptr, Start, IssuerRaw, IssuerRawLen)); + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_len (Ptr, Start, Len)); + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_tag (Ptr, Start, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); + + return Len; +} + +/** + SignerInfo ::= SEQUENCE { + version Version; + issuerAndSerialNumber IssuerAndSerialNumber, + digestAlgorithm DigestAlgorithmIdentifier, + authenticatedAttributes + [0] IMPLICIT Attributes OPTIONAL, + digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, + encryptedDigest EncryptedDigest, + unauthenticatedAttributes + [1] IMPLICIT Attributes OPTIONAL. + + @param[in, out] Ptr The reference to the current position pointer. + @param[in] Start The start of the buffer, for bounds-checking. + @param[in] SignerInfo SignerInfo. + + @retval number The number of bytes written to p on success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7WriteSignerInfo ( + UINT8 **Ptr, + UINT8 *Start, + MbedtlsPkcs7SignerInfo *SignerInfo + ) +{ + INT32 Ret; + INT32 Len; + + Len = 0; + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_octet_string (Ptr, Start, SignerInfo->Sig.p, SignerInfo->Sig.len)); + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_algorithm_identifier (Ptr, Start, (CONST CHAR8 *)SignerInfo->SigAlgIdentifier.p, SignerInfo->SigAlgIdentifier.len, 0)); + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_algorithm_identifier (Ptr, Start, (CONST CHAR8 *)SignerInfo->AlgIdentifier.p, SignerInfo->AlgIdentifier.len, 0)); + + EDKII_ASN1_CHK_ADD (Len, MbedTlsPkcs7WriteIssuerAndSerialNumber (Ptr, Start, SignerInfo->Serial.p, SignerInfo->Serial.len, SignerInfo->IssuerRaw.p, SignerInfo->IssuerRaw.len)); + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_int (Ptr, Start, SignerInfo->Version)); + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_len (Ptr, Start, Len)); + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_tag (Ptr, Start, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); + + return Len; +} + +/** + write Pkcs7 Signers Info Set. + + @param[in, out] Ptr The reference to the current position pointer. + @param[in] Start The start of the buffer, for bounds-checking. + @param[in] SignersSet SignerInfo Set. + + @retval number The number of bytes written to p on success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7WriteSignersInfoSet ( + UINT8 **Ptr, + UINT8 *Start, + MbedtlsPkcs7SignerInfo *SignersSet + ) +{ + MbedtlsPkcs7SignerInfo *SignerInfo; + INT32 Ret; + INT32 Len; + + SignerInfo = SignersSet; + Len = 0; + + while (SignerInfo != NULL) { + EDKII_ASN1_CHK_ADD (Len, MbedTlsPkcs7WriteSignerInfo (Ptr, Start, SignerInfo)); + // move to next + SignerInfo = SignerInfo->Next; + } + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_len (Ptr, Start, Len)); + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_tag (Ptr, Start, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)); + + return Len; +} + +/** + Signed Data Type + SignedData ::= SEQUENCE { + version Version, + digestAlgorithms DigestAlgorithmIdentifiers, + contentInfo ContentInfo, + certificates + [0] IMPLICIT ExtendedCertificatesAndCertificates + OPTIONAL, + crls + [1] IMPLICIT CertificateRevocationLists OPTIONAL, + signerInfos SignerInfos } + + DigestAlgorithmIdentifiers ::= + SET OF DigestAlgorithmIdentifier + + SignerInfos ::= SET OF SignerInfo. + + @param[in, out] Ptr The reference to the current position pointer. + @param[in] Start The start of the buffer, for bounds-checking. + @param[in] Pkcs7 MbedtlsPkcs7 + + @retval number The number of bytes written to p on success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7WriteDer ( + UINT8 **Ptr, + UINT8 *Start, + MbedtlsPkcs7 *Pkcs7 + ) +{ + INT32 Ret; + INT32 Len; + mbedtls_md_type_t DigestAlg[1]; + + DigestAlg[0] = MBEDTLS_MD_SHA256; + Len = 0; + + EDKII_ASN1_CHK_ADD (Len, MbedTlsPkcs7WriteSignersInfoSet (Ptr, Start, &(Pkcs7->SignedData.SignerInfos))); + + EDKII_ASN1_CHK_ADD (Len, MbedTlsPkcs7WriteCertificates (Ptr, Start, &(Pkcs7->SignedData.Certificates), Pkcs7->SignedData.Certificates.next)); + + EDKII_ASN1_CHK_ADD (Len, MbedTlsPkcs7WriteContentInfo (Ptr, Start, NULL, 0)); + + EDKII_ASN1_CHK_ADD (Len, MbedTlsPkcs7WriteDigestAlgorithmSet (Ptr, Start, DigestAlg, 1)); + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_int (Ptr, Start, Pkcs7->SignedData.Version)); + + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_len (Ptr, Start, Len)); + EDKII_ASN1_CHK_ADD (Len, mbedtls_asn1_write_tag (Ptr, Start, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); + + return Len; +} + +/** + Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message + Syntax Standard, version 1.5". This interface is only intended to be used for + application to perform PKCS#7 functionality validation. + + If this interface is not supported, then return FALSE. + + @param[in] PrivateKey Pointer to the PEM-formatted private key data for + data signing. + @param[in] PrivateKeySize Size of the PEM private key data in bytes. + @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM + key data. + @param[in] InData Pointer to the content to be signed. + @param[in] InDataSize Size of InData in bytes. + @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. + @param[in] OtherCerts Pointer to an optional additional set of certificates to + include in the PKCS#7 signedData (e.g. any intermediate + CAs in the chain). + @param[out] SignedData Pointer to output PKCS#7 signedData. It's caller's + responsibility to free the buffer with FreePool(). + @param[out] SignedDataSize Size of SignedData in bytes. + + @retval TRUE PKCS#7 data signing succeeded. + @retval FALSE PKCS#7 data signing failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Pkcs7Sign ( + IN CONST UINT8 *PrivateKey, + IN UINTN PrivateKeySize, + IN CONST UINT8 *KeyPassword, + IN UINT8 *InData, + IN UINTN InDataSize, + IN UINT8 *SignCert, + IN UINT8 *OtherCerts OPTIONAL, + OUT UINT8 **SignedData, + OUT UINTN *SignedDataSize + ) +{ + BOOLEAN Status; + INT32 Ret; + mbedtls_pk_context Pkey; + UINT8 HashValue[SHA256_DIGEST_SIZE]; + UINT8 Signature[MAX_SIGNATURE_SIZE]; + UINTN SignatureLen; + UINT8 *NewPrivateKey; + mbedtls_x509_crt *Crt; + + MbedtlsPkcs7 Pkcs7; + MbedtlsPkcs7SignerInfo SignerInfo; + UINT8 *Buffer; + INTN BufferSize; + UINT8 *Ptr; + INT32 Len; + + // + // Check input parameters. + // + if ((PrivateKey == NULL) || (KeyPassword == NULL) || (InData == NULL) || + (SignCert == NULL) || (SignedData == NULL) || (SignedDataSize == NULL) || (InDataSize > INT_MAX)) + { + return FALSE; + } + + BufferSize = 4096; + + SignatureLen = MAX_SIGNATURE_SIZE; + Crt = (mbedtls_x509_crt *)SignCert; + + NewPrivateKey = NULL; + if (PrivateKey[PrivateKeySize - 1] != 0) { + NewPrivateKey = AllocateZeroPool (PrivateKeySize + 1); + if (NewPrivateKey == NULL) { + return FALSE; + } + + CopyMem (NewPrivateKey, PrivateKey, PrivateKeySize); + NewPrivateKey[PrivateKeySize] = 0; + PrivateKeySize++; + } else { + NewPrivateKey = AllocateZeroPool (PrivateKeySize); + if (NewPrivateKey == NULL) { + return FALSE; + } + + CopyMem (NewPrivateKey, PrivateKey, PrivateKeySize); + } + + mbedtls_pk_init (&Pkey); + Ret = mbedtls_pk_parse_key ( + &Pkey, + NewPrivateKey, + PrivateKeySize, + KeyPassword, + KeyPassword == NULL ? 0 : AsciiStrLen ((CONST CHAR8 *)KeyPassword), + NULL, + NULL + ); + if (Ret != 0) { + Status = FALSE; + goto Cleanup; + } + + /// Calculate InData Digest + ZeroMem (HashValue, SHA256_DIGEST_SIZE); + Status = Sha256HashAll (InData, InDataSize, HashValue); + if (!Status) { + goto Cleanup; + } + + /// Pk Sign + ZeroMem (Signature, MAX_SIGNATURE_SIZE); + Ret = mbedtls_pk_sign ( + &Pkey, + MBEDTLS_MD_SHA256, + HashValue, + SHA256_DIGEST_SIZE, + Signature, + MAX_SIGNATURE_SIZE, + &SignatureLen, + MbedtlsRand, + NULL + ); + if (Ret != 0) { + Status = FALSE; + goto Cleanup; + } + + ZeroMem (&Pkcs7, sizeof (MbedtlsPkcs7)); + Pkcs7.SignedData.Version = 1; + + Crt->next = (mbedtls_x509_crt *)OtherCerts; + Pkcs7.SignedData.Certificates = *Crt; + + SignerInfo.Next = NULL; + SignerInfo.Sig.p = Signature; + SignerInfo.Sig.len = SignatureLen; + SignerInfo.Version = 1; + SignerInfo.AlgIdentifier.p = MbedtlsOidDigestAlgSha256; + SignerInfo.AlgIdentifier.len = sizeof (MBEDTLS_OID_DIGEST_ALG_SHA256) - 1; + if (mbedtls_pk_get_type (&Pkey) == MBEDTLS_PK_RSA) { + SignerInfo.SigAlgIdentifier.p = MbedtlsOidPkcs1Rsa; + SignerInfo.SigAlgIdentifier.len = sizeof (MBEDTLS_OID_PKCS1_RSA) - 1; + } else { + Ret = mbedtls_oid_get_oid_by_sig_alg (MBEDTLS_PK_ECDSA, MBEDTLS_MD_SHA256, (CONST CHAR8 **)&SignerInfo.SigAlgIdentifier.p, &SignerInfo.SigAlgIdentifier.len); + if (Ret != 0) { + Status = FALSE; + goto Cleanup; + } + } + + SignerInfo.Serial = ((mbedtls_x509_crt *)SignCert)->serial; + SignerInfo.IssuerRaw = ((mbedtls_x509_crt *)SignCert)->issuer_raw; + Pkcs7.SignedData.SignerInfos = SignerInfo; + + Buffer = AllocateZeroPool (BufferSize); + if (Buffer == NULL) { + Status = FALSE; + goto Cleanup; + } + + Ptr = Buffer + BufferSize; + Len = MbedTlsPkcs7WriteDer (&Ptr, Buffer, &Pkcs7); + + /// Enlarge buffer if buffer is too small + while (Len == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) { + BufferSize = BufferSize * 2; + Ptr = Buffer + BufferSize; + FreePool (Buffer); + Buffer = AllocateZeroPool (BufferSize); + if (Buffer == NULL) { + Status = FALSE; + goto Cleanup; + } + + Ptr = Buffer + BufferSize; + Len = MbedTlsPkcs7WriteDer (&Ptr, Buffer, &Pkcs7); + } + + if (Len <= 0) { + Status = FALSE; + goto Cleanup; + } + + *SignedData = AllocateZeroPool (Len); + if (*SignedData == NULL) { + Status = FALSE; + goto Cleanup; + } + + *SignedDataSize = Len; + CopyMem (*SignedData, Ptr, Len); + Status = TRUE; + +Cleanup: + if (&Pkey != NULL) { + mbedtls_pk_free (&Pkey); + } + + if (NewPrivateKey != NULL) { + memset (NewPrivateKey, 0, PrivateKeySize); + FreePool (NewPrivateKey); + } + + if (Buffer != NULL) { + memset (Buffer, 0, BufferSize); + FreePool (Buffer); + } + + return Status; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c new file mode 100644 index 0000000000..6b62ee2618 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c @@ -0,0 +1,113 @@ +/** @file + Non-runtime specific implementation of PKCS#7 SignedData Verification Wrapper. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Extracts the attached content from a PKCS#7 signed data if existed. The input signed + data could be wrapped in a ContentInfo structure. + + If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow, + then return FALSE. If the P7Data is not correctly formatted, then return FALSE. + + Caution: This function may receive untrusted input. So this function will do + basic check for PKCS#7 data structure. + + @param[in] P7Data Pointer to the PKCS#7 signed data to process. + @param[in] P7Length Length of the PKCS#7 signed data in bytes. + @param[out] Content Pointer to the extracted content from the PKCS#7 signedData. + It's caller's responsibility to free the buffer with FreePool(). + @param[out] ContentSize The size of the extracted content in bytes. + + @retval TRUE The P7Data was correctly formatted for processing. + @retval FALSE The P7Data was not correctly formatted for processing. + +**/ +BOOLEAN +EFIAPI +Pkcs7GetAttachedContent ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT VOID **Content, + OUT UINTN *ContentSize + ) +{ + BOOLEAN Status; + UINT8 *SignedData; + UINTN SignedDataSize; + BOOLEAN Wrapped; + INTN Ret; + mbedtls_pkcs7 Pkcs7; + mbedtls_pkcs7_data *MbedtlsContent; + + mbedtls_pkcs7_init (&Pkcs7); + + // + // Check input parameter. + // + if ((P7Data == NULL) || (P7Length > INT_MAX) || (Content == NULL) || (ContentSize == NULL)) { + return FALSE; + } + + *Content = NULL; + SignedData = NULL; + + Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize); + if (!Status || (SignedDataSize > INT_MAX)) { + goto _Exit; + } + + Status = FALSE; + + Ret = mbedtls_pkcs7_parse_der (&Pkcs7, SignedData, (INT32)SignedDataSize); + + // + // The type of Pkcs7 must be signedData + // + if (Ret != MBEDTLS_PKCS7_SIGNED_DATA) { + goto _Exit; + } + + // + // Check for detached or attached content + // + MbedtlsContent = &(Pkcs7.signed_data.content); + + if (MbedtlsContent == NULL) { + // + // No Content supplied for PKCS7 detached signedData + // + *Content = NULL; + *ContentSize = 0; + } else { + // + // Retrieve the attached content in PKCS7 signedData + // + if ((MbedtlsContent->data.len > 0) && (MbedtlsContent->data.p != NULL)) { + *ContentSize = MbedtlsContent->data.len; + *Content = AllocateZeroPool (*ContentSize); + if (*Content == NULL) { + *ContentSize = 0; + goto _Exit; + } + + CopyMem (*Content, MbedtlsContent->data.p, *ContentSize); + } + } + + Status = TRUE; + +_Exit: + // + // Release Resources + // + mbedtls_pkcs7_free (&Pkcs7); + + return Status; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c new file mode 100644 index 0000000000..e9f1b0efdd --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c @@ -0,0 +1,1354 @@ +/** @file + PKCS#7 SignedData Sign Wrapper and PKCS#7 SignedData Verification Wrapper + Implementation over mbedtls. + + RFC 8422 - Elliptic Curve Cryptography (ECC) Cipher Suites + FIPS 186-4 - Digital Signature Standard (DSS) + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "CryptPkcs7Internal.h" +#include + +/* Profile for backward compatibility. Allows RSA 1024, unlike the default + profile. */ +STATIC mbedtls_x509_crt_profile gCompatProfile = +{ + /* Hashes from SHA-256 and above. Note that this selection + * should be aligned with ssl_preset_default_hashes in ssl_tls.c. */ + + #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES + MBEDTLS_X509_ID_FLAG (MBEDTLS_MD_SHA1) | + #endif + MBEDTLS_X509_ID_FLAG (MBEDTLS_MD_SHA256) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_MD_SHA384) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_MD_SHA512), + 0xFFFFFFF, /* Any PK alg */ + + /* Curves at or above 128-bit security level. Note that this selection + * should be aligned with ssl_preset_default_curves in ssl_tls.c. */ + MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_SECP256R1) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_SECP384R1) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_SECP521R1) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_BP256R1) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_BP384R1) | + MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_BP512R1) | + 0, + 1024, +}; + +/** + Init MbedtlsPkcs7. + + @param[in] Pkcs7 MbedtlsPkcs7. +**/ +STATIC +VOID +MbedTlsPkcs7Init ( + MbedtlsPkcs7 *Pkcs7 + ) +{ + ZeroMem (Pkcs7, sizeof (MbedtlsPkcs7)); +} + +/** + Get Pkcs7 Next Content Len. + + @param[in] Ptr The start of the buffer. + @param[in] End The end of the buffer. + @param[out] Len MbedtlsPkcs7 Content Len. + + @retval 0 Success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7GetNextContentLen ( + UINT8 **Ptr, + UINT8 *End, + UINTN *Len + ) +{ + INT32 Ret; + + Ret = mbedtls_asn1_get_tag (Ptr, End, Len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC); + return Ret; +} + +/** + Get Pkcs7 Version.. + + @param[in] Ptr The start of the buffer. + @param[in] End The end of the buffer. + @param[out] Ver MbedtlsPkcs7 Version. + + @retval 0 Success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7GetVersion ( + UINT8 **Ptr, + UINT8 *End, + INT32 *Ver + ) +{ + INT32 Ret; + + Ret = mbedtls_asn1_get_int (Ptr, End, Ver); + return Ret; +} + +/** + ContentInfo ::= SEQUENCE { + contentType ContentType, + content + [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }. + + @param[in] Ptr The start of the buffer. + @param[in] End The end of the buffer. + @param[out] Pkcs7 MbedtlsPkcs7. + + @retval 0 Success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +Pkcs7GetContentInfoType ( + UINT8 **Ptr, + UINT8 *End, + mbedtls_asn1_buf *Pkcs7 + ) +{ + UINTN Len; + int Ret; + + Len = 0; + Ret = mbedtls_asn1_get_tag ( + Ptr, + End, + &Len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE + ); + + if (Ret == 0) { + Ret = mbedtls_asn1_get_tag (Ptr, End, &Len, MBEDTLS_ASN1_OID); + } + + if (Ret == 0) { + Pkcs7->tag = MBEDTLS_ASN1_OID; + Pkcs7->len = Len; + Pkcs7->p = *Ptr; + } + + return Ret; +} + +/** + DigestAlgorithmIdentifier ::= AlgorithmIdentifier. + + @param[in] Ptr The start of the buffer. + @param[in] End The end of the buffer. + @param[out] Alg MbedtlsPkcs7 AlgorithmIdentifier. + + @retval 0 Success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7GetDigestAlgorithm ( + UINT8 **Ptr, + UINT8 *End, + mbedtls_x509_buf *Alg + ) +{ + INT32 Ret; + + Ret = mbedtls_asn1_get_alg_null (Ptr, End, Alg); + return Ret; +} + +/** + DigestAlgorithmIdentifiers :: SET of DigestAlgorithmIdentifier. + + @param[in] Ptr The start of the buffer. + @param[in] End The end of the buffer. + @param[out] Alg MbedtlsPkcs7 AlgorithmIdentifier. + + @retval 0 Success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7GetDigestAlgorithmSet ( + UINT8 **Ptr, + UINT8 *End, + mbedtls_x509_buf *Alg + ) +{ + UINTN Len; + INT32 Ret; + + Len = 0; + Ret = mbedtls_asn1_get_tag ( + Ptr, + End, + &Len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET + ); + + if (Ret == 0) { + End = *Ptr + Len; + // assume only one digest algorithm + Ret = mbedtls_asn1_get_alg_null (Ptr, End, Alg); + } + + return Ret; +} + +/** + certificates :: SET OF ExtendedCertificateOrCertificate, + ExtendedCertificateOrCertificate ::= CHOICE { + certificate Certificate -- x509, + extendedCertificate[0] IMPLICIT ExtendedCertificate }. + + @param[in] Ptr The start of the buffer. + @param[in] Plen The buffer len. + @param[out] Certs mbedtls_x509_crt cert. + + @retval 0 Success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7GetCertificates ( + UINT8 **Ptr, + INTN Plen, + mbedtls_x509_crt *Certs + ) +{ + INT32 Ret; + + Ret = mbedtls_x509_crt_parse (Certs, *Ptr, Plen); + return Ret; +} + +/** + EncryptedDigest ::= OCTET STRING. + + @param[in] Ptr The start of the buffer. + @param[in] End The end of the buffer. + @param[out] Signature Signature. + + @retval 0 Success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +Pkcs7GetSignature ( + UINT8 **Ptr, + UINT8 *End, + mbedtls_asn1_buf *Signature + ) +{ + INT32 Ret; + UINTN Len; + + Len = 0; + Ret = mbedtls_asn1_get_tag (Ptr, End, &Len, MBEDTLS_ASN1_OCTET_STRING); + if (Ret == 0) { + Signature->tag = MBEDTLS_ASN1_OCTET_STRING; + Signature->len = Len; + Signature->p = *Ptr; + } + + return Ret; +} + +/** + SignerInfo ::= SEQUENCE { + version Version; + issuerAndSerialNumber IssuerAndSerialNumber, + digestAlgorithm DigestAlgorithmIdentifier, + authenticatedAttributes + [0] IMPLICIT Attributes OPTIONAL, + digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, + encryptedDigest EncryptedDigest, + unauthenticatedAttributes + [1] IMPLICIT Attributes OPTIONAL. + + @param[in] Ptr The start of the buffer. + @param[in] End The end of the buffer. + @param[out] SignersSet MbedtlsPkcs7SignerInfo. + + @retval 0 Success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedTlsPkcs7GetSignersInfoSet ( + UINT8 **Ptr, + UINT8 *End, + MbedtlsPkcs7SignerInfo *SignersSet + ) +{ + UINT8 *EndSet; + INT32 Ret; + UINTN Len; + UINT8 *TempP; + + Len = 0; + + Ret = mbedtls_asn1_get_tag ( + Ptr, + End, + &Len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET + ); + + if (Ret == 0) { + EndSet = *Ptr + Len; + + Ret = mbedtls_asn1_get_tag ( + Ptr, + EndSet, + &Len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE + ); + } + + if (Ret == 0) { + Ret = mbedtls_asn1_get_int (Ptr, EndSet, &SignersSet->Version); + } + + if (Ret == 0) { + Ret = mbedtls_asn1_get_tag ( + Ptr, + EndSet, + &Len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE + ); + } + + if (Ret == 0) { + SignersSet->IssuerRaw.p = *Ptr; + Ret = mbedtls_asn1_get_tag ( + Ptr, + EndSet, + &Len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE + ); + } + + if (Ret == 0) { + Ret = mbedtls_x509_get_name (Ptr, *Ptr + Len, &SignersSet->Issuer); + } + + if (Ret == 0) { + SignersSet->IssuerRaw.len = *Ptr - SignersSet->IssuerRaw.p; + + Ret = mbedtls_x509_get_serial (Ptr, EndSet, &SignersSet->Serial); + } + + if (Ret == 0) { + Ret = MbedTlsPkcs7GetDigestAlgorithm (Ptr, EndSet, &SignersSet->AlgIdentifier); + } + + // OPTIONAL AuthenticatedAttributes + if (Ret == 0) { + TempP = *Ptr; + if (mbedtls_asn1_get_tag (&TempP, EndSet, &Len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC) == 0) { + SignersSet->AuthAttr.len = Len + (TempP - *Ptr); + SignersSet->AuthAttr.p = *Ptr; + *Ptr = TempP + Len; + } else { + SignersSet->AuthAttr.p = NULL; + } + } + + if (Ret == 0) { + Ret = MbedTlsPkcs7GetDigestAlgorithm (Ptr, EndSet, &SignersSet->SigAlgIdentifier); + } + + if (Ret == 0) { + Ret = Pkcs7GetSignature (Ptr, End, &SignersSet->Sig); + } + + if (Ret == 0) { + SignersSet->Next = NULL; + } + + return Ret; +} + +/** + SignedData ::= SEQUENCE { + version Version, + digestAlgorithms DigestAlgorithmIdentifiers, + contentInfo ContentInfo, + certificates + [0] IMPLICIT ExtendedCertificatesAndCertificates + OPTIONAL, + crls + [0] IMPLICIT CertificateRevocationLists OPTIONAL, + signerInfos SignerInfos }. + + @param[in] Buffer The start of the buffer. + @param[in] BufferLen The len the buffer. + @param[out] SignedData MbedtlsPkcs7SignedData. + + @retval 0 Success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +Pkcs7GetSignedData ( + UINT8 *Buffer, + INTN BufferLen, + MbedtlsPkcs7SignedData *SignedData + ) +{ + UINT8 *Ptr; + UINT8 *End; + UINTN Len; + INT32 Ret; + UINT8 *CertP; + UINTN CertLen; + UINT8 *OldCertP; + UINTN TotalCertLen; + mbedtls_x509_crt *MoreCert; + UINT8 CertNum; + mbedtls_x509_crt *LastCert; + mbedtls_x509_crt *TempCrt; + + Len = 0; + Ptr = Buffer; + End = Buffer + BufferLen; + MoreCert = NULL; + + Ret = mbedtls_asn1_get_tag ( + &Ptr, + End, + &Len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE + ); + + if (Ret == 0) { + // version + Ret = MbedTlsPkcs7GetVersion (&Ptr, End, &SignedData->Version); + } + + if ((Ret == 0) && (SignedData->Version != 1)) { + Ret = -1; + } + + if (Ret == 0) { + // digest algorithm + Ret = MbedTlsPkcs7GetDigestAlgorithmSet ( + &Ptr, + End, + &SignedData->DigestAlgorithms + ); + } + + if (Ret == 0) { + if ( + #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES + ((SignedData->DigestAlgorithms.len == sizeof (MBEDTLS_OID_DIGEST_ALG_SHA1) - 1) && + (CompareMem ( + SignedData->DigestAlgorithms.p, + MBEDTLS_OID_DIGEST_ALG_SHA1, + SignedData->DigestAlgorithms.len + ) == 0)) || + #endif + ((SignedData->DigestAlgorithms.len == sizeof (MBEDTLS_OID_DIGEST_ALG_SHA256) - 1) && + (CompareMem ( + SignedData->DigestAlgorithms.p, + MBEDTLS_OID_DIGEST_ALG_SHA256, + SignedData->DigestAlgorithms.len + ) == 0)) || + ((SignedData->DigestAlgorithms.len == sizeof (MBEDTLS_OID_DIGEST_ALG_SHA384) - 1) && + (CompareMem ( + SignedData->DigestAlgorithms.p, + MBEDTLS_OID_DIGEST_ALG_SHA384, + SignedData->DigestAlgorithms.len + ) == 0)) || + ((SignedData->DigestAlgorithms.len == sizeof (MBEDTLS_OID_DIGEST_ALG_SHA512) - 1) && + (CompareMem ( + SignedData->DigestAlgorithms.p, + MBEDTLS_OID_DIGEST_ALG_SHA512, + SignedData->DigestAlgorithms.len + ) == 0))) + { + Ret = 0; + } else { + Ret = -1; + } + } + + if (Ret == 0) { + Ret = Pkcs7GetContentInfoType (&Ptr, End, &SignedData->ContentInfo.Oid); + } + + if (Ret == 0) { + // move to next + Ptr = Ptr + SignedData->ContentInfo.Oid.len; + Ret = MbedTlsPkcs7GetNextContentLen (&Ptr, End, &Len); + CertP = Ptr + Len; + + // move to actual cert, if there are more [0] + if (MbedTlsPkcs7GetNextContentLen (&CertP, End, &CertLen) == 0) { + Len = CertLen; + Ptr = CertP; + } + } + + // certificates: may have many certs + CertP = Ptr; + + TotalCertLen = 0; + + MoreCert = &SignedData->Certificates; + CertNum = 0; + + while (TotalCertLen < Len) { + OldCertP = CertP; + + Ret = mbedtls_asn1_get_tag (&CertP, End, &CertLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + if (Ret != 0) { + goto Out; + } + + // cert total len + CertLen = CertLen + (CertP - OldCertP); + + // move to next cert + CertP = OldCertP + CertLen; + + // change TotalCertLen + TotalCertLen += CertLen; + + mbedtls_x509_crt_init (MoreCert); + Ret = MbedTlsPkcs7GetCertificates (&OldCertP, CertLen, MoreCert); + if (Ret != 0) { + goto Out; + } + + CertNum++; + MoreCert->next = mbedtls_calloc (1, sizeof (mbedtls_x509_crt)); + MoreCert = MoreCert->next; + } + + if (TotalCertLen != Len) { + Ret = -1; + goto Out; + } + + LastCert = &(SignedData->Certificates); + + while (CertNum--) { + if (CertNum == 0) { + LastCert->next = NULL; + break; + } else { + LastCert = LastCert->next; + } + } + + // signers info + if (Ret == 0) { + Ptr = Ptr + Len; + Ret = MbedTlsPkcs7GetSignersInfoSet (&Ptr, End, &SignedData->SignerInfos); + } + +Out: + if (Ret == 0) { + if (MoreCert != NULL) { + mbedtls_x509_crt_free (MoreCert); + MoreCert = NULL; + } + } else { + if (SignedData->Certificates.next != NULL) { + TempCrt = SignedData->Certificates.next; + mbedtls_x509_crt_free (TempCrt); + } + } + + return Ret; +} + +/** + Parse MbedtlsPkcs7 to Der format. + @param[in] Buffer The start of the buffer. + @param[in] BufferLen The len the buffer. + @param[out] Pkcs7 MbedtlsPkcs7. + + @retval 0 Success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedtlsPkcs7ParseDer ( + CONST UINT8 *Buffer, + INTN BufferLen, + MbedtlsPkcs7 *Pkcs7 + ) +{ + UINT8 *Ptr; + UINT8 *End; + UINTN Len; + INT32 Ret; + + if (Pkcs7 == NULL) { + return -1; + } + + Len = 0; + Ptr = (UINT8 *)Buffer; + End = Ptr + BufferLen; + + Ret = Pkcs7GetContentInfoType (&Ptr, End, &Pkcs7->ContentTypeOid); + if (Ret != 0) { + goto Out; + } + + if ((CompareMem (Pkcs7->ContentTypeOid.p, MBEDTLS_OID_PKCS7_DATA, Pkcs7->ContentTypeOid.len) == 0) || + (CompareMem (Pkcs7->ContentTypeOid.p, MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, Pkcs7->ContentTypeOid.len) == 0) || + (CompareMem (Pkcs7->ContentTypeOid.p, MBEDTLS_OID_PKCS7_ENVELOPED_DATA, Pkcs7->ContentTypeOid.len) == 0) || + (CompareMem (Pkcs7->ContentTypeOid.p, MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, Pkcs7->ContentTypeOid.len) == 0) || + (CompareMem (Pkcs7->ContentTypeOid.p, MBEDTLS_OID_PKCS7_DIGESTED_DATA, Pkcs7->ContentTypeOid.len) == 0)) + { + // Invalid PKCS7 data type; + Ret = -1; + goto Out; + } + + if (CompareMem (Pkcs7->ContentTypeOid.p, MBEDTLS_OID_PKCS7_SIGNED_DATA, Pkcs7->ContentTypeOid.len) != 0) { + // Invalid PKCS7 data type; + Ret = -1; + goto Out; + } + + // Content type is SignedData + Ptr = Ptr + Pkcs7->ContentTypeOid.len; + + Ret = MbedTlsPkcs7GetNextContentLen (&Ptr, End, &Len); + if (Ret != 0) { + goto Out; + } + + Ret = Pkcs7GetSignedData (Ptr, Len, &Pkcs7->SignedData); + if (Ret != 0) { + goto Out; + } + +Out: + return Ret; +} + +/** + MbedtlsPkcs7 verify MbedtlsPkcs7SignerInfo. + @param[in] SignerInfo MbedtlsPkcs7 SignerInfo. + @param[in] Cert cert. + @param[in] Data Pointer for data. + @param[in] DataLen The len the buffer. + + @retval 0 Success. + @retval negative A negative MBEDTLS_ERR_ASN1_XXX error code on failure. +**/ +STATIC +INT32 +MbedtlsPkcs7SignedDataVerifySigners ( + MbedtlsPkcs7SignerInfo *SignerInfo, + mbedtls_x509_crt *Cert, + CONST UINT8 *Data, + INTN DataLen + ) +{ + INT32 Ret; + UINT8 Hash[MBEDTLS_MD_MAX_SIZE]; + mbedtls_pk_context Pk; + CONST mbedtls_md_info_t *MdInfo; + INTN HashLen; + UINT8 TempAuthAttr; + + Pk = Cert->pk; + ZeroMem (Hash, MBEDTLS_MD_MAX_SIZE); + + // all the hash algo + #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES + MdInfo = mbedtls_md_info_from_type (MBEDTLS_MD_SHA1); + HashLen = mbedtls_md_get_size (MdInfo); + mbedtls_md (MdInfo, Data, DataLen, Hash); + if (SignerInfo->AuthAttr.p != NULL) { + TempAuthAttr = *(SignerInfo->AuthAttr.p); + *(SignerInfo->AuthAttr.p) = MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET; + mbedtls_md (MdInfo, SignerInfo->AuthAttr.p, SignerInfo->AuthAttr.len, Hash); + // Restore content + *(SignerInfo->AuthAttr.p) = TempAuthAttr; + } + + Ret = mbedtls_pk_verify (&Pk, MBEDTLS_MD_SHA1, Hash, HashLen, SignerInfo->Sig.p, SignerInfo->Sig.len); + + if (Ret == 0) { + return Ret; + } + + #endif + + MdInfo = mbedtls_md_info_from_type (MBEDTLS_MD_SHA256); + HashLen = mbedtls_md_get_size (MdInfo); + ZeroMem (Hash, MBEDTLS_MD_MAX_SIZE); + mbedtls_md (MdInfo, Data, DataLen, Hash); + if (SignerInfo->AuthAttr.p != NULL) { + TempAuthAttr = *(SignerInfo->AuthAttr.p); + *(SignerInfo->AuthAttr.p) = MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET; + mbedtls_md (MdInfo, SignerInfo->AuthAttr.p, SignerInfo->AuthAttr.len, Hash); + // Restore content + *(SignerInfo->AuthAttr.p) = TempAuthAttr; + } + + Ret = mbedtls_pk_verify (&Pk, MBEDTLS_MD_SHA256, Hash, HashLen, SignerInfo->Sig.p, SignerInfo->Sig.len); + if (Ret == 0) { + return Ret; + } + + MdInfo = mbedtls_md_info_from_type (MBEDTLS_MD_SHA384); + HashLen = mbedtls_md_get_size (MdInfo); + ZeroMem (Hash, MBEDTLS_MD_MAX_SIZE); + mbedtls_md (MdInfo, Data, DataLen, Hash); + if (SignerInfo->AuthAttr.p != NULL) { + TempAuthAttr = *(SignerInfo->AuthAttr.p); + *(SignerInfo->AuthAttr.p) = MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET; + mbedtls_md (MdInfo, SignerInfo->AuthAttr.p, SignerInfo->AuthAttr.len, Hash); + // Restore content + *(SignerInfo->AuthAttr.p) = TempAuthAttr; + } + + Ret = mbedtls_pk_verify (&Pk, MBEDTLS_MD_SHA384, Hash, HashLen, SignerInfo->Sig.p, SignerInfo->Sig.len); + if (Ret == 0) { + return Ret; + } + + MdInfo = mbedtls_md_info_from_type (MBEDTLS_MD_SHA512); + HashLen = mbedtls_md_get_size (MdInfo); + ZeroMem (Hash, MBEDTLS_MD_MAX_SIZE); + mbedtls_md (MdInfo, Data, DataLen, Hash); + if (SignerInfo->AuthAttr.p != NULL) { + TempAuthAttr = *(SignerInfo->AuthAttr.p); + *(SignerInfo->AuthAttr.p) = MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET; + mbedtls_md (MdInfo, SignerInfo->AuthAttr.p, SignerInfo->AuthAttr.len, Hash); + // Restore content + *(SignerInfo->AuthAttr.p) = TempAuthAttr; + } + + Ret = mbedtls_pk_verify (&Pk, MBEDTLS_MD_SHA512, Hash, HashLen, SignerInfo->Sig.p, SignerInfo->Sig.len); + if (Ret == 0) { + return Ret; + } + + return Ret; +} + +/** + Find signer cert in MbedtlsPkcs7SignerInfo. + + @param[in] SignerInfo MbedtlsPkcs7 SignerInfo. + @param[in] Certs MbedtlsPkcs7 SignerInfo certs. + + @retval cert Signer Cert. +**/ +STATIC +mbedtls_x509_crt * +MbedTlsPkcs7FindSignerCert ( + MbedtlsPkcs7SignerInfo *SignerInfo, + mbedtls_x509_crt *Certs + ) +{ + mbedtls_x509_crt *Cert; + + Cert = Certs; + while (Cert != NULL) { + if ((Cert->serial.p == NULL) || (Cert->issuer_raw.p == NULL)) { + return NULL; + } + + if ((Cert->issuer_raw.len == SignerInfo->IssuerRaw.len) && + (CompareMem (Cert->issuer_raw.p, SignerInfo->IssuerRaw.p, Cert->issuer_raw.len) == 0) && + (Cert->serial.len == SignerInfo->Serial.len) && + (CompareMem (Cert->serial.p, SignerInfo->Serial.p, Cert->serial.len) == 0)) + { + break; + } + + Cert = Cert->next; + } + + return Cert; +} + +/** + verify cert. + + @param[in] Ca CA cert. + @param[in] CaCrl CRL. + @param[in] End Cert which need be verified. + + @retval TRUE Verify successfully. + @retval FALSE Verify failed. +**/ +STATIC +BOOLEAN +MbedTlsPkcs7VerifyCert ( + mbedtls_x509_crt *Ca, + mbedtls_x509_crl *CaCrl, + mbedtls_x509_crt *End + ) +{ + INT32 Ret; + UINT32 VFlag; + mbedtls_x509_crt_profile Profile; + + VFlag = 0; + CopyMem (&Profile, &gCompatProfile, sizeof (mbedtls_x509_crt_profile)); + + Ret = mbedtls_x509_crt_verify_with_profile (End, Ca, CaCrl, &Profile, NULL, &VFlag, NULL, NULL); + + return Ret == 0; +} + +/** + verify cert chain. + + @param[in] Pkcs7 MbedtlsPkcs7. + @param[in] Ca CA cert. + @param[in] End Cert which need be verified. + + @retval TRUE Verify successfully. + @retval FALSE Verify failed. +**/ +STATIC +BOOLEAN +MbedTlsPkcs7VerifyCertChain ( + MbedtlsPkcs7 *Pkcs7, + mbedtls_x509_crt *Ca, + mbedtls_x509_crt *End + ) +{ + mbedtls_x509_crt *AllCert; + mbedtls_x509_crt *InterCert; + + AllCert = &(Pkcs7->SignedData.Certificates); + InterCert = NULL; + + while (AllCert != NULL) { + if ((AllCert->next == End) && (MbedTlsPkcs7VerifyCert (AllCert, NULL, End))) { + InterCert = AllCert; + break; + } + + AllCert = AllCert->next; + } + + if (InterCert == NULL) { + return FALSE; + } + + if (MbedTlsPkcs7VerifyCert (Ca, &(Pkcs7->SignedData.Crls), InterCert)) { + return TRUE; + } else { + return MbedTlsPkcs7VerifyCertChain (Pkcs7, Ca, InterCert); + } +} + +/** + MbedTlsPkcs7 Verify SignedData. + + @param[in] Pkcs7 MbedtlsPkcs7. + @param[in] TrustCert CA cert. + @param[in] Data Pointer for data. + @param[in] DataLen The len the buffer. + + @retval TRUE Verify successfully. + @retval FALSE Verify failed. +**/ +STATIC +BOOLEAN +MbedTlsPkcs7SignedDataVerify ( + MbedtlsPkcs7 *Pkcs7, + mbedtls_x509_crt *TrustCert, + CONST UINT8 *Data, + INTN DataLen + ) +{ + MbedtlsPkcs7SignerInfo *SignerInfo; + mbedtls_x509_crt *Cert; + mbedtls_x509_crt *AllCert; + BOOLEAN Result; + + SignerInfo = &(Pkcs7->SignedData.SignerInfos); + Result = TRUE; + + // + // Traverse signers and verify each signers + // + while (SignerInfo != NULL) { + Result = FALSE; + // 1. Find signers cert + Cert = MbedTlsPkcs7FindSignerCert (SignerInfo, &(Pkcs7->SignedData.Certificates)); + if (Cert != NULL) { + // 2. Check signer cert is trusted by trustCert + if (MbedTlsPkcs7VerifyCert (TrustCert, &(Pkcs7->SignedData.Crls), Cert)) { + // root cert verify pass + Result = TRUE; + } else { + if (MbedTlsPkcs7VerifyCertChain (Pkcs7, TrustCert, Cert)) { + Result = TRUE; + } else { + Result = FALSE; + } + } + + if (Result == TRUE) { + // 3. Check signed data + AllCert = &(Pkcs7->SignedData.Certificates); + while (AllCert != NULL) { + if (MbedtlsPkcs7SignedDataVerifySigners (SignerInfo, AllCert, Data, DataLen) == 0) { + return TRUE; + } + + AllCert = AllCert->next; + } + + Result = FALSE; + } + } + + // move to next + SignerInfo = SignerInfo->Next; + } + + return Result; +} + +/** + Check input P7Data is a wrapped ContentInfo structure or not. If not construct + a new structure to wrap P7Data. + + Caution: This function may receive untrusted input. + UEFI Authenticated Variable is external input, so this function will do basic + check for PKCS#7 data structure. + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise + return FALSE. + @param[out] WrapData If return status of this function is TRUE: + 1) when WrapFlag is TRUE, pointer to P7Data. + 2) when WrapFlag is FALSE, pointer to a new ContentInfo + structure. It's caller's responsibility to free this + buffer. + @param[out] WrapDataSize Length of ContentInfo structure in bytes. + + @retval TRUE The operation is finished successfully. + @retval FALSE The operation is failed due to lack of resources. + +**/ +BOOLEAN +WrapPkcs7Data ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT BOOLEAN *WrapFlag, + OUT UINT8 **WrapData, + OUT UINTN *WrapDataSize + ) +{ + BOOLEAN Wrapped; + UINT8 *SignedData; + + // + // Check whether input P7Data is a wrapped ContentInfo structure or not. + // + Wrapped = FALSE; + if ((P7Data[4] == MBEDTLS_ASN1_OID) && (P7Data[5] == sizeof (MBEDTLS_OID_PKCS7_SIGNED_DATA) - 1)) { + if (CompareMem (P7Data + 6, MBEDTLS_OID_PKCS7_SIGNED_DATA, sizeof (MBEDTLS_OID_PKCS7_SIGNED_DATA) - 1) == 0) { + if ((P7Data[15] == (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) && (P7Data[16] == 0x82)) { + Wrapped = TRUE; + } + } + } + + if (Wrapped) { + *WrapData = (UINT8 *)P7Data; + *WrapDataSize = P7Length; + } else { + // + // Wrap PKCS#7 signeddata to a ContentInfo structure - add a header in 19 bytes. + // + *WrapDataSize = P7Length + 19; + *WrapData = AllocateZeroPool (*WrapDataSize); + if (*WrapData == NULL) { + *WrapFlag = Wrapped; + return FALSE; + } + + SignedData = *WrapData; + + // + // Part1: 0x30, 0x82. + // + SignedData[0] = MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE; + SignedData[1] = 0x82; + + // + // Part2: Length1 = P7Length + 19 - 4, in big endian. + // + SignedData[2] = (UINT8)(((UINT16)(*WrapDataSize - 4)) >> 8); + SignedData[3] = (UINT8)(((UINT16)(*WrapDataSize - 4)) & 0xff); + + // + // Part3: 0x06, 0x09. + // + SignedData[4] = MBEDTLS_ASN1_OID; + SignedData[5] = sizeof (MBEDTLS_OID_PKCS7_SIGNED_DATA) - 1; + + // + // Part4: OID value -- 0x2A 0x86 0x48 0x86 0xF7 0x0D 0x01 0x07 0x02. + // + CopyMem (SignedData + 6, MBEDTLS_OID_PKCS7_SIGNED_DATA, sizeof (MBEDTLS_OID_PKCS7_SIGNED_DATA) - 1); + + // + // Part5: 0xA0, 0x82. + // + SignedData[15] = MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC; + SignedData[16] = 0x82; + + // + // Part6: Length2 = P7Length, in big endian. + // + SignedData[17] = (UINT8)(((UINT16)P7Length) >> 8); + SignedData[18] = (UINT8)(((UINT16)P7Length) & 0xff); + + // + // Part7: P7Data. + // + CopyMem (SignedData + 19, P7Data, P7Length); + } + + *WrapFlag = Wrapped; + return TRUE; +} + +/** + Verifies the validity of a PKCS#7 signed data as described in "PKCS #7: + Cryptographic Message Syntax Standard". The input signed data could be wrapped + in a ContentInfo structure. + + If P7Data, TrustedCert or InData is NULL, then return FALSE. + If P7Length, CertLength or DataLength overflow, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which + is used for certificate chain verification. + @param[in] CertLength Length of the trusted certificate in bytes. + @param[in] InData Pointer to the content to be verified. + @param[in] DataLength Length of InData in bytes. + + @retval TRUE The specified PKCS#7 signed data is valid. + @retval FALSE Invalid PKCS#7 signed data. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Pkcs7Verify ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + IN CONST UINT8 *TrustedCert, + IN UINTN CertLength, + IN CONST UINT8 *InData, + IN UINTN DataLength + ) +{ + BOOLEAN Status; + UINT8 *WrapData; + UINTN WrapDataSize; + BOOLEAN Wrapped; + MbedtlsPkcs7 Pkcs7; + INT32 Ret; + mbedtls_x509_crt Crt; + mbedtls_x509_crt *TempCrt; + + // + // Check input parameters. + // + if ((P7Data == NULL) || (TrustedCert == NULL) || (InData == NULL) || + (P7Length > INT_MAX) || (CertLength > INT_MAX) || (DataLength > INT_MAX)) + { + return FALSE; + } + + Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &WrapData, &WrapDataSize); + + if (!Status) { + return FALSE; + } + + Status = FALSE; + MbedTlsPkcs7Init (&Pkcs7); + mbedtls_x509_crt_init (&Crt); + + Ret = MbedtlsPkcs7ParseDer (WrapData, (INT32)WrapDataSize, &Pkcs7); + if (Ret != 0) { + goto Cleanup; + } + + Ret = mbedtls_x509_crt_parse_der (&Crt, TrustedCert, CertLength); + if (Ret != 0) { + goto Cleanup; + } + + Status = MbedTlsPkcs7SignedDataVerify (&Pkcs7, &Crt, InData, (INT32)DataLength); + +Cleanup: + if (&Crt != NULL) { + mbedtls_x509_crt_free (&Crt); + } + + if (Pkcs7.SignedData.Certificates.next != NULL) { + TempCrt = Pkcs7.SignedData.Certificates.next; + mbedtls_x509_crt_free (TempCrt); + } + + return Status; +} + +/** + Wrap function to use free() to free allocated memory for certificates. + + @param[in] Certs Pointer to the certificates to be freed. + +**/ +VOID +EFIAPI +Pkcs7FreeSigners ( + IN UINT8 *Certs + ) +{ + if (Certs == NULL) { + return; + } + + FreePool (Certs); +} + +/** + Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: + Cryptographic Message Syntax Standard". The input signed data could be wrapped + in a ContentInfo structure. + + If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then + return FALSE. If P7Length overflow, then return FALSE. + + Caution: This function may receive untrusted input. + UEFI Authenticated Variable is external input, so this function will do basic + check for PKCS#7 data structure. + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. + It's caller's responsibility to free the buffer with + Pkcs7FreeSigners(). + This data structure is EFI_CERT_STACK type. + @param[out] StackLength Length of signer's certificates in bytes. + @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. + It's caller's responsibility to free the buffer with + Pkcs7FreeSigners(). + @param[out] CertLength Length of the trusted certificate in bytes. + + @retval TRUE The operation is finished successfully. + @retval FALSE Error occurs during the operation. + +**/ +BOOLEAN +EFIAPI +Pkcs7GetSigners ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT UINT8 **CertStack, + OUT UINTN *StackLength, + OUT UINT8 **TrustedCert, + OUT UINTN *CertLength + ) +{ + MbedtlsPkcs7SignerInfo *SignerInfo; + mbedtls_x509_crt *Cert; + MbedtlsPkcs7 Pkcs7; + BOOLEAN Status; + UINT8 *WrapData; + UINTN WrapDataSize; + BOOLEAN Wrapped; + mbedtls_x509_crt *TempCrt; + + UINTN CertSize; + UINT8 Index; + UINT8 *CertBuf; + UINT8 *OldBuf; + UINTN BufferSize; + UINTN OldSize; + + if ((P7Data == NULL) || (CertStack == NULL) || (StackLength == NULL) || + (TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) + { + return FALSE; + } + + Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &WrapData, &WrapDataSize); + + if (!Status) { + return FALSE; + } + + Status = FALSE; + CertBuf = NULL; + OldBuf = NULL; + Cert = NULL; + + MbedTlsPkcs7Init (&Pkcs7); + if (MbedtlsPkcs7ParseDer (WrapData, (INT32)WrapDataSize, &Pkcs7) != 0) { + goto _Exit; + } + + SignerInfo = &(Pkcs7.SignedData.SignerInfos); + + // + // Traverse each signers + // + // Convert CertStack to buffer in following format: + // UINT8 CertNumber; + // UINT32 Cert1Length; + // UINT8 Cert1[]; + // UINT32 Cert2Length; + // UINT8 Cert2[]; + // ... + // UINT32 CertnLength; + // UINT8 Certn[]; + // + BufferSize = sizeof (UINT8); + OldSize = BufferSize; + Index = 0; + + while (SignerInfo != NULL) { + // Find signers cert + Cert = MbedTlsPkcs7FindSignerCert (SignerInfo, &(Pkcs7.SignedData.Certificates)); + if (Cert == NULL) { + goto _Exit; + } + + CertSize = Cert->raw.len; + OldSize = BufferSize; + OldBuf = CertBuf; + BufferSize = OldSize + CertSize + sizeof (UINT32); + + CertBuf = AllocateZeroPool (BufferSize); + if (CertBuf == NULL) { + goto _Exit; + } + + if (OldBuf != NULL) { + CopyMem (CertBuf, OldBuf, OldSize); + FreePool (OldBuf); + OldBuf = NULL; + } + + WriteUnaligned32 ((UINT32 *)(CertBuf + OldSize), (UINT32)CertSize); + CopyMem (CertBuf + OldSize + sizeof (UINT32), Cert->raw.p, CertSize); + + Index++; + + // move to next + SignerInfo = SignerInfo->Next; + } + + if (CertBuf != NULL) { + // + // Update CertNumber. + // + CertBuf[0] = Index; + + *CertLength = BufferSize - OldSize - sizeof (UINT32); + *TrustedCert = AllocateZeroPool (*CertLength); + if (*TrustedCert == NULL) { + goto _Exit; + } + + CopyMem (*TrustedCert, CertBuf + OldSize + sizeof (UINT32), *CertLength); + *CertStack = CertBuf; + *StackLength = BufferSize; + Status = TRUE; + } + +_Exit: + // + // Release Resources + // + if (!Status && (CertBuf != NULL)) { + FreePool (CertBuf); + *CertStack = NULL; + } + + if (Status) { + if (Pkcs7.SignedData.Certificates.next != NULL) { + TempCrt = Pkcs7.SignedData.Certificates.next; + mbedtls_x509_crt_free (TempCrt); + } + } + + if (OldBuf != NULL) { + FreePool (OldBuf); + } + + return Status; +} + +/** + Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7: + Cryptographic Message Syntax Standard", and outputs two certificate lists chained and + unchained to the signer's certificates. + The input signed data could be wrapped in a ContentInfo structure. + + @param[in] P7Data Pointer to the PKCS#7 message. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[out] SignerChainCerts Pointer to the certificates list chained to signer's + certificate. It's caller's responsibility to free the buffer + with Pkcs7FreeSigners(). + This data structure is EFI_CERT_STACK type. + @param[out] ChainLength Length of the chained certificates list buffer in bytes. + @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's + responsibility to free the buffer with Pkcs7FreeSigners(). + This data structure is EFI_CERT_STACK type. + @param[out] UnchainLength Length of the unchained certificates list buffer in bytes. + + @retval TRUE The operation is finished successfully. + @retval FALSE Error occurs during the operation. + +**/ +BOOLEAN +EFIAPI +Pkcs7GetCertificatesList ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT UINT8 **SignerChainCerts, + OUT UINTN *ChainLength, + OUT UINT8 **UnchainCerts, + OUT UINTN *UnchainLength + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c new file mode 100644 index 0000000000..47a8230cf6 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c @@ -0,0 +1,689 @@ +/** @file + This module verifies that Enhanced Key Usages (EKU's) are present within + a PKCS7 signature blob using MbedTLS. + + Copyright (C) Microsoft Corporation. All Rights Reserved. + Copyright (c) 2024, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include "InternalCryptLib.h" +#include +#include + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 EkuOID[] = { 0x55, 0x1D, 0x25 }; + +/*leaf Cert basic_constraints case1: CA: false and CA object is excluded */ +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gBasicConstraintsCase1[] = { 0x30, 0x00 }; + +/*leaf Cert basic_constraints case2: CA: false */ +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gBasicConstraintsCase2[] = { 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01, 0x00 }; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gOidBasicConstraints[] = { 0x55, 0x1D, 0x13 }; + +/** + Find first Extension data match with given OID + + @param[in] Start Pointer to the DER-encoded extensions data + @param[in] End extensions data size in bytes + @param[in ] Oid OID for match + @param[in ] OidSize OID size in bytes + @param[out] FindExtensionData output matched extension data. + @param[out] FindExtensionDataLen matched extension data size. + +**/ +STATIC +BOOLEAN +InternalX509FindExtensionData ( + UINT8 *Start, + UINT8 *End, + CONST UINT8 *Oid, + UINTN OidSize, + UINT8 **FindExtensionData, + UINTN *FindExtensionDataLen + ) +{ + UINT8 *Ptr; + UINT8 *ExtensionPtr; + UINTN ObjLen; + INT32 Ret; + BOOLEAN Status; + UINTN FindExtensionLen; + UINTN HeaderLen; + + /*If no Extension entry match Oid*/ + Status = FALSE; + Ptr = Start; + + Ret = 0; + + while (TRUE) { + // + // Extension ::= SEQUENCE { + // extnID OBJECT IDENTIFIER, + // critical BOOLEAN DEFAULT FALSE, + // extnValue OCTET STRING } + // + ExtensionPtr = Ptr; + Ret = mbedtls_asn1_get_tag ( + &Ptr, + End, + &ObjLen, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE + ); + if (Ret == 0) { + HeaderLen = (UINTN)(Ptr - ExtensionPtr); + FindExtensionLen = ObjLen; + /* Get Object Identifier*/ + Ret = mbedtls_asn1_get_tag ( + &Ptr, + End, + &ObjLen, + MBEDTLS_ASN1_OID + ); + } else { + break; + } + + if ((Ret == 0) && !CompareMem (Ptr, Oid, OidSize)) { + Ptr += ObjLen; + + Ret = mbedtls_asn1_get_tag ( + &Ptr, + End, + &ObjLen, + MBEDTLS_ASN1_BOOLEAN + ); + if (Ret == 0) { + Ptr += ObjLen; + } + + Ret = mbedtls_asn1_get_tag ( + &Ptr, + End, + &ObjLen, + MBEDTLS_ASN1_OCTET_STRING + ); + } else { + Ret = 1; + } + + if (Ret == 0) { + *FindExtensionData = Ptr; + *FindExtensionDataLen = ObjLen; + Status = TRUE; + break; + } + + /* move to next*/ + Ptr = ExtensionPtr + HeaderLen + FindExtensionLen; + Ret = 0; + } + + return Status; +} + +/** + Retrieve Extension data from one X.509 certificate. + + @param[in] Cert Pointer to the X509 certificate. + @param[in] Oid Object identifier buffer + @param[in] OidSize Object identifier buffer size + @param[out] ExtensionData Extension bytes. + @param[in, out] ExtensionDataSize Extension bytes size. + + @retval RETURN_SUCCESS The certificate Extension data retrieved successfully. + @retval RETURN_INVALID_PARAMETER If Cert is NULL. + If ExtensionDataSize is NULL. + If ExtensionData is not NULL and *ExtensionDataSize is 0. + If Certificate is invalid. + @retval RETURN_NOT_FOUND If no Extension entry match Oid. + @retval RETURN_BUFFER_TOO_SMALL If the ExtensionData is NULL. The required buffer size + is returned in the ExtensionDataSize parameter. + @retval RETURN_UNSUPPORTED The operation is not supported. +**/ +STATIC +BOOLEAN +GetExtensionData ( + CONST mbedtls_x509_crt *Cert, + CONST UINT8 *Oid, + UINTN OidSize, + UINT8 *ExtensionData, + UINTN *ExtensionDataSize + ) +{ + CONST mbedtls_x509_crt *Crt; + INT32 Ret; + BOOLEAN Status; + UINT8 *Ptr; + UINT8 *End; + UINTN ObjLen; + + Ptr = NULL; + End = NULL; + ObjLen = 0; + + if ((Cert == NULL) || (Oid == NULL) || (OidSize == 0) || + (ExtensionDataSize == NULL)) + { + return FALSE; + } + + Status = FALSE; + + Crt = Cert; + + Ptr = Crt->v3_ext.p; + End = Crt->v3_ext.p + Crt->v3_ext.len; + Ret = mbedtls_asn1_get_tag ( + &Ptr, + End, + &ObjLen, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE + ); + + if (Ret == 0) { + Status = InternalX509FindExtensionData ( + Ptr, + End, + Oid, + OidSize, + &Ptr, + &ObjLen + ); + } + + if (Status) { + if (*ExtensionDataSize < ObjLen) { + *ExtensionDataSize = ObjLen; + Status = FALSE; + goto Cleanup; + } + + if (Oid != NULL) { + if (ExtensionData == NULL) { + return FALSE; + } + + CopyMem (ExtensionData, Ptr, ObjLen); + } + + *ExtensionDataSize = ObjLen; + } else { + *ExtensionDataSize = 0; + } + +Cleanup: + return Status; +} + +/** + Determines if the specified EKU represented in ASN1 form is present + in a given certificate. + + @param[in] Cert The certificate to check. + @param[in] EKU The EKU to look for. + @param[in] EkuLen The size of EKU. + + @retval EFI_SUCCESS We successfully identified the signing type. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_NOT_FOUND One or more EKU's were not found in the signature. + +**/ +STATIC +EFI_STATUS +IsEkuInCertificate ( + IN CONST mbedtls_x509_crt *Cert, + IN UINT8 *EKU, + IN UINTN EkuLen + ) +{ + EFI_STATUS Status; + BOOLEAN Ret; + UINT8 *Buffer; + UINTN Index; + UINTN Len; + + if ((Cert == NULL) || (EKU == NULL)) { + Status = EFI_INVALID_PARAMETER; + return Status; + } + + Len = 0; + Buffer = NULL; + Ret = GetExtensionData ( + Cert, + (CONST UINT8 *)EkuOID, + sizeof (EkuOID), + NULL, + &Len + ); + if (Len == 0) { + Status = EFI_NOT_FOUND; + goto Exit; + } + + Buffer = AllocateZeroPool (Len); + if (Buffer == NULL) { + Status = EFI_NOT_FOUND; + goto Exit; + } + + Ret = GetExtensionData ( + Cert, + (CONST UINT8 *)EkuOID, + sizeof (EkuOID), + Buffer, + &Len + ); + + if ((Len == 0) || (!Ret)) { + Status = EFI_NOT_FOUND; + goto Exit; + } + + Status = EFI_NOT_FOUND; + /*find the spdm hardware identity OID*/ + for (Index = 0; Index <= Len - EkuLen; Index++) { + if (!CompareMem (Buffer + Index, EKU, EkuLen)) { + // check sub EKU + if (Index == Len - EkuLen) { + Status = EFI_SUCCESS; + break; + // Ensure that the OID is complete + } else if (Buffer[Index + EkuLen] == 0x06) { + Status = EFI_SUCCESS; + break; + } else { + break; + } + } + } + +Exit: + if (Buffer != NULL) { + FreePool (Buffer); + } + + return Status; +} + +/** + Get OID from txt. + + @param[in] RequiredEKUs Array of null-terminated strings listing OIDs of + required EKUs that must be present in the signature. + @param[in] RequiredEKUsSize Number of elements in the RequiredEKUs string array. + @param[in,out] CheckOid OID. + @param[out] OidLen The size of OID. + +**/ +VOID +GetOidFromTxt ( + IN CONST CHAR8 *RequiredEKUs, + IN UINTN RequiredEKUsSize, + IN OUT UINT8 *CheckOid, + OUT UINT8 *OidLen + ) +{ + UINT8 *Ptr; + UINT16 Index; + UINT32 Data; + UINT8 OidIndex; + UINTN EKUsSize; + + EKUsSize = RequiredEKUsSize; + // https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-object-identifier?redirectedfrom=MSDN + CheckOid[0] = (UINT8)((RequiredEKUs[0] - '0') * 40 + (RequiredEKUs[2] - '0')); + + EKUsSize = EKUsSize - 4; + Ptr = (UINT8 *)(RequiredEKUs + 4); + + OidIndex = 1; + + while (EKUsSize) { + Index = 0; + Data = 0; + + while ((*Ptr != '.') && (*Ptr != '\0')) { + Index++; + Ptr++; + EKUsSize--; + } + + while (Index) { + Data = 10 * Data + (*(Ptr - Index) - '0'); + Index--; + } + + if (EKUsSize != 0) { + Ptr++; + EKUsSize--; + } + + if (Data < 128) { + CheckOid[OidIndex] = (UINT8)Data; + OidIndex++; + } else { + CheckOid[OidIndex + 1] = (UINT8)(Data & 0xFF); + CheckOid[OidIndex] = (UINT8)(((((Data & 0xFF00) << 1) | 0x8000) >> 8) & 0xFF); + OidIndex = OidIndex + 2; + } + } + + *OidLen = OidIndex; +} + +/** + Verify the Cert is signer cert + + @param[in] Start Pointer to the DER-encoded certificate data Start. + @param[in] End Pointer to the DER-encoded certificate data End. + + @retval true verify pass + @retval false verify fail +**/ +STATIC +BOOLEAN +IsCertSignerCert ( + UINT8 *Start, + UINT8 *End + ) +{ + BOOLEAN Status; + UINT8 *Buffer; + UINTN Len; + mbedtls_x509_crt Cert; + UINTN ObjLen; + + mbedtls_x509_crt_init (&Cert); + + ObjLen = End - Start; + + if (mbedtls_x509_crt_parse_der (&Cert, Start, ObjLen) != 0) { + return FALSE; + } + + Len = 0; + Buffer = NULL; + Status = GetExtensionData ( + &Cert, + (CONST UINT8 *)gOidBasicConstraints, + sizeof (gOidBasicConstraints), + NULL, + &Len + ); + if (Len == 0) { + /* basic constraints is not present in Cert */ + return TRUE; + } + + Buffer = AllocateZeroPool (Len); + if (Buffer == NULL) { + return FALSE; + } + + Status = GetExtensionData ( + &Cert, + (CONST UINT8 *)gOidBasicConstraints, + sizeof (gOidBasicConstraints), + Buffer, + &Len + ); + + if (Len == 0) { + /* basic constraints is not present in Cert */ + Status = TRUE; + goto Exit; + } else if (!Status) { + Status = FALSE; + goto Exit; + } + + if ((Len == sizeof (gBasicConstraintsCase1)) && + (!CompareMem (Buffer, gBasicConstraintsCase1, sizeof (gBasicConstraintsCase1)))) + { + Status = TRUE; + goto Exit; + } + + if ((Len == sizeof (gBasicConstraintsCase2)) && + (!CompareMem (Buffer, gBasicConstraintsCase2, sizeof (gBasicConstraintsCase2)))) + { + Status = TRUE; + goto Exit; + } + + Status = FALSE; + +Exit: + mbedtls_x509_crt_free (&Cert); + + if (Buffer != NULL) { + FreePool (Buffer); + } + + return Status; +} + +/** + Determines if the specified EKUs are present in a signing certificate. + + @param[in] SignerCert The certificate to check. + @param[in] RequiredEKUs The EKUs to look for. + @param[in] RequiredEKUsSize The number of EKUs + @param[in] RequireAllPresent If TRUE, then all the specified EKUs + must be present in the certificate. + + @retval EFI_SUCCESS We successfully identified the signing type. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_NOT_FOUND One or more EKU's were not found in the signature. +**/ +STATIC +EFI_STATUS +CheckEKUs ( + IN CONST mbedtls_x509_crt *SignerCert, + IN CONST CHAR8 *RequiredEKUs[], + IN CONST UINT32 RequiredEKUsSize, + IN BOOLEAN RequireAllPresent + ) +{ + EFI_STATUS Status; + UINT32 NumEkusFound; + UINT32 Index; + UINT8 *EKU; + UINTN EkuLen; + UINT8 CheckOid[20]; + UINT8 OidLen; + + Status = EFI_SUCCESS; + NumEkusFound = 0; + + if ((SignerCert == NULL) || (RequiredEKUs == NULL) || (RequiredEKUsSize == 0)) { + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + for (Index = 0; Index < RequiredEKUsSize; Index++) { + // + // Finding required EKU in Cert. + // + GetOidFromTxt (RequiredEKUs[Index], strlen (RequiredEKUs[Index]), CheckOid, &OidLen); + + EKU = CheckOid; + EkuLen = OidLen; + + Status = IsEkuInCertificate (SignerCert, EKU, EkuLen); + if (Status == EFI_SUCCESS) { + NumEkusFound++; + if (!RequireAllPresent) { + // + // Found at least one, so we are done. + // + goto Exit; + } + } else { + // + // Fail to find Eku in Cert + break; + } + } + +Exit: + if (RequireAllPresent && + (NumEkusFound == RequiredEKUsSize)) + { + // + // Found all required EKUs in certificate. + // + Status = EFI_SUCCESS; + } + + return Status; +} + +/** + This function receives a PKCS#7 formatted signature blob, + looks for the EKU SEQUENCE blob, and if found then looks + for all the required EKUs. This function was created so that + the Surface team can cut down on the number of Certificate + Authorities (CA's) by checking EKU's on leaf signers for + a specific product. This prevents one product's certificate + from signing another product's firmware or unlock blobs. + + Note that this function does not validate the certificate chain. + That needs to be done before using this function. + + @param[in] Pkcs7Signature The PKCS#7 signed information content block. An array + containing the content block with both the signature, + the signer's certificate, and any necessary intermediate + certificates. + @param[in] Pkcs7SignatureSize Number of bytes in Pkcs7Signature. + @param[in] RequiredEKUs Array of null-terminated strings listing OIDs of + required EKUs that must be present in the signature. + @param[in] RequiredEKUsSize Number of elements in the RequiredEKUs string array. + @param[in] RequireAllPresent If this is TRUE, then all of the specified EKU's + must be present in the leaf signer. If it is + FALSE, then we will succeed if we find any + of the specified EKU's. + + @retval EFI_SUCCESS The required EKUs were found in the signature. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_NOT_FOUND One or more EKU's were not found in the signature. + +**/ +EFI_STATUS +EFIAPI +VerifyEKUsInPkcs7Signature ( + IN CONST UINT8 *Pkcs7Signature, + IN CONST UINT32 SignatureSize, + IN CONST CHAR8 *RequiredEKUs[], + IN CONST UINT32 RequiredEKUsSize, + IN BOOLEAN RequireAllPresent + ) +{ + EFI_STATUS Status; + mbedtls_x509_crt Cert; + UINT8 *Ptr; + UINT8 *End; + INT32 Len; + UINTN ObjLen; + UINT8 *OldEnd; + + // + // Check input parameter. + // + if ((RequiredEKUs == NULL) || (Pkcs7Signature == NULL)) { + Status = EFI_INVALID_PARAMETER; + return Status; + } + + mbedtls_x509_crt_init (&Cert); + + Ptr = (UINT8 *)(UINTN)Pkcs7Signature; + Len = (UINT32)SignatureSize; + End = Ptr + Len; + + // Cert + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + // tbscert + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_INTEGER) != 0) { + return FALSE; + } + + Ptr += ObjLen; + // signature algo + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET) != 0) { + return FALSE; + } + + Ptr += ObjLen; + // signature + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + Ptr += ObjLen; + OldEnd = Ptr; + // Cert + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC) != 0) { + return FALSE; + } + + End = Ptr + ObjLen; + + // leaf Cert + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + while ((Ptr != End) && (Ptr < End)) { + if (IsCertSignerCert (OldEnd, Ptr)) { + break; + } + + OldEnd = Ptr; + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + Ptr += ObjLen; + } + + if (Ptr != End) { + return FALSE; + } else { + Ptr = End - ObjLen; + } + + // leaf Cert + ObjLen += Ptr - OldEnd; + Ptr = OldEnd; + + if (mbedtls_x509_crt_parse_der (&Cert, Ptr, ObjLen) != 0) { + return FALSE; + } + + Status = CheckEKUs (&Cert, RequiredEKUs, RequiredEKUsSize, RequireAllPresent); + if (Status != EFI_SUCCESS) { + goto Exit; + } + +Exit: + // + // Release Resources + // + mbedtls_x509_crt_free (&Cert); + + return Status; +} From 33917d410e70cf8b070b42b8d3587db123cf81ab Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Sun, 7 Apr 2024 15:21:22 +0800 Subject: [PATCH 280/357] CryptoPkg: Add Pkcs5 functions based on Mbedtls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 ++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c new file mode 100644 index 0000000000..94f1fcfa3b --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c @@ -0,0 +1,100 @@ +/** @file + PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0 + password based encryption key derivation function PBKDF2, as specified in RFC 2898. + + If Password or Salt or OutKey is NULL, then return FALSE. + If the hash algorithm could not be determined, then return FALSE. + + @param[in] PasswordLength Length of input password in bytes. + @param[in] Password Pointer to the array for the password. + @param[in] SaltLength Size of the Salt in bytes. + @param[in] Salt Pointer to the Salt. + @param[in] IterationCount Number of iterations to perform. Its value should be + greater than or equal to 1. + @param[in] DigestSize Size of the message digest to be used (eg. SHA256_DIGEST_SIZE). + NOTE: DigestSize will be used to determine the hash algorithm. + Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported. + @param[in] KeyLength Size of the derived key buffer in bytes. + @param[out] OutKey Pointer to the output derived key buffer. + + @retval TRUE A key was derived successfully. + @retval FALSE One of the pointers was NULL or one of the sizes was too large. + @retval FALSE The hash algorithm could not be determined from the digest size. + @retval FALSE The key derivation operation failed. + +**/ +BOOLEAN +EFIAPI +Pkcs5HashPassword ( + IN UINTN PasswordLength, + IN CONST CHAR8 *Password, + IN UINTN SaltLength, + IN CONST UINT8 *Salt, + IN UINTN IterationCount, + IN UINTN DigestSize, + IN UINTN KeyLength, + OUT UINT8 *OutKey + ) +{ + mbedtls_md_type_t HashAlg; + + // + // Parameter Checking. + // + if ((Password == NULL) || (Salt == NULL) || (OutKey == NULL)) { + return FALSE; + } + + if ((PasswordLength == 0) || (PasswordLength > INT_MAX) || + (SaltLength == 0) || (SaltLength > INT_MAX) || + (KeyLength == 0) || (KeyLength > INT_MAX) || + (IterationCount < 1) || (IterationCount > INT_MAX)) + { + return FALSE; + } + + // + // Make sure the digest algorithm is supported. + // + switch (DigestSize) { + case SHA1_DIGEST_SIZE: + HashAlg = MBEDTLS_MD_SHA1; + break; + case SHA256_DIGEST_SIZE: + HashAlg = MBEDTLS_MD_SHA256; + break; + default: + return FALSE; + break; + } + + // + // Perform password-based key derivation routines. + // + if (mbedtls_pkcs5_pbkdf2_hmac_ext ( + HashAlg, + (CONST UINT8 *)Password, + (int)PasswordLength, + (CONST UINT8 *)Salt, + (int)SaltLength, + (int)IterationCount, + (int)KeyLength, + (UINT8 *)OutKey + ) != 0) + { + return FALSE; + } else { + return TRUE; + } +} From 60f6a187c6c0ce70f7e2d57f7b46c84eb7b672af Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Sun, 7 Apr 2024 15:21:48 +0800 Subject: [PATCH 281/357] CryptoPkg: Add more RSA related functions based on Mbedtls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement more RSA functions such as RsaPkcs1Sign based Mbedlts. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c | 278 ++++++++++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c | 352 ++++++++++++++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c | 140 +++++++ 3 files changed, 770 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c new file mode 100644 index 0000000000..61ccdd78e6 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c @@ -0,0 +1,278 @@ +/** @file + This file contains UEFI wrapper functions for RSA PKCS1v2 OAEP encryption routines. + + SPDX-License-Identifier: BSD-2-Clause-Patent + + Copyright (c) 2024, Intel Corporation. All rights reserved.
+ +**/ + +#include "InternalCryptLib.h" +#include +#include +#include + +/** + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + encrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - X509 key size does not match any known key size. + - Fail to parse X509 certificate. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + - Data size is too large for the provided key size (max size is a function of key size + and hash digest size). + + @param[in] PublicKey A pointer to the DER-encoded X509 certificate that + will be used to encrypt the data. + @param[in] PublicKeySize Size of the X509 cert buffer. + @param[in] InData Data to be encrypted. + @param[in] InDataSize Size of the data buffer. + @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer + to be used when initializing the PRNG. NULL otherwise. + @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer. + 0 otherwise. + @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted + message. + @param[out] EncryptedDataSize Size of the encrypted message buffer. + + @retval TRUE Encryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +Pkcs1v2Encrypt ( + IN CONST UINT8 *PublicKey, + IN UINTN PublicKeySize, + IN UINT8 *InData, + IN UINTN InDataSize, + IN CONST UINT8 *PrngSeed OPTIONAL, + IN UINTN PrngSeedSize OPTIONAL, + OUT UINT8 **EncryptedData, + OUT UINTN *EncryptedDataSize + ) +{ + BOOLEAN Result; + UINT32 Ret; + UINT8 *OutData; + mbedtls_x509_crt CertContext; + mbedtls_rsa_context RsaContext; + + // + // Check input parameters. + // + if ((PublicKey == NULL) || (InData == NULL) || + (EncryptedData == NULL) || (EncryptedDataSize == NULL)) + { + return FALSE; + } + + // + // Check public key size. + // + if (PublicKeySize > UINT_MAX) { + // + // Public key size is too large for implementation. + // + return FALSE; + } + + *EncryptedData = NULL; + *EncryptedDataSize = 0; + Result = FALSE; + OutData = NULL; + + mbedtls_x509_crt_init (&CertContext); + + if (mbedtls_x509_crt_parse_der (&CertContext, PublicKey, (UINT32)PublicKeySize) != 0) { + goto _Exit; + } + + if (mbedtls_pk_get_type (&CertContext.pk) != MBEDTLS_PK_RSA) { + goto _Exit; + } + + mbedtls_rsa_init (&RsaContext); + if (mbedtls_rsa_set_padding (&RsaContext, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE) != 0) { + goto _Exit; + } + + Ret = mbedtls_rsa_copy (&RsaContext, mbedtls_pk_rsa (CertContext.pk)); + if (Ret != 0) { + goto _Exit; + } + + *EncryptedDataSize = RsaContext.len; + + // + // Allocate a buffer for the output data. + // + OutData = AllocateZeroPool (*EncryptedDataSize); + if (OutData == NULL) { + // + // Fail to allocate the output buffer. + // + goto _Exit; + } + + Ret = mbedtls_rsa_pkcs1_encrypt ( + &RsaContext, + MbedtlsRand, + NULL, + InDataSize, + InData, + OutData + ); + if (Ret != 0) { + FreePool (OutData); + OutData = NULL; + goto _Exit; + } + + *EncryptedData = OutData; + Result = TRUE; + +_Exit: + // + // Release Resources + // + if (&CertContext != NULL) { + mbedtls_x509_crt_free (&CertContext); + } + + if (&RsaContext != NULL) { + mbedtls_rsa_free (&RsaContext); + } + + return Result; +} + +/** + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + encrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - X509 key size does not match any known key size. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + - Data size is too large for the provided key size (max size is a function of key size + and hash digest size). + + @param[in] RsaContext A pointer to an RSA context created by RsaNew() and + provisioned with a public key using RsaSetKey(). + @param[in] InData Data to be encrypted. + @param[in] InDataSize Size of the data buffer. + @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer + to be used when initializing the PRNG. NULL otherwise. + @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer. + 0 otherwise. + @param[in] DigestLen [Optional] If provided, size of the hash used: + SHA1_DIGEST_SIZE + SHA256_DIGEST_SIZE + SHA384_DIGEST_SIZE + SHA512_DIGEST_SIZE + 0 to use default (SHA1) + @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted + message. + @param[out] EncryptedDataSize Size of the encrypted message buffer. + + @retval TRUE Encryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +RsaOaepEncrypt ( + IN VOID *RsaContext, + IN UINT8 *InData, + IN UINTN InDataSize, + IN CONST UINT8 *PrngSeed OPTIONAL, + IN UINTN PrngSeedSize OPTIONAL, + IN UINT16 DigestLen OPTIONAL, + OUT UINT8 **EncryptedData, + OUT UINTN *EncryptedDataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + decrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - Fail to parse private key. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + + @param[in] PrivateKey A pointer to the DER-encoded private key. + @param[in] PrivateKeySize Size of the private key buffer. + @param[in] EncryptedData Data to be decrypted. + @param[in] EncryptedDataSize Size of the encrypted buffer. + @param[out] OutData Pointer to an allocated buffer containing the encrypted + message. + @param[out] OutDataSize Size of the encrypted message buffer. + + @retval TRUE Encryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +Pkcs1v2Decrypt ( + IN CONST UINT8 *PrivateKey, + IN UINTN PrivateKeySize, + IN UINT8 *EncryptedData, + IN UINTN EncryptedDataSize, + OUT UINT8 **OutData, + OUT UINTN *OutDataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + decrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - Fail to parse private key. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + + @param[in] RsaContext A pointer to an RSA context created by RsaNew() and + provisioned with a private key using RsaSetKey(). + @param[in] EncryptedData Data to be decrypted. + @param[in] EncryptedDataSize Size of the encrypted buffer. + @param[in] DigestLen [Optional] If provided, size of the hash used: + SHA1_DIGEST_SIZE + SHA256_DIGEST_SIZE + SHA384_DIGEST_SIZE + SHA512_DIGEST_SIZE + 0 to use default (SHA1) + @param[out] OutData Pointer to an allocated buffer containing the encrypted + message. + @param[out] OutDataSize Size of the encrypted message buffer. + + @retval TRUE Encryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +RsaOaepDecrypt ( + IN VOID *RsaContext, + IN UINT8 *EncryptedData, + IN UINTN EncryptedDataSize, + IN UINT16 DigestLen OPTIONAL, + OUT UINT8 **OutData, + OUT UINTN *OutDataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c new file mode 100644 index 0000000000..5fe76f146d --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c @@ -0,0 +1,352 @@ +/** @file + RSA Asymmetric Cipher Wrapper Implementation over MbedTLS. + + This file implements following APIs which provide more capabilities for RSA: + 1) RsaGetKey + 2) RsaGenerateKey + 3) RsaCheckKey + 4) RsaPkcs1Sign + + RFC 8017 - PKCS #1: RSA Cryptography Specifications Version 2.2 + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Gets the tag-designated RSA key component from the established RSA context. + + This function retrieves the tag-designated RSA key component from the + established RSA context as a non-negative integer (octet string format + represented in RSA PKCS#1). + If specified key component has not been set or has been cleared, then returned + BnSize is set to 0. + If the BigNumber buffer is too small to hold the contents of the key, FALSE + is returned and BnSize is set to the required buffer size to obtain the key. + + If RsaContext is NULL, then return FALSE. + If BnSize is NULL, then return FALSE. + If BnSize is large enough but BigNumber is NULL, then return FALSE. + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] KeyTag Tag of RSA key component being set. + @param[out] BigNumber Pointer to octet integer buffer. + @param[in, out] BnSize On input, the size of big number buffer in bytes. + On output, the size of data returned in big number buffer in bytes. + + @retval TRUE RSA key component was retrieved successfully. + @retval FALSE Invalid RSA key component tag. + @retval FALSE BnSize is too small. + +**/ +BOOLEAN +EFIAPI +RsaGetKey ( + IN OUT VOID *RsaContext, + IN RSA_KEY_TAG KeyTag, + OUT UINT8 *BigNumber, + IN OUT UINTN *BnSize + ) +{ + mbedtls_rsa_context *RsaKey; + INT32 Ret; + mbedtls_mpi Value; + UINTN Size; + + // + // Check input parameters. + // + if ((RsaContext == NULL) || (*BnSize > INT_MAX)) { + return FALSE; + } + + // + // Init mbedtls_mpi + // + mbedtls_mpi_init (&Value); + Size = *BnSize; + *BnSize = 0; + + RsaKey = (mbedtls_rsa_context *)RsaContext; + + switch (KeyTag) { + case RsaKeyN: + Ret = mbedtls_rsa_export (RsaKey, &Value, NULL, NULL, NULL, NULL); + break; + case RsaKeyE: + Ret = mbedtls_rsa_export (RsaKey, NULL, NULL, NULL, NULL, &Value); + break; + case RsaKeyD: + Ret = mbedtls_rsa_export (RsaKey, NULL, NULL, NULL, &Value, NULL); + break; + case RsaKeyQ: + Ret = mbedtls_rsa_export (RsaKey, NULL, NULL, &Value, NULL, NULL); + break; + case RsaKeyP: + Ret = mbedtls_rsa_export (RsaKey, NULL, &Value, NULL, NULL, NULL); + break; + case RsaKeyDp: + case RsaKeyDq: + case RsaKeyQInv: + default: + Ret = -1; + break; + } + + if (Ret != 0) { + goto End; + } + + if (mbedtls_mpi_size (&Value) == 0) { + Ret = 0; + goto End; + } + + *BnSize = Size; + + Size = mbedtls_mpi_size (&Value); + if (*BnSize < Size) { + Ret = 1; + *BnSize = Size; + goto End; + } + + if (BigNumber == NULL) { + Ret = 0; + *BnSize = Size; + goto End; + } + + if ((BigNumber != NULL) && (Ret == 0)) { + Ret = mbedtls_mpi_write_binary (&Value, BigNumber, Size); + *BnSize = Size; + } + +End: + mbedtls_mpi_free (&Value); + return Ret == 0; +} + +/** + Generates RSA key components. + + This function generates RSA key components. It takes RSA public exponent Pe and + length in bits of RSA modulus N as input, and generates all key components. + If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used. + + Before this function can be invoked, pseudorandom number generator must be correctly + initialized by RandomSeed(). + + If RsaContext is NULL, then return FALSE. + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] ModulusLength Length of RSA modulus N in bits. + @param[in] PublicExponent Pointer to RSA public exponent. + @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. + + @retval TRUE RSA key component was generated successfully. + @retval FALSE Invalid RSA key component tag. + +**/ +BOOLEAN +EFIAPI +RsaGenerateKey ( + IN OUT VOID *RsaContext, + IN UINTN ModulusLength, + IN CONST UINT8 *PublicExponent, + IN UINTN PublicExponentSize + ) +{ + INT32 Ret; + mbedtls_rsa_context *Rsa; + INT32 Pe; + + // + // Check input parameters. + // + if ((RsaContext == NULL) || (ModulusLength > INT_MAX) || (PublicExponentSize > INT_MAX)) { + return FALSE; + } + + Rsa = (mbedtls_rsa_context *)RsaContext; + + if (PublicExponent == NULL) { + Pe = 0x10001; + } else { + if (PublicExponentSize == 0) { + return FALSE; + } + + switch (PublicExponentSize) { + case 1: + Pe = PublicExponent[0]; + break; + case 2: + Pe = PublicExponent[0] << 8 | PublicExponent[1]; + break; + case 3: + Pe = PublicExponent[0] << 16 | PublicExponent[1] << 8 | + PublicExponent[2]; + break; + case 4: + Pe = PublicExponent[0] << 24 | PublicExponent[1] << 16 | + PublicExponent[2] << 8 | PublicExponent[3]; + break; + default: + return FALSE; + } + } + + Ret = mbedtls_rsa_gen_key ( + Rsa, + MbedtlsRand, + NULL, + (UINT32)ModulusLength, + Pe + ); + + return Ret == 0; +} + +/** + Validates key components of RSA context. + NOTE: This function performs integrity checks on all the RSA key material, so + the RSA key structure must contain all the private key data. + + This function validates key components of RSA context in following aspects: + - Whether p is a prime + - Whether q is a prime + - Whether n = p * q + - Whether d*e = 1 mod lcm(p-1,q-1) + + If RsaContext is NULL, then return FALSE. + + @param[in] RsaContext Pointer to RSA context to check. + + @retval TRUE RSA key components are valid. + @retval FALSE RSA key components are not valid. + +**/ +BOOLEAN +EFIAPI +RsaCheckKey ( + IN VOID *RsaContext + ) +{ + if (RsaContext == NULL) { + return FALSE; + } + + UINT32 Ret; + + Ret = mbedtls_rsa_complete (RsaContext); + if (Ret == 0) { + Ret = mbedtls_rsa_check_privkey (RsaContext); + } + + return Ret == 0; +} + +/** + Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme. + + This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in + RSA PKCS#1. + If the Signature buffer is too small to hold the contents of signature, FALSE + is returned and SigSize is set to the required buffer size to obtain the signature. + + If RsaContext is NULL, then return FALSE. + If MessageHash is NULL, then return FALSE. + If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE. + If SigSize is large enough but Signature is NULL, then return FALSE. + + @param[in] RsaContext Pointer to RSA context for signature generation. + @param[in] MessageHash Pointer to octet message hash to be signed. + @param[in] HashSize Size of the message hash in bytes. + @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature. + @param[in, out] SigSize On input, the size of Signature buffer in bytes. + On output, the size of data returned in Signature buffer in bytes. + + @retval TRUE Signature successfully generated in PKCS1-v1_5. + @retval FALSE Signature generation failed. + @retval FALSE SigSize is too small. + +**/ +BOOLEAN +EFIAPI +RsaPkcs1Sign ( + IN VOID *RsaContext, + IN CONST UINT8 *MessageHash, + IN UINTN HashSize, + OUT UINT8 *Signature, + IN OUT UINTN *SigSize + ) +{ + INT32 Ret; + mbedtls_md_type_t MdAlg; + + if ((RsaContext == NULL) || (MessageHash == NULL)) { + return FALSE; + } + + if (mbedtls_rsa_complete ((mbedtls_rsa_context *)RsaContext) != 0) { + return FALSE; + } + + switch (HashSize) { + #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES + case SHA1_DIGEST_SIZE: + MdAlg = MBEDTLS_MD_SHA1; + break; + #endif + + case SHA256_DIGEST_SIZE: + MdAlg = MBEDTLS_MD_SHA256; + break; + + case SHA384_DIGEST_SIZE: + MdAlg = MBEDTLS_MD_SHA384; + break; + + case SHA512_DIGEST_SIZE: + MdAlg = MBEDTLS_MD_SHA512; + break; + + default: + return FALSE; + } + + if (mbedtls_rsa_get_len (RsaContext) > *SigSize) { + *SigSize = mbedtls_rsa_get_len (RsaContext); + return FALSE; + } + + if (Signature == NULL) { + return FALSE; + } + + Ret = mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V15, MdAlg); + if (Ret != 0) { + return FALSE; + } + + Ret = mbedtls_rsa_pkcs1_sign ( + RsaContext, + MbedtlsRand, + NULL, + MdAlg, + (UINT32)HashSize, + MessageHash, + Signature + ); + if (Ret != 0) { + return FALSE; + } + + *SigSize = mbedtls_rsa_get_len (RsaContext); + return TRUE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c new file mode 100644 index 0000000000..5555f9261e --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c @@ -0,0 +1,140 @@ +/** @file + RSA PSS Asymmetric Cipher Wrapper Implementation over MbedTLS. + + This file implements following APIs which provide basic capabilities for RSA: + 1) RsaPssSign + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include +#include +#include + +/** + Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme. + + This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in + RFC 8017. + Mask generation function is the same as the message digest algorithm. + If the Signature buffer is too small to hold the contents of signature, FALSE + is returned and SigSize is set to the required buffer size to obtain the signature. + + If RsaContext is NULL, then return FALSE. + If Message is NULL, then return FALSE. + If MsgSize is zero or > INT_MAX, then return FALSE. + If DigestLen is NOT 32, 48 or 64, return FALSE. + If SaltLen is not equal to DigestLen, then return FALSE. + If SigSize is large enough but Signature is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] RsaContext Pointer to RSA context for signature generation. + @param[in] Message Pointer to octet message to be signed. + @param[in] MsgSize Size of the message in bytes. + @param[in] DigestLen Length of the digest in bytes to be used for RSA signature operation. + @param[in] SaltLen Length of the salt in bytes to be used for PSS encoding. + @param[out] Signature Pointer to buffer to receive RSA PSS signature. + @param[in, out] SigSize On input, the size of Signature buffer in bytes. + On output, the size of data returned in Signature buffer in bytes. + + @retval TRUE Signature successfully generated in RSASSA-PSS. + @retval FALSE Signature generation failed. + @retval FALSE SigSize is too small. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaPssSign ( + IN VOID *RsaContext, + IN CONST UINT8 *Message, + IN UINTN MsgSize, + IN UINT16 DigestLen, + IN UINT16 SaltLen, + OUT UINT8 *Signature, + IN OUT UINTN *SigSize + ) +{ + INT32 Ret; + mbedtls_md_type_t MdAlg; + UINT8 HashValue[SHA512_DIGEST_SIZE]; + + if (RsaContext == NULL) { + return FALSE; + } + + if (mbedtls_rsa_complete ((mbedtls_rsa_context *)RsaContext) != 0) { + return FALSE; + } + + if ((Message == NULL) || (MsgSize == 0) || (MsgSize > INT_MAX)) { + return FALSE; + } + + if (SaltLen != DigestLen) { + return FALSE; + } + + ZeroMem (HashValue, DigestLen); + + switch (DigestLen) { + case SHA256_DIGEST_SIZE: + MdAlg = MBEDTLS_MD_SHA256; + if (mbedtls_sha256 (Message, MsgSize, HashValue, FALSE) != 0) { + return FALSE; + } + + break; + + case SHA384_DIGEST_SIZE: + MdAlg = MBEDTLS_MD_SHA384; + if (mbedtls_sha512 (Message, MsgSize, HashValue, TRUE) != 0) { + return FALSE; + } + + break; + + case SHA512_DIGEST_SIZE: + MdAlg = MBEDTLS_MD_SHA512; + if (mbedtls_sha512 (Message, MsgSize, HashValue, FALSE) != 0) { + return FALSE; + } + + break; + + default: + return FALSE; + } + + if (Signature == NULL) { + // + // If Signature is NULL, return safe SignatureSize + // + *SigSize = MBEDTLS_MPI_MAX_SIZE; + return FALSE; + } + + Ret = mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, MdAlg); + if (Ret != 0) { + return FALSE; + } + + Ret = mbedtls_rsa_rsassa_pss_sign ( + RsaContext, + MbedtlsRand, + NULL, + MdAlg, + (UINT32)DigestLen, + HashValue, + Signature + ); + if (Ret != 0) { + return FALSE; + } + + *SigSize = ((mbedtls_rsa_context *)RsaContext)->len; + return TRUE; +} From 5a340928229ba8457695fbfc94b161c206fd2ed2 Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Wed, 13 Mar 2024 10:48:08 +0800 Subject: [PATCH 282/357] CryptoPkg: Add AuthenticodeVerify based on Mbedtls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement AuthenticodeVerify based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../Pk/CryptAuthenticode.c | 214 ++++++++++++++++++ 1 file changed, 214 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c new file mode 100644 index 0000000000..9d8301b2c0 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c @@ -0,0 +1,214 @@ +/** @file + Authenticode Portable Executable Signature Verification which does not provide + real capabilities. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +// +// OID ASN.1 Value for SPC_INDIRECT_DATA_OBJID +// +GLOBAL_REMOVE_IF_UNREFERENCED const UINT8 mSpcIndirectOidValue[] = { + 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04 +}; + +/** + Verifies the validity of a PE/COFF Authenticode Signature as described in "Windows + Authenticode Portable Executable Signature Format". + + Return FALSE to indicate this interface is not supported. + + @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed + PE/COFF image to be verified. + @param[in] DataSize Size of the Authenticode Signature in bytes. + @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which + is used for certificate chain verification. + @param[in] CertSize Size of the trusted certificate in bytes. + @param[in] ImageHash Pointer to the original image file hash value. The procedure + for calculating the image hash value is described in Authenticode + specification. + @param[in] HashSize Size of Image hash value in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +AuthenticodeVerify ( + IN CONST UINT8 *AuthData, + IN UINTN DataSize, + IN CONST UINT8 *TrustedCert, + IN UINTN CertSize, + IN CONST UINT8 *ImageHash, + IN UINTN HashSize + ) +{ + BOOLEAN Status; + CONST UINT8 *OrigAuthData; + UINT8 *SpcIndirectDataContent; + UINT8 Asn1Byte; + UINTN ContentSize; + CONST UINT8 *SpcIndirectDataOid; + UINT8 *Ptr; + UINT8 *End; + INT32 Len; + UINTN ObjLen; + + OrigAuthData = AuthData; + + // + // Check input parameters. + // + if ((AuthData == NULL) || (TrustedCert == NULL) || (ImageHash == NULL)) { + return FALSE; + } + + if ((DataSize > INT_MAX) || (CertSize > INT_MAX) || (HashSize > INT_MAX)) { + return FALSE; + } + + if (DataSize <= HashSize) { + return FALSE; + } + + Ptr = (UINT8 *)(UINTN)AuthData; + Len = (UINT32)DataSize; + End = Ptr + Len; + + // ContentInfo + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + // ContentType + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_OID) != 0) { + return FALSE; + } + + Ptr += ObjLen; + // content + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC) != 0) { + return FALSE; + } + + End = Ptr + ObjLen; + // signedData + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + // version + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_INTEGER) != 0) { + return FALSE; + } + + Ptr += ObjLen; + // digestAlgo + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + // encapContentInfo + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + End = Ptr + ObjLen; + // eContentType + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_OID) != 0) { + return FALSE; + } + + Status = FALSE; + + SpcIndirectDataOid = Ptr; + if ((ObjLen != sizeof (mSpcIndirectOidValue)) || + (CompareMem ( + SpcIndirectDataOid, + mSpcIndirectOidValue, + sizeof (mSpcIndirectOidValue) + ) != 0)) + { + // + // Un-matched SPC_INDIRECT_DATA_OBJID. + // + goto _Exit; + } + + Ptr += ObjLen; + // eContent + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC) != 0) { + return FALSE; + } + + SpcIndirectDataContent = Ptr; + + // + // Retrieve the SEQUENCE data size from ASN.1-encoded SpcIndirectDataContent. + // + Asn1Byte = *(SpcIndirectDataContent + 1); + + if ((Asn1Byte & 0x80) == 0) { + // + // Short Form of Length Encoding (Length < 128) + // + ContentSize = (UINTN)(Asn1Byte & 0x7F); + // + // Skip the SEQUENCE Tag; + // + SpcIndirectDataContent += 2; + } else if ((Asn1Byte & 0x81) == 0x81) { + // + // Long Form of Length Encoding (128 <= Length < 255, Single Octet) + // + ContentSize = (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 2)); + // + // Skip the SEQUENCE Tag; + // + SpcIndirectDataContent += 3; + } else if ((Asn1Byte & 0x82) == 0x82) { + // + // Long Form of Length Encoding (Length > 255, Two Octet) + // + ContentSize = (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 2)); + ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3)); + // + // Skip the SEQUENCE Tag; + // + SpcIndirectDataContent += 4; + } else { + goto _Exit; + } + + // + // Compare the original file hash value to the digest retrieve from SpcIndirectDataContent + // defined in Authenticode + // NOTE: Need to double-check HashLength here! + // + if (ContentSize < HashSize) { + return FALSE; + } + + if (CompareMem (SpcIndirectDataContent + ContentSize - HashSize, ImageHash, HashSize) != 0) { + // + // Un-matched PE/COFF Hash Value + // + goto _Exit; + } + + // + // Verifies the PKCS#7 Signed Data in PE/COFF Authenticode Signature + // + Status = (BOOLEAN)Pkcs7Verify (OrigAuthData, DataSize, TrustedCert, CertSize, SpcIndirectDataContent, ContentSize); + +_Exit: + + return Status; +} From 0295704e2d29446de44025ec704dba44f6f3808a Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Wed, 13 Mar 2024 10:50:21 +0800 Subject: [PATCH 283/357] CryptoPkg: Add ImageTimestampVerify based on Mbedtls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Timestamp Countersignature Verification implementaion based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../Library/BaseCryptLibMbedTls/Pk/CryptTs.c | 381 ++++++++++++++++++ 1 file changed, 381 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c new file mode 100644 index 0000000000..d3fa205f9c --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c @@ -0,0 +1,381 @@ +/** @file + RFC3161 Timestamp Countersignature Verification Wrapper Implementation which does + not provide real capabilities. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +// +// OID ASN.1 Value for SPC_RFC3161_OBJID ("1.3.6.1.4.1.311.3.3.1") +// +GLOBAL_REMOVE_IF_UNREFERENCED const UINT8 mSpcRFC3161OidValue[] = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x03, 0x03, 0x01 +}; + +/** + Convert ASN.1 GeneralizedTime to EFI Time. + + @param[in] Ptr Pointer to the ASN.1 GeneralizedTime to be converted. + @param[out] EfiTime Return the corresponding EFI Time. + + @retval TRUE The time conversion succeeds. + @retval FALSE Invalid parameters. + +**/ +STATIC +BOOLEAN +ConvertAsn1TimeToEfiTime ( + IN UINT8 *Ptr, + OUT EFI_TIME *EfiTime + ) +{ + CONST CHAR8 *Str; + UINTN Index; + + if ((Ptr == NULL) || (EfiTime == NULL)) { + return FALSE; + } + + Str = (CONST CHAR8 *)Ptr; + SetMem (EfiTime, sizeof (EFI_TIME), 0); + + Index = 0; + + /* four digit year */ + EfiTime->Year = (Str[Index++] - '0') * 1000; + EfiTime->Year += (Str[Index++] - '0') * 100; + EfiTime->Year += (Str[Index++] - '0') * 10; + EfiTime->Year += (Str[Index++] - '0'); + if ((EfiTime->Year < 1900) || (EfiTime->Year > 9999)) { + return FALSE; + } + + EfiTime->Month = (Str[Index++] - '0') * 10; + EfiTime->Month += (Str[Index++] - '0'); + if ((EfiTime->Month < 1) || (EfiTime->Month > 12)) { + return FALSE; + } + + EfiTime->Day = (Str[Index++] - '0') * 10; + EfiTime->Day += (Str[Index++] - '0'); + if ((EfiTime->Day < 1) || (EfiTime->Day > 31)) { + return FALSE; + } + + EfiTime->Hour = (Str[Index++] - '0') * 10; + EfiTime->Hour += (Str[Index++] - '0'); + if (EfiTime->Hour > 23) { + return FALSE; + } + + EfiTime->Minute = (Str[Index++] - '0') * 10; + EfiTime->Minute += (Str[Index++] - '0'); + if (EfiTime->Minute > 59) { + return FALSE; + } + + EfiTime->Second = (Str[Index++] - '0') * 10; + EfiTime->Second += (Str[Index++] - '0'); + if (EfiTime->Second > 59) { + return FALSE; + } + + /* Note: we did not adjust the time based on time zone information */ + + return TRUE; +} + +/** + Verifies the validity of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode + signature. + + Return FALSE to indicate this interface is not supported. + + @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed + PE/COFF image to be verified. + @param[in] DataSize Size of the Authenticode Signature in bytes. + @param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER, which + is used for TSA certificate chain verification. + @param[in] CertSize Size of the trusted certificate in bytes. + @param[out] SigningTime Return the time of timestamp generation time if the timestamp + signature is valid. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +ImageTimestampVerify ( + IN CONST UINT8 *AuthData, + IN UINTN DataSize, + IN CONST UINT8 *TsaCert, + IN UINTN CertSize, + OUT EFI_TIME *SigningTime + ) +{ + BOOLEAN Status; + UINT8 *Ptr; + UINT8 *End; + INT32 Len; + UINTN ObjLen; + UINT8 *TempPtr; + + // + // Initializations + // + if (SigningTime != NULL) { + SetMem (SigningTime, sizeof (EFI_TIME), 0); + } + + // + // Input Parameters Checking. + // + if ((AuthData == NULL) || (TsaCert == NULL)) { + return FALSE; + } + + if ((DataSize > INT_MAX) || (CertSize > INT_MAX)) { + return FALSE; + } + + Ptr = (UINT8 *)(UINTN)AuthData; + Len = (UINT32)DataSize; + End = Ptr + Len; + + // ContentInfo + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + // ContentType + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_OID) != 0) { + return FALSE; + } + + Ptr += ObjLen; + // content + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC) != 0) { + return FALSE; + } + + End = Ptr + ObjLen; + // signedData + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + // version + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_INTEGER) != 0) { + return FALSE; + } + + Ptr += ObjLen; + // digestAlgo + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + // encapContentInfo + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + // cert + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + TempPtr = Ptr; + // OPTIONAL CRLs + if (mbedtls_asn1_get_tag (&TempPtr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC) == 0) { + Ptr = TempPtr + ObjLen; + } + + // signerInfo + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET) != 0) { + return FALSE; + } + + // sub parse + // signerInfo + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + End = Ptr + ObjLen; + + // version + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_INTEGER) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + // sid + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + // digestalgo + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + // OPTIONAL AuthenticatedAttributes + TempPtr = Ptr; + if (mbedtls_asn1_get_tag (&TempPtr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC) == 0) { + Ptr = TempPtr + ObjLen; + } + + // signaturealgo + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + // signature + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_OCTET_STRING) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + // OPTIONAL UnauthenticatedAttributes + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, 0xA1) != 0) { + return FALSE; + } + + // Attribute + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + // type + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_OID) != 0) { + return FALSE; + } + + if (CompareMem (Ptr, mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + // values + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET) != 0) { + return FALSE; + } + + // values + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + // signedData OID + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_OID) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + // [0] + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC) != 0) { + return FALSE; + } + + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + // integer + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_INTEGER) != 0) { + return FALSE; + } + + Ptr += ObjLen; + // SET + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + // tST OID + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_OID) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC) != 0) { + return FALSE; + } + + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_OCTET_STRING) != 0) { + return FALSE; + } + + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + // Integer + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_INTEGER) != 0) { + return FALSE; + } + + Ptr += ObjLen; + // policy OID + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_OID) != 0) { + return FALSE; + } + + Ptr += ObjLen; + // sequence + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) { + return FALSE; + } + + Ptr += ObjLen; + // Integer + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_INTEGER) != 0) { + return FALSE; + } + + Ptr += ObjLen; + + // GeneralizedTime + if (mbedtls_asn1_get_tag (&Ptr, End, &ObjLen, MBEDTLS_ASN1_GENERALIZED_TIME) != 0) { + return FALSE; + } + + // + // Retrieve the signing time from TS_TST_INFO structure. + // + if (SigningTime != NULL) { + SetMem (SigningTime, sizeof (EFI_TIME), 0); + Status = ConvertAsn1TimeToEfiTime (Ptr, SigningTime); + } + + return Status; +} From 9249c4397755445ce53f5b4a1e9c1b894e537c80 Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Fri, 26 Apr 2024 11:04:02 +0800 Subject: [PATCH 284/357] CryptoPkg: Update *.inf in BaseCryptLibMbedTls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Update all *.inf in BaseCryptLibMbedTls based on new implementation. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../BaseCryptLibMbedTls/BaseCryptLib.inf | 42 ++++++++++--------- .../BaseCryptLibMbedTls/PeiCryptLib.inf | 18 ++++---- .../BaseCryptLibMbedTls/RuntimeCryptLib.inf | 23 +++++----- .../BaseCryptLibMbedTls/SmmCryptLib.inf | 27 ++++++------ .../BaseCryptLibMbedTls/TestBaseCryptLib.inf | 36 ++++++++-------- 5 files changed, 80 insertions(+), 66 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf index 16def792c5..cb282fe648 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf @@ -27,33 +27,37 @@ [Sources] InternalCryptLib.h - Cipher/CryptAeadAesGcmNull.c - Cipher/CryptAes.c + Hash/CryptMd5.c + Hash/CryptSha1.c Hash/CryptSha256.c Hash/CryptSha512.c - Hash/CryptParallelHashNull.c Hash/CryptSm3Null.c - Hash/CryptMd5.c - Hash/CryptSha1.c + + Hash/CryptParallelHashNull.c + Hmac/CryptHmac.c Kdf/CryptHkdf.c + Cipher/CryptAes.c + Cipher/CryptAeadAesGcm.c Pk/CryptRsaBasic.c - Pk/CryptRsaExtNull.c - Pk/CryptRsaPss.c - Pk/CryptRsaPssSignNull.c - Bn/CryptBnNull.c - Pem/CryptPemNull.c + Pk/CryptRsaExt.c + Pk/CryptPkcs1Oaep.c + Pk/CryptPkcs5Pbkdf2.c + Pk/CryptPkcs7Sign.c + Pk/CryptPkcs7VerifyCommon.c + Pk/CryptPkcs7VerifyBase.c + Pk/CryptPkcs7VerifyEku.c Pk/CryptDhNull.c + Pk/CryptX509.c + Pk/CryptAuthenticode.c + Pk/CryptTs.c + Pk/CryptRsaPss.c + Pk/CryptRsaPssSign.c Pk/CryptEcNull.c - Pk/CryptPkcs1OaepNull.c - Pk/CryptPkcs5Pbkdf2Null.c - Pk/CryptPkcs7SignNull.c - Pk/CryptPkcs7VerifyNull.c - Pk/CryptPkcs7VerifyEkuNull.c - Pk/CryptX509Null.c - Pk/CryptAuthenticodeNull.c - Pk/CryptTsNull.c - Rand/CryptRandNull.c + Pem/CryptPem.c + Bn/CryptBnNull.c + Rand/CryptRand.c + SysCall/CrtWrapper.c SysCall/TimerWrapper.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf index 72b22a24e8..660e11a96e 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf @@ -47,21 +47,23 @@ Cipher/CryptAeadAesGcmNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c - Pk/CryptRsaPss.c - Pk/CryptRsaPssSignNull.c - Bn/CryptBnNull.c - Pem/CryptPemNull.c - Pk/CryptDhNull.c - Pk/CryptEcNull.c Pk/CryptPkcs1OaepNull.c Pk/CryptPkcs5Pbkdf2Null.c Pk/CryptPkcs7SignNull.c - Pk/CryptPkcs7VerifyNull.c - Pk/CryptPkcs7VerifyEkuNull.c + Pk/CryptPkcs7VerifyCommon.c + Pk/CryptPkcs7VerifyBase.c + Pk/CryptPkcs7VerifyEku.c + Pk/CryptDhNull.c Pk/CryptX509Null.c Pk/CryptAuthenticodeNull.c Pk/CryptTsNull.c + Pk/CryptRsaPss.c + Pk/CryptRsaPssSignNull.c + Pk/CryptEcNull.c + Pem/CryptPemNull.c Rand/CryptRandNull.c + Bn/CryptBnNull.c + SysCall/CrtWrapper.c SysCall/ConstantTimeClock.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf index 9f17ef00bf..280b1a9c29 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf @@ -46,21 +46,23 @@ Cipher/CryptAeadAesGcmNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c - Pk/CryptRsaPssNull.c - Pk/CryptRsaPssSignNull.c - Bn/CryptBnNull.c - Pem/CryptPemNull.c - Pk/CryptDhNull.c - Pk/CryptEcNull.c Pk/CryptPkcs1OaepNull.c Pk/CryptPkcs5Pbkdf2Null.c Pk/CryptPkcs7SignNull.c - Pk/CryptPkcs7VerifyNull.c - Pk/CryptPkcs7VerifyEkuNull.c - Pk/CryptX509Null.c + Pk/CryptPkcs7VerifyCommon.c + Pk/CryptPkcs7VerifyRuntime.c + Pk/CryptPkcs7VerifyEkuRuntime.c + Pk/CryptDhNull.c + Pk/CryptX509.c Pk/CryptAuthenticodeNull.c Pk/CryptTsNull.c - Rand/CryptRandNull.c + Pk/CryptRsaPssNull.c + Pk/CryptRsaPssSignNull.c + Pk/CryptEcNull.c + Pem/CryptPem.c + Bn/CryptBnNull.c + Rand/CryptRand.c + SysCall/CrtWrapper.c SysCall/TimerWrapper.c SysCall/RuntimeMemAllocation.c @@ -77,6 +79,7 @@ MbedTlsLib IntrinsicLib PrintLib + RngLib # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf index 40c56d1b7d..4a519b06ee 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf @@ -45,21 +45,23 @@ Cipher/CryptAeadAesGcmNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c - Pk/CryptRsaPss.c - Pk/CryptRsaPssSignNull.c - Bn/CryptBnNull.c - Pem/CryptPemNull.c - Pk/CryptDhNull.c - Pk/CryptEcNull.c - Pk/CryptPkcs1OaepNull.c - Pk/CryptPkcs5Pbkdf2Null.c + Pk/CryptPkcs1Oaep.c + Pk/CryptPkcs5Pbkdf2.c Pk/CryptPkcs7SignNull.c - Pk/CryptPkcs7VerifyNull.c - Pk/CryptPkcs7VerifyEkuNull.c - Pk/CryptX509Null.c + Pk/CryptPkcs7VerifyCommon.c + Pk/CryptPkcs7VerifyBase.c + Pk/CryptPkcs7VerifyEku.c + Pk/CryptDhNull.c + Pk/CryptX509.c Pk/CryptAuthenticodeNull.c Pk/CryptTsNull.c - Rand/CryptRandNull.c + Pk/CryptRsaPss.c + Pk/CryptRsaPssSignNull.c + Pk/CryptEcNull.c + Pem/CryptPem.c + Bn/CryptBnNull.c + Rand/CryptRand.c + SysCall/CrtWrapper.c SysCall/ConstantTimeClock.c @@ -75,6 +77,7 @@ IntrinsicLib PrintLib MmServicesTableLib + RngLib SynchronizationLib # diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf index def990b996..4e2fb73cd6 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf @@ -27,32 +27,34 @@ [Sources] InternalCryptLib.h - Cipher/CryptAeadAesGcmNull.c - Cipher/CryptAes.c + Hash/CryptMd5.c + Hash/CryptSha1.c Hash/CryptSha256.c Hash/CryptSha512.c Hash/CryptSm3Null.c - Hash/CryptMd5.c - Hash/CryptSha1.c + Hash/CryptParallelHashNull.c Hmac/CryptHmac.c Kdf/CryptHkdf.c + Cipher/CryptAes.c + Cipher/CryptAeadAesGcm.c Pk/CryptRsaBasic.c - Pk/CryptRsaExtNull.c + Pk/CryptRsaExt.c + Pk/CryptPkcs1Oaep.c + Pk/CryptPkcs5Pbkdf2.c + Pk/CryptPkcs7Sign.c + Pk/CryptPkcs7VerifyCommon.c + Pk/CryptPkcs7VerifyBase.c + Pk/CryptPkcs7VerifyEku.c + Pk/CryptDhNull.c + Pk/CryptX509.c + Pk/CryptAuthenticode.c + Pk/CryptTs.c + Pem/CryptPem.c Pk/CryptRsaPss.c - Pk/CryptRsaPssSignNull.c + Pk/CryptRsaPssSign.c Bn/CryptBnNull.c - Pem/CryptPemNull.c - Pk/CryptDhNull.c Pk/CryptEcNull.c - Pk/CryptPkcs1OaepNull.c - Pk/CryptPkcs5Pbkdf2Null.c - Pk/CryptPkcs7SignNull.c - Pk/CryptPkcs7VerifyNull.c - Pk/CryptPkcs7VerifyEkuNull.c - Pk/CryptX509Null.c - Pk/CryptAuthenticodeNull.c - Pk/CryptTsNull.c - Rand/CryptRandNull.c + Rand/CryptRand.c SysCall/CrtWrapper.c [Packages] From 71595f51dd2eec9363a0b895aa70b8b5a30b9c34 Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Mon, 11 Mar 2024 21:07:14 +0800 Subject: [PATCH 285/357] CryptoPkg: Add SHA3/SM3 functions with OpenSSL for MbedTLS REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the MbedTLS 3.3.0 doesn't have SHA3 and SM3 their implementations are based on OpenSSL. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Signed-off-by: Sergii Dmytruk --- .../Library/BaseCryptLibMbedTls/BaseCryptLib.inf | 11 +++++++---- CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf | 9 +++++++-- .../Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf | 3 ++- CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf | 9 +++++++-- .../Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf | 3 ++- CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf | 6 ++++++ CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf | 6 ++++++ 7 files changed, 37 insertions(+), 10 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf index cb282fe648..f015d5afbd 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf @@ -18,6 +18,7 @@ MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER + DEFINE BASE_CRYPT_PATH = ../BaseCryptLib # # The following information is for reference only and not required by the build tools. @@ -31,10 +32,12 @@ Hash/CryptSha1.c Hash/CryptSha256.c Hash/CryptSha512.c - Hash/CryptSm3Null.c - - Hash/CryptParallelHashNull.c - + $(BASE_CRYPT_PATH)/Hash/CryptCShake256.c + $(BASE_CRYPT_PATH)/Hash/CryptDispatchApDxe.c + $(BASE_CRYPT_PATH)/Hash/CryptParallelHash.c + $(BASE_CRYPT_PATH)/Hash/CryptSha3.c + $(BASE_CRYPT_PATH)/Hash/CryptSm3.c + $(BASE_CRYPT_PATH)/Hash/CryptXkcp.c Hmac/CryptHmac.c Kdf/CryptHkdf.c Cipher/CryptAes.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf index 660e11a96e..479bb2f87d 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf @@ -26,6 +26,7 @@ MODULE_TYPE = PEIM VERSION_STRING = 1.0 LIBRARY_CLASS = BaseCryptLib|PEIM PEI_CORE + DEFINE BASE_CRYPT_PATH = ../BaseCryptLib # # The following information is for reference only and not required by the build tools. @@ -38,9 +39,13 @@ Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c - Hash/CryptSm3Null.c Hash/CryptSha512.c - Hash/CryptParallelHashNull.c + $(BASE_CRYPT_PATH)/Hash/CryptCShake256.c + $(BASE_CRYPT_PATH)/Hash/CryptDispatchApPei.c + $(BASE_CRYPT_PATH)/Hash/CryptParallelHash.c + $(BASE_CRYPT_PATH)/Hash/CryptSha3.c + $(BASE_CRYPT_PATH)/Hash/CryptSm3.c + $(BASE_CRYPT_PATH)/Hash/CryptXkcp.c Hmac/CryptHmac.c Kdf/CryptHkdf.c Cipher/CryptAes.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf index 280b1a9c29..0179640e03 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf @@ -25,6 +25,7 @@ VERSION_STRING = 1.0 LIBRARY_CLASS = BaseCryptLib|DXE_RUNTIME_DRIVER CONSTRUCTOR = RuntimeCryptLibConstructor + DEFINE BASE_CRYPT_PATH = ../BaseCryptLib # # The following information is for reference only and not required by the build tools. @@ -37,9 +38,9 @@ Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c - Hash/CryptSm3Null.c Hash/CryptSha512.c Hash/CryptParallelHashNull.c + $(BASE_CRYPT_PATH)/Hash/CryptSm3.c Hmac/CryptHmac.c Kdf/CryptHkdf.c Cipher/CryptAes.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf index 4a519b06ee..92013bd514 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf @@ -24,6 +24,7 @@ VERSION_STRING = 1.0 PI_SPECIFICATION_VERSION = 0x0001000A LIBRARY_CLASS = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE MM_STANDALONE + DEFINE BASE_CRYPT_PATH = ../BaseCryptLib # # The following information is for reference only and not required by the build tools. @@ -36,9 +37,13 @@ Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c - Hash/CryptSm3Null.c Hash/CryptSha512.c - Hash/CryptParallelHashNull.c + $(BASE_CRYPT_PATH)/Hash/CryptCShake256.c + $(BASE_CRYPT_PATH)/Hash/CryptDispatchApMm.c + $(BASE_CRYPT_PATH)/Hash/CryptParallelHash.c + $(BASE_CRYPT_PATH)/Hash/CryptSha3.c + $(BASE_CRYPT_PATH)/Hash/CryptSm3.c + $(BASE_CRYPT_PATH)/Hash/CryptXkcp.c Hmac/CryptHmac.c Kdf/CryptHkdf.c Cipher/CryptAes.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf index 4e2fb73cd6..a14e1ab908 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf @@ -18,6 +18,7 @@ MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER + DEFINE BASE_CRYPT_PATH = ../BaseCryptLib # # The following information is for reference only and not required by the build tools. @@ -31,7 +32,7 @@ Hash/CryptSha1.c Hash/CryptSha256.c Hash/CryptSha512.c - Hash/CryptSm3Null.c + $(BASE_CRYPT_PATH)/Hash/CryptSm3.c Hash/CryptParallelHashNull.c Hmac/CryptHmac.c Kdf/CryptHkdf.c diff --git a/CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf b/CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf index adcf770902..93f8e69383 100644 --- a/CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf +++ b/CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf @@ -13,6 +13,7 @@ MODULE_TYPE = BASE VERSION_STRING = 1.0 LIBRARY_CLASS = MbedTlsLib + DEFINE OPENSSL_PATH = ../OpensslLib/openssl # # The following information is for reference only and not required by the build tools. @@ -21,6 +22,11 @@ # [Sources] +# Openssl files list starts here + $(OPENSSL_PATH)/crypto/mem_clr.c + $(OPENSSL_PATH)/crypto/sha/keccak1600.c + $(OPENSSL_PATH)/crypto/sm3/sm3.c +# Openssl files list ends here Include/mbedtls/mbedtls_config.h mbedtls/library/aes.c mbedtls/library/asn1parse.c diff --git a/CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf b/CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf index 7715392a9d..98695312cf 100644 --- a/CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf +++ b/CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf @@ -13,6 +13,7 @@ MODULE_TYPE = BASE VERSION_STRING = 1.0 LIBRARY_CLASS = MbedTlsLib + DEFINE OPENSSL_PATH = ../OpensslLib/openssl # # The following information is for reference only and not required by the build tools. @@ -21,6 +22,11 @@ # [Sources] +# Openssl files list starts here + $(OPENSSL_PATH)/crypto/mem_clr.c + $(OPENSSL_PATH)/crypto/sha/keccak1600.c + $(OPENSSL_PATH)/crypto/sm3/sm3.c +# Openssl files list ends here Include/mbedtls/mbedtls_config.h mbedtls/library/aes.c mbedtls/library/asn1parse.c From ee1d4aaa5d9c4c4c1db6e30e4e87be9ef439fd0e Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 1 Jun 2024 17:04:56 +0300 Subject: [PATCH 286/357] CryptoPkg: Fix linker warnings related to incompatible types LTO builds do stricter type checking than no-LTO builds and it complains about several files that use incompatible declarations. struct tm was fine, it just had to be removed after including because that file contains the same declaration. Signed-off-by: Sergii Dmytruk --- .../SysCall/ConstantTimeClock.c | 20 +------------------ .../SysCall/TimerWrapper.c | 20 +------------------ CryptoPkg/Library/MbedTlsLib/CrtWrapper.c | 2 +- 3 files changed, 3 insertions(+), 39 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c index 2ec13ef9d0..6f5d62b93d 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c @@ -18,27 +18,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ #include +#include #include -typedef int time_t; - -// -// Structures Definitions -// -struct tm { - int tm_sec; /* seconds after the minute [0-60] */ - int tm_min; /* minutes after the hour [0-59] */ - int tm_hour; /* hours since midnight [0-23] */ - int tm_mday; /* day of the month [1-31] */ - int tm_mon; /* months since January [0-11] */ - int tm_year; /* years since 1900 */ - int tm_wday; /* days since Sunday [0-6] */ - int tm_yday; /* days since January 1 [0-365] */ - int tm_isdst; /* Daylight Savings Time flag */ - long tm_gmtoff; /* offset from CUT in seconds */ - char *tm_zone; /* timezone abbreviation */ -}; - // // -- Time Management Routines -- // diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c index b7cd4d3181..669696b99a 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c @@ -8,29 +8,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ #include +#include #include #include #include -typedef int time_t; - -// -// Structures Definitions -// -struct tm { - int tm_sec; /* seconds after the minute [0-60] */ - int tm_min; /* minutes after the hour [0-59] */ - int tm_hour; /* hours since midnight [0-23] */ - int tm_mday; /* day of the month [1-31] */ - int tm_mon; /* months since January [0-11] */ - int tm_year; /* years since 1900 */ - int tm_wday; /* days since Sunday [0-6] */ - int tm_yday; /* days since January 1 [0-365] */ - int tm_isdst; /* Daylight Savings Time flag */ - long tm_gmtoff; /* offset from CUT in seconds */ - char *tm_zone; /* timezone abbreviation */ -}; - // // -- Time Management Routines -- // diff --git a/CryptoPkg/Library/MbedTlsLib/CrtWrapper.c b/CryptoPkg/Library/MbedTlsLib/CrtWrapper.c index 04d2877e7d..3bec39deb7 100644 --- a/CryptoPkg/Library/MbedTlsLib/CrtWrapper.c +++ b/CryptoPkg/Library/MbedTlsLib/CrtWrapper.c @@ -18,7 +18,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent int my_snprintf ( char *str, - size_t size, + long long size, const char *format, ... ) From d40d003f2cb755a329da023f2a0e5cc4d12323e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 22 Feb 2021 23:55:53 +0100 Subject: [PATCH 287/357] UefiPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c: use detection command that work on SLB9665 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../Tcg/Tcg2Config/Tcg2ConfigPeim.c | 27 ++----------------- 1 file changed, 2 insertions(+), 25 deletions(-) diff --git a/DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c index 9234dd9119..53acf45c84 100644 --- a/DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c +++ b/DasharoPayloadPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c @@ -33,39 +33,16 @@ STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = { NULL }; -#pragma pack (1) - -typedef struct { - TPM_RSP_COMMAND_HDR Hdr; - TPM_CURRENT_TICKS CurrentTicks; -} TPM_RSP_GET_TICKS; - -#pragma pack () - static EFI_STATUS TestTpm12 ( ) { - EFI_STATUS Status; - TPM_RQU_COMMAND_HDR Command; - TPM_RSP_GET_TICKS Response; - UINT32 Length; - - Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); - Command.paramSize = SwapBytes32 (sizeof (Command)); - Command.ordinal = SwapBytes32 (TPM_ORD_GetTicks); + TPM_STCLEAR_FLAGS VolatileFlags; - Length = sizeof (Response); - Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); - if (EFI_ERROR (Status)) { - return Status; - } - - return EFI_SUCCESS; + return Tpm12GetCapabilityFlagVolatile (&VolatileFlags); } - /** The entry point for Tcg2 configuration driver. From e772e65365b5a190fcb8a0daca69789e53216378 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 28 May 2024 11:38:26 +0200 Subject: [PATCH 288/357] DasharoPayloadPkg/GraphicsOutputDxe: Allow FB to be at offset from BAR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On MTL the framebuffer is at BAR2 + some offset. Allow for this case when validating the framebuffer info received from coreboot. Signed-off-by: Michał Kopeć --- DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutput.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutput.c b/DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutput.c index 43787d279a..86ca2f1e33 100644 --- a/DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutput.c +++ b/DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutput.c @@ -406,8 +406,9 @@ GraphicsOutputDriverBindingStart ( FrameBufferBase = Resources->AddrRangeMin; } if (DeviceInfo->BarIndex == MAX_UINT8) { - if (Resources->AddrRangeMin == GraphicsInfo->FrameBufferBase) { - FrameBufferBase = Resources->AddrRangeMin; + if (Resources->AddrRangeMin <= GraphicsInfo->FrameBufferBase + && Resources->AddrRangeMin + Resources->AddrLen >= GraphicsInfo->FrameBufferBase + GraphicsInfo->FrameBufferSize ) { + FrameBufferBase = GraphicsInfo->FrameBufferBase; break; } } else { From 6ca206042ff7e436140fb3389162229947335fc4 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Fri, 7 Jun 2024 21:14:10 +0300 Subject: [PATCH 289/357] CryptoPkg,DasharoPayloadPkg: extract MbedTlsCrtLib to manage allocations MbedTLS implementation uses hooks to perform memory allocations which prior to this commit unconditionally used AllocateZeroPool() which is a problem after ExitBootServices() where page allocations are unavailable. Move CrtWrapper.c with current implementation a separate library MbedTlsCrtLib to be used everywhere other than runtime phase. Make similar MbedTlsCrtRuntimeLib library for runtime only which uses malloc()/free() provided by MbedTlsLib/SysCall/RuntimeMemAllocation.c. Signed-off-by: Sergii Dmytruk --- .../CrtWrapper.c | 0 .../Library/MbedTlsCrtLib/MbedTlsCrtLib.inf | 40 ++++++++ .../Library/MbedTlsCrtRuntimeLib/CrtWrapper.c | 99 +++++++++++++++++++ .../MbedTlsCrtRuntimeLib.inf | 42 ++++++++ CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf | 2 +- .../Library/MbedTlsLib/MbedTlsLibFull.inf | 2 +- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 + 7 files changed, 185 insertions(+), 2 deletions(-) rename CryptoPkg/Library/{MbedTlsLib => MbedTlsCrtLib}/CrtWrapper.c (100%) create mode 100644 CryptoPkg/Library/MbedTlsCrtLib/MbedTlsCrtLib.inf create mode 100644 CryptoPkg/Library/MbedTlsCrtRuntimeLib/CrtWrapper.c create mode 100644 CryptoPkg/Library/MbedTlsCrtRuntimeLib/MbedTlsCrtRuntimeLib.inf diff --git a/CryptoPkg/Library/MbedTlsLib/CrtWrapper.c b/CryptoPkg/Library/MbedTlsCrtLib/CrtWrapper.c similarity index 100% rename from CryptoPkg/Library/MbedTlsLib/CrtWrapper.c rename to CryptoPkg/Library/MbedTlsCrtLib/CrtWrapper.c diff --git a/CryptoPkg/Library/MbedTlsCrtLib/MbedTlsCrtLib.inf b/CryptoPkg/Library/MbedTlsCrtLib/MbedTlsCrtLib.inf new file mode 100644 index 0000000000..0fdabfd2b9 --- /dev/null +++ b/CryptoPkg/Library/MbedTlsCrtLib/MbedTlsCrtLib.inf @@ -0,0 +1,40 @@ +## @file +# Pre-runtime library with basic functions needed by the MbedTls. +# +# To be used by all consumers of MbedTlsLib except for DXE_RUNTIME_DRIVER kind +# which would cause a crash due to MemoryAllocationLib trying to use boot +# services after they are gone (unless some special kind of MemoryAllocationLib +# is employed). +# +# Copyright (c) 2023, Intel Corporation. All rights reserved.
+# Copyright (c) 2024, 3mdeb Sp. z o.o. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = MbedTlsCrtLib + FILE_GUID = 29A024DF-8D89-495C-8872-1A195214A980 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = MbedTlsCrtLib|SEC PEIM DXE_DRIVER DXE_SMM_DRIVER UEFI_DRIVER UEFI_APPLICATION + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 +# + +[Sources] + CrtWrapper.c + +[Packages] + CryptoPkg/CryptoPkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib diff --git a/CryptoPkg/Library/MbedTlsCrtRuntimeLib/CrtWrapper.c b/CryptoPkg/Library/MbedTlsCrtRuntimeLib/CrtWrapper.c new file mode 100644 index 0000000000..b91cd5812c --- /dev/null +++ b/CryptoPkg/Library/MbedTlsCrtRuntimeLib/CrtWrapper.c @@ -0,0 +1,99 @@ +/** @file + C Run-Time Libraries (CRT) Wrapper Implementation for MbedTLS-based + Cryptographic Library. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+Copyright (c) 2024, 3mdeb Sp. z o.o. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include + +#include +#include + +int +my_snprintf ( + char *str, + long long size, + const char *format, + ... + ) +{ + return 0; +} + +// +// Extra header to record the memory buffer size from malloc routine. +// +#define CRYPTMEM_HEAD_SIGNATURE SIGNATURE_32('c','m','h','d') +typedef struct { + UINT32 Signature; + UINT32 Reserved; + UINTN Size; +} CRYPTMEM_HEAD; + +#define CRYPTMEM_OVERHEAD sizeof(CRYPTMEM_HEAD) + +// +// -- Memory-Allocation Routines -- +// + +/* Allocates memory blocks */ +void * +mbedtls_calloc ( + size_t num, + size_t size + ) +{ + CRYPTMEM_HEAD *PoolHdr; + UINTN NewSize; + VOID *Data; + + // + // Adjust the size by the buffer header overhead + // + NewSize = (UINTN)(size * num) + CRYPTMEM_OVERHEAD; + + Data = malloc (NewSize); + if (Data != NULL) { + ZeroMem (Data, NewSize); + + PoolHdr = (CRYPTMEM_HEAD *)Data; + // + // Record the memory brief information + // + PoolHdr->Signature = CRYPTMEM_HEAD_SIGNATURE; + PoolHdr->Size = size; + + return (VOID *)(PoolHdr + 1); + } else { + // + // The buffer allocation failed. + // + return NULL; + } +} + +/* De-allocates or frees a memory block */ +void +mbedtls_free ( + void *ptr + ) +{ + CRYPTMEM_HEAD *PoolHdr; + + // + // In Standard C, free() handles a null pointer argument transparently. This + // is not true of FreePool() below, so protect it. + // + if (ptr != NULL) { + PoolHdr = (CRYPTMEM_HEAD *)ptr - 1; + ASSERT (PoolHdr->Signature == CRYPTMEM_HEAD_SIGNATURE); + free (PoolHdr); + } +} diff --git a/CryptoPkg/Library/MbedTlsCrtRuntimeLib/MbedTlsCrtRuntimeLib.inf b/CryptoPkg/Library/MbedTlsCrtRuntimeLib/MbedTlsCrtRuntimeLib.inf new file mode 100644 index 0000000000..5d7c55020e --- /dev/null +++ b/CryptoPkg/Library/MbedTlsCrtRuntimeLib/MbedTlsCrtRuntimeLib.inf @@ -0,0 +1,42 @@ +## @file +# Runtime library with basic functions needed by the MbedTls. +# +# After ExitBootServices() gBS used by memory allocation libraries is no +# longer available because and EDK can no longer take any more RAM for itself. +# The only way of having dynamic memory allocation is to have a heap like in C +# backed up by a pre-allocated memory. This library redirects MbedTls to such +# a heap. +# +# Copyright (c) 2023, Intel Corporation. All rights reserved.
+# Copyright (c) 2024, 3mdeb Sp. z o.o. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = MbedTlsCrtRuntimeLib + FILE_GUID = 7F586875-08E6-4F95-A9C2-125F74993A86 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = MbedTlsCrtLib|DXE_RUNTIME_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 +# + +[Sources] + # Actual implementation of malloc() and free() are already available in + # BaseCryptLibMbedTls, the CrtWrapper.c basically just redirects to them. + CrtWrapper.c + +[Packages] + CryptoPkg/CryptoPkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib diff --git a/CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf b/CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf index 93f8e69383..35e70d4256 100644 --- a/CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf +++ b/CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf @@ -93,7 +93,6 @@ mbedtls/library/x509_csr.c mbedtls/library/pkcs7.c mbedtls/library/platform_util.c - CrtWrapper.c [Packages] MdePkg/MdePkg.dec @@ -103,6 +102,7 @@ BaseLib BaseMemoryLib DebugLib + MbedTlsCrtLib MemoryAllocationLib [BuildOptions] diff --git a/CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf b/CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf index 98695312cf..95ec8d8cd2 100644 --- a/CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf +++ b/CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf @@ -97,7 +97,6 @@ mbedtls/library/x509_csr.c mbedtls/library/pkcs7.c mbedtls/library/platform_util.c - CrtWrapper.c [Packages] MdePkg/MdePkg.dec @@ -107,6 +106,7 @@ BaseLib BaseMemoryLib DebugLib + MbedTlsCrtLib MemoryAllocationLib [BuildOptions] diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index b58c7b45c4..33150be4eb 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -297,6 +297,7 @@ !include NetworkPkg/NetworkLibs.dsc.inc MbedTlsLib|CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf + MbedTlsCrtLib|CryptoPkg/Library/MbedTlsCrtLib/MbedTlsCrtLib.inf !if $(NETWORK_TLS_ENABLE) == TRUE TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf !endif @@ -405,6 +406,7 @@ BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf + MbedTlsCrtLib|CryptoPkg/Library/MbedTlsCrtRuntimeLib/MbedTlsCrtRuntimeLib.inf [LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf From 784750e01d26f0fc473edc01cc50d7c45f74336f Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Fri, 7 Jun 2024 16:36:10 +0300 Subject: [PATCH 290/357] CryptoPkg/Library/BaseCryptLibMbedTls: use calloc()/free() in CryptPkcs7VerifyCommon.c AllocateZeroPool() can't be used after ExitBootServices() and that's what happened without this change when OS was trying to update "dbx" variable. It requires use of authenticated variables therefore PKCS 7 and this particular file of BaseCryptLibMbedTls thus causing firmware to crash. There was no calloc() so added it as a form of an API to hide the fact that memory is managed differently in different phases. Using calloc()/free() outside of runtime (RT) phase causes trouble, so non-RT modules will continue to rely on MemoryAllocationLib through redirection in MbedTlsCrtLib while RT modules will use a heap invoked by MbedTlsCrtRuntimeLib. While at it, fixed memory leaks in WrapPkcs7Data() and Pkcs7GetSigners(). Signed-off-by: Sergii Dmytruk --- .../BaseCryptLibMbedTls/BaseCryptLib.inf | 3 ++- .../Pk/CryptPkcs7VerifyCommon.c | 22 +++++++++++++------ CryptoPkg/Library/Include/CrtLibSupport.h | 6 +++++ CryptoPkg/Library/MbedTlsCrtLib/CrtWrapper.c | 19 ++++++++++++++++ .../Library/MbedTlsCrtRuntimeLib/CrtWrapper.c | 10 +++++++++ 5 files changed, 52 insertions(+), 8 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf index f015d5afbd..4ef40e81cf 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf @@ -17,7 +17,7 @@ FILE_GUID = 693C5308-AF95-4CE5-ADE9-CA011C2FC642 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER DEFINE BASE_CRYPT_PATH = ../BaseCryptLib # @@ -79,6 +79,7 @@ IntrinsicLib RngLib SynchronizationLib + MbedTlsCrtLib [Protocols] gEfiMpServiceProtocolGuid # diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c index e9f1b0efdd..0f80c3c080 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c @@ -989,7 +989,7 @@ WrapPkcs7Data ( // Wrap PKCS#7 signeddata to a ContentInfo structure - add a header in 19 bytes. // *WrapDataSize = P7Length + 19; - *WrapData = AllocateZeroPool (*WrapDataSize); + *WrapData = calloc (*WrapDataSize, 1); if (*WrapData == NULL) { *WrapFlag = Wrapped; return FALSE; @@ -1116,6 +1116,10 @@ Pkcs7Verify ( Status = MbedTlsPkcs7SignedDataVerify (&Pkcs7, &Crt, InData, (INT32)DataLength); Cleanup: + if (!Wrapped) { + free (WrapData); + } + if (&Crt != NULL) { mbedtls_x509_crt_free (&Crt); } @@ -1144,7 +1148,7 @@ Pkcs7FreeSigners ( return; } - FreePool (Certs); + free (Certs); } /** @@ -1255,14 +1259,14 @@ Pkcs7GetSigners ( OldBuf = CertBuf; BufferSize = OldSize + CertSize + sizeof (UINT32); - CertBuf = AllocateZeroPool (BufferSize); + CertBuf = calloc (BufferSize, 1); if (CertBuf == NULL) { goto _Exit; } if (OldBuf != NULL) { CopyMem (CertBuf, OldBuf, OldSize); - FreePool (OldBuf); + free (OldBuf); OldBuf = NULL; } @@ -1282,7 +1286,7 @@ Pkcs7GetSigners ( CertBuf[0] = Index; *CertLength = BufferSize - OldSize - sizeof (UINT32); - *TrustedCert = AllocateZeroPool (*CertLength); + *TrustedCert = calloc (*CertLength, 1); if (*TrustedCert == NULL) { goto _Exit; } @@ -1294,11 +1298,15 @@ Pkcs7GetSigners ( } _Exit: + if (!Wrapped) { + free (WrapData); + } + // // Release Resources // if (!Status && (CertBuf != NULL)) { - FreePool (CertBuf); + free (CertBuf); *CertStack = NULL; } @@ -1310,7 +1318,7 @@ Pkcs7GetSigners ( } if (OldBuf != NULL) { - FreePool (OldBuf); + free (OldBuf); } return Status; diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h index f36fe08f0c..155417f4a8 100644 --- a/CryptoPkg/Library/Include/CrtLibSupport.h +++ b/CryptoPkg/Library/Include/CrtLibSupport.h @@ -172,6 +172,12 @@ realloc ( size_t ); +void * +calloc ( + size_t, + size_t + ); + void free ( void * diff --git a/CryptoPkg/Library/MbedTlsCrtLib/CrtWrapper.c b/CryptoPkg/Library/MbedTlsCrtLib/CrtWrapper.c index 3bec39deb7..f9e1fa8212 100644 --- a/CryptoPkg/Library/MbedTlsCrtLib/CrtWrapper.c +++ b/CryptoPkg/Library/MbedTlsCrtLib/CrtWrapper.c @@ -76,6 +76,16 @@ mbedtls_calloc ( } } +/* Allocates zero-initialized memory blocks */ +void * +calloc ( + size_t num, + size_t size + ) +{ + return mbedtls_calloc (num, size); +} + /* De-allocates or frees a memory block */ void mbedtls_free ( @@ -94,3 +104,12 @@ mbedtls_free ( FreePool (PoolHdr); } } + +/* De-allocates or frees a memory block */ +void +free ( + void *ptr + ) +{ + mbedtls_free (ptr); +} diff --git a/CryptoPkg/Library/MbedTlsCrtRuntimeLib/CrtWrapper.c b/CryptoPkg/Library/MbedTlsCrtRuntimeLib/CrtWrapper.c index b91cd5812c..6cbcab318b 100644 --- a/CryptoPkg/Library/MbedTlsCrtRuntimeLib/CrtWrapper.c +++ b/CryptoPkg/Library/MbedTlsCrtRuntimeLib/CrtWrapper.c @@ -79,6 +79,16 @@ mbedtls_calloc ( } } +/* Allocates zero-initialized memory blocks */ +void * +calloc ( + size_t num, + size_t size + ) +{ + return mbedtls_calloc (num, size); +} + /* De-allocates or frees a memory block */ void mbedtls_free ( From 2bc2549b8b609e00f7875202bafc8598ee4c8fbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Lewi=C5=84ski?= Date: Tue, 14 May 2024 10:04:32 +0200 Subject: [PATCH 291/357] Add CPU throttling threshold option support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Lewiński --- DasharoModulePkg/DasharoModulePkg.dec | 2 + .../DasharoSystemFeatures.c | 81 +++++++++++++++++++ .../DasharoSystemFeaturesHii.h | 4 + .../DasharoSystemFeaturesStrings.uni | 4 + .../DasharoSystemFeaturesUiLib.inf | 2 + .../DasharoSystemFeaturesVfr.vfr | 17 ++++ 6 files changed, 110 insertions(+) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index c86f2cd295..63cb7adacc 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -73,6 +73,8 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirection2DefaultState|FALSE|BOOLEAN|0x00000001F gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart|FALSE|BOOLEAN|0x000000021 gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtEnableDefault|FALSE|BOOLEAN|0x000000022 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuThrottlingThreshold|TRUE|BOOLEAN|0x00000023 + gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuMaxTemperature|100|UINT8|0x00000024 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 3d6a1ab378..7415ddd330 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -38,6 +38,9 @@ STATIC CHAR16 mBatteryConfigEfiVar[] = L"BatteryConfig"; STATIC CHAR16 mMemoryProfileEfiVar[] = L"MemoryProfile"; STATIC CHAR16 mSerialRedirectionEfiVar[] = L"SerialRedirection"; STATIC CHAR16 mSerialRedirection2EfiVar[] = L"SerialRedirection2"; +STATIC CHAR16 mCpuThrottlingThresholdEfiVar[] = L"CpuThrottlingThreshold"; +STATIC CHAR16 mCpuMaxTemperatureEfiVar[] = L"CpuMaxTemperature"; +STATIC CHAR16 mCpuMinThrottlingThresholdEfiVar[] = L"CpuMinThrottlingThreshold"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -55,6 +58,7 @@ STATIC BOOLEAN mEnableWifiBtDefault = TRUE; STATIC UINT8 mBatteryStartThresholdDefault = 95; STATIC UINT8 mBatteryStopThresholdDefault = 98; STATIC UINT8 mMemoryProfileDefault = MEMORY_PROFILE_JEDEC; +STATIC UINT8 mCpuThrottlingThresholdDefault = 80; STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, @@ -242,6 +246,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowFum = PcdGetBool (PcdShowFum); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPs2Option = PcdGetBool (PcdShowPs2Option); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Have2ndUart = PcdGetBool (PcdHave2ndUart); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowCpuThrottlingThreshold= PcdGetBool (PcdShowCpuThrottlingThreshold); // Ensure at least one option is visible in given menu (if enabled), otherwise hide it if (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSecurityMenu) @@ -743,6 +748,68 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold); + Status = gRT->GetVariable ( + mCpuThrottlingThresholdEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold = mCpuThrottlingThresholdDefault; + Status = gRT->SetVariable ( + mCpuThrottlingThresholdEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold + ); + ASSERT_EFI_ERROR (Status); + } + + BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature); + Status = gRT->GetVariable ( + mCpuMaxTemperatureEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature = FixedPcdGet8(PcdCpuMaxTemperature); + Status = gRT->SetVariable ( + mCpuMaxTemperatureEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature + ); + ASSERT_EFI_ERROR (Status); + } + + BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold); + Status = gRT->GetVariable ( + mCpuMinThrottlingThresholdEfiVar, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold = FixedPcdGet8(PcdCpuMaxTemperature) - 63; + Status = gRT->SetVariable ( + mCpuMinThrottlingThresholdEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold + ); + ASSERT_EFI_ERROR (Status); + } return EFI_SUCCESS; } @@ -1210,6 +1277,20 @@ DasharoSystemFeaturesRouteConfig ( } } + if (Private->DasharoFeaturesData.CpuThrottlingThreshold != + DasharoFeaturesData.CpuThrottlingThreshold) { + Status = gRT->SetVariable ( + mCpuThrottlingThresholdEfiVar, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (DasharoFeaturesData.CpuThrottlingThreshold), + &DasharoFeaturesData.CpuThrottlingThreshold + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 91c1fbb853..b02a5532f6 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -73,6 +73,7 @@ typedef struct { BOOLEAN MeHapAvailable; BOOLEAN S3SupportExperimental; BOOLEAN Have2ndUart; + BOOLEAN ShowCpuThrottlingThreshold; // Feature data BOOLEAN LockBios; BOOLEAN SmmBwp; @@ -96,6 +97,9 @@ typedef struct { UINT8 MemoryProfile; BOOLEAN SerialPortRedirection; BOOLEAN SerialPort2Redirection; + UINT8 CpuThrottlingThreshold; + UINT8 CpuMaxTemperature; + UINT8 CpuMinThrottlingThreshold; } DASHARO_FEATURES_DATA; #define ME_MODE_ENABLE 0 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index c119985923..521ed2ce59 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -167,3 +167,7 @@ #string STR_SERIAL_CONSOLE_REDIRECTION2_PROMPT #language en-US "Enable COM2 Port Console Redirection" #string STR_SERIAL_CONSOLE_REDIRECTION2_HELP #language en-US "Redirect the firmware console to the second serial port." + +#string STR_CPU_THROTTLING_THRESHOLD_PROMPT #language en-US "CPU Throttling Threshold" +#string STR_CPU_THROTTLING_THRESHOLD_HELP #language en-US "The temperature above which the CPU will start throttling itself." +#string STR_CPU_THROTTLING_THRESHOLD_RANGE_ERROR #language en-US "The throttling threshold must be between TjMax - 63 and TjMax!!" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index f89dc1ccff..fdaff30e2f 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -93,5 +93,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirection2DefaultState gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtEnableDefault + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuThrottlingThreshold + gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuMaxTemperature gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 6cf3183d31..161bad774b 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -340,6 +340,23 @@ formset endnumeric; endif; + suppressif ideqval FeaturesData.ShowCpuThrottlingThreshold == 0; + numeric varid = FeaturesData.CpuThrottlingThreshold, + prompt = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_PROMPT), + help = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_HELP), + flags = RESET_REQUIRED | INTERACTIVE, + minimum = 0, // Minimum threshold placeholder + maximum = 200, // Maximum threshold placeholder + step = 1, + nosubmitif prompt = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_RANGE_ERROR), + ideqid FeaturesData.CpuThrottlingThreshold > FeaturesData.CpuMaxTemperature + endif + nosubmitif prompt = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_RANGE_ERROR), + ideqid FeaturesData.CpuThrottlingThreshold < FeaturesData.CpuMinThrottlingThreshold + endif + endnumeric; + endif; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); From 65abd6350f8058315fa2eb457dd1c2be8124dd66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Wed, 5 Jun 2024 12:08:08 +0200 Subject: [PATCH 292/357] Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c: remove unused EFI vars MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../DasharoSystemFeatures.c | 46 +------------------ 1 file changed, 2 insertions(+), 44 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 7415ddd330..54957e0bd7 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -39,8 +39,6 @@ STATIC CHAR16 mMemoryProfileEfiVar[] = L"MemoryProfile"; STATIC CHAR16 mSerialRedirectionEfiVar[] = L"SerialRedirection"; STATIC CHAR16 mSerialRedirection2EfiVar[] = L"SerialRedirection2"; STATIC CHAR16 mCpuThrottlingThresholdEfiVar[] = L"CpuThrottlingThreshold"; -STATIC CHAR16 mCpuMaxTemperatureEfiVar[] = L"CpuMaxTemperature"; -STATIC CHAR16 mCpuMinThrottlingThresholdEfiVar[] = L"CpuMinThrottlingThreshold"; STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; @@ -247,6 +245,8 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPs2Option = PcdGetBool (PcdShowPs2Option); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Have2ndUart = PcdGetBool (PcdHave2ndUart); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowCpuThrottlingThreshold= PcdGetBool (PcdShowCpuThrottlingThreshold); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature = FixedPcdGet8(PcdCpuMaxTemperature); + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold = FixedPcdGet8(PcdCpuMaxTemperature) - 63; // Ensure at least one option is visible in given menu (if enabled), otherwise hide it if (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSecurityMenu) @@ -769,48 +769,6 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } - BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature); - Status = gRT->GetVariable ( - mCpuMaxTemperatureEfiVar, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature - ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature = FixedPcdGet8(PcdCpuMaxTemperature); - Status = gRT->SetVariable ( - mCpuMaxTemperatureEfiVar, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature - ); - ASSERT_EFI_ERROR (Status); - } - - BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold); - Status = gRT->GetVariable ( - mCpuMinThrottlingThresholdEfiVar, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold - ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold = FixedPcdGet8(PcdCpuMaxTemperature) - 63; - Status = gRT->SetVariable ( - mCpuMinThrottlingThresholdEfiVar, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold - ); - ASSERT_EFI_ERROR (Status); - } - return EFI_SUCCESS; } From fc8c25a7327dbd67fcb82f752810c40e95a6aed1 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 25 May 2024 18:39:50 +0300 Subject: [PATCH 293/357] DasharoModulePkg: #define variable names and use consistently This is somewhat then using string literals as making a typo in a macro name will cause a compilation error. Signed-off-by: Sergii Dmytruk --- .../DasharoBootPolicies/BootPolicies.c | 14 +- DasharoModulePkg/Include/DasharoOptions.h | 44 +++- .../DasharoSystemFeatures.c | 207 ++++++++++-------- 3 files changed, 162 insertions(+), 103 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index 457f175611..f275e1bc75 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -59,7 +59,7 @@ InitializeBootPolicies ( mSerialRedirectionPolicy.SerialRedirectionEnabled = FALSE; Status = GetVariable2 ( - L"NetworkBoot", + DASHARO_VAR_NETWORK_BOOT, &gDasharoSystemFeaturesGuid, (VOID **) &EfiVar, &VarSize @@ -82,7 +82,7 @@ InitializeBootPolicies ( } Status = GetVariable2 ( - L"UsbDriverStack", + DASHARO_VAR_USB_STACK, &gDasharoSystemFeaturesGuid, (VOID **) &EfiVar, &VarSize @@ -106,7 +106,7 @@ InitializeBootPolicies ( } Status = GetVariable2 ( - L"UsbMassStorage", + DASHARO_VAR_USB_MASS_STORAGE, &gDasharoSystemFeaturesGuid, (VOID **) &EfiVar, &VarSize @@ -130,7 +130,7 @@ InitializeBootPolicies ( } Status = GetVariable2 ( - L"Ps2Controller", + DASHARO_VAR_PS2_CONTROLLER, &gDasharoSystemFeaturesGuid, (VOID **) &EfiVar, &VarSize @@ -153,7 +153,7 @@ InitializeBootPolicies ( VarSize = sizeof(*IommuConfig); Status = GetVariable2 ( - L"IommuConfig", + DASHARO_VAR_IOMMU_CONFIG, &gDasharoSystemFeaturesGuid, (VOID **) &IommuConfig, &VarSize @@ -183,7 +183,7 @@ InitializeBootPolicies ( VarSize = sizeof(BOOLEAN); Status = GetVariable2 ( - L"SerialRedirection", + DASHARO_VAR_SERIAL_REDIRECTION, &gDasharoSystemFeaturesGuid, (VOID **) &EfiVar, &VarSize @@ -199,7 +199,7 @@ InitializeBootPolicies ( if (FixedPcdGetBool (PcdHave2ndUart)) { VarSize = sizeof(BOOLEAN); Status = GetVariable2 ( - L"SerialRedirection2", + DASHARO_VAR_SERIAL_REDIRECTION2, &gDasharoSystemFeaturesGuid, (VOID **) &EfiVar, &VarSize diff --git a/DasharoModulePkg/Include/DasharoOptions.h b/DasharoModulePkg/Include/DasharoOptions.h index cd54426c63..6d896bf37c 100644 --- a/DasharoModulePkg/Include/DasharoOptions.h +++ b/DasharoModulePkg/Include/DasharoOptions.h @@ -1,5 +1,5 @@ /** @file -Constants for options of Dasharo system features +Declarations for options of Dasharo system features Copyright (c) 2023, 3mdeb Sp. z o.o. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -9,6 +9,48 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #ifndef _DASHARO_OPTIONS_H_ #define _DASHARO_OPTIONS_H_ +// +// Names of Dasharo-specific EFI variables in DasharoSystemFeaturesGuid +// namespace. +// + +// Settings +#define DASHARO_VAR_BATTERY_CONFIG L"BatteryConfig" +#define DASHARO_VAR_BOOT_MANAGER_ENABLED L"BootManagerEnabled" +#define DASHARO_VAR_CPU_MAX_TEMPERATURE L"CpuMaxTemperature" +#define DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD L"CpuMinThrottlingThreshold" +#define DASHARO_VAR_CPU_THROTTLING_THRESHOLD L"CpuThrottlingThreshold" +#define DASHARO_VAR_ENABLE_CAMERA L"EnableCamera" +#define DASHARO_VAR_ENABLE_WIFI_BT L"EnableWifiBt" +#define DASHARO_VAR_FAN_CURVE_OPTION L"FanCurveOption" +#define DASHARO_VAR_FIRMWARE_UPDATE_MODE L"FirmwareUpdateMode" +#define DASHARO_VAR_IOMMU_CONFIG L"IommuConfig" +#define DASHARO_VAR_LOCK_BIOS L"LockBios" +#define DASHARO_VAR_MEMORY_PROFILE L"MemoryProfile" +#define DASHARO_VAR_ME_MODE L"MeMode" +#define DASHARO_VAR_NETWORK_BOOT L"NetworkBoot" +#define DASHARO_VAR_OPTION_ROM_POLICY L"OptionRomPolicy" +#define DASHARO_VAR_POWER_FAILURE_STATE L"PowerFailureState" +#define DASHARO_VAR_PS2_CONTROLLER L"Ps2Controller" +#define DASHARO_VAR_RESIZEABLE_BARS_ENABLED L"PCIeResizeableBarsEnabled" +#define DASHARO_VAR_SERIAL_REDIRECTION L"SerialRedirection" +#define DASHARO_VAR_SERIAL_REDIRECTION2 L"SerialRedirection2" +#define DASHARO_VAR_SLEEP_TYPE L"SleepType" +#define DASHARO_VAR_SMM_BWP L"SmmBwp" +#define DASHARO_VAR_USB_MASS_STORAGE L"UsbMassStorage" +#define DASHARO_VAR_USB_STACK L"UsbDriverStack" +#define DASHARO_VAR_WATCHDOG L"WatchdogConfig" +#define DASHARO_VAR_WATCHDOG_AVAILABLE L"WatchdogAvailable" + +// Other +#define DASHARO_VAR_SMBIOS_UUID L"Type1UUID" +#define DASHARO_VAR_SMBIOS_SN L"Type2SN" + +// +// Constants for some of the above EFI variables which typically have a value of +// UINT8 type. +// + #define DASHARO_OPTION_ROM_POLICY_DISABLE_ALL 0 #define DASHARO_OPTION_ROM_POLICY_ENABLE_ALL 1 #define DASHARO_OPTION_ROM_POLICY_VGA_ONLY 2 diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 54957e0bd7..c10d10fc8e 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -15,31 +15,6 @@ SPDX-License-Identifier: BSD-2-Clause // Feature state STATIC CHAR16 mVarStoreName[] = L"FeaturesData"; -STATIC CHAR16 mLockBiosEfiVar[] = L"LockBios"; -STATIC CHAR16 mSmmBwpEfiVar[] = L"SmmBwp"; -STATIC CHAR16 mMeModeEfiVar[] = L"MeMode"; -STATIC CHAR16 mNetworkBootEfiVar[] = L"NetworkBoot"; -STATIC CHAR16 mUsbStackEfiVar[] = L"UsbDriverStack"; -STATIC CHAR16 mUsbMassStorageEfiVar[] = L"UsbMassStorage"; -STATIC CHAR16 mBootManagerEnabledEfiVar[] = L"BootManagerEnabled"; -STATIC CHAR16 mPs2ControllerEfiVar[] = L"Ps2Controller"; -STATIC CHAR16 mWatchdogEfiVar[] = L"WatchdogConfig"; -STATIC CHAR16 mWatchdogAvailableEfiVar[] = L"WatchdogAvailable"; -STATIC CHAR16 mFanCurveOptionEfiVar[] = L"FanCurveOption"; -STATIC CHAR16 mIommuConfigEfiVar[] = L"IommuConfig"; -STATIC CHAR16 mSleepTypeEfiVar[] = L"SleepType"; -STATIC CHAR16 mFirmwareUpdateModeEfiVar[] = L"FirmwareUpdateMode"; -STATIC CHAR16 mPowerFailureStateEfiVar[] = L"PowerFailureState"; -STATIC CHAR16 mResizeableBarsEnabledEfiVar[] = L"PCIeResizeableBarsEnabled"; -STATIC CHAR16 mOptionRomPolicyEfiVar[] = L"OptionRomPolicy"; -STATIC CHAR16 mEnableCameraEfiVar[] = L"EnableCamera"; -STATIC CHAR16 mEnableWifiBtEfiVar[] = L"EnableWifiBt"; -STATIC CHAR16 mBatteryConfigEfiVar[] = L"BatteryConfig"; -STATIC CHAR16 mMemoryProfileEfiVar[] = L"MemoryProfile"; -STATIC CHAR16 mSerialRedirectionEfiVar[] = L"SerialRedirection"; -STATIC CHAR16 mSerialRedirection2EfiVar[] = L"SerialRedirection2"; -STATIC CHAR16 mCpuThrottlingThresholdEfiVar[] = L"CpuThrottlingThreshold"; - STATIC BOOLEAN mUsbStackDefault = TRUE; STATIC BOOLEAN mUsbMassStorageDefault = TRUE; STATIC BOOLEAN mLockBiosDefault = TRUE; @@ -270,7 +245,7 @@ DasharoSystemFeaturesUiLibConstructor ( // Setup feature state BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); Status = gRT->GetVariable ( - mLockBiosEfiVar, + DASHARO_VAR_LOCK_BIOS, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -280,7 +255,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios = mLockBiosDefault; Status = gRT->SetVariable ( - mLockBiosEfiVar, + DASHARO_VAR_LOCK_BIOS, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios), @@ -291,7 +266,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot); Status = gRT->GetVariable ( - mNetworkBootEfiVar, + DASHARO_VAR_NETWORK_BOOT, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -301,7 +276,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot = PcdGetBool (PcdDefaultNetworkBootEnable); Status = gRT->SetVariable ( - mNetworkBootEfiVar, + DASHARO_VAR_NETWORK_BOOT, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot), @@ -312,7 +287,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack); Status = gRT->GetVariable ( - mUsbStackEfiVar, + DASHARO_VAR_USB_STACK, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -322,7 +297,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack = mUsbStackDefault; Status = gRT->SetVariable ( - mUsbStackEfiVar, + DASHARO_VAR_USB_STACK, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack), @@ -333,7 +308,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage); Status = gRT->GetVariable ( - mUsbMassStorageEfiVar, + DASHARO_VAR_USB_MASS_STORAGE, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -343,7 +318,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage = mUsbMassStorageDefault; Status = gRT->SetVariable ( - mUsbMassStorageEfiVar, + DASHARO_VAR_USB_MASS_STORAGE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage), @@ -354,7 +329,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp); Status = gRT->GetVariable ( - mSmmBwpEfiVar, + DASHARO_VAR_SMM_BWP, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -364,7 +339,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp = mSmmBwpDefault; Status = gRT->SetVariable ( - mSmmBwpEfiVar, + DASHARO_VAR_SMM_BWP, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp), @@ -375,7 +350,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode); Status = gRT->GetVariable ( - mMeModeEfiVar, + DASHARO_VAR_ME_MODE, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -385,7 +360,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode = FixedPcdGet8(PcdIntelMeDefaultState); Status = gRT->SetVariable ( - mMeModeEfiVar, + DASHARO_VAR_ME_MODE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode), @@ -396,7 +371,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution); Status = gRT->GetVariable ( - mOptionRomPolicyEfiVar, + DASHARO_VAR_OPTION_ROM_POLICY, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -408,7 +383,7 @@ DasharoSystemFeaturesUiLibConstructor ( ? OPTION_ROM_POLICY_ENABLE_ALL : OPTION_ROM_POLICY_DISABLE_ALL; Status = gRT->SetVariable ( - mOptionRomPolicyEfiVar, + DASHARO_VAR_OPTION_ROM_POLICY, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution), @@ -419,7 +394,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller); Status = gRT->GetVariable ( - mPs2ControllerEfiVar, + DASHARO_VAR_PS2_CONTROLLER, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -429,7 +404,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller = mPs2ControllerDefault; Status = gRT->SetVariable ( - mPs2ControllerEfiVar, + DASHARO_VAR_PS2_CONTROLLER, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller), @@ -440,7 +415,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogAvailable); Status = gRT->GetVariable ( - mWatchdogAvailableEfiVar, + DASHARO_VAR_WATCHDOG_AVAILABLE, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -451,7 +426,7 @@ DasharoSystemFeaturesUiLibConstructor ( GetDefaultWatchdogConfig(&mDasharoSystemFeaturesPrivate.DasharoFeaturesData); Status = gRT->SetVariable ( - mWatchdogEfiVar, + DASHARO_VAR_WATCHDOG, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig), @@ -460,7 +435,7 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); Status = gRT->SetVariable ( - mWatchdogAvailableEfiVar, + DASHARO_VAR_WATCHDOG_AVAILABLE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogAvailable), @@ -470,7 +445,7 @@ DasharoSystemFeaturesUiLibConstructor ( } else { BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig); Status = gRT->GetVariable ( - mWatchdogEfiVar, + DASHARO_VAR_WATCHDOG, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -479,7 +454,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { Status = gRT->SetVariable ( - mWatchdogEfiVar, + DASHARO_VAR_WATCHDOG, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig), @@ -491,7 +466,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled); Status = gRT->GetVariable( - mBootManagerEnabledEfiVar, + DASHARO_VAR_BOOT_MANAGER_ENABLED, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -500,7 +475,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled = mBootManagerEnabledDefault; Status = gRT->SetVariable( - mBootManagerEnabledEfiVar, + DASHARO_VAR_BOOT_MANAGER_ENABLED, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled), @@ -512,7 +487,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption); Status = gRT->GetVariable ( - mFanCurveOptionEfiVar, + DASHARO_VAR_FAN_CURVE_OPTION, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -522,7 +497,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption = mFanCurveOptionDefault; Status = gRT->SetVariable ( - mFanCurveOptionEfiVar, + DASHARO_VAR_FAN_CURVE_OPTION, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption), @@ -533,7 +508,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig); Status = gRT->GetVariable ( - mIommuConfigEfiVar, + DASHARO_VAR_IOMMU_CONFIG, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -544,7 +519,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig.IommuEnable = mIommuEnableDefault; mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig.IommuHandoff = mIommuHandoffDefault; Status = gRT->SetVariable ( - mIommuConfigEfiVar, + DASHARO_VAR_IOMMU_CONFIG, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig), @@ -555,7 +530,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType); Status = gRT->GetVariable ( - mSleepTypeEfiVar, + DASHARO_VAR_SLEEP_TYPE, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -565,7 +540,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType = mSleepTypeDefault; Status = gRT->SetVariable ( - mSleepTypeEfiVar, + DASHARO_VAR_SLEEP_TYPE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType), @@ -576,7 +551,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState); Status = gRT->GetVariable ( - mPowerFailureStateEfiVar, + DASHARO_VAR_POWER_FAILURE_STATE, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -588,7 +563,7 @@ DasharoSystemFeaturesUiLibConstructor ( FixedPcdGet8 (PcdDefaultPowerFailureState); Status = gRT->SetVariable ( - mPowerFailureStateEfiVar, + DASHARO_VAR_POWER_FAILURE_STATE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState), @@ -599,7 +574,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled); Status = gRT->GetVariable ( - mResizeableBarsEnabledEfiVar, + DASHARO_VAR_RESIZEABLE_BARS_ENABLED, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -609,7 +584,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled = mResizeableBarsEnabledDefault; Status = gRT->SetVariable ( - mResizeableBarsEnabledEfiVar, + DASHARO_VAR_RESIZEABLE_BARS_ENABLED, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled), @@ -620,7 +595,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera); Status = gRT->GetVariable ( - mEnableCameraEfiVar, + DASHARO_VAR_ENABLE_CAMERA, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -630,7 +605,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera = mEnableCameraDefault; Status = gRT->SetVariable ( - mEnableCameraEfiVar, + DASHARO_VAR_ENABLE_CAMERA, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera), @@ -641,7 +616,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt); Status = gRT->GetVariable ( - mEnableWifiBtEfiVar, + DASHARO_VAR_ENABLE_WIFI_BT, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -651,7 +626,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt = mEnableWifiBtDefault; Status = gRT->SetVariable ( - mEnableWifiBtEfiVar, + DASHARO_VAR_ENABLE_WIFI_BT, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt), @@ -662,7 +637,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig); Status = gRT->GetVariable ( - mBatteryConfigEfiVar, + DASHARO_VAR_BATTERY_CONFIG, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -673,7 +648,7 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig.StartThreshold = mBatteryStartThresholdDefault; mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig.StopThreshold = mBatteryStopThresholdDefault; Status = gRT->SetVariable ( - mBatteryConfigEfiVar, + DASHARO_VAR_BATTERY_CONFIG, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig), @@ -684,7 +659,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile); Status = gRT->GetVariable ( - mMemoryProfileEfiVar, + DASHARO_VAR_MEMORY_PROFILE, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -694,7 +669,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile = mMemoryProfileDefault; Status = gRT->SetVariable ( - mMemoryProfileEfiVar, + DASHARO_VAR_MEMORY_PROFILE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile), @@ -705,7 +680,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection); Status = gRT->GetVariable ( - mSerialRedirectionEfiVar, + DASHARO_VAR_SERIAL_REDIRECTION, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -715,7 +690,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection = PcdGetBool (PcdSerialRedirectionDefaultState); Status = gRT->SetVariable ( - mSerialRedirectionEfiVar, + DASHARO_VAR_SERIAL_REDIRECTION, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection), @@ -727,7 +702,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection); Status = gRT->GetVariable ( - mSerialRedirection2EfiVar, + DASHARO_VAR_SERIAL_REDIRECTION2, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -739,7 +714,7 @@ DasharoSystemFeaturesUiLibConstructor ( PcdGetBool (PcdSerialRedirection2DefaultState) : FALSE; Status = gRT->SetVariable ( - mSerialRedirection2EfiVar, + DASHARO_VAR_SERIAL_REDIRECTION2, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection), @@ -750,7 +725,7 @@ DasharoSystemFeaturesUiLibConstructor ( BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold); Status = gRT->GetVariable ( - mCpuThrottlingThresholdEfiVar, + DASHARO_VAR_CPU_THROTTLING_THRESHOLD, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, @@ -760,7 +735,7 @@ DasharoSystemFeaturesUiLibConstructor ( if (Status == EFI_NOT_FOUND) { mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold = mCpuThrottlingThresholdDefault; Status = gRT->SetVariable ( - mCpuThrottlingThresholdEfiVar, + DASHARO_VAR_CPU_THROTTLING_THRESHOLD, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold), @@ -769,6 +744,48 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT_EFI_ERROR (Status); } + BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature); + Status = gRT->GetVariable ( + DASHARO_VAR_CPU_MAX_TEMPERATURE, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature = FixedPcdGet8(PcdCpuMaxTemperature); + Status = gRT->SetVariable ( + DASHARO_VAR_CPU_MAX_TEMPERATURE, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature + ); + ASSERT_EFI_ERROR (Status); + } + + BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold); + Status = gRT->GetVariable ( + DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold + ); + + if (Status == EFI_NOT_FOUND) { + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold = FixedPcdGet8(PcdCpuMaxTemperature) - 63; + Status = gRT->SetVariable ( + DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD, + &gDasharoSystemFeaturesGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold), + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold + ); + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } @@ -957,7 +974,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.LockBios != DasharoFeaturesData.LockBios) { Status = gRT->SetVariable ( - mLockBiosEfiVar, + DASHARO_VAR_LOCK_BIOS, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.LockBios), @@ -970,7 +987,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.SmmBwp != DasharoFeaturesData.SmmBwp) { Status = gRT->SetVariable ( - mSmmBwpEfiVar, + DASHARO_VAR_SMM_BWP, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.SmmBwp), @@ -983,7 +1000,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.NetworkBoot != DasharoFeaturesData.NetworkBoot) { Status = gRT->SetVariable ( - mNetworkBootEfiVar, + DASHARO_VAR_NETWORK_BOOT, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.NetworkBoot), @@ -996,7 +1013,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.UsbStack != DasharoFeaturesData.UsbStack) { Status = gRT->SetVariable ( - mUsbStackEfiVar, + DASHARO_VAR_USB_STACK, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.UsbStack), @@ -1009,7 +1026,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.UsbMassStorage != DasharoFeaturesData.UsbMassStorage) { Status = gRT->SetVariable ( - mUsbMassStorageEfiVar, + DASHARO_VAR_USB_MASS_STORAGE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.UsbMassStorage), @@ -1022,7 +1039,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.MeMode != DasharoFeaturesData.MeMode) { Status = gRT->SetVariable ( - mMeModeEfiVar, + DASHARO_VAR_ME_MODE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.MeMode), @@ -1035,7 +1052,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.Ps2Controller != DasharoFeaturesData.Ps2Controller) { Status = gRT->SetVariable ( - mPs2ControllerEfiVar, + DASHARO_VAR_PS2_CONTROLLER, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.Ps2Controller), @@ -1048,7 +1065,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.FanCurveOption != DasharoFeaturesData.FanCurveOption) { Status = gRT->SetVariable ( - mFanCurveOptionEfiVar, + DASHARO_VAR_FAN_CURVE_OPTION, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.FanCurveOption), @@ -1061,7 +1078,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.BootManagerEnabled != DasharoFeaturesData.BootManagerEnabled) { Status = gRT->SetVariable ( - mBootManagerEnabledEfiVar, + DASHARO_VAR_BOOT_MANAGER_ENABLED, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.BootManagerEnabled), @@ -1077,7 +1094,7 @@ DasharoSystemFeaturesRouteConfig ( Private->DasharoFeaturesData.WatchdogConfig.WatchdogTimeout != DasharoFeaturesData.WatchdogConfig.WatchdogTimeout) { Status = gRT->SetVariable ( - mWatchdogEfiVar, + DASHARO_VAR_WATCHDOG, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.WatchdogConfig), @@ -1091,7 +1108,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.IommuConfig.IommuEnable != DasharoFeaturesData.IommuConfig.IommuEnable || Private->DasharoFeaturesData.IommuConfig.IommuHandoff != DasharoFeaturesData.IommuConfig.IommuHandoff) { Status = gRT->SetVariable ( - mIommuConfigEfiVar, + DASHARO_VAR_IOMMU_CONFIG, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.IommuConfig), @@ -1104,7 +1121,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.SleepType != DasharoFeaturesData.SleepType) { Status = gRT->SetVariable ( - mSleepTypeEfiVar, + DASHARO_VAR_SLEEP_TYPE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.SleepType), @@ -1117,7 +1134,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.PowerFailureState != DasharoFeaturesData.PowerFailureState) { Status = gRT->SetVariable ( - mPowerFailureStateEfiVar, + DASHARO_VAR_POWER_FAILURE_STATE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.PowerFailureState), @@ -1130,7 +1147,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.EnableWifiBt != DasharoFeaturesData.EnableWifiBt) { Status = gRT->SetVariable ( - mEnableWifiBtEfiVar, + DASHARO_VAR_ENABLE_WIFI_BT, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.EnableWifiBt), @@ -1143,7 +1160,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.ResizeableBarsEnabled != DasharoFeaturesData.ResizeableBarsEnabled) { Status = gRT->SetVariable ( - mResizeableBarsEnabledEfiVar, + DASHARO_VAR_RESIZEABLE_BARS_ENABLED, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.ResizeableBarsEnabled), @@ -1156,7 +1173,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.OptionRomExecution != DasharoFeaturesData.OptionRomExecution) { Status = gRT->SetVariable ( - mOptionRomPolicyEfiVar, + DASHARO_VAR_OPTION_ROM_POLICY, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.OptionRomExecution), @@ -1169,7 +1186,7 @@ DasharoSystemFeaturesRouteConfig ( if(Private->DasharoFeaturesData.EnableCamera != DasharoFeaturesData.EnableCamera) { Status = gRT->SetVariable ( - mEnableCameraEfiVar, + DASHARO_VAR_ENABLE_CAMERA, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.EnableCamera), @@ -1185,7 +1202,7 @@ DasharoSystemFeaturesRouteConfig ( Private->DasharoFeaturesData.BatteryConfig.StopThreshold != DasharoFeaturesData.BatteryConfig.StopThreshold) { Status = gRT->SetVariable ( - mBatteryConfigEfiVar, + DASHARO_VAR_BATTERY_CONFIG, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.BatteryConfig), @@ -1198,7 +1215,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.MemoryProfile != DasharoFeaturesData.MemoryProfile) { Status = gRT->SetVariable ( - mMemoryProfileEfiVar, + DASHARO_VAR_MEMORY_PROFILE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.MemoryProfile), @@ -1211,7 +1228,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.SerialPortRedirection != DasharoFeaturesData.SerialPortRedirection) { Status = gRT->SetVariable ( - mSerialRedirectionEfiVar, + DASHARO_VAR_SERIAL_REDIRECTION, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.SerialPortRedirection), @@ -1224,7 +1241,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.SerialPort2Redirection != DasharoFeaturesData.SerialPort2Redirection) { Status = gRT->SetVariable ( - mSerialRedirection2EfiVar, + DASHARO_VAR_SERIAL_REDIRECTION2, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.SerialPort2Redirection), @@ -1238,7 +1255,7 @@ DasharoSystemFeaturesRouteConfig ( if (Private->DasharoFeaturesData.CpuThrottlingThreshold != DasharoFeaturesData.CpuThrottlingThreshold) { Status = gRT->SetVariable ( - mCpuThrottlingThresholdEfiVar, + DASHARO_VAR_CPU_THROTTLING_THRESHOLD, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (DasharoFeaturesData.CpuThrottlingThreshold), @@ -1420,7 +1437,7 @@ DasharoSystemFeaturesCallback ( if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { Status = gRT->SetVariable ( - mFirmwareUpdateModeEfiVar, + DASHARO_VAR_FIRMWARE_UPDATE_MODE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, sizeof (Enable), From f777376cf15d4f1d0d52f8cc60b0a3874c4686e9 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 25 May 2024 18:49:34 +0300 Subject: [PATCH 294/357] DasharoModulePkg: move more declarations to DasharoOptions.h To have all of them collected in one place and have no need to reach into HII-related header from unrelated parts of the code. Signed-off-by: Sergii Dmytruk --- .../DasharoBootPolicies/BootPolicies.c | 4 +- DasharoModulePkg/Include/DasharoOptions.h | 45 ++++++++ .../DasharoSystemFeaturesHii.h | 109 ++++++++---------- 3 files changed, 97 insertions(+), 61 deletions(-) diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index f275e1bc75..e57250ef65 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -13,7 +13,7 @@ Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved #include #include #include "BootPolicies.h" -#include "Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h" +#include #include #include @@ -41,7 +41,7 @@ InitializeBootPolicies ( EFI_STATUS Status = EFI_SUCCESS; BOOLEAN *EfiVar; UINTN VarSize = sizeof(BOOLEAN); - IOMMU_CONFIG *IommuConfig; + DASHARO_IOMMU_CONFIG *IommuConfig; UINT8 PcdVal = 0; gBS = SystemTable->BootServices; diff --git a/DasharoModulePkg/Include/DasharoOptions.h b/DasharoModulePkg/Include/DasharoOptions.h index 6d896bf37c..5aec453a22 100644 --- a/DasharoModulePkg/Include/DasharoOptions.h +++ b/DasharoModulePkg/Include/DasharoOptions.h @@ -51,8 +51,53 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // UINT8 type. // +#define DASHARO_FAN_CURVE_OPTION_SILENT 0 +#define DASHARO_FAN_CURVE_OPTION_PERFORMANCE 1 + +#define DASHARO_ME_MODE_ENABLE 0 +#define DASHARO_ME_MODE_DISABLE_HECI 1 +#define DASHARO_ME_MODE_DISABLE_HAP 2 + #define DASHARO_OPTION_ROM_POLICY_DISABLE_ALL 0 #define DASHARO_OPTION_ROM_POLICY_ENABLE_ALL 1 #define DASHARO_OPTION_ROM_POLICY_VGA_ONLY 2 +#define DASHARO_SLEEP_TYPE_S0IX 0 +#define DASHARO_SLEEP_TYPE_S3 1 + +#define DASHARO_POWER_FAILURE_STATE_OFF 0 +#define DASHARO_POWER_FAILURE_STATE_ON 1 +#define DASHARO_POWER_FAILURE_STATE_KEEP 2 +#define DASHARO_POWER_FAILURE_STATE_HIDDEN 0xff + +// The values aren't random, they match FSP_M_CONFIG::SpdProfileSelected +#define DASHARO_MEMORY_PROFILE_JEDEC 0 +#define DASHARO_MEMORY_PROFILE_XMP1 2 +#define DASHARO_MEMORY_PROFILE_XMP2 3 +#define DASHARO_MEMORY_PROFILE_XMP3 4 + +// +// Structures describing format of some of the above EFI variables. Must be +// packed. +// + +#pragma pack(push,1) + +typedef struct { + BOOLEAN WatchdogEnable; + UINT16 WatchdogTimeout; +} DASHARO_WATCHDOG_CONFIG; + +typedef struct { + BOOLEAN IommuEnable; + BOOLEAN IommuHandoff; +} DASHARO_IOMMU_CONFIG; + +typedef struct { + UINT8 StartThreshold; + UINT8 StopThreshold; +} DASHARO_BATTERY_CONFIG; + +#pragma pack(pop) + #endif diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index b02a5532f6..b126217cfa 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -27,26 +27,6 @@ SPDX-License-Identifier: BSD-2-Clause #define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 -#pragma pack(push,1) -typedef struct { - BOOLEAN WatchdogEnable; - UINT16 WatchdogTimeout; -} WATCHDOG_CONFIG; - -typedef struct { - BOOLEAN IommuEnable; - BOOLEAN IommuHandoff; -} IOMMU_CONFIG; - -typedef struct { - UINT8 StartThreshold; - UINT8 StopThreshold; -} BATTERY_CONFIG; -#pragma pack(pop) - -#define FAN_CURVE_OPTION_SILENT 0 -#define FAN_CURVE_OPTION_PERFORMANCE 1 - typedef struct { // Feature visibility BOOLEAN ShowSecurityMenu; @@ -74,55 +54,66 @@ typedef struct { BOOLEAN S3SupportExperimental; BOOLEAN Have2ndUart; BOOLEAN ShowCpuThrottlingThreshold; + // Feature data - BOOLEAN LockBios; - BOOLEAN SmmBwp; - BOOLEAN NetworkBoot; - BOOLEAN UsbStack; - BOOLEAN UsbMassStorage; - UINT8 MeMode; - BOOLEAN Ps2Controller; - WATCHDOG_CONFIG WatchdogConfig; - BOOLEAN WatchdogAvailable; - UINT8 FanCurveOption; - IOMMU_CONFIG IommuConfig; - BOOLEAN BootManagerEnabled; - UINT8 SleepType; - UINT8 PowerFailureState; - BOOLEAN ResizeableBarsEnabled; - UINT8 OptionRomExecution; - BOOLEAN EnableCamera; - BOOLEAN EnableWifiBt; - BATTERY_CONFIG BatteryConfig; - UINT8 MemoryProfile; - BOOLEAN SerialPortRedirection; - BOOLEAN SerialPort2Redirection; - UINT8 CpuThrottlingThreshold; - UINT8 CpuMaxTemperature; - UINT8 CpuMinThrottlingThreshold; + BOOLEAN LockBios; + BOOLEAN SmmBwp; + BOOLEAN NetworkBoot; + BOOLEAN UsbStack; + BOOLEAN UsbMassStorage; + UINT8 MeMode; + BOOLEAN Ps2Controller; + DASHARO_WATCHDOG_CONFIG WatchdogConfig; + BOOLEAN WatchdogAvailable; + UINT8 FanCurveOption; + DASHARO_IOMMU_CONFIG IommuConfig; + BOOLEAN BootManagerEnabled; + UINT8 SleepType; + UINT8 PowerFailureState; + BOOLEAN ResizeableBarsEnabled; + UINT8 OptionRomExecution; + BOOLEAN EnableCamera; + BOOLEAN EnableWifiBt; + DASHARO_BATTERY_CONFIG BatteryConfig; + UINT8 MemoryProfile; + BOOLEAN SerialPortRedirection; + BOOLEAN SerialPort2Redirection; + UINT8 CpuThrottlingThreshold; + UINT8 CpuMaxTemperature; + UINT8 CpuMinThrottlingThreshold; } DASHARO_FEATURES_DATA; -#define ME_MODE_ENABLE 0 -#define ME_MODE_DISABLE_HECI 1 -#define ME_MODE_DISABLE_HAP 2 +// +// DasharoOptions.h can be included by files unrelated to Dasharo in which case +// it's useful to indicate where they came from. +// +// HII code, however, is already specific to Dasharo and there is no need to +// have extra 8 characters here. +// + +#define FAN_CURVE_OPTION_SILENT DASHARO_FAN_CURVE_OPTION_SILENT +#define FAN_CURVE_OPTION_PERFORMANCE DASHARO_FAN_CURVE_OPTION_PERFORMANCE + +#define ME_MODE_ENABLE DASHARO_ME_MODE_ENABLE +#define ME_MODE_DISABLE_HECI DASHARO_ME_MODE_DISABLE_HECI +#define ME_MODE_DISABLE_HAP DASHARO_ME_MODE_DISABLE_HAP #define OPTION_ROM_POLICY_DISABLE_ALL DASHARO_OPTION_ROM_POLICY_DISABLE_ALL #define OPTION_ROM_POLICY_ENABLE_ALL DASHARO_OPTION_ROM_POLICY_ENABLE_ALL #define OPTION_ROM_POLICY_VGA_ONLY DASHARO_OPTION_ROM_POLICY_VGA_ONLY -#define SLEEP_TYPE_S0IX 0 -#define SLEEP_TYPE_S3 1 +#define SLEEP_TYPE_S0IX DASHARO_SLEEP_TYPE_S0IX +#define SLEEP_TYPE_S3 DASHARO_SLEEP_TYPE_S3 -#define POWER_FAILURE_STATE_OFF 0 -#define POWER_FAILURE_STATE_ON 1 -#define POWER_FAILURE_STATE_KEEP 2 -#define POWER_FAILURE_STATE_HIDDEN 0xff +#define POWER_FAILURE_STATE_OFF DASHARO_POWER_FAILURE_STATE_OFF +#define POWER_FAILURE_STATE_ON DASHARO_POWER_FAILURE_STATE_ON +#define POWER_FAILURE_STATE_KEEP DASHARO_POWER_FAILURE_STATE_KEEP +#define POWER_FAILURE_STATE_HIDDEN DASHARO_POWER_FAILURE_STATE_HIDDEN -// Values aren't random, they match FSP_M_CONFIG::SpdProfileSelected -#define MEMORY_PROFILE_JEDEC 0 -#define MEMORY_PROFILE_XMP1 2 -#define MEMORY_PROFILE_XMP2 3 -#define MEMORY_PROFILE_XMP3 4 +#define MEMORY_PROFILE_JEDEC DASHARO_MEMORY_PROFILE_JEDEC +#define MEMORY_PROFILE_XMP1 DASHARO_MEMORY_PROFILE_XMP1 +#define MEMORY_PROFILE_XMP2 DASHARO_MEMORY_PROFILE_XMP2 +#define MEMORY_PROFILE_XMP3 DASHARO_MEMORY_PROFILE_XMP3 #define NETWORK_BOOT_QUESTION_ID 0x8000 #define WATCHDOG_ENABLE_QUESTION_ID 0x8001 From 0a2f4927ea93240a912db18263828c9a0552f1c4 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 25 May 2024 18:53:16 +0300 Subject: [PATCH 295/357] DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h: cleanup 1. Remove excessive indentation from some fields of DASHARO_FEATURES_DATA. 2. Add a comment explaining question IDs. 3. Drop gDasharoSystemFeaturesGuid declaration which should be provided by build system. 4. Fix formatting of WATCHDOG_ENABLE_QUESTION_ID. Signed-off-by: Sergii Dmytruk --- .../DasharoSystemFeaturesHii.h | 60 ++++++++++--------- 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index b126217cfa..766a1d6ab6 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -29,31 +29,31 @@ SPDX-License-Identifier: BSD-2-Clause typedef struct { // Feature visibility - BOOLEAN ShowSecurityMenu; - BOOLEAN ShowIntelMeMenu; - BOOLEAN ShowUsbMenu; - BOOLEAN ShowNetworkMenu; - BOOLEAN ShowChipsetMenu; - BOOLEAN ShowPowerMenu; - BOOLEAN ShowPciMenu; - BOOLEAN ShowMemoryMenu; - BOOLEAN ShowSerialPortMenu; - BOOLEAN ShowLockBios; - BOOLEAN ShowSmmBwp; - BOOLEAN ShowFum; - BOOLEAN ShowPs2Option; - BOOLEAN PowerMenuShowFanCurve; - BOOLEAN PowerMenuShowSleepType; - BOOLEAN PowerMenuShowBatteryThresholds; - BOOLEAN DasharoEnterprise; - BOOLEAN SecurityMenuShowIommu; - BOOLEAN PciMenuShowResizeableBars; - BOOLEAN SecurityMenuShowWiFiBt; - BOOLEAN SecurityMenuShowCamera; - BOOLEAN MeHapAvailable; - BOOLEAN S3SupportExperimental; - BOOLEAN Have2ndUart; - BOOLEAN ShowCpuThrottlingThreshold; + BOOLEAN ShowSecurityMenu; + BOOLEAN ShowIntelMeMenu; + BOOLEAN ShowUsbMenu; + BOOLEAN ShowNetworkMenu; + BOOLEAN ShowChipsetMenu; + BOOLEAN ShowPowerMenu; + BOOLEAN ShowPciMenu; + BOOLEAN ShowMemoryMenu; + BOOLEAN ShowSerialPortMenu; + BOOLEAN ShowLockBios; + BOOLEAN ShowSmmBwp; + BOOLEAN ShowFum; + BOOLEAN ShowPs2Option; + BOOLEAN PowerMenuShowFanCurve; + BOOLEAN PowerMenuShowSleepType; + BOOLEAN PowerMenuShowBatteryThresholds; + BOOLEAN DasharoEnterprise; + BOOLEAN SecurityMenuShowIommu; + BOOLEAN PciMenuShowResizeableBars; + BOOLEAN SecurityMenuShowWiFiBt; + BOOLEAN SecurityMenuShowCamera; + BOOLEAN MeHapAvailable; + BOOLEAN S3SupportExperimental; + BOOLEAN Have2ndUart; + BOOLEAN ShowCpuThrottlingThreshold; // Feature data BOOLEAN LockBios; @@ -115,8 +115,14 @@ typedef struct { #define MEMORY_PROFILE_XMP2 DASHARO_MEMORY_PROFILE_XMP2 #define MEMORY_PROFILE_XMP3 DASHARO_MEMORY_PROFILE_XMP3 +// +// Question IDs are used in VFR file to let the code in +// DasharoSystemFeaturesCallback() know what form element caused +// invocation of the callback. +// + #define NETWORK_BOOT_QUESTION_ID 0x8000 -#define WATCHDOG_ENABLE_QUESTION_ID 0x8001 +#define WATCHDOG_ENABLE_QUESTION_ID 0x8001 #define WATCHDOG_TIMEOUT_QUESTION_ID 0x8002 #define FIRMWARE_UPDATE_MODE_QUESTION_ID 0x8003 #define POWER_FAILURE_STATE_QUESTION_ID 0x8004 @@ -128,6 +134,4 @@ typedef struct { #define SLEEP_TYPE_QUESTION_ID 0x800A #define SERIAL_PORT2_REDIR_QUESTION_ID 0x800B -extern EFI_GUID gDasharoSystemFeaturesGuid; - #endif From fc265a24ac1a9c0e20bc529ae938572a17f98db6 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 25 May 2024 19:52:00 +0300 Subject: [PATCH 296/357] DasharoSystemFeaturesUiLib: fix initializing SleepType PcdSleepTypeDefaultS3 wasn't taken into account. Signed-off-by: Sergii Dmytruk --- .../DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index c10d10fc8e..0a537e0ce9 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -24,7 +24,6 @@ STATIC UINT8 mFanCurveOptionDefault = FAN_CURVE_OPTION_SILENT; STATIC UINT8 mIommuEnableDefault = FALSE; STATIC UINT8 mIommuHandoffDefault = FALSE; STATIC BOOLEAN mBootManagerEnabledDefault = TRUE; -STATIC UINT8 mSleepTypeDefault = SLEEP_TYPE_S0IX; STATIC UINT8 mResizeableBarsEnabledDefault = FALSE; STATIC BOOLEAN mEnableCameraDefault = TRUE; STATIC BOOLEAN mEnableWifiBtDefault = TRUE; @@ -538,7 +537,9 @@ DasharoSystemFeaturesUiLibConstructor ( ); if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType = mSleepTypeDefault; + mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType = PcdGetBool (PcdSleepTypeDefaultS3) + ? SLEEP_TYPE_S3 + : SLEEP_TYPE_S0IX; Status = gRT->SetVariable ( DASHARO_VAR_SLEEP_TYPE, &gDasharoSystemFeaturesGuid, From aac70ad466a46e0298a93e828e595fcac3f5c6ef Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sun, 26 May 2024 01:06:56 +0300 Subject: [PATCH 297/357] DasharoModulePkg: move variable creation to DasharoVariablesLib Create a separate library for managing values of variables and create them in the constructor of the new library. This gets rid of the defaults in Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c Signed-off-by: Sergii Dmytruk --- DasharoModulePkg/Include/DasharoOptions.h | 10 + .../DasharoSystemFeatures.c | 396 ++---------------- .../DasharoVariablesLib/DasharoVariablesLib.c | 248 +++++++++++ .../DasharoVariablesLib.inf | 54 +++ .../DasharoVariablesLib.uni | 13 + 5 files changed, 358 insertions(+), 363 deletions(-) create mode 100644 DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c create mode 100644 DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf create mode 100644 DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.uni diff --git a/DasharoModulePkg/Include/DasharoOptions.h b/DasharoModulePkg/Include/DasharoOptions.h index 5aec453a22..24979b0125 100644 --- a/DasharoModulePkg/Include/DasharoOptions.h +++ b/DasharoModulePkg/Include/DasharoOptions.h @@ -100,4 +100,14 @@ typedef struct { #pragma pack(pop) +// Set of possible values of Dasharo variables. +typedef union { + BOOLEAN Boolean; + UINT8 Uint8; + + DASHARO_WATCHDOG_CONFIG Watchdog; + DASHARO_IOMMU_CONFIG Iommu; + DASHARO_BATTERY_CONFIG Battery; +} DASHARO_VAR_DATA; + #endif diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 0a537e0ce9..32929339eb 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -15,23 +15,6 @@ SPDX-License-Identifier: BSD-2-Clause // Feature state STATIC CHAR16 mVarStoreName[] = L"FeaturesData"; -STATIC BOOLEAN mUsbStackDefault = TRUE; -STATIC BOOLEAN mUsbMassStorageDefault = TRUE; -STATIC BOOLEAN mLockBiosDefault = TRUE; -STATIC BOOLEAN mSmmBwpDefault = FALSE; -STATIC BOOLEAN mPs2ControllerDefault = TRUE; -STATIC UINT8 mFanCurveOptionDefault = FAN_CURVE_OPTION_SILENT; -STATIC UINT8 mIommuEnableDefault = FALSE; -STATIC UINT8 mIommuHandoffDefault = FALSE; -STATIC BOOLEAN mBootManagerEnabledDefault = TRUE; -STATIC UINT8 mResizeableBarsEnabledDefault = FALSE; -STATIC BOOLEAN mEnableCameraDefault = TRUE; -STATIC BOOLEAN mEnableWifiBtDefault = TRUE; -STATIC UINT8 mBatteryStartThresholdDefault = 95; -STATIC UINT8 mBatteryStopThresholdDefault = 98; -STATIC UINT8 mMemoryProfileDefault = MEMORY_PROFILE_JEDEC; -STATIC UINT8 mCpuThrottlingThresholdDefault = 80; - STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA mDasharoSystemFeaturesPrivate = { DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_SIGNATURE, NULL, @@ -131,23 +114,6 @@ LocateAcpiTableBySignature ( return Status; } -/** - This function will be called only if the Watchdog variable is not present. - It will populate the initial state based on what coreboot has programmed. - If watchdog was not enabled on first boot, it means it was not enabled, - and watchdog options should be hidden (WatchdogAvailable == FALSE); -**/ -VOID -EFIAPI -GetDefaultWatchdogConfig ( - IN OUT DASHARO_FEATURES_DATA *FeaturesData - ) -{ - FeaturesData->WatchdogAvailable = PcdGetBool (PcdShowOcWdtOptions); - FeaturesData->WatchdogConfig.WatchdogEnable = PcdGetBool (PcdOcWdtEnableDefault); - FeaturesData->WatchdogConfig.WatchdogTimeout = FixedPcdGet16 (PcdOcWdtTimeoutDefault); -} - /** Install Dasharo System Features Menu driver. @@ -250,18 +216,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios = mLockBiosDefault; - Status = gRT->SetVariable ( - DASHARO_VAR_LOCK_BIOS, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot); Status = gRT->GetVariable ( @@ -271,18 +226,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot = PcdGetBool (PcdDefaultNetworkBootEnable); - Status = gRT->SetVariable ( - DASHARO_VAR_NETWORK_BOOT, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack); Status = gRT->GetVariable ( @@ -292,18 +236,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack = mUsbStackDefault; - Status = gRT->SetVariable ( - DASHARO_VAR_USB_STACK, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage); Status = gRT->GetVariable ( @@ -313,18 +246,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage = mUsbMassStorageDefault; - Status = gRT->SetVariable ( - DASHARO_VAR_USB_MASS_STORAGE, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp); Status = gRT->GetVariable ( @@ -334,18 +256,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp = mSmmBwpDefault; - Status = gRT->SetVariable ( - DASHARO_VAR_SMM_BWP, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode); Status = gRT->GetVariable ( @@ -355,18 +266,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode = FixedPcdGet8(PcdIntelMeDefaultState); - Status = gRT->SetVariable ( - DASHARO_VAR_ME_MODE, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution); Status = gRT->GetVariable ( @@ -376,20 +276,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution = PcdGetBool (PcdLoadOptionRoms) - ? OPTION_ROM_POLICY_ENABLE_ALL - : OPTION_ROM_POLICY_DISABLE_ALL; - Status = gRT->SetVariable ( - DASHARO_VAR_OPTION_ROM_POLICY, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller); Status = gRT->GetVariable ( @@ -399,18 +286,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller = mPs2ControllerDefault; - Status = gRT->SetVariable ( - DASHARO_VAR_PS2_CONTROLLER, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogAvailable); Status = gRT->GetVariable ( @@ -420,48 +296,17 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogAvailable ); + ASSERT_EFI_ERROR (Status); - if (Status == EFI_NOT_FOUND) { - GetDefaultWatchdogConfig(&mDasharoSystemFeaturesPrivate.DasharoFeaturesData); - - Status = gRT->SetVariable ( - DASHARO_VAR_WATCHDOG, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig - ); - ASSERT_EFI_ERROR (Status); - - Status = gRT->SetVariable ( - DASHARO_VAR_WATCHDOG_AVAILABLE, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogAvailable), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogAvailable - ); - ASSERT_EFI_ERROR (Status); - } else { - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig); - Status = gRT->GetVariable ( - DASHARO_VAR_WATCHDOG, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig - ); - - if (Status == EFI_NOT_FOUND) { - Status = gRT->SetVariable ( - DASHARO_VAR_WATCHDOG, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig - ); - ASSERT_EFI_ERROR (Status); - } - } + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig); + Status = gRT->GetVariable ( + DASHARO_VAR_WATCHDOG, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig + ); + ASSERT_EFI_ERROR (Status); BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled); Status = gRT->GetVariable( @@ -469,20 +314,9 @@ DasharoSystemFeaturesUiLibConstructor ( &gDasharoSystemFeaturesGuid, NULL, &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled ); - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled = mBootManagerEnabledDefault; - Status = gRT->SetVariable( - DASHARO_VAR_BOOT_MANAGER_ENABLED, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled - ); - - ASSERT_EFI_ERROR(Status); - } + ASSERT_EFI_ERROR(Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption); Status = gRT->GetVariable ( @@ -493,18 +327,6 @@ DasharoSystemFeaturesUiLibConstructor ( &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption ); - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption = mFanCurveOptionDefault; - Status = gRT->SetVariable ( - DASHARO_VAR_FAN_CURVE_OPTION, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption - ); - ASSERT_EFI_ERROR (Status); - } - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig); Status = gRT->GetVariable ( DASHARO_VAR_IOMMU_CONFIG, @@ -513,19 +335,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig.IommuEnable = mIommuEnableDefault; - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig.IommuHandoff = mIommuHandoffDefault; - Status = gRT->SetVariable ( - DASHARO_VAR_IOMMU_CONFIG, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType); Status = gRT->GetVariable ( @@ -535,20 +345,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType = PcdGetBool (PcdSleepTypeDefaultS3) - ? SLEEP_TYPE_S3 - : SLEEP_TYPE_S0IX; - Status = gRT->SetVariable ( - DASHARO_VAR_SLEEP_TYPE, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState); Status = gRT->GetVariable ( @@ -558,20 +355,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState = - FixedPcdGet8 (PcdDefaultPowerFailureState); - - Status = gRT->SetVariable ( - DASHARO_VAR_POWER_FAILURE_STATE, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled); Status = gRT->GetVariable ( @@ -581,18 +365,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled = mResizeableBarsEnabledDefault; - Status = gRT->SetVariable ( - DASHARO_VAR_RESIZEABLE_BARS_ENABLED, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera); Status = gRT->GetVariable ( @@ -602,18 +375,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera = mEnableCameraDefault; - Status = gRT->SetVariable ( - DASHARO_VAR_ENABLE_CAMERA, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt); Status = gRT->GetVariable ( @@ -623,18 +385,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt = mEnableWifiBtDefault; - Status = gRT->SetVariable ( - DASHARO_VAR_ENABLE_WIFI_BT, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig); Status = gRT->GetVariable ( @@ -644,19 +395,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig.StartThreshold = mBatteryStartThresholdDefault; - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig.StopThreshold = mBatteryStopThresholdDefault; - Status = gRT->SetVariable ( - DASHARO_VAR_BATTERY_CONFIG, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile); Status = gRT->GetVariable ( @@ -666,18 +405,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile = mMemoryProfileDefault; - Status = gRT->SetVariable ( - DASHARO_VAR_MEMORY_PROFILE, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection); Status = gRT->GetVariable ( @@ -687,19 +415,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection = PcdGetBool (PcdSerialRedirectionDefaultState); - Status = gRT->SetVariable ( - DASHARO_VAR_SERIAL_REDIRECTION, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection - ); - ASSERT_EFI_ERROR (Status); - } - + ASSERT_EFI_ERROR (Status); BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection); Status = gRT->GetVariable ( @@ -709,20 +425,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection = PcdGetBool(PcdHave2ndUart) ? - PcdGetBool (PcdSerialRedirection2DefaultState) : - FALSE; - Status = gRT->SetVariable ( - DASHARO_VAR_SERIAL_REDIRECTION2, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold); Status = gRT->GetVariable ( @@ -732,18 +435,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold = mCpuThrottlingThresholdDefault; - Status = gRT->SetVariable ( - DASHARO_VAR_CPU_THROTTLING_THRESHOLD, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature); Status = gRT->GetVariable ( @@ -753,18 +445,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature = FixedPcdGet8(PcdCpuMaxTemperature); - Status = gRT->SetVariable ( - DASHARO_VAR_CPU_MAX_TEMPERATURE, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold); Status = gRT->GetVariable ( @@ -774,18 +455,7 @@ DasharoSystemFeaturesUiLibConstructor ( &BufferSize, &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold ); - - if (Status == EFI_NOT_FOUND) { - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold = FixedPcdGet8(PcdCpuMaxTemperature) - 63; - Status = gRT->SetVariable ( - DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold), - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold - ); - ASSERT_EFI_ERROR (Status); - } + ASSERT_EFI_ERROR (Status); return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c new file mode 100644 index 0000000000..eaae5f47c5 --- /dev/null +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c @@ -0,0 +1,248 @@ +/** @file + A library for providing services related to Dasharo-specific EFI variables. + + Copyright (c) 2024, 3mdeb Sp. z o.o. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include + +#include + +// Description of a single variable. +typedef struct { + // Default value. + DASHARO_VAR_DATA Data; // Value for the variable. + UINTN Size; // Number of bytes of Data actually used. + + UINT32 Attributes; // EFI variable attributes for this variable. +} VAR_INFO; + +// List of Dasharo EFI variables in gDasharoSystemFeaturesGuid namespace that +// are created if missing. +STATIC CHAR16 *mAutoCreatedVariables[] = { + DASHARO_VAR_BATTERY_CONFIG, + DASHARO_VAR_BOOT_MANAGER_ENABLED, + DASHARO_VAR_CPU_MAX_TEMPERATURE, + DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD, + DASHARO_VAR_CPU_THROTTLING_THRESHOLD, + DASHARO_VAR_ENABLE_CAMERA, + DASHARO_VAR_ENABLE_WIFI_BT, + DASHARO_VAR_FAN_CURVE_OPTION, + DASHARO_VAR_IOMMU_CONFIG, + DASHARO_VAR_LOCK_BIOS, + DASHARO_VAR_MEMORY_PROFILE, + DASHARO_VAR_ME_MODE, + DASHARO_VAR_NETWORK_BOOT, + DASHARO_VAR_OPTION_ROM_POLICY, + DASHARO_VAR_POWER_FAILURE_STATE, + DASHARO_VAR_PS2_CONTROLLER, + DASHARO_VAR_RESIZEABLE_BARS_ENABLED, + DASHARO_VAR_SERIAL_REDIRECTION, + DASHARO_VAR_SERIAL_REDIRECTION2, + DASHARO_VAR_SLEEP_TYPE, + DASHARO_VAR_SMM_BWP, + DASHARO_VAR_USB_MASS_STORAGE, + DASHARO_VAR_USB_STACK, + DASHARO_VAR_WATCHDOG, + DASHARO_VAR_WATCHDOG_AVAILABLE, +}; + +/** + Produce a default value for a specified variable. + + @param VarName Name of the variable. + + @retval Default value and its length which is zero for unknown variable name. +**/ +STATIC +VAR_INFO +GetVariableInfo ( + CHAR16 *VarName + ) +{ + VAR_INFO Value; + DASHARO_VAR_DATA Data; + UINTN Size; + UINT32 ExtraAttrs; + + SetMem (&Data, sizeof (Data), 0); + Size = 0; + ExtraAttrs = 0; + + if (StrCmp (VarName, DASHARO_VAR_BATTERY_CONFIG) == 0) { + Data.Battery.StartThreshold = 95; + Data.Battery.StopThreshold = 98; + Size = sizeof (Data.Battery); + } else if (StrCmp (VarName, DASHARO_VAR_BOOT_MANAGER_ENABLED) == 0) { + Data.Boolean = TRUE; + Size = sizeof (Data.Boolean); + } else if (StrCmp (VarName, DASHARO_VAR_CPU_MAX_TEMPERATURE) == 0) { + Data.Uint8 = FixedPcdGet8 (PcdCpuMaxTemperature); + Size = sizeof (Data.Uint8); + } else if (StrCmp (VarName, DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD) == 0) { + Data.Uint8 = FixedPcdGet8 (PcdCpuMaxTemperature) - 63; + Size = sizeof (Data.Uint8); + } else if (StrCmp (VarName, DASHARO_VAR_CPU_THROTTLING_THRESHOLD) == 0) { + Data.Uint8 = 80; + Size = sizeof (Data.Uint8); + } else if (StrCmp (VarName, DASHARO_VAR_ENABLE_CAMERA) == 0) { + Data.Boolean = TRUE; + Size = sizeof (Data.Boolean); + } else if (StrCmp (VarName, DASHARO_VAR_ENABLE_WIFI_BT) == 0) { + Data.Boolean = TRUE; + Size = sizeof (Data.Boolean); + } else if (StrCmp (VarName, DASHARO_VAR_FAN_CURVE_OPTION) == 0) { + Data.Uint8 = DASHARO_FAN_CURVE_OPTION_SILENT; + Size = sizeof (Data.Uint8); + } else if (StrCmp (VarName, DASHARO_VAR_IOMMU_CONFIG) == 0) { + Data.Iommu.IommuEnable = FALSE; + Data.Iommu.IommuHandoff = FALSE; + Size = sizeof (Data.Iommu); + } else if (StrCmp (VarName, DASHARO_VAR_LOCK_BIOS) == 0) { + Data.Boolean = TRUE; + Size = sizeof (Data.Boolean); + } else if (StrCmp (VarName, DASHARO_VAR_MEMORY_PROFILE) == 0) { + Data.Uint8 = DASHARO_MEMORY_PROFILE_JEDEC; + Size = sizeof (Data.Uint8); + } else if (StrCmp (VarName, DASHARO_VAR_ME_MODE) == 0) { + Data.Uint8 = FixedPcdGet8 (PcdIntelMeDefaultState); + Size = sizeof (Data.Uint8); + } else if (StrCmp (VarName, DASHARO_VAR_NETWORK_BOOT) == 0) { + Data.Boolean = PcdGetBool (PcdDefaultNetworkBootEnable); + Size = sizeof (Data.Boolean); + } else if (StrCmp (VarName, DASHARO_VAR_OPTION_ROM_POLICY) == 0) { + Data.Uint8 = PcdGetBool (PcdLoadOptionRoms) + ? DASHARO_OPTION_ROM_POLICY_ENABLE_ALL + : DASHARO_OPTION_ROM_POLICY_DISABLE_ALL; + Size = sizeof (Data.Uint8); + } else if (StrCmp (VarName, DASHARO_VAR_POWER_FAILURE_STATE) == 0) { + Data.Uint8 = FixedPcdGet8 (PcdDefaultPowerFailureState); + Size = sizeof (Data.Uint8); + } else if (StrCmp (VarName, DASHARO_VAR_PS2_CONTROLLER) == 0) { + Data.Boolean = TRUE; + Size = sizeof (Data.Boolean); + } else if (StrCmp (VarName, DASHARO_VAR_RESIZEABLE_BARS_ENABLED) == 0) { + Data.Boolean = FALSE; + Size = sizeof (Data.Boolean); + } else if (StrCmp (VarName, DASHARO_VAR_SERIAL_REDIRECTION) == 0) { + Data.Boolean = PcdGetBool (PcdSerialRedirectionDefaultState); + Size = sizeof (Data.Boolean); + ExtraAttrs = EFI_VARIABLE_RUNTIME_ACCESS; + } else if (StrCmp (VarName, DASHARO_VAR_SERIAL_REDIRECTION2) == 0) { + Data.Boolean = PcdGetBool (PcdHave2ndUart) ? PcdGetBool (PcdSerialRedirection2DefaultState) : FALSE; + Size = sizeof (Data.Boolean); + ExtraAttrs = EFI_VARIABLE_RUNTIME_ACCESS; + } else if (StrCmp (VarName, DASHARO_VAR_SLEEP_TYPE) == 0) { + Data.Uint8 = PcdGetBool (PcdSleepTypeDefaultS3) ? DASHARO_SLEEP_TYPE_S3 : DASHARO_SLEEP_TYPE_S0IX; + Size = sizeof (Data.Uint8); + } else if (StrCmp (VarName, DASHARO_VAR_SMM_BWP) == 0) { + Data.Boolean = FALSE; + Size = sizeof (Data.Boolean); + } else if (StrCmp (VarName, DASHARO_VAR_USB_MASS_STORAGE) == 0) { + Data.Boolean = TRUE; + Size = sizeof (Data.Boolean); + } else if (StrCmp (VarName, DASHARO_VAR_USB_STACK) == 0) { + Data.Boolean = TRUE; + Size = sizeof (Data.Boolean); + } else if (StrCmp (VarName, DASHARO_VAR_WATCHDOG) == 0) { + Data.Watchdog.WatchdogEnable = PcdGetBool (PcdOcWdtEnableDefault); + Data.Watchdog.WatchdogTimeout = FixedPcdGet16 (PcdOcWdtTimeoutDefault); + Size = sizeof (Data.Watchdog); + } else if (StrCmp (VarName, DASHARO_VAR_WATCHDOG_AVAILABLE) == 0) { + Data.Boolean = PcdGetBool (PcdShowOcWdtOptions); + Size = sizeof (Data.Boolean); + } else { + DEBUG ((EFI_D_ERROR, "%a(): Unknown variable: %s.\n", __FUNCTION__, VarName)); + ASSERT ((0 && "No default value set for a variable.")); + } + + Value.Data = Data; + Value.Size = Size; + Value.Attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE | ExtraAttrs; + + return Value; +} + +/** + Reset a single Dasharo EFI variable to its default value. + + @param VarName Name of the variable to reset. + + @retval RETURN_SUCCESS Successfully measured all variables. +**/ +STATIC +EFI_STATUS +ResetVariable ( + CHAR16 *VarName + ) +{ + EFI_STATUS Status; + VAR_INFO VarInfo; + + VarInfo = GetVariableInfo (VarName); + if (VarInfo.Size == 0) + return EFI_NOT_FOUND; + + Status = gRT->SetVariable ( + VarName, + &gDasharoSystemFeaturesGuid, + VarInfo.Attributes, + VarInfo.Size, + &VarInfo.Data + ); + + return Status; +} + +/** + Check whether a specified variable exists and create it if it doesn't. + + The variable is created with a default value. + + @param VarName Name of the variable to initialize. +**/ +STATIC +VOID +InitVariable ( + CHAR16 *VarName + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + + BufferSize = 0; + Status = gRT->GetVariable ( + VarName, + &gDasharoSystemFeaturesGuid, + NULL, + &BufferSize, + NULL + ); + + if (Status == EFI_NOT_FOUND) { + Status = ResetVariable (VarName); + ASSERT_EFI_ERROR (Status); + } +} + +EFI_STATUS +EFIAPI +DasharoVariablesLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + UINTN Idx; + + // Create Dasharo-specific variables that are missing by initializing + // them with default values. + for (Idx = 0; Idx < ARRAY_SIZE (mAutoCreatedVariables); Idx++) + InitVariable (mAutoCreatedVariables[Idx]); + + return EFI_SUCCESS; +} diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf new file mode 100644 index 0000000000..5296e0fb0b --- /dev/null +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf @@ -0,0 +1,54 @@ +# +# A library for providing services related to Dasharo-specific EFI variables. +# +# Copyright (c) 2024, 3mdeb Sp. z o.o. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010006 + BASE_NAME = DasharoVariablesLib + MODULE_UNI_FILE = DasharoVariablesLib.uni + FILE_GUID = F7C51973-0F61-4955-87D2-710FD578D161 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = DasharoVariablesLib|DXE_DRIVER + CONSTRUCTOR = DasharoVariablesLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + DasharoVariablesLib.c + +[Packages] + DasharoModulePkg/DasharoModulePkg.dec + MdePkg/MdePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec + +[LibraryClasses] + DebugLib + PcdLib + +[Guids] + gDasharoSystemFeaturesGuid ### CONSUMES + +[Pcd] + gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable + gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultPowerFailureState + gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart + gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeDefaultState + gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtEnableDefault + gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault + gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirection2DefaultState + gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuThrottlingThreshold + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions + gDasharoSystemFeaturesTokenSpaceGuid.PcdSleepTypeDefaultS3 + + gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.uni b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.uni new file mode 100644 index 0000000000..838e60e2b1 --- /dev/null +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.uni @@ -0,0 +1,13 @@ +// /** @file +// A library for providing services related to Dasharo-specific EFI variables. +// +// Copyright (c) 2024, 3mdeb Sp. z o.o. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "DasharoVariablesLib library provides services related to Dasharo-specific EFI variables." + +#string STR_MODULE_DESCRIPTION #language en-US "DasharoVariablesLib library exposes list of Dasharo-specific variables and a few functions related to handling them." From cebe4642a1f24f3ce4b843020ee53b77c814deda Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sun, 26 May 2024 01:16:58 +0300 Subject: [PATCH 298/357] DasharoSystemFeaturesUiLib: reduce boilerplate in constructor Use a macro to get rid of repeated code for loading data from variables. Signed-off-by: Sergii Dmytruk --- .../DasharoSystemFeatures.c | 288 +++--------------- 1 file changed, 39 insertions(+), 249 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 32929339eb..0d610303ce 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -207,255 +207,45 @@ DasharoSystemFeaturesUiLibConstructor ( PcdGetBool (PcdPowerMenuShowBatteryThresholds) || (FixedPcdGet8 (PcdDefaultPowerFailureState) != POWER_FAILURE_STATE_HIDDEN); - // Setup feature state - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios); - Status = gRT->GetVariable ( - DASHARO_VAR_LOCK_BIOS, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot); - Status = gRT->GetVariable ( - DASHARO_VAR_NETWORK_BOOT, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.NetworkBoot - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack); - Status = gRT->GetVariable ( - DASHARO_VAR_USB_STACK, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbStack - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage); - Status = gRT->GetVariable ( - DASHARO_VAR_USB_MASS_STORAGE, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.UsbMassStorage - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp); - Status = gRT->GetVariable ( - DASHARO_VAR_SMM_BWP, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SmmBwp - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode); - Status = gRT->GetVariable ( - DASHARO_VAR_ME_MODE, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeMode - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution); - Status = gRT->GetVariable ( - DASHARO_VAR_OPTION_ROM_POLICY, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.OptionRomExecution - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller); - Status = gRT->GetVariable ( - DASHARO_VAR_PS2_CONTROLLER, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Ps2Controller - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogAvailable); - Status = gRT->GetVariable ( - DASHARO_VAR_WATCHDOG_AVAILABLE, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogAvailable - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig); - Status = gRT->GetVariable ( - DASHARO_VAR_WATCHDOG, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.WatchdogConfig - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled); - Status = gRT->GetVariable( - DASHARO_VAR_BOOT_MANAGER_ENABLED, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BootManagerEnabled - ); - ASSERT_EFI_ERROR(Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption); - Status = gRT->GetVariable ( - DASHARO_VAR_FAN_CURVE_OPTION, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.FanCurveOption - ); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig); - Status = gRT->GetVariable ( - DASHARO_VAR_IOMMU_CONFIG, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.IommuConfig - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType); - Status = gRT->GetVariable ( - DASHARO_VAR_SLEEP_TYPE, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SleepType - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState); - Status = gRT->GetVariable ( - DASHARO_VAR_POWER_FAILURE_STATE, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerFailureState - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled); - Status = gRT->GetVariable ( - DASHARO_VAR_RESIZEABLE_BARS_ENABLED, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ResizeableBarsEnabled - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera); - Status = gRT->GetVariable ( - DASHARO_VAR_ENABLE_CAMERA, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableCamera - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt); - Status = gRT->GetVariable ( - DASHARO_VAR_ENABLE_WIFI_BT, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.EnableWifiBt - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig); - Status = gRT->GetVariable ( - DASHARO_VAR_BATTERY_CONFIG, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.BatteryConfig - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile); - Status = gRT->GetVariable ( - DASHARO_VAR_MEMORY_PROFILE, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MemoryProfile - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection); - Status = gRT->GetVariable ( - DASHARO_VAR_SERIAL_REDIRECTION, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPortRedirection - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection); - Status = gRT->GetVariable ( - DASHARO_VAR_SERIAL_REDIRECTION2, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SerialPort2Redirection - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold); - Status = gRT->GetVariable ( - DASHARO_VAR_CPU_THROTTLING_THRESHOLD, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuThrottlingThreshold - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature); - Status = gRT->GetVariable ( - DASHARO_VAR_CPU_MAX_TEMPERATURE, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature - ); - ASSERT_EFI_ERROR (Status); - - BufferSize = sizeof(mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold); - Status = gRT->GetVariable ( - DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD, - &gDasharoSystemFeaturesGuid, - NULL, - &BufferSize, - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold - ); - ASSERT_EFI_ERROR (Status); +#define LOAD_VAR(var, field) do { \ + BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.field); \ + Status = gRT->GetVariable ( \ + (var), \ + &gDasharoSystemFeaturesGuid, \ + NULL, \ + &BufferSize, \ + &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.field \ + ); \ + ASSERT_EFI_ERROR (Status); \ + } while (FALSE) + + LOAD_VAR (DASHARO_VAR_BATTERY_CONFIG, BatteryConfig); + LOAD_VAR (DASHARO_VAR_BOOT_MANAGER_ENABLED, BootManagerEnabled); + LOAD_VAR (DASHARO_VAR_CPU_MAX_TEMPERATURE, CpuMaxTemperature); + LOAD_VAR (DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD, CpuMinThrottlingThreshold); + LOAD_VAR (DASHARO_VAR_CPU_THROTTLING_THRESHOLD, CpuThrottlingThreshold); + LOAD_VAR (DASHARO_VAR_ENABLE_CAMERA, EnableCamera); + LOAD_VAR (DASHARO_VAR_ENABLE_WIFI_BT, EnableWifiBt); + LOAD_VAR (DASHARO_VAR_FAN_CURVE_OPTION, FanCurveOption); + LOAD_VAR (DASHARO_VAR_IOMMU_CONFIG, IommuConfig); + LOAD_VAR (DASHARO_VAR_LOCK_BIOS, LockBios); + LOAD_VAR (DASHARO_VAR_MEMORY_PROFILE, MemoryProfile); + LOAD_VAR (DASHARO_VAR_ME_MODE, MeMode); + LOAD_VAR (DASHARO_VAR_NETWORK_BOOT, NetworkBoot); + LOAD_VAR (DASHARO_VAR_OPTION_ROM_POLICY, OptionRomExecution); + LOAD_VAR (DASHARO_VAR_POWER_FAILURE_STATE, PowerFailureState); + LOAD_VAR (DASHARO_VAR_PS2_CONTROLLER, Ps2Controller); + LOAD_VAR (DASHARO_VAR_RESIZEABLE_BARS_ENABLED, ResizeableBarsEnabled); + LOAD_VAR (DASHARO_VAR_SERIAL_REDIRECTION, SerialPortRedirection); + LOAD_VAR (DASHARO_VAR_SERIAL_REDIRECTION2, SerialPort2Redirection); + LOAD_VAR (DASHARO_VAR_SLEEP_TYPE, SleepType); + LOAD_VAR (DASHARO_VAR_SMM_BWP, SmmBwp); + LOAD_VAR (DASHARO_VAR_USB_MASS_STORAGE, UsbMassStorage); + LOAD_VAR (DASHARO_VAR_USB_STACK, UsbStack); + LOAD_VAR (DASHARO_VAR_WATCHDOG, WatchdogConfig); + LOAD_VAR (DASHARO_VAR_WATCHDOG_AVAILABLE, WatchdogAvailable); + +#undef LOAD_VAR return EFI_SUCCESS; } From feaeb142971a97ee79d03f3867cc8f068fc68412 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sun, 26 May 2024 16:34:59 +0300 Subject: [PATCH 299/357] DasharoModulePkg: reset to defaults maintained by DasharoVariablesLib From now on default values are maintained only in DasharoVariablesLib and can be queried from it to avoid code duplication and bugs which arise from it. Signed-off-by: Sergii Dmytruk --- .../Include/Library/DasharoVariablesLib.h | 28 +++++ .../DasharoSystemFeatures.c | 116 +++++------------- .../DasharoSystemFeaturesUiLib.inf | 10 +- .../DasharoVariablesLib/DasharoVariablesLib.c | 18 +++ .../DasharoVariablesLib.inf | 3 +- 5 files changed, 77 insertions(+), 98 deletions(-) create mode 100644 DasharoModulePkg/Include/Library/DasharoVariablesLib.h diff --git a/DasharoModulePkg/Include/Library/DasharoVariablesLib.h b/DasharoModulePkg/Include/Library/DasharoVariablesLib.h new file mode 100644 index 0000000000..4a90d1dc2c --- /dev/null +++ b/DasharoModulePkg/Include/Library/DasharoVariablesLib.h @@ -0,0 +1,28 @@ +/** @file + A library for providing services related to Dasharo-specific EFI variables. + + Copyright (c) 2024, 3mdeb Sp. z o.o. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _DASHARO_VARIABLES_LIB_H_ +#define _DASHARO_VARIABLES_LIB_H_ + +#include +#include + +/** + Query a default value for a specified variable. + + @param VarName Name of the variable. + + @retval Default value which is all zeroes for an unknown variable name. +**/ +DASHARO_VAR_DATA +EFIAPI +DasharoGetVariableDefault ( + CHAR16 *VarName + ); + +#endif diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 0d610303ce..3814237621 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -8,6 +8,8 @@ SPDX-License-Identifier: BSD-2-Clause #include "DasharoSystemFeatures.h" +#include + #define PCH_OC_WDT_CTL 0x54 #define PCH_OC_WDT_CTL_EN BIT14 #define PCH_OC_WDT_CTL_TOV_MASK 0x3FF @@ -185,8 +187,6 @@ DasharoSystemFeaturesUiLibConstructor ( mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPs2Option = PcdGetBool (PcdShowPs2Option); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Have2ndUart = PcdGetBool (PcdHave2ndUart); mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowCpuThrottlingThreshold= PcdGetBool (PcdShowCpuThrottlingThreshold); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMaxTemperature = FixedPcdGet8(PcdCpuMaxTemperature); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.CpuMinThrottlingThreshold = FixedPcdGet8(PcdCpuMaxTemperature) - 63; // Ensure at least one option is visible in given menu (if enabled), otherwise hide it if (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSecurityMenu) @@ -769,103 +769,43 @@ DasharoSystemFeaturesCallback ( case EFI_BROWSER_ACTION_DEFAULT_STANDARD: case EFI_BROWSER_ACTION_DEFAULT_MANUFACTURING: { + if (Value == NULL) + return EFI_INVALID_PARAMETER; + switch (QuestionId) { case NETWORK_BOOT_QUESTION_ID: - { - if (Value == NULL) - return EFI_INVALID_PARAMETER; - - Value->b = PcdGetBool (PcdDefaultNetworkBootEnable); - break; - } + Value->b = DasharoGetVariableDefault (DASHARO_VAR_NETWORK_BOOT).Boolean; + break; case WATCHDOG_ENABLE_QUESTION_ID: - { - if (Value == NULL) - return EFI_INVALID_PARAMETER; - - Value->b = PcdGetBool (PcdOcWdtEnableDefault); - break; - } + Value->b = DasharoGetVariableDefault (DASHARO_VAR_WATCHDOG).Watchdog.WatchdogEnable; + break; case WATCHDOG_TIMEOUT_QUESTION_ID: - { - if (Value == NULL) - return EFI_INVALID_PARAMETER; - - Value->u16 = FixedPcdGet16 (PcdOcWdtTimeoutDefault); - break; - } + Value->u16 = DasharoGetVariableDefault (DASHARO_VAR_WATCHDOG).Watchdog.WatchdogTimeout; + break; case POWER_FAILURE_STATE_QUESTION_ID: - { - if (Value == NULL) - return EFI_INVALID_PARAMETER; - - Value->u8 = FixedPcdGet8 (PcdDefaultPowerFailureState); - break; - } + Value->u8 = DasharoGetVariableDefault (DASHARO_VAR_POWER_FAILURE_STATE).Boolean; + break; case OPTION_ROM_STATE_QUESTION_ID: - { - if (Value == NULL) - return EFI_INVALID_PARAMETER; - - Value->u8 = PcdGetBool (PcdLoadOptionRoms) ? OPTION_ROM_POLICY_ENABLE_ALL - : OPTION_ROM_POLICY_DISABLE_ALL; - break; - } + Value->u8 = DasharoGetVariableDefault (DASHARO_VAR_OPTION_ROM_POLICY).Uint8; + break; case SERIAL_PORT_REDIR_QUESTION_ID: - { - if (Value == NULL) - return EFI_INVALID_PARAMETER; - - Value->b = PcdGetBool (PcdSerialRedirectionDefaultState); - break; - } - case SERIAL_PORT2_REDIR_QUESTION_ID: - { - if (Value == NULL) - return EFI_INVALID_PARAMETER; - - if (PcdGetBool (PcdHave2ndUart)) - Value->b = PcdGetBool (PcdSerialRedirection2DefaultState); - else - Value->b = FALSE; - break; - } + Value->u8 = DasharoGetVariableDefault (DASHARO_VAR_SERIAL_REDIRECTION).Boolean; + break; + case SERIAL_PORT2_REDIR_QUESTION_ID: + Value->b = DasharoGetVariableDefault (DASHARO_VAR_SERIAL_REDIRECTION2).Boolean; + break; case BATTERY_START_THRESHOLD_QUESTION_ID: - { - if (Value == NULL) - return EFI_INVALID_PARAMETER; - - Value->u8 = 95; - break; - } + Value->u8 = DasharoGetVariableDefault (DASHARO_VAR_BATTERY_CONFIG).Battery.StartThreshold; + break; case BATTERY_STOP_THRESHOLD_QUESTION_ID: - { - if (Value == NULL) - return EFI_INVALID_PARAMETER; - - Value->u8 = 98; - break; - } + Value->u8 = DasharoGetVariableDefault (DASHARO_VAR_BATTERY_CONFIG).Battery.StopThreshold; + break; case INTEL_ME_MODE_QUESTION_ID: - { - if (Value == NULL) - return EFI_INVALID_PARAMETER; - - Value->u8 = FixedPcdGet8(PcdIntelMeDefaultState); - break; - } + Value->u8 = DasharoGetVariableDefault (DASHARO_VAR_ME_MODE).Uint8; + break; case SLEEP_TYPE_QUESTION_ID: - { - if (Value == NULL) - return EFI_INVALID_PARAMETER; - - if (PcdGetBool (PcdSleepTypeDefaultS3)) - Value->u8 = SLEEP_TYPE_S3; - else - Value->u8 = SLEEP_TYPE_S0IX; - - break; - } + Value->u8 = DasharoGetVariableDefault (DASHARO_VAR_SLEEP_TYPE).Uint8; + break; default: Status = EFI_UNSUPPORTED; break; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index fdaff30e2f..881cbed9c9 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -47,6 +47,7 @@ PrintLib HiiLib UefiHiiServicesLib + DasharoVariablesLib [Guids] gEfiHiiPlatformSetupFormsetGuid ## CONSUMES ## GUID (Indicate the formset class guid to be displayed) @@ -71,29 +72,20 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSerialPortMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowSleepType - gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultPowerFailureState gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions - gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault gDasharoSystemFeaturesTokenSpaceGuid.PcdPciMenuShowResizeableBars gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowBatteryThresholds gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowWiFiBtOption gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowCameraOption - gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeDefaultState gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeHapAvailable gDasharoSystemFeaturesTokenSpaceGuid.PcdS3SupportExperimental gDasharoSystemFeaturesTokenSpaceGuid.PcdShowLockBios gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSmmBwp gDasharoSystemFeaturesTokenSpaceGuid.PcdShowFum gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option - gDasharoSystemFeaturesTokenSpaceGuid.PcdSleepTypeDefaultS3 - gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirection2DefaultState gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart - gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtEnableDefault gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuThrottlingThreshold - gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuMaxTemperature - - gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c index eaae5f47c5..538f68c4e5 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c @@ -6,6 +6,8 @@ **/ +#include "Library/DasharoVariablesLib.h" + #include #include #include @@ -168,6 +170,22 @@ GetVariableInfo ( return Value; } +DASHARO_VAR_DATA +EFIAPI +DasharoGetVariableDefault ( + CHAR16 *VarName + ) +{ + VAR_INFO VarInfo; + + VarInfo = GetVariableInfo (VarName); + if (VarInfo.Size == 0) { + DEBUG ((EFI_D_VERBOSE, "%a(): Failed to look up default for %s.\n", __FUNCTION__, VarName)); + } + + return VarInfo.Data; +} + /** Reset a single Dasharo EFI variable to its default value. diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf index 5296e0fb0b..dae73a0440 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf @@ -14,7 +14,7 @@ FILE_GUID = F7C51973-0F61-4955-87D2-710FD578D161 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = DasharoVariablesLib|DXE_DRIVER + LIBRARY_CLASS = DasharoVariablesLib|DXE_DRIVER UEFI_APPLICATION CONSTRUCTOR = DasharoVariablesLibConstructor # @@ -39,6 +39,7 @@ gDasharoSystemFeaturesGuid ### CONSUMES [Pcd] + gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuMaxTemperature gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultPowerFailureState gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart From a0cd2e1e50a6c3ce8664430a85ab01ffcfcee6a2 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sun, 26 May 2024 21:20:56 +0300 Subject: [PATCH 300/357] DasharoSystemFeaturesUiLib: reduce boilerplate in RouteConfig The code is highly repetitive, use a macro to shorten it by a lot. Signed-off-by: Sergii Dmytruk --- .../Include/Library/DasharoVariablesLib.h | 13 + .../DasharoSystemFeatures.c | 337 +++--------------- .../DasharoVariablesLib/DasharoVariablesLib.c | 16 + 3 files changed, 74 insertions(+), 292 deletions(-) diff --git a/DasharoModulePkg/Include/Library/DasharoVariablesLib.h b/DasharoModulePkg/Include/Library/DasharoVariablesLib.h index 4a90d1dc2c..073d2ba49e 100644 --- a/DasharoModulePkg/Include/Library/DasharoVariablesLib.h +++ b/DasharoModulePkg/Include/Library/DasharoVariablesLib.h @@ -25,4 +25,17 @@ DasharoGetVariableDefault ( CHAR16 *VarName ); +/** + Query attributes of a specified variable. + + @param VarName Name of the variable. + + @retval EFI variable attributes (the value is sensible for unknown ones). +**/ +UINT32 +EFIAPI +DasharoGetVariableAttributes ( + CHAR16 *VarName + ); + #endif diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 3814237621..6809d1248f 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -433,299 +433,52 @@ DasharoSystemFeaturesRouteConfig ( ); ASSERT_EFI_ERROR (Status); - if (Private->DasharoFeaturesData.LockBios != DasharoFeaturesData.LockBios) { - Status = gRT->SetVariable ( - DASHARO_VAR_LOCK_BIOS, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.LockBios), - &DasharoFeaturesData.LockBios - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.SmmBwp != DasharoFeaturesData.SmmBwp) { - Status = gRT->SetVariable ( - DASHARO_VAR_SMM_BWP, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.SmmBwp), - &DasharoFeaturesData.SmmBwp - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.NetworkBoot != DasharoFeaturesData.NetworkBoot) { - Status = gRT->SetVariable ( - DASHARO_VAR_NETWORK_BOOT, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.NetworkBoot), - &DasharoFeaturesData.NetworkBoot - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.UsbStack != DasharoFeaturesData.UsbStack) { - Status = gRT->SetVariable ( - DASHARO_VAR_USB_STACK, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.UsbStack), - &DasharoFeaturesData.UsbStack - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.UsbMassStorage != DasharoFeaturesData.UsbMassStorage) { - Status = gRT->SetVariable ( - DASHARO_VAR_USB_MASS_STORAGE, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.UsbMassStorage), - &DasharoFeaturesData.UsbMassStorage - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.MeMode != DasharoFeaturesData.MeMode) { - Status = gRT->SetVariable ( - DASHARO_VAR_ME_MODE, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.MeMode), - &DasharoFeaturesData.MeMode - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.Ps2Controller != DasharoFeaturesData.Ps2Controller) { - Status = gRT->SetVariable ( - DASHARO_VAR_PS2_CONTROLLER, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.Ps2Controller), - &DasharoFeaturesData.Ps2Controller - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.FanCurveOption != DasharoFeaturesData.FanCurveOption) { - Status = gRT->SetVariable ( - DASHARO_VAR_FAN_CURVE_OPTION, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.FanCurveOption), - &DasharoFeaturesData.FanCurveOption - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.BootManagerEnabled != DasharoFeaturesData.BootManagerEnabled) { - Status = gRT->SetVariable ( - DASHARO_VAR_BOOT_MANAGER_ENABLED, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.BootManagerEnabled), - &DasharoFeaturesData.BootManagerEnabled - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.WatchdogConfig.WatchdogEnable != - DasharoFeaturesData.WatchdogConfig.WatchdogEnable || - Private->DasharoFeaturesData.WatchdogConfig.WatchdogTimeout != - DasharoFeaturesData.WatchdogConfig.WatchdogTimeout) { - Status = gRT->SetVariable ( - DASHARO_VAR_WATCHDOG, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.WatchdogConfig), - &DasharoFeaturesData.WatchdogConfig - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.IommuConfig.IommuEnable != DasharoFeaturesData.IommuConfig.IommuEnable || - Private->DasharoFeaturesData.IommuConfig.IommuHandoff != DasharoFeaturesData.IommuConfig.IommuHandoff) { - Status = gRT->SetVariable ( - DASHARO_VAR_IOMMU_CONFIG, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.IommuConfig), - &DasharoFeaturesData.IommuConfig - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.SleepType != DasharoFeaturesData.SleepType) { - Status = gRT->SetVariable ( - DASHARO_VAR_SLEEP_TYPE, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.SleepType), - &DasharoFeaturesData.SleepType - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.PowerFailureState != DasharoFeaturesData.PowerFailureState) { - Status = gRT->SetVariable ( - DASHARO_VAR_POWER_FAILURE_STATE, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.PowerFailureState), - &DasharoFeaturesData.PowerFailureState - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.EnableWifiBt != DasharoFeaturesData.EnableWifiBt) { - Status = gRT->SetVariable ( - DASHARO_VAR_ENABLE_WIFI_BT, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.EnableWifiBt), - &DasharoFeaturesData.EnableWifiBt - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.ResizeableBarsEnabled != DasharoFeaturesData.ResizeableBarsEnabled) { - Status = gRT->SetVariable ( - DASHARO_VAR_RESIZEABLE_BARS_ENABLED, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.ResizeableBarsEnabled), - &DasharoFeaturesData.ResizeableBarsEnabled - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.OptionRomExecution != DasharoFeaturesData.OptionRomExecution) { - Status = gRT->SetVariable ( - DASHARO_VAR_OPTION_ROM_POLICY, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.OptionRomExecution), - &DasharoFeaturesData.OptionRomExecution - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if(Private->DasharoFeaturesData.EnableCamera != DasharoFeaturesData.EnableCamera) { - Status = gRT->SetVariable ( - DASHARO_VAR_ENABLE_CAMERA, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.EnableCamera), - &DasharoFeaturesData.EnableCamera - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.BatteryConfig.StartThreshold != - DasharoFeaturesData.BatteryConfig.StartThreshold || - Private->DasharoFeaturesData.BatteryConfig.StopThreshold != - DasharoFeaturesData.BatteryConfig.StopThreshold) { - Status = gRT->SetVariable ( - DASHARO_VAR_BATTERY_CONFIG, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.BatteryConfig), - &DasharoFeaturesData.BatteryConfig - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.MemoryProfile != DasharoFeaturesData.MemoryProfile) { - Status = gRT->SetVariable ( - DASHARO_VAR_MEMORY_PROFILE, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.MemoryProfile), - &DasharoFeaturesData.MemoryProfile - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.SerialPortRedirection != DasharoFeaturesData.SerialPortRedirection) { - Status = gRT->SetVariable ( - DASHARO_VAR_SERIAL_REDIRECTION, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.SerialPortRedirection), - &DasharoFeaturesData.SerialPortRedirection - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Private->DasharoFeaturesData.SerialPort2Redirection != DasharoFeaturesData.SerialPort2Redirection) { - Status = gRT->SetVariable ( - DASHARO_VAR_SERIAL_REDIRECTION2, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.SerialPort2Redirection), - &DasharoFeaturesData.SerialPort2Redirection - ); - if (EFI_ERROR (Status)) { - return Status; - } - } + // Can use CompareMem() on structures instead of a per-field comparison as + // long as they are packed. +#define STORE_VAR(var, field) do { \ + if (CompareMem (&Private->DasharoFeaturesData.field, \ + &DasharoFeaturesData.field, \ + sizeof (DasharoFeaturesData.field)) != 0) { \ + Status = gRT->SetVariable ( \ + (var), \ + &gDasharoSystemFeaturesGuid, \ + DasharoGetVariableAttributes (var), \ + sizeof (DasharoFeaturesData.field), \ + &DasharoFeaturesData.field \ + ); \ + if (EFI_ERROR (Status)) { \ + return Status; \ + } \ + } \ + } while (FALSE) - if (Private->DasharoFeaturesData.CpuThrottlingThreshold != - DasharoFeaturesData.CpuThrottlingThreshold) { - Status = gRT->SetVariable ( - DASHARO_VAR_CPU_THROTTLING_THRESHOLD, - &gDasharoSystemFeaturesGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (DasharoFeaturesData.CpuThrottlingThreshold), - &DasharoFeaturesData.CpuThrottlingThreshold - ); - if (EFI_ERROR (Status)) { - return Status; - } - } + STORE_VAR (DASHARO_VAR_BATTERY_CONFIG, BatteryConfig); + STORE_VAR (DASHARO_VAR_BOOT_MANAGER_ENABLED, BootManagerEnabled); + STORE_VAR (DASHARO_VAR_CPU_MAX_TEMPERATURE, CpuMaxTemperature); + STORE_VAR (DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD, CpuMinThrottlingThreshold); + STORE_VAR (DASHARO_VAR_CPU_THROTTLING_THRESHOLD, CpuThrottlingThreshold); + STORE_VAR (DASHARO_VAR_ENABLE_CAMERA, EnableCamera); + STORE_VAR (DASHARO_VAR_ENABLE_WIFI_BT, EnableWifiBt); + STORE_VAR (DASHARO_VAR_FAN_CURVE_OPTION, FanCurveOption); + STORE_VAR (DASHARO_VAR_IOMMU_CONFIG, IommuConfig); + STORE_VAR (DASHARO_VAR_LOCK_BIOS, LockBios); + STORE_VAR (DASHARO_VAR_MEMORY_PROFILE, MemoryProfile); + STORE_VAR (DASHARO_VAR_ME_MODE, MeMode); + STORE_VAR (DASHARO_VAR_NETWORK_BOOT, NetworkBoot); + STORE_VAR (DASHARO_VAR_OPTION_ROM_POLICY, OptionRomExecution); + STORE_VAR (DASHARO_VAR_POWER_FAILURE_STATE, PowerFailureState); + STORE_VAR (DASHARO_VAR_PS2_CONTROLLER, Ps2Controller); + STORE_VAR (DASHARO_VAR_RESIZEABLE_BARS_ENABLED, ResizeableBarsEnabled); + STORE_VAR (DASHARO_VAR_SERIAL_REDIRECTION, SerialPortRedirection); + STORE_VAR (DASHARO_VAR_SERIAL_REDIRECTION2, SerialPort2Redirection); + STORE_VAR (DASHARO_VAR_SLEEP_TYPE, SleepType); + STORE_VAR (DASHARO_VAR_SMM_BWP, SmmBwp); + STORE_VAR (DASHARO_VAR_USB_MASS_STORAGE, UsbMassStorage); + STORE_VAR (DASHARO_VAR_USB_STACK, UsbStack); + STORE_VAR (DASHARO_VAR_WATCHDOG, WatchdogConfig); + STORE_VAR (DASHARO_VAR_WATCHDOG_AVAILABLE, WatchdogAvailable); + +#undef STORE_VAR Private->DasharoFeaturesData = DasharoFeaturesData; return EFI_SUCCESS; diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c index 538f68c4e5..1563363a8a 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c @@ -186,6 +186,22 @@ DasharoGetVariableDefault ( return VarInfo.Data; } +UINT32 +EFIAPI +DasharoGetVariableAttributes ( + CHAR16 *VarName + ) +{ + VAR_INFO VarInfo; + + VarInfo = GetVariableInfo (VarName); + if (VarInfo.Size == 0) { + DEBUG ((EFI_D_VERBOSE, "%a(): Failed to look up attributes of %s.\n", __FUNCTION__, VarName)); + } + + return VarInfo.Attributes; +} + /** Reset a single Dasharo EFI variable to its default value. From ae1449d5657ca20a15daff260dc1cb394ac9f70d Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sun, 26 May 2024 21:29:30 +0300 Subject: [PATCH 301/357] SecurityPkg: measure Dasharo variables before boot DasharoModulePkg/DasharoVariablesLib got an API for measuring Dasharo variables which is invoked by Tcg[2]Dxe. Signed-off-by: Sergii Dmytruk --- .../Include/Library/DasharoVariablesLib.h | 14 ++ .../DasharoVariablesLib/DasharoVariablesLib.c | 137 ++++++++++++++++++ .../DasharoVariablesLib.inf | 4 + DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 + OvmfPkg/OvmfPkgX64.dsc | 2 + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 6 + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 2 + SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 6 + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf | 2 + 9 files changed, 175 insertions(+) diff --git a/DasharoModulePkg/Include/Library/DasharoVariablesLib.h b/DasharoModulePkg/Include/Library/DasharoVariablesLib.h index 073d2ba49e..fb0a2fff99 100644 --- a/DasharoModulePkg/Include/Library/DasharoVariablesLib.h +++ b/DasharoModulePkg/Include/Library/DasharoVariablesLib.h @@ -38,4 +38,18 @@ DasharoGetVariableAttributes ( CHAR16 *VarName ); +/** + Measure EFI variables specific to Dasharo. + + This function should be called before booting into an OS or a UEFI + application. + + @retval RETURN_SUCCESS Successfully measured all variables. +**/ +EFI_STATUS +EFIAPI +DasharoMeasureVariables ( + VOID + ); + #endif diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c index 1563363a8a..510379568e 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c @@ -11,10 +11,19 @@ #include #include #include +#include +#include +#include #include #include +// PCR number for Dasharo variables. +#define DASHARO_VAR_PCR 1 + +// Event type for Dasharo variables. +#define EV_DASHARO_VAR 0x00DA0000 + // Description of a single variable. typedef struct { // Default value. @@ -264,6 +273,134 @@ InitVariable ( } } +/** + Measure a single variable into DASHARO_VAR_PCR with EV_DASHARO_VAR event type. + + @param VarName Name of the variable. + @param Vendor Namespace of the variable. + + @retval EFI_SUCCESS If the variable was read and measured without errors. + @retval EFI_OUT_OF_RESOURCES On memory allocation failure. +**/ +STATIC +EFI_STATUS +MeasureVariable ( + CHAR16 *VarName, + EFI_GUID *Vendor + ) +{ + EFI_STATUS Status; + UINTN PrefixSize; + VOID *VarData; + UINTN VarSize; + CHAR8 *EventData; + + DEBUG ((EFI_D_VERBOSE, "%a(): %g:%s.\r\n", __FUNCTION__, Vendor, VarName)); + + PrefixSize = StrLen (VarName) + 1; + + Status = GetVariable2 (VarName, Vendor, &VarData, &VarSize); + ASSERT_EFI_ERROR (Status); + + EventData = AllocatePool (PrefixSize + VarSize); + if (EventData == NULL) { + FreePool (VarData); + return EFI_OUT_OF_RESOURCES; + } + + UnicodeStrToAsciiStrS (VarName, EventData, PrefixSize); + CopyMem (EventData + PrefixSize, VarData, VarSize); + + Status = TpmMeasureAndLogData ( + DASHARO_VAR_PCR, + EV_DASHARO_VAR, + EventData, + PrefixSize + VarSize, + VarData, + VarSize + ); + + FreePool (EventData); + FreePool (VarData); + + return Status; +} + +/** + Measures single all existing variables with the specified GUID. + + @param Vendor Namespace of the variable. + + @retval EFI_SUCCESS If the variable was read and measured without errors. +**/ +STATIC +EFI_STATUS +MeasureVariables ( + EFI_GUID *Vendor + ) +{ + EFI_STATUS Status; + CHAR16 *Name; + CHAR16 *NewBuf; + UINTN MaxNameSize; + UINTN NameSize; + EFI_GUID Guid; + + MaxNameSize = 32*sizeof (CHAR16); + Name = AllocateZeroPool (MaxNameSize); + if (Name == NULL) + return EFI_OUT_OF_RESOURCES; + + while (TRUE) { + NameSize = MaxNameSize; + Status = gRT->GetNextVariableName (&NameSize, Name, &Guid); + if (Status == EFI_BUFFER_TOO_SMALL) { + NewBuf = AllocatePool (NameSize); + if (NewBuf == NULL) { + Status = EFI_OUT_OF_RESOURCES; + break; + } + + StrnCpyS (NewBuf, NameSize/sizeof (CHAR16), Name, MaxNameSize/sizeof (CHAR16)); + FreePool (Name); + + Name = NewBuf; + MaxNameSize = NameSize; + + Status = gRT->GetNextVariableName (&NameSize, Name, &Guid); + } + + if (Status == EFI_NOT_FOUND) { + Status = EFI_SUCCESS; + break; + } + + if (EFI_ERROR (Status)) + break; + + if (CompareGuid (&Guid, Vendor)) + MeasureVariable (Name, Vendor); + } + + FreePool (Name); + return Status; +} + +EFI_STATUS +EFIAPI +DasharoMeasureVariables ( + VOID + ) +{ + EFI_STATUS Status; + + Status = MeasureVariables (&gDasharoSystemFeaturesGuid); + if (Status == EFI_SUCCESS) + Status = MeasureVariables (&gApuConfigurationFormsetGuid); + + return Status; +} + EFI_STATUS EFIAPI DasharoVariablesLibConstructor ( diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf index dae73a0440..100c85c12b 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf @@ -28,15 +28,19 @@ [Packages] DasharoModulePkg/DasharoModulePkg.dec + MdeModulePkg/MdeModulePkg.dec MdePkg/MdePkg.dec DasharoPayloadPkg/DasharoPayloadPkg.dec [LibraryClasses] DebugLib + TpmMeasurementLib PcdLib + UefiLib [Guids] gDasharoSystemFeaturesGuid ### CONSUMES + gApuConfigurationFormsetGuid ### SOMETIMES CONSUMES [Pcd] gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuMaxTemperature diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 33150be4eb..74dc9f751a 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -282,6 +282,8 @@ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf + DasharoVariablesLib|DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index b7d974e6a1..3bd586598b 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -273,6 +273,8 @@ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf + DasharoVariablesLib|DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf + # # Network libraries diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index f6ea8b2bbf..0a6a34986f 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -44,6 +44,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #define PERF_ID_TCG2_DXE 0x3120 @@ -2422,6 +2423,11 @@ OnReadyToBoot ( PERF_START_EX (mImageHandle, "EventRec", "Tcg2Dxe", 0, PERF_ID_TCG2_DXE); if (mBootAttempts == 0) { + Status = DasharoMeasureVariables (); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Dasharo variables not Measured. Error: %r!\n", Status)); + } + // // Measure handoff tables. // diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf index 7dc7a2683d..9c54695efa 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -45,6 +45,7 @@ MdeModulePkg/MdeModulePkg.dec SecurityPkg/SecurityPkg.dec CryptoPkg/CryptoPkg.dec + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] MemoryAllocationLib @@ -64,6 +65,7 @@ ReportStatusCodeLib Tcg2PhysicalPresenceLib PeCoffLib + DasharoVariablesLib [Guids] ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c index ee6c627303..67c7ab204a 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c @@ -47,6 +47,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #define TCG_DXE_DATA_FROM_THIS(this) \ BASE_CR (this, TCG_DXE_DATA, TcgProtocol) @@ -1125,6 +1126,11 @@ OnReadyToBoot ( TPM_PCRINDEX PcrIndex; if (mBootAttempts == 0) { + Status = DasharoMeasureVariables (); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Dasharo variables not Measured. Error: %r!\n", Status)); + } + // // Measure handoff tables. // diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf index c93b377b34..3154dc3f61 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf @@ -30,6 +30,7 @@ MdeModulePkg/MdeModulePkg.dec CryptoPkg/CryptoPkg.dec SecurityPkg/SecurityPkg.dec + DasharoModulePkg/DasharoModulePkg.dec [LibraryClasses] MemoryAllocationLib @@ -47,6 +48,7 @@ PcdLib ReportStatusCodeLib Tpm12CommandLib + DasharoVariablesLib [Guids] gEfiGlobalVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"BootXXXX" From ffe23e5c1abdab015094d27712a43e963f24cd5b Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Mon, 27 May 2024 00:20:55 +0300 Subject: [PATCH 302/357] DasharoSystemFeaturesUiLib: fix watchdog not being reset to default Combination of `RESET_REQUIRED` flag and set `questionid` isn't enough to get callback call, `INTERACTIVE` flag is required as well. Signed-off-by: Sergii Dmytruk --- .../DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 161bad774b..f262aafcd4 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -243,7 +243,7 @@ formset questionid = WATCHDOG_ENABLE_QUESTION_ID, prompt = STRING_TOKEN(STR_WATCHDOG_ENABLE_PROMPT), help = STRING_TOKEN(STR_WATCHDOG_ENABLE_HELP), - flags = RESET_REQUIRED, + flags = RESET_REQUIRED | INTERACTIVE, endcheckbox; suppressif ideqval FeaturesData.WatchdogConfig.WatchdogEnable == 0; From 49725ec9c5f9e12a8e2869cd05fd060660699acc Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Mon, 27 May 2024 00:23:09 +0300 Subject: [PATCH 303/357] DasharoModulePkg: document how to add a new setting Signed-off-by: Sergii Dmytruk --- .../Documentation/AddNewSetting.md | 196 ++++++++++++++++++ 1 file changed, 196 insertions(+) create mode 100644 DasharoModulePkg/Documentation/AddNewSetting.md diff --git a/DasharoModulePkg/Documentation/AddNewSetting.md b/DasharoModulePkg/Documentation/AddNewSetting.md new file mode 100644 index 0000000000..07fa6ad98c --- /dev/null +++ b/DasharoModulePkg/Documentation/AddNewSetting.md @@ -0,0 +1,196 @@ +This document is meant to outline the process of adding a new Dasharo setting. +If something isn't covered, follow structure of the code used for some similar +variable. If possible, use alphabetic sorting of lists, although it's not a +requirement. + +Examples below use a new setting called `NewSetting`/`NEW_SETTING` which should +be replaced with an actual name of the setting. + +Basic variable implementation +============================= + +EFI variables are managed by a dedicated library which is used by the UI code. +It makes sense to start from here. + +Add variable name in `Include/DasharoOptions.h` +----------------------------------------------- + +Add a new `#define DASHARO_VAR_*` near the top where other settings marked with +`// Settings` are, for example: + +``` +#define DASHARO_VAR_NEW_SETTING L"NewSetting" +``` + +This is an EFI variable name. It should look roughly like the already existing +ones. The rest of the code should use the macro name after adding +`#include ` and not the string literal which can have typos. + +Add default value in `Library/DasharoVariablesLib/DasharoVariablesLib.c` +------------------------------------------------------------------------ + +Add another `if`-statement to `GetVariableDefault()` setting default variable +data, its size and additional EFI variable attributes if they are necessary. +See below if variable data is not a primitive type. + +Updating `GetVariableDefault()` enables resetting and creation (see the next +step) of the variable with the correct value. + +If the variable's data is a structure then additionally: +1. Add a new `DASHARO_*` structure at the bottom of `Include/DasharoOptions.h`. +2. Add the new structure to `VAR_DATA` in `Include/DasharoOptions.h` as well. + +Add variable creation in `Library/DasharoVariablesLib/DasharoVariablesLib.c` +---------------------------------------------------------------------------- + +By adding one more line to `mAllVariables` array there. + +Adding the setting to Dasharo System Features +============================================= + +Before a variable can become visible in the UI, the code which implements the UI +part needs to become aware of it. + +Add storage for new variable +---------------------------- + +Find `DASHARO_FEATURES_DATA` structure in +`Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h` and add a new +field after `// Feature data` like: + +``` + BOOLEAN NewSetting; +``` + +Add initialization to constructor of `DasharoSystemFeaturesUiLib` +----------------------------------------------------------------- + +Update `DasharoSystemFeaturesUiLibConstructor()` in +`Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c` by adding a new +line like this: + +``` + LOAD_VAR (DASHARO_VAR_NEW_SETTING, NewSetting); +``` + +`NewSetting` here is a field of `DASHARO_FEATURES_DATA` from the above step. + +Add saving of new value +----------------------- + +`DasharoSystemFeaturesRouteConfig()` in +`Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c` is responsible for +writing changed values back into EFI variable storage. Add a line like this to +the function: + +``` + STORE_VAR (DASHARO_VAR_NEW_SETTING, NewSetting); +``` + +Very similar to `LOAD_VAR`. + +Some variables can even be read-only, but add this line anyway for consistency. +If no value change is detected, nothing gets written. + +Exposing the setting in Dasharo System Features UI +================================================== + +A variable might exist without being visible to the user, it might be visible +conditionally or unconditionally. The last two cases require updating UI forms +and tying them with the new code. + +Add UI strings to `Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni` +--------------------------------------------------------------------------------------- + +If your variable is called `DASHARO_VAR_NEW_SETTING`, add label and help +prompt like the following: + +``` +#string STR_NEW_SETTING_PROMPT #language en-US "" +#string STR_NEW_SETTING_HELP #language en-US "" +``` + +The two IDs above (`STR_NEW_SETTING_PROMPT` and `STR_NEW_SETTING_HELP`) will be +needed on modifying a form in the next step. + +Update `Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr` UI form +-------------------------------------------------------------------------------- + +The new setting will need to go to one of the sections surrounded by `form` and +`endform`. In some cases it might be necessary to add a new section. + +Most of the settings are booleans that get represented as checkboxes in which +case the added lines would look like this: + +``` + checkbox varid = FeaturesData.NewSetting, + prompt = STRING_TOKEN(STR_NEW_SETTING_PROMPT), + help = STRING_TOKEN(STR_NEW_SETTING_HELP), + flags = RESET_REQUIRED, + endcheckbox; +``` + +Making a setting resettable +=========================== + +Not all UI elements described in VFR file can have their default specified there +as well and that value might not be permanently fixed (i.e., configured at +build-time or run-time). Handling such a situation requires writing code which +provides default value through a callback which in this case is called +`DasharoSystemFeaturesCallback()` in +`Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c` file. For the +callback to know which value to provide, it gets an integer value known as +question ID which is specified in VFR file as well. + +Create question ID +------------------ + +Add a new definition at the bottom of +`Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h` like this one: + +``` +#define NEW_SETTING_QUESTION_ID 0x8010 +``` + +The integer value should be unique. + +Extend callback in `Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c` +------------------------------------------------------------------------------- + +Handle a new case to `switch (QuestionId)` in `DasharoSystemFeaturesCallback()` +like the following: + +``` + case NEW_SETTING_QUESTION_ID: + Value->b = DasharoGetVariableDefault (DASHARO_VAR_NEW_SETTING).Boolean; + break; +``` + +Depending on the variable type you want to change `->b` and `.Boolean` parts. + +Update UI element in VFR file +----------------------------- + +Find the element in question in +`Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr` and add two +fields to it (update flags if they already exist): + +``` + questionid = NEW_SETTING_QUESTION_ID, + flags = RESET_REQUIRED | INTERACTIVE, +``` + +`RESET_REQUIRED` flag means that resetting settings will affect this particular +one as well. + +`INTERACTIVE` flag means that the callback will be invoked for this element. +**Adding `questionid` without setting `INTERACTIVE` flag won't have any useful +effect.** + +Topics not covered +================== + +Could be added in the future: + +* Adding a new submenu. +* Controlling feature visibility via PCDs and hiding them in VFR. From e2be5f6fdfe7e644dfb446b378a550b98053ecc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Fri, 14 Jun 2024 12:08:49 +0200 Subject: [PATCH 304/357] DasharoModulePkg/DasharoSystemFeaturesUiLib: Change serial port option prompts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use the IBM PC serial port naming in the option prompts. Signed-off-by: Michał Żygowski --- .../DasharoSystemFeaturesStrings.uni | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 521ed2ce59..8c379ce390 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -162,10 +162,10 @@ #string STR_MEMORY_PROFILE_XMP2 #language en-US "XMP#2 (predefined extreme memory profile)" #string STR_MEMORY_PROFILE_XMP3 #language en-US "XMP#3 (predefined extreme memory profile)" -#string STR_SERIAL_CONSOLE_REDIRECTION_PROMPT #language en-US "Enable Serial Port Console Redirection" +#string STR_SERIAL_CONSOLE_REDIRECTION_PROMPT #language en-US "Enable COM0 Serial Console Redirection" #string STR_SERIAL_CONSOLE_REDIRECTION_HELP #language en-US "Redirect the firmware console to the serial port." -#string STR_SERIAL_CONSOLE_REDIRECTION2_PROMPT #language en-US "Enable COM2 Port Console Redirection" +#string STR_SERIAL_CONSOLE_REDIRECTION2_PROMPT #language en-US "Enable COM1 Serial Console Redirection" #string STR_SERIAL_CONSOLE_REDIRECTION2_HELP #language en-US "Redirect the firmware console to the second serial port." #string STR_CPU_THROTTLING_THRESHOLD_PROMPT #language en-US "CPU Throttling Threshold" From 38bd5a0da388f8b36c2881f3b8b5e81c5f590518 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Thu, 11 Apr 2024 15:52:00 +0200 Subject: [PATCH 305/357] PlatformBootManager: handle Vboot EC errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../PlatformBootManager.c | 55 +++++++++++++------ 1 file changed, 38 insertions(+), 17 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index e39d05d14e..b06f906480 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include EFI_GUID mBootMenuFile = { 0xEEC25BDC, 0x67F2, 0x4D95, { 0xB1, 0xD5, 0xF8, 0x1B, 0x20, 0x39, 0xD1, 0x1D } @@ -828,22 +829,42 @@ WarnIfRecoveryBoot ( SecondsLeft == 1 ? "" : "s" ); - CreateMultiStringPopUp ( - 78, - 12, - L"!!! WARNING !!!", - L"", - L"This message is displayed because the platform has booted from the recovery", - L"firmware partition. If you have just updated firmware, it is likely that", - L"the signature verification process failed. Please verify again that the", - L"firmware was downloaded from the proper source and try updating again.", - L"", - RecoveryCodeLine, - RecoveryMsgLine, - L"", - L"Press ENTER key to continue.", - DelayLine - ); + switch (RecoveryCode) { + case VB2_RECOVERY_EC_SOFTWARE_SYNC: + CreateMultiStringPopUp ( + 78, + 10, + L"!!! WARNING !!!", + L"", + L"Embedded Controller firmware update failed. Try rebooting the device", + L"with an AC adapter connected.", + L"", + L"If the message persists, contact support or see docs.dasharo.com for", + L"more information.", + L"", + L"Press ENTER key to continue.", + DelayLine + ); + break; + default: + CreateMultiStringPopUp ( + 78, + 12, + L"!!! WARNING !!!", + L"", + L"This message is displayed because the platform has booted from the recovery", + L"firmware partition. If you have just updated firmware, it is likely that", + L"the signature verification process failed. Please verify again that the", + L"firmware was downloaded from the proper source and try updating again.", + L"", + RecoveryCodeLine, + RecoveryMsgLine, + L"", + L"Press ENTER key to continue.", + DelayLine + ); + break; + } Status = gBS->WaitForEvent (2, Events, &Index); ASSERT_EFI_ERROR (Status); @@ -1389,7 +1410,7 @@ SaveSmBiosFieldToEfiVar ( if (EFI_ERROR (Status)) { NeedUpdate = TRUE; } else { - if (CurrentSize != FieldSize) + if (CurrentSize != FieldSize) NeedUpdate = TRUE; else if (CompareMem (CurrentValue, FieldValue, FieldSize) != 0) NeedUpdate = TRUE; From 64e20107b737d6cff92629d8f3179bb77729ba22 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Tue, 30 Apr 2024 01:13:42 +0300 Subject: [PATCH 306/357] DasharoPayloadPkg: import update capsules from cbmem in PEI The HOBs created by BuildCvHob() will get picked up and processed by MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c in DXE. Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/BlSupportPei/BlSupportPei.c | 9 +++++ DasharoPayloadPkg/Include/Coreboot.h | 9 +++++ .../Include/Library/BlParseLib.h | 17 +++++++++ .../Library/CbParseLib/CbParseLib.c | 36 +++++++++++++++++++ 4 files changed, 71 insertions(+) diff --git a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c index 237ef11c03..df0bdc9daa 100644 --- a/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c +++ b/DasharoPayloadPkg/BlSupportPei/BlSupportPei.c @@ -752,6 +752,15 @@ BlPeiEntryPoint ( return Status; } + // + // Import update capsules, if there are any. + // + Status = ParseCapsules (BuildCvHob); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Error when importing update capsules, Status = %r\n", Status)); + return Status; + } + // // Mask off all legacy 8259 interrupt sources // diff --git a/DasharoPayloadPkg/Include/Coreboot.h b/DasharoPayloadPkg/Include/Coreboot.h index 1a3c526641..e2fd7f00c5 100644 --- a/DasharoPayloadPkg/Include/Coreboot.h +++ b/DasharoPayloadPkg/Include/Coreboot.h @@ -747,4 +747,13 @@ struct cb_tpm_physical_presence { UINT8 ppi_version; /* BCD encoded */ }; +#define CB_TAG_CAPSULE 0x00b0 + +struct cb_range { + UINT32 tag; + UINT32 size; + UINT64 range_start; + UINT32 range_size; +} __attribute__((packed)); + #endif // _COREBOOT_PEI_H_INCLUDED_ diff --git a/DasharoPayloadPkg/Include/Library/BlParseLib.h b/DasharoPayloadPkg/Include/Library/BlParseLib.h index 2e513484fe..a0bfa6ba35 100644 --- a/DasharoPayloadPkg/Include/Library/BlParseLib.h +++ b/DasharoPayloadPkg/Include/Library/BlParseLib.h @@ -25,6 +25,9 @@ typedef RETURN_STATUS \ (*BL_MEM_INFO_CALLBACK) (MEMROY_MAP_ENTRY *MemoryMapEntry, VOID *Param); +typedef VOID \ + (*BL_CAPSULE_CALLBACK) (EFI_PHYSICAL_ADDRESS BaseAddress, UINT64 Length); + /** This function retrieves the parameter base address from boot loader. @@ -179,4 +182,18 @@ ParseTimestampTable ( OUT FIRMWARE_SEC_PERFORMANCE *Performance ); +/** + Parse update capsules passed in by coreboot + + @param CapsuleCallback The callback routine invoked for each capsule. + + @retval RETURN_SUCCESS Successfully parsed capsules. + @retval RETURN_NOT_FOUND coreboot table is missing. +**/ +RETURN_STATUS +EFIAPI +ParseCapsules ( + IN BL_CAPSULE_CALLBACK CapsuleCallback + ); + #endif diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c index 383582e9d7..c0df8a672d 100644 --- a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c @@ -955,3 +955,39 @@ ParseTimestampTable ( Performance->ResetEnd = DivU64x32(CbTsRec->base_time, CbTsRec->tick_freq_mhz); return RETURN_SUCCESS; } + +/** + Parse update capsules passed in by coreboot + + @param CapsuleCallback The callback routine invoked for each capsule. + + @retval RETURN_SUCCESS Successfully parsed capsules. + @retval RETURN_NOT_FOUND coreboot table is missing. +**/ +RETURN_STATUS +EFIAPI +ParseCapsules ( + IN BL_CAPSULE_CALLBACK CapsuleCallback + ) +{ + struct cb_header *Header; + struct cb_range *Range; + UINT8 *TmpPtr; + UINTN Idx; + + Header = GetParameterBase (); + if (Header == NULL) { + return RETURN_NOT_FOUND; + } + + TmpPtr = (UINT8 *)Header + Header->header_bytes; + for (Idx = 0; Idx < Header->table_entries; Idx++) { + Range = (struct cb_range *)TmpPtr; + if (Range->tag == CB_TAG_CAPSULE) { + CapsuleCallback (Range->range_start, Range->range_size); + } + TmpPtr += Range->size; + } + + return RETURN_SUCCESS; +} From a2e7f929355c3d3bbb3954c6cf28a60529ac1233 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Tue, 28 May 2024 16:12:05 +0300 Subject: [PATCH 307/357] OvmfPkg,SecurityPkg,DasharoPayloadPkg: use Dasharo var constants To avoid errors caused by typos. Signed-off-by: Sergii Dmytruk --- .../PlatformBootManager.c | 17 +++++++++-------- .../PlatformBootManagerLib/PlatformConsole.c | 7 ++++--- .../PciPlatformDxe/PciPlatformDxe.c | 2 +- .../PlatformBootManagerLib/BdsPlatform.c | 3 ++- .../Library/AuthVariableLib/AuthVariableLib.c | 7 ++++--- 5 files changed, 20 insertions(+), 16 deletions(-) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index b06f906480..5236771b94 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include EFI_GUID mBootMenuFile = { 0xEEC25BDC, 0x67F2, 0x4D95, { 0xB1, 0xD5, 0xF8, 0x1B, 0x20, 0x39, 0xD1, 0x1D } @@ -651,7 +652,7 @@ PlatformBootManagerBeforeConsole ( VarSize = sizeof (BootMenuEnable); Status = gRT->GetVariable ( - L"BootManagerEnabled", + DASHARO_VAR_BOOT_MANAGER_ENABLED, &gDasharoSystemFeaturesGuid, NULL, &VarSize, @@ -1101,7 +1102,7 @@ WarnIfFirmwareUpdateMode ( VarSize = sizeof (FUMEnabled); Status = gRT->GetVariable ( - L"FirmwareUpdateMode", + DASHARO_VAR_FIRMWARE_UPDATE_MODE, &gDasharoSystemFeaturesGuid, NULL, &VarSize, @@ -1116,7 +1117,7 @@ WarnIfFirmwareUpdateMode ( // Remove variable to disable FUM on next boot // Status = gRT->SetVariable ( - L"FirmwareUpdateMode", + DASHARO_VAR_FIRMWARE_UPDATE_MODE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, 0, @@ -1127,7 +1128,7 @@ WarnIfFirmwareUpdateMode ( // Create volatile runtime variable so applications can detect FUM // Status = gRT->SetVariable ( - L"FirmwareUpdateMode", + DASHARO_VAR_FIRMWARE_UPDATE_MODE, &gDasharoSystemFeaturesGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, VarSize, @@ -1462,7 +1463,7 @@ SaveSMBIOSFields ( while (!EFI_ERROR(Status)) { if (Record->Type == SMBIOS_TYPE_SYSTEM_INFORMATION) { Type1Record = (SMBIOS_TABLE_TYPE1 *) Record; - SaveSmBiosFieldToEfiVar((VOID *)&Type1Record->Uuid, sizeof(Type1Record->Uuid), L"Type1UUID"); + SaveSmBiosFieldToEfiVar((VOID *)&Type1Record->Uuid, sizeof(Type1Record->Uuid), DASHARO_VAR_SMBIOS_UUID); GotType1 = TRUE; } @@ -1480,7 +1481,7 @@ SaveSMBIOSFields ( if ((StrIndex != 0) || (StrSize == 1)) DEBUG((EFI_D_INFO, "SMBIOS Type2 Serial Number missing\n")); else - SaveSmBiosFieldToEfiVar((VOID *)OptionalStrStart, StrSize, L"Type2SN"); + SaveSmBiosFieldToEfiVar((VOID *)OptionalStrStart, StrSize, DASHARO_VAR_SMBIOS_SN); GotType2 = TRUE; } @@ -1575,7 +1576,7 @@ PlatformBootManagerAfterConsole ( VarSize = sizeof (NetBootEnabled); Status = gRT->GetVariable ( - L"NetworkBoot", + DASHARO_VAR_NETWORK_BOOT, &gDasharoSystemFeaturesGuid, NULL, &VarSize, @@ -1630,7 +1631,7 @@ PlatformBootManagerAfterConsole ( VarSize = sizeof (BootMenuEnable); Status = gRT->GetVariable ( - L"BootManagerEnabled", + DASHARO_VAR_BOOT_MANAGER_ENABLED, &gDasharoSystemFeaturesGuid, NULL, &VarSize, diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c index 048a06af20..a2ed7b66a6 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformConsole.c @@ -11,6 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #define PCI_DEVICE_PATH_NODE(Func, Dev) \ { \ @@ -248,7 +249,7 @@ RegisterUartConsole ( VarSize = sizeof (UartEnabled); Status = gRT->GetVariable ( - UartNumber == 1 ? L"SerialRedirection2" : L"SerialRedirection", + UartNumber == 1 ? DASHARO_VAR_SERIAL_REDIRECTION2 : DASHARO_VAR_SERIAL_REDIRECTION, &gDasharoSystemFeaturesGuid, NULL, &VarSize, @@ -340,7 +341,7 @@ PrepareLpcBridgeDevicePath ( VarSize = sizeof (Ps2Enabled); Status = gRT->GetVariable ( - L"Ps2Controller", + DASHARO_VAR_PS2_CONTROLLER, &gDasharoSystemFeaturesGuid, NULL, &VarSize, @@ -454,7 +455,7 @@ PreparePciSerialDevicePath ( VarSize = sizeof (PciSerialEnabled); Status = gRT->GetVariable ( - L"SerialRedirection", + DASHARO_VAR_SERIAL_REDIRECTION, &gDasharoSystemFeaturesGuid, NULL, &VarSize, diff --git a/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c index 1d0c17a9bd..afb869649a 100644 --- a/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c +++ b/DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.c @@ -96,7 +96,7 @@ ShouldLoadOptionRom ( BufferSize = sizeof (OptionRomPolicy); Status = gRT->GetVariable ( - L"OptionRomPolicy", + DASHARO_VAR_OPTION_ROM_POLICY, &gDasharoSystemFeaturesGuid, NULL, &BufferSize, diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index 9336bcd38b..e8aa3af1ad 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -15,6 +15,7 @@ #include #include #include +#include EFI_GUID mBootMenuFile = { 0xEEC25BDC, 0x67F2, 0x4D95, { 0xB1, 0xD5, 0xF8, 0x1B, 0x20, 0x39, 0xD1, 0x1D } @@ -2077,7 +2078,7 @@ PlatformBootManagerAfterConsole ( VarSize = sizeof (NetBootEnabled); Status = gRT->GetVariable ( - L"NetworkBoot", + DASHARO_VAR_NETWORK_BOOT, &gDasharoSystemFeaturesGuid, NULL, &VarSize, diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c index 743675958e..658873ec75 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ #include "AuthServiceInternal.h" +#include /// /// Global database array for scratch @@ -230,12 +231,12 @@ AuthVariableLibInitialize ( } } - Status = AuthServiceInternalFindVariable (L"FirmwareUpdateMode", &gDasharoSystemFeaturesGuid, + Status = AuthServiceInternalFindVariable (DASHARO_VAR_FIRMWARE_UPDATE_MODE, &gDasharoSystemFeaturesGuid, (VOID **) &Data, &DataSize); if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", L"FirmwareUpdateMode")); + DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", DASHARO_VAR_FIRMWARE_UPDATE_MODE)); } else { - DEBUG ((EFI_D_INFO, "Variable %s exists.\n", L"FirmwareUpdateMode")); + DEBUG ((EFI_D_INFO, "Variable %s exists.\n", DASHARO_VAR_FIRMWARE_UPDATE_MODE)); } // From 88078bc6baa4283080ed219899a6f05f168df1de Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Wed, 5 Jun 2024 01:16:14 +0300 Subject: [PATCH 308/357] SecurityPkg/SecureBootConfigDxe: require reset on all SB changes Enrolling or removing any signature should require a reset to avoid booting a system with some weird value of PCR-7. The PCR is extended on writes into SecureBoot-related variables (see SecureBootHook() in SecurityPkg/DxeImageVerificationLib) and then right before booting (in TcgDxe or Tcg2Dxe in OnReadyToBoot() handler), meaning that editing SecureBoot configuration and continuing boot process without a reset results in an unexpected value of PCR-7 even if the end result of changes is the same as it would be without any changes. Now reset is required in the following cases as well: * enrolling/deletion of a KEK signature * enrolling/deletion of a DB signature * enrolling/deletion of a DBX signature (one or all of them) * enrolling/deletion of a DBT signature Addition cases are handled in VFR while deletion options are checkboxes generated in C and that's where the flags get set (number of updated places is fewer than number of handled cases because functions are shared by menus). Signed-off-by: Sergii Dmytruk --- .../SecureBootConfigDxe/SecureBootConfig.vfr | 8 ++++---- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index 5306950fb3..ca28901fd4 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -266,7 +266,7 @@ formset goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), help = STRING_TOKEN(STR_SAVE_AND_EXIT), - flags = INTERACTIVE, + flags = INTERACTIVE | RESET_REQUIRED, key = KEY_VALUE_SAVE_AND_EXIT_KEK; goto FORMID_SECURE_BOOT_OPTION_FORM, @@ -470,7 +470,7 @@ formset goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), help = STRING_TOKEN(STR_SAVE_AND_EXIT), - flags = INTERACTIVE, + flags = INTERACTIVE | RESET_REQUIRED, key = KEY_VALUE_SAVE_AND_EXIT_DB; goto FORMID_SECURE_BOOT_OPTION_FORM, @@ -564,7 +564,7 @@ formset goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), help = STRING_TOKEN(STR_SAVE_AND_EXIT), - flags = INTERACTIVE, + flags = INTERACTIVE | RESET_REQUIRED, key = KEY_VALUE_SAVE_AND_EXIT_DBX; goto FORMID_SECURE_BOOT_OPTION_FORM, @@ -609,7 +609,7 @@ formset goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), help = STRING_TOKEN(STR_SAVE_AND_EXIT), - flags = INTERACTIVE, + flags = INTERACTIVE | RESET_REQUIRED, key = KEY_VALUE_SAVE_AND_EXIT_DBT; goto FORMID_SECURE_BOOT_OPTION_FORM, diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index ac4ac0f307..8379935649 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -2661,7 +2661,7 @@ UpdateDeletePage ( 0, GuidID, Help, - EFI_IFR_FLAG_CALLBACK, + EFI_IFR_FLAG_CALLBACK | EFI_IFR_FLAG_RESET_REQUIRED, 0, NULL ); @@ -3756,7 +3756,7 @@ LoadSignatureList ( DstFormId, STRING_TOKEN (STR_SECURE_BOOT_DELETE_ALL_LIST), STRING_TOKEN (STR_SECURE_BOOT_DELETE_ALL_LIST), - EFI_IFR_FLAG_CALLBACK, + EFI_IFR_FLAG_CALLBACK | EFI_IFR_FLAG_RESET_REQUIRED, KEY_SECURE_BOOT_DELETE_ALL_LIST ); @@ -3835,7 +3835,7 @@ LoadSignatureList ( SECUREBOOT_DELETE_SIGNATURE_DATA_FORM, HiiSetString (PrivateData->HiiHandle, 0, NameBuffer, NULL), HiiSetString (PrivateData->HiiHandle, 0, HelpBuffer, NULL), - EFI_IFR_FLAG_CALLBACK, + EFI_IFR_FLAG_CALLBACK | EFI_IFR_FLAG_RESET_REQUIRED, QuestionIdBase + Index++ ); From c048540873c1d1e6110c2c7d94cbaadcdb56aabe Mon Sep 17 00:00:00 2001 From: Benjamin Doron Date: Wed, 17 Apr 2024 11:16:53 -0400 Subject: [PATCH 309/357] [DNM] MdeModulePkg: PciBusDxe: Drop `RemoveRejectedPciDevices()` There is an assumption in `IsPciDeviceRejected()` (at least for I/O) that a BAR with all read-write bits set is invalid. However, this is not the case: when a resource is size-aligned down from the top, this may also be the case. This code causes the rejection of the iGPU (and therefore, display) in some cases with the DasharoPayloadPkg, when the coreboot ESOURCE_ALLOCATION_TOP_DOWN config is enabled. It remains to be seen whether this code addresses some other issue. Signed-off-by: Benjamin Doron --- .../Bus/Pci/PciBusDxe/PciEnumeratorSupport.c | 108 ------------------ .../Bus/Pci/PciBusDxe/PciEnumeratorSupport.h | 14 --- MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c | 59 ---------- MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.h | 14 --- 4 files changed, 195 deletions(-) diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c index f5ba038842..56519a4dd0 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c @@ -2582,11 +2582,6 @@ PciEnumeratorLight ( ); if (!EFI_ERROR (Status)) { - // - // Remove those PCI devices which are rejected when full enumeration - // - RemoveRejectedPciDevices (RootBridgeDev->Handle, RootBridgeDev); - if (!PcdGetBool (PcdPciDisableBusEnumeration)) { // // Process option rom light @@ -2707,109 +2702,6 @@ StartManagingRootBridge ( return EFI_SUCCESS; } -/** - This routine can be used to check whether a PCI device should be rejected when light enumeration. - - @param PciIoDevice Pci device instance. - - @retval TRUE This device should be rejected. - @retval FALSE This device shouldn't be rejected. - -**/ -BOOLEAN -IsPciDeviceRejected ( - IN PCI_IO_DEVICE *PciIoDevice - ) -{ - EFI_STATUS Status; - UINT32 TestValue; - UINT32 OldValue; - UINT32 Mask; - UINT8 BarOffset; - - // - // PPB should be skip! - // - if (IS_PCI_BRIDGE (&PciIoDevice->Pci)) { - return FALSE; - } - - if (IS_CARDBUS_BRIDGE (&PciIoDevice->Pci)) { - // - // Only test base registers for P2C - // - for (BarOffset = 0x1C; BarOffset <= 0x38; BarOffset += 2 * sizeof (UINT32)) { - Mask = (BarOffset < 0x2C) ? 0xFFFFF000 : 0xFFFFFFFC; - Status = BarExisted (PciIoDevice, BarOffset, &TestValue, &OldValue); - if (EFI_ERROR (Status)) { - continue; - } - - TestValue = TestValue & Mask; - if ((TestValue != 0) && (TestValue == (OldValue & Mask))) { - // - // The bar isn't programed, so it should be rejected - // - return TRUE; - } - } - - return FALSE; - } - - for (BarOffset = 0x14; BarOffset <= 0x24; BarOffset += sizeof (UINT32)) { - // - // Test PCI devices - // - Status = BarExisted (PciIoDevice, BarOffset, &TestValue, &OldValue); - if (EFI_ERROR (Status)) { - continue; - } - - if ((TestValue & 0x01) != 0) { - // - // IO Bar - // - Mask = 0xFFFFFFFC; - TestValue = TestValue & Mask; - if ((TestValue != 0) && (TestValue == (OldValue & Mask))) { - return TRUE; - } - } else { - // - // Mem Bar - // - Mask = 0xFFFFFFF0; - TestValue = TestValue & Mask; - - if ((TestValue & 0x07) == 0x04) { - // - // Mem64 or PMem64 - // - BarOffset += sizeof (UINT32); - if ((TestValue != 0) && (TestValue == (OldValue & Mask))) { - // - // Test its high 32-Bit BAR - // - Status = BarExisted (PciIoDevice, BarOffset, &TestValue, &OldValue); - if (TestValue == OldValue) { - return TRUE; - } - } - } else { - // - // Mem32 or PMem32 - // - if ((TestValue != 0) && (TestValue == (OldValue & Mask))) { - return TRUE; - } - } - } - } - - return FALSE; -} - /** Reset all bus number from specific bridge. diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.h b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.h index 7daa6e020d..9baa5924cb 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.h +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.h @@ -429,20 +429,6 @@ StartManagingRootBridge ( IN PCI_IO_DEVICE *RootBridgeDev ); -/** - This routine can be used to check whether a PCI device should be rejected when light enumeration. - - @param PciIoDevice Pci device instance. - - @retval TRUE This device should be rejected. - @retval FALSE This device shouldn't be rejected. - -**/ -BOOLEAN -IsPciDeviceRejected ( - IN PCI_IO_DEVICE *PciIoDevice - ); - /** Reset all bus number from specific bridge. diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c index 84fc0161a1..49f0667f75 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c @@ -139,65 +139,6 @@ GetBackPcCardBar ( } } -/** - Remove rejected pci device from specific root bridge - handle. - - @param RootBridgeHandle Specific parent root bridge handle. - @param Bridge Bridge device instance. - -**/ -VOID -RemoveRejectedPciDevices ( - IN EFI_HANDLE RootBridgeHandle, - IN PCI_IO_DEVICE *Bridge - ) -{ - PCI_IO_DEVICE *Temp; - LIST_ENTRY *CurrentLink; - LIST_ENTRY *LastLink; - - if (!FeaturePcdGet (PcdPciBusHotplugDeviceSupport)) { - return; - } - - CurrentLink = Bridge->ChildList.ForwardLink; - - while (CurrentLink != NULL && CurrentLink != &Bridge->ChildList) { - Temp = PCI_IO_DEVICE_FROM_LINK (CurrentLink); - - if (IS_PCI_BRIDGE (&Temp->Pci)) { - // - // Remove rejected devices recusively - // - RemoveRejectedPciDevices (RootBridgeHandle, Temp); - } else { - // - // Skip rejection for all PPBs, while detect rejection for others - // - if (IsPciDeviceRejected (Temp)) { - // - // For P2C, remove all devices on it - // - if (!IsListEmpty (&Temp->ChildList)) { - RemoveAllPciDeviceOnBridge (RootBridgeHandle, Temp); - } - - // - // Finally remove itself - // - LastLink = CurrentLink->BackLink; - RemoveEntryList (CurrentLink); - FreePciDevice (Temp); - - CurrentLink = LastLink; - } - } - - CurrentLink = CurrentLink->ForwardLink; - } -} - /** Dump the resourc map of the bridge device. diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.h b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.h index 5d2551148b..8235f86127 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.h +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.h @@ -39,20 +39,6 @@ GetBackPcCardBar ( IN PCI_IO_DEVICE *PciIoDevice ); -/** - Remove rejected pci device from specific root bridge - handle. - - @param RootBridgeHandle Specific parent root bridge handle. - @param Bridge Bridge device instance. - -**/ -VOID -RemoveRejectedPciDevices ( - IN EFI_HANDLE RootBridgeHandle, - IN PCI_IO_DEVICE *Bridge - ); - /** Submits the I/O and memory resource requirements for the specified PCI Host Bridge. From 7b0c378a56bbbebc3129a1d7375e61a0f30ef730 Mon Sep 17 00:00:00 2001 From: Krystian Hebel Date: Tue, 4 Jun 2024 15:31:06 +0200 Subject: [PATCH 310/357] Dasharo{Module,Payload}Pkg: extract IOMMU settings to separate driver This is the only setting that requires edk2-platforms, and only for PcdVTdPolicyPropertyMask. As not all platforms support VTd, fetching edk2-platforms unconditionally isn't necessary. This change creates the possibility to build Dasharo edk2 payload without edk2-platform. Signed-off-by: Krystian Hebel --- .../DasharoBootPolicies/BootPolicies.c | 32 --------- .../DasharoBootPolicies.inf | 3 - .../DasharoBootPoliciesVTd/BootPolicies.c | 72 +++++++++++++++++++ .../DasharoBootPoliciesVTd.inf | 47 ++++++++++++ DasharoPayloadPkg/DasharoPayloadPkg.dsc | 6 ++ DasharoPayloadPkg/DasharoPayloadPkg.fdf | 4 ++ 6 files changed, 129 insertions(+), 35 deletions(-) create mode 100644 DasharoModulePkg/DasharoBootPoliciesVTd/BootPolicies.c create mode 100644 DasharoModulePkg/DasharoBootPoliciesVTd/DasharoBootPoliciesVTd.inf diff --git a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c index e57250ef65..904cf92973 100644 --- a/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c +++ b/DasharoModulePkg/DasharoBootPolicies/BootPolicies.c @@ -41,8 +41,6 @@ InitializeBootPolicies ( EFI_STATUS Status = EFI_SUCCESS; BOOLEAN *EfiVar; UINTN VarSize = sizeof(BOOLEAN); - DASHARO_IOMMU_CONFIG *IommuConfig; - UINT8 PcdVal = 0; gBS = SystemTable->BootServices; gRT = SystemTable->RuntimeServices; @@ -151,36 +149,6 @@ InitializeBootPolicies ( DEBUG ((EFI_D_INFO, "Boot Policy: Enabling PS2 Controller\n")); } - VarSize = sizeof(*IommuConfig); - Status = GetVariable2 ( - DASHARO_VAR_IOMMU_CONFIG, - &gDasharoSystemFeaturesGuid, - (VOID **) &IommuConfig, - &VarSize - ); - - if ((Status == EFI_SUCCESS) && (VarSize == sizeof(*IommuConfig))){ - PcdVal = PcdGet8(PcdVTdPolicyPropertyMask); - if (IommuConfig->IommuEnable){ - PcdVal |= 0x01; - if (IommuConfig->IommuHandoff){ - PcdVal |= 0x02; - DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU will be kept enabled on ExitBootServices\n")); - } - else{ - PcdVal &= (~0x02); - DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU will be disabled on ExitBootServices\n")); - } - PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal); - } else { - PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal & (~0x03)); - DEBUG ((EFI_D_INFO, "Boot Policy: DMA protection disabled\n")); - } - } else { - PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal & (~0x03)); - DEBUG ((EFI_D_INFO, "Boot Policy: DMA protection disabled\n")); - } - VarSize = sizeof(BOOLEAN); Status = GetVariable2 ( DASHARO_VAR_SERIAL_REDIRECTION, diff --git a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf index 1f1e75a28e..91ae66658c 100644 --- a/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf +++ b/DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf @@ -26,7 +26,6 @@ [Packages] MdePkg/MdePkg.dec DasharoModulePkg/DasharoModulePkg.dec - IntelSiliconPkg/IntelSiliconPkg.dec [LibraryClasses] BaseLib @@ -52,8 +51,6 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirection2DefaultState gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart - gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask - [Depex] gEfiVariableArchProtocolGuid diff --git a/DasharoModulePkg/DasharoBootPoliciesVTd/BootPolicies.c b/DasharoModulePkg/DasharoBootPoliciesVTd/BootPolicies.c new file mode 100644 index 0000000000..b039351edd --- /dev/null +++ b/DasharoModulePkg/DasharoBootPoliciesVTd/BootPolicies.c @@ -0,0 +1,72 @@ +/*++ +Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved + + SPDX-License-Identifier: BSD-2-Clause-Patent + +--*/ + +/** @file +**/ + +#include +#include +#include +#include +#include + +#include + +/** + Entry point for the Boot Policies Driver. + @param ImageHandle Image handle of this driver. + @param SystemTable Global system service table. + @retval EFI_SUCCESS Initialization complete. +**/ +EFI_STATUS +EFIAPI +InitializeBootPolicies ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) + +{ + EFI_STATUS Status; + UINTN VarSize; + DASHARO_IOMMU_CONFIG *IommuConfig; + UINT8 PcdVal = 0; + + gBS = SystemTable->BootServices; + gRT = SystemTable->RuntimeServices; + + VarSize = sizeof(*IommuConfig); + Status = GetVariable2 ( + L"IommuConfig", + &gDasharoSystemFeaturesGuid, + (VOID **) &IommuConfig, + &VarSize + ); + + if ((Status == EFI_SUCCESS) && (VarSize == sizeof(*IommuConfig))){ + PcdVal = PcdGet8(PcdVTdPolicyPropertyMask); + if (IommuConfig->IommuEnable){ + PcdVal |= 0x01; + if (IommuConfig->IommuHandoff){ + PcdVal |= 0x02; + DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU will be kept enabled on ExitBootServices\n")); + } + else{ + PcdVal &= (~0x02); + DEBUG ((EFI_D_INFO, "Boot Policy: IOMMU will be disabled on ExitBootServices\n")); + } + PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal); + } else { + PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal & (~0x03)); + DEBUG ((EFI_D_INFO, "Boot Policy: DMA protection disabled\n")); + } + } else { + PcdSet8S(PcdVTdPolicyPropertyMask, PcdVal & (~0x03)); + DEBUG ((EFI_D_INFO, "Boot Policy: DMA protection disabled\n")); + } + + return EFI_SUCCESS; +} diff --git a/DasharoModulePkg/DasharoBootPoliciesVTd/DasharoBootPoliciesVTd.inf b/DasharoModulePkg/DasharoBootPoliciesVTd/DasharoBootPoliciesVTd.inf new file mode 100644 index 0000000000..ad672e774e --- /dev/null +++ b/DasharoModulePkg/DasharoBootPoliciesVTd/DasharoBootPoliciesVTd.inf @@ -0,0 +1,47 @@ +# +# +# Copyright (c) 1999 - 2019, Intel Corporation. All rights reserved +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DasharoBootPoliciesVTd + FILE_GUID = ca90493f-1a22-4d09-9c78-3894507eb646 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = InitializeBootPolicies + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = X64 +# + +[Sources.common] + BootPolicies.c + +[Packages] + MdePkg/MdePkg.dec + DasharoModulePkg/DasharoModulePkg.dec + IntelSiliconPkg/IntelSiliconPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + PcdLib + UefiLib + PcdLib + UefiDriverEntryPoint + UefiRuntimeServicesTableLib + +[Guids] + gDasharoSystemFeaturesGuid ### CONSUMES + +[Pcd] + gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask + +[Depex] + gEfiVariableArchProtocolGuid diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 74dc9f751a..df73d23a66 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -576,7 +576,9 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|0 gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy|0 gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|0 +!if $(USE_EDK2_PLATFORMS) == TRUE gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask|1 +!endif [PcdsDynamicHii] !if $(TPM_ENABLE) == TRUE @@ -838,6 +840,10 @@ DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf +!if $(USE_EDK2_PLATFORMS) == TRUE + DasharoModulePkg/DasharoBootPoliciesVTd/DasharoBootPoliciesVTd.inf +!endif + # # Random Number Generator # diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 5fc5e1b872..e7aa3b9aa1 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -310,6 +310,10 @@ INF SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf INF DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf +!if $(USE_EDK2_PLATFORMS) == TRUE +INF DasharoModulePkg/DasharoBootPoliciesVTd/DasharoBootPoliciesVTd.inf +!endif + # # Random Number Generator # From 6e3042c3b32740cea7641e50f7cf44b13efc907f Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 15 Jun 2024 16:12:04 +0300 Subject: [PATCH 311/357] OvmfPkg: make it build without edk2-platforms Signed-off-by: Sergii Dmytruk --- OvmfPkg/OvmfPkgX64.dsc | 5 +++++ OvmfPkg/OvmfPkgX64.fdf | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 3bd586598b..7051477712 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -755,7 +755,9 @@ gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000 +!if $(USE_EDK2_PLATFORMS) == TRUE gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask|1 +!endif [PcdsDynamicHii] !include OvmfPkg/Include/Dsc/OvmfTpmPcdsHii.dsc.inc @@ -1027,6 +1029,9 @@ !if $(DASHARO_SYSTEM_FEATURES_ENABLE) == TRUE DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf +!if $(USE_EDK2_PLATFORMS) == TRUE + DasharoModulePkg/DasharoBootPoliciesVTd/DasharoBootPoliciesVTd.inf +!endif !endif # diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index c4be74686e..a239411d67 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -393,6 +393,10 @@ INF OvmfPkg/TdxDxe/TdxDxe.inf INF DasharoModulePkg/DasharoBootPolicies/DasharoBootPolicies.inf +!if $(USE_EDK2_PLATFORMS) == TRUE +INF DasharoModulePkg/DasharoBootPoliciesVTd/DasharoBootPoliciesVTd.inf +!endif + # # Hash2 # From 379a51ba38cf0af0dc4a83010908c8a5faf6d42b Mon Sep 17 00:00:00 2001 From: Krystian Hebel Date: Mon, 27 May 2024 16:45:22 +0200 Subject: [PATCH 312/357] DasharoPayloadPkg/PciHostBridgeLib.c: trim PMem if it overlaps with Mem Resource allocator used by coreboot may produce intertwined prefetchable and non-prefetchable MMIO regions. Since edk2 assumes that there is at most one continuous region of given type, this may create overlaps. This change removes overlapping part of region from PMem, leaving it only in Mem (and similarly for Above4G variants). By doing so, some of memory regions that could otherwise be WC are now UC, but this is safer than doing it the other way around. The regions are not split into smaller ones, as doing so would lead to bigger fragmentation and potentially depletion of MTRRs. Signed-off-by: Krystian Hebel --- .../PciHostBridgeLib/PciHostBridgeLib.c | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.c b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.c index 512c3127cc..a6538aeafa 100644 --- a/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.c +++ b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeLib.c @@ -128,6 +128,33 @@ InitRootBridge ( CopyMem (&RootBus->PMem, PMem, sizeof (*PMem)); CopyMem (&RootBus->PMemAbove4G, PMemAbove4G, sizeof (*PMemAbove4G)); + // + // Handle overlaps between Mem and PMem, Mem takes precedence + // + if (!(RootBus->Mem.Limit < RootBus->PMem.Base || + RootBus->Mem.Base > RootBus->PMem.Limit) + ) { + DEBUG ((DEBUG_INFO, "%a: PMem overlaps with Mem, trimming PMem\n", + __FUNCTION__)); + if (RootBus->Mem.Base <= RootBus->PMem.Base) { + RootBus->PMem.Base = RootBus->Mem.Limit + 1; + } else { + RootBus->PMem.Limit = RootBus->Mem.Base - 1; + } + } + if (!(RootBus->MemAbove4G.Limit < RootBus->PMemAbove4G.Base || + RootBus->MemAbove4G.Base > RootBus->PMemAbove4G.Limit) + ) { + DEBUG ((DEBUG_INFO, + "%a: PMemAbove4G overlaps with MemAbove4G, trimming PMemAbove4G\n", + __FUNCTION__)); + if (RootBus->MemAbove4G.Base <= RootBus->PMemAbove4G.Base) { + RootBus->PMemAbove4G.Base = RootBus->MemAbove4G.Limit + 1; + } else { + RootBus->PMemAbove4G.Limit = RootBus->MemAbove4G.Base - 1; + } + } + RootBus->NoExtendedConfigSpace = FALSE; DevicePath = AllocateCopyPool (sizeof (mRootBridgeDevicePathTemplate), From 3149a5ad158158a9f5161dbea8006d5644635b4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Fri, 20 Oct 2023 16:50:46 +0200 Subject: [PATCH 313/357] MdeModulePkg/RuntimeDxeReportStatusCodeLib: do nothing after ExitBootServices() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prevent debugging on serial port (whether physical or cbmem console) at runtime by not doing anything after boot services are exited. It will stop calling SerialPortWrite if EFI switches to runtime and avoid access to cbmem CONSOLE buffer which is neither marked as runtime code nor data. If serial debugging will be necessary, actually mark coreboot's CONSOLE buffer as runtime data (it's location and size are known). Solves the issue with Xen backtrace on EFI reset system runtime service: https://github.com/Dasharo/dasharo-issues/issues/488#issuecomment-1772758851 Signed-off-by: Michał Żygowski Signed-off-by: Sergii Dmytruk --- .../RuntimeDxeReportStatusCodeLib/ReportStatusCodeLib.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/ReportStatusCodeLib.c b/MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/ReportStatusCodeLib.c index 8fd20ff239..daa4a34218 100644 --- a/MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/ReportStatusCodeLib.c +++ b/MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/ReportStatusCodeLib.c @@ -231,6 +231,15 @@ InternalReportStatusCode ( return EFI_UNSUPPORTED; } + // + // Prevent debugging at runtime by not doing anything after boot services + // are exited. This is done to avoid accesses to cbmem CONSOLE buffer which + // is neither marked as runtime code nor data. + // + if (mHaveExitedBootServices) { + return EFI_UNSUPPORTED; + } + // // A Report Status Code Protocol is present in system, so pass in all the parameters to the service. // From 11b26796145e29b2ceeb5a00b130f81246115159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 12 Jun 2024 15:04:04 +0200 Subject: [PATCH 314/357] DasharoSystemFeaturesUiLib: Add options for downcoring and HT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoModulePkg/DasharoModulePkg.dec | 4 + DasharoModulePkg/Include/DasharoOptions.h | 4 + .../DasharoSystemFeaturesUiLib/CpuTopology.c | 186 +++++++++++++++++ .../DasharoSystemFeatures.c | 158 +++++++++++---- .../DasharoSystemFeatures.h | 8 + .../DasharoSystemFeaturesHii.h | 17 +- .../DasharoSystemFeaturesStrings.uni | 40 ++++ .../DasharoSystemFeaturesUiLib.inf | 5 + .../DasharoSystemFeaturesVfr.vfr | 188 ++++++++++++++++++ .../DasharoVariablesLib/DasharoVariablesLib.c | 12 ++ .../DasharoVariablesLib.inf | 1 + 11 files changed, 580 insertions(+), 43 deletions(-) create mode 100644 DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/CpuTopology.c diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 63cb7adacc..7f87c14a14 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -75,6 +75,10 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtEnableDefault|FALSE|BOOLEAN|0x000000022 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuThrottlingThreshold|TRUE|BOOLEAN|0x00000023 gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuMaxTemperature|100|UINT8|0x00000024 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuMenu|FALSE|BOOLEAN|0x000000025 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuCoreDisable|FALSE|BOOLEAN|0x000000026 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuHyperThreading|FALSE|BOOLEAN|0x000000027 + gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuHyperThreadingDefault|TRUE|BOOLEAN|0x000000028 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Include/DasharoOptions.h b/DasharoModulePkg/Include/DasharoOptions.h index 24979b0125..d1d8165eff 100644 --- a/DasharoModulePkg/Include/DasharoOptions.h +++ b/DasharoModulePkg/Include/DasharoOptions.h @@ -41,6 +41,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define DASHARO_VAR_USB_STACK L"UsbDriverStack" #define DASHARO_VAR_WATCHDOG L"WatchdogConfig" #define DASHARO_VAR_WATCHDOG_AVAILABLE L"WatchdogAvailable" +#define DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT L"SmallCoreActiveCount" +#define DASHARO_VAR_CORE_ACTIVE_COUNT L"CoreActiveCount" +#define DASHARO_VAR_HYPER_THREADING L"HyperThreading" // Other #define DASHARO_VAR_SMBIOS_UUID L"Type1UUID" @@ -76,6 +79,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define DASHARO_MEMORY_PROFILE_XMP2 3 #define DASHARO_MEMORY_PROFILE_XMP3 4 +#define DASHARO_CPU_CORES_ENABLE_ALL 0xff // // Structures describing format of some of the above EFI variables. Must be // packed. diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/CpuTopology.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/CpuTopology.c new file mode 100644 index 0000000000..9e67a80f32 --- /dev/null +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/CpuTopology.c @@ -0,0 +1,186 @@ +/** @file +The CPU topology helper functions + +Copyright (c) 2024, 3mdeb Sp. z o.o. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause + +**/ + +#include "DasharoSystemFeatures.h" +#include +#include + +typedef struct { + UINT16 SA_DeviceId; + UINT8 NumPcores; + UINT8 NumEcores; +} SKU_TABLE; + +STATIC CONST SKU_TABLE CpuSkuTable[] = { + // AlderLake CPU Desktop SA Device IDs + { 0x4660, 8, 8 }, // AlderLake Desktop (8+8+GT) SA DID + { 0x4664, 8, 6 }, // AlderLake Desktop (8+6+GT) SA DID + { 0x4668, 8, 4 }, // AlderLake Desktop (8+4+GT) SA DID + { 0x466C, 8, 2 }, // AlderLake Desktop (8+2+GT) SA DID + { 0x4670, 8, 0 }, // AlderLake Desktop (8+0+GT) SA DID + { 0x4640, 6, 8 }, // AlderLake Desktop (6+8+GT) SA DID + { 0x4644, 6, 6 }, // AlderLake Desktop (6+6+GT) SA DID + { 0x4648, 6, 4 }, // AlderLake Desktop (6+4+GT) SA DID + { 0x464C, 6, 2 }, // AlderLake Desktop (6+2+GT) SA DID + { 0x4650, 6, 0 }, // AlderLake Desktop (6+0+GT) SA DID + { 0x4630, 4, 0 }, // AlderLake Desktop (4+0+GT) SA DID + { 0x4610, 2, 0 }, // AlderLake Desktop (2+0+GT) SA DID + { 0x4673, 8, 6 }, // AlderLake Desktop (8+6+GT) SA DID + { 0x4663, 8, 8 }, // AlderLake Desktop BGA (8+8+GT) SA DID + { 0x466B, 8, 4 }, // AlderLake Desktop BGA (8+4+GT) SA DID + { 0x4653, 6, 0 }, // AlderLake Desktop BGA (6+0+GT) SA DID + { 0x4633, 4, 0 }, // AlderLake Desktop BGA (4+0+GT) SA DID + { 0x4637, 8, 8 }, // AlderLake Mobile S BGA (8+8+GT) SA DID + { 0x463B, 6, 8 }, // AlderLake Mobile S BGA (6+8+GT) SA DID + { 0x4623, 4, 8 }, // AlderLake Mobile S BGA (4+8+GT) SA DID + { 0x462B, 4, 4 }, // AlderLake Mobile S BGA (4+4+GT) SA DID + { 0x4647, 6, 4 }, // AlderLake Mobile S BGA (6+4+GT) SA DID + // AlderLake CPU Mobile SA Device IDs + { 0x4641, 6, 8 }, // AlderLake P (6+8+GT) SA DID + { 0x4649, 6, 4 }, // AlderLake P (6+4+GT) SA DID + { 0x4621, 4, 8 }, // AlderLake P (4+8+GT) SA DID + { 0x4609, 2, 4 }, // AlderLake P (2+4+GT) SA DID + { 0x4601, 2, 8 }, // AlderLake P (2+8+GT) SA DID + { 0x4661, 6, 8 }, // AlderLake P (6+8+2) SA DID + { 0x4629, 4, 4 }, // AlderLake P (4+4+1) SA DID + { 0x4619, 1, 4 }, // AlderLake P (1+4+GT) SA DID + { 0x4659, 1, 8 }, // AlderLake P (1+8+GT) SA DID + { 0x4645, 6, 6 }, // AlderLake P (6+6+GT) SA DID + { 0x4602, 2, 8 }, // AlderLake M (2+8+GT) SA DID + { 0x460A, 2, 4 }, // AlderLake M (2+4+GT) SA DID + { 0x461A, 1, 4 }, // AlderLake M (1+4+GT) SA DID + { 0x4622, 1, 8 }, // AlderLake M (1+8+GT) SA DID + { 0x4617, 0, 8 }, // AlderLake N (0+8+1) SA DID + { 0x4614, 0, 2 }, // AlderLake N Celeron (0+2+0) SA DID + { 0x4618, 0, 4 }, // AlderLake N (0+4+0) SA DID + { 0x461B, 0, 4 }, // AlderLake N Pentium (0+4+0) SA DID + { 0x461C, 0, 4 }, // AlderLake N Celeron (0+4+0) SA DID + { 0x4603, 2, 8 }, // AlderLake PS (2+8+GT) SA DID + { 0x4643, 6, 8 }, // AlderLake PS (6+8+GT) SA DID + { 0x4627, 4, 8 }, // AlderLake PS (4+8+GT) SA DID + { 0x460B, 2, 4 }, // AlderLake PS (2+4+GT) SA DID + { 0x464B, 4, 4 }, // AlderLake PS (4+4+GT) SA DID + { 0x467B, 1, 4 }, // AlderLake PS (1+4+GT) SA DID + // RaptorLake CPU Desktop SA Device IDs + { 0xA700, 8, 16 }, // RaptorLake Desktop (8+16+GT) SA DID + { 0xA701, 8, 0 }, // RaptorLake Desktop (8+0+GT) SA DID + { 0xA702, 8, 16 }, // RaptorLake Desktop(BGA) (8+16+GT) SA DID + { 0xA703, 8, 8 }, // RaptorLake Desktop (8+8+GT) SA DID + { 0xA704, 6, 8 }, // RaptorLake Desktop (6+8+GT) SA DID + { 0xA705, 6, 4 }, // RaptorLake Desktop (6+4+GT) SA DID + { 0xA717, 8, 0 }, // RaptorLake Desktop(BGA) (8+0+GT) SA DID + { 0xA718, 8, 4 }, // RaptorLake Desktop(BGA) (8+4+GT) SA DID + { 0xA719, 6, 4 }, // RaptorLake Desktop(BGA) (6+4+GT) SA DID + { 0xA71A, 4, 4 }, // RaptorLake Desktop(BGA) (4+4+GT) SA DID + { 0xA728, 8, 8 }, // RaptorLake Desktop(BGA) (8+8+GT) SA DID + { 0xA729, 8, 12 }, // RaptorLake Desktop(BGA) (8+12+GT) SA DID + { 0xA72A, 6, 8 }, // RaptorLake Desktop(BGA) (6+8+GT) SA DID + { 0xA72B, 4, 0 }, // RaptorLake Desktop (4+0+GT) SA DID + { 0xA740, 8, 12 }, // RaptorLake Desktop (8+12+GT) SA DID + // RaptorLake CPU Mobile SA Device IDs + { 0xA706, 6, 8 }, // RaptorLake P (6+8+GT) SA DID + { 0xA707, 4, 8 }, // RaptorLake P (4+8+GT) SA DID + { 0xA708, 2, 8 }, // RaptorLake P (2+8+GT) SA DID + { 0xA716, 4, 4 }, // RaptorLake P (4+4+GT) SA DID + { 0xA709, 6, 8 }, // RaptorLake Px (6+8+GT) SA DID + { 0xA70A, 4, 8 }, // RaptorLake Px (4+8+GT) SA DID + { 0xA70B, 2, 8 }, // RaptorLake Px (2+8+GT) SA DID + { 0xA715, 6, 4 }, // RaptorLake P (6+4+GT) SA DID + { 0xA71B, 2, 4 }, // RaptorLake P (2+4+GT) SA DID + { 0xA71C, 1, 4 }, // RaptorLake P (1+4+GT) SA DID + { 0xA734, 6, 8 }, // RaptorLake PS (6+8+GT) SA DID + { 0xA735, 4, 8 }, // RaptorLake PS (4+8+GT) SA DID + { 0xA736, 2, 8 }, // RaptorLake PS (2+8+GT) SA DID + { 0xA737, 2, 4 }, // RaptorLake PS (2+4+GT) SA DID + { 0xA738, 6, 4 }, // RaptorLake PS (6+4+GT) SA DID + { 0xA739, 4, 4 }, // RaptorLake PS (4+4+GT) SA DID + { 0xA73A, 1, 4 } // RaptorLake PS (1+4+GT) SA DID +}; + +VOID +GetCpuInfo ( + IN OUT UINT8 *MaxBigCoreCount, + IN OUT UINT8 *MaxSmallCoreCount, + IN OUT BOOLEAN *IsHybrid, + IN OUT BOOLEAN *HyperThreadingSupported + ) +{ + UINT32 MaxCoreCount; + UINT32 Threads; + UINT32 Res; + CPUID_VERSION_INFO_EDX CpuFeaturesEdx; + CPUID_EXTENDED_TOPOLOGY_EBX CpuTopoEbx; + CPUID_EXTENDED_TOPOLOGY_ECX CpuTopoEcx; + UINT32 MaxCpuId; + UINT32 CpuTopologyIndex; + UINT32 BDF0VenIdDevId; + UINT32 Subleaf; + + AsmCpuid (0, &MaxCpuId, NULL, NULL, NULL); + + if (MaxCpuId >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) { + AsmCpuidEx ( + CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, + CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO, + NULL, NULL, NULL, &Res + ); + *IsHybrid = !!((Res >> 15) & 1); + } else { + *IsHybrid = FALSE; + } + + if (MaxCpuId >= CPUID_VERSION_INFO) { + AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &CpuFeaturesEdx.Uint32); + *HyperThreadingSupported = CpuFeaturesEdx.Bits.HTT; + } else { + *HyperThreadingSupported = FALSE; + } + + BDF0VenIdDevId = PciRead32(PCI_LIB_ADDRESS(0,0,0,0)); + + if ((BDF0VenIdDevId & 0xFFFF) == 0x8086) { + for (UINTN Idx = 0; Idx < ARRAY_SIZE(CpuSkuTable); Idx++) { + if (CpuSkuTable[Idx].SA_DeviceId == ((BDF0VenIdDevId >> 16) & 0xFFFF)) { + *MaxBigCoreCount = CpuSkuTable[Idx].NumPcores; + *MaxSmallCoreCount = CpuSkuTable[Idx].NumEcores; + *IsHybrid = TRUE; + return; + } + } + } + + if (MaxCpuId >= 0x1F) + CpuTopologyIndex = 0x1F; + else if (MaxCpuId >= CPUID_EXTENDED_TOPOLOGY) + CpuTopologyIndex = CPUID_EXTENDED_TOPOLOGY; + else { + // If we cannot probe with CPUID, then return 1. Also assume non-hybrid + // architecture, modern CPUs should support at least CPUID 0xb. That's the + // best we can do. + *MaxBigCoreCount = 1; + *MaxSmallCoreCount = 0; + *IsHybrid = FALSE; + return; + } + + Subleaf = 0; + Threads = 1; + MaxCoreCount = 1; + do { + AsmCpuidEx (CpuTopologyIndex, Subleaf++, NULL, &CpuTopoEbx.Uint32, &CpuTopoEcx.Uint32, NULL); + + if (CpuTopoEcx.Bits.LevelType == CPUID_EXTENDED_TOPOLOGY_LEVEL_TYPE_SMT) + Threads = (CpuTopoEbx.Bits.LogicalProcessors == 0 ? 1 : CpuTopoEbx.Bits.LogicalProcessors); + else if (CpuTopoEcx.Bits.LevelType == CPUID_EXTENDED_TOPOLOGY_LEVEL_TYPE_CORE) + MaxCoreCount = (CpuTopoEbx.Bits.LogicalProcessors == 0 ? 1 * Threads : CpuTopoEbx.Bits.LogicalProcessors); + + } while (CpuTopoEcx.Bits.LevelType != CPUID_EXTENDED_TOPOLOGY_LEVEL_TYPE_INVALID); + + *MaxBigCoreCount = MaxCoreCount / Threads; + *MaxSmallCoreCount = 0; +} diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 6809d1248f..25e571c874 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -14,6 +14,8 @@ SPDX-License-Identifier: BSD-2-Clause #define PCH_OC_WDT_CTL_EN BIT14 #define PCH_OC_WDT_CTL_TOV_MASK 0x3FF +#define PRIVATE_DATA(field) mDasharoSystemFeaturesPrivate.DasharoFeaturesData.field + // Feature state STATIC CHAR16 mVarStoreName[] = L"FeaturesData"; @@ -161,51 +163,70 @@ DasharoSystemFeaturesUiLibConstructor ( ); ASSERT (mDasharoSystemFeaturesPrivate.HiiHandle != NULL); + // Set menu visibility + PRIVATE_DATA(ShowSecurityMenu) = PcdGetBool (PcdShowSecurityMenu); + PRIVATE_DATA(ShowIntelMeMenu) = PcdGetBool (PcdShowIntelMeMenu); + PRIVATE_DATA(ShowUsbMenu) = PcdGetBool (PcdShowUsbMenu); + PRIVATE_DATA(ShowNetworkMenu) = PcdGetBool (PcdShowNetworkMenu); + PRIVATE_DATA(ShowChipsetMenu) = PcdGetBool (PcdShowChipsetMenu); + PRIVATE_DATA(ShowPowerMenu) = PcdGetBool (PcdShowPowerMenu); + PRIVATE_DATA(ShowPciMenu) = PcdGetBool (PcdShowPciMenu); + PRIVATE_DATA(ShowMemoryMenu) = PcdGetBool (PcdShowMemoryMenu); + PRIVATE_DATA(ShowSerialPortMenu) = PcdGetBool (PcdShowSerialPortMenu); + PRIVATE_DATA(ShowCpuMenu) = PcdGetBool (PcdShowCpuMenu); // Set feature visibility - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSecurityMenu = PcdGetBool (PcdShowSecurityMenu); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowIntelMeMenu = PcdGetBool (PcdShowIntelMeMenu); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowUsbMenu = PcdGetBool (PcdShowUsbMenu); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowNetworkMenu = PcdGetBool (PcdShowNetworkMenu); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowChipsetMenu = PcdGetBool (PcdShowChipsetMenu); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPowerMenu = PcdGetBool (PcdShowPowerMenu); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPciMenu = PcdGetBool (PcdShowPciMenu); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowMemoryMenu = PcdGetBool (PcdShowMemoryMenu); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowFanCurve = PcdGetBool (PcdPowerMenuShowFanCurve); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowSleepType = PcdGetBool (PcdPowerMenuShowSleepType); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PowerMenuShowBatteryThresholds = PcdGetBool (PcdPowerMenuShowBatteryThresholds); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.DasharoEnterprise = PcdGetBool (PcdDasharoEnterprise); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowIommu = PcdGetBool (PcdShowIommuOptions); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.PciMenuShowResizeableBars = PcdGetBool (PcdPciMenuShowResizeableBars); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSerialPortMenu = PcdGetBool (PcdShowSerialPortMenu); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowWiFiBt = PcdGetBool (PcdSecurityShowWiFiBtOption); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.SecurityMenuShowCamera = PcdGetBool (PcdSecurityShowCameraOption); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.MeHapAvailable = PcdGetBool (PcdIntelMeHapAvailable); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.S3SupportExperimental = PcdGetBool (PcdS3SupportExperimental); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowLockBios = PcdGetBool (PcdShowLockBios); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSmmBwp = PcdGetBool (PcdShowSmmBwp); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowFum = PcdGetBool (PcdShowFum); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPs2Option = PcdGetBool (PcdShowPs2Option); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.Have2ndUart = PcdGetBool (PcdHave2ndUart); - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowCpuThrottlingThreshold= PcdGetBool (PcdShowCpuThrottlingThreshold); + PRIVATE_DATA(PowerMenuShowFanCurve) = PcdGetBool (PcdPowerMenuShowFanCurve); + PRIVATE_DATA(PowerMenuShowSleepType) = PcdGetBool (PcdPowerMenuShowSleepType); + PRIVATE_DATA(PowerMenuShowBatteryThresholds) = PcdGetBool (PcdPowerMenuShowBatteryThresholds); + PRIVATE_DATA(DasharoEnterprise) = PcdGetBool (PcdDasharoEnterprise); + PRIVATE_DATA(SecurityMenuShowIommu) = PcdGetBool (PcdShowIommuOptions); + PRIVATE_DATA(PciMenuShowResizeableBars) = PcdGetBool (PcdPciMenuShowResizeableBars); + PRIVATE_DATA(ShowSerialPortMenu) = PcdGetBool (PcdShowSerialPortMenu); + PRIVATE_DATA(SecurityMenuShowWiFiBt) = PcdGetBool (PcdSecurityShowWiFiBtOption); + PRIVATE_DATA(SecurityMenuShowCamera) = PcdGetBool (PcdSecurityShowCameraOption); + PRIVATE_DATA(MeHapAvailable) = PcdGetBool (PcdIntelMeHapAvailable); + PRIVATE_DATA(S3SupportExperimental) = PcdGetBool (PcdS3SupportExperimental); + PRIVATE_DATA(ShowLockBios) = PcdGetBool (PcdShowLockBios); + PRIVATE_DATA(ShowSmmBwp) = PcdGetBool (PcdShowSmmBwp); + PRIVATE_DATA(ShowFum) = PcdGetBool (PcdShowFum); + PRIVATE_DATA(ShowPs2Option) = PcdGetBool (PcdShowPs2Option); + PRIVATE_DATA(Have2ndUart) = PcdGetBool (PcdHave2ndUart); + PRIVATE_DATA(ShowCpuThrottlingThreshold) = PcdGetBool (PcdShowCpuThrottlingThreshold); + PRIVATE_DATA(ShowCpuCoreDisable) = PcdGetBool(PcdShowCpuCoreDisable); + PRIVATE_DATA(ShowCpuHyperThreading) = PcdGetBool(PcdShowCpuHyperThreading); // Ensure at least one option is visible in given menu (if enabled), otherwise hide it - if (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSecurityMenu) - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowSecurityMenu = PcdGetBool (PcdDasharoEnterprise) || - PcdGetBool (PcdShowIommuOptions) || - PcdGetBool (PcdSecurityShowWiFiBtOption) || - PcdGetBool (PcdSecurityShowCameraOption) || - PcdGetBool (PcdShowLockBios) || - PcdGetBool (PcdShowSmmBwp) || - PcdGetBool (PcdShowFum); - - if (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowChipsetMenu) - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowChipsetMenu = PcdGetBool (PcdShowOcWdtOptions) || - PcdGetBool (PcdShowPs2Option); - if (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPowerMenu) - mDasharoSystemFeaturesPrivate.DasharoFeaturesData.ShowPowerMenu = PcdGetBool (PcdPowerMenuShowFanCurve) || - PcdGetBool (PcdPowerMenuShowSleepType) || - PcdGetBool (PcdPowerMenuShowBatteryThresholds) || - (FixedPcdGet8 (PcdDefaultPowerFailureState) != POWER_FAILURE_STATE_HIDDEN); + if (PRIVATE_DATA(ShowSecurityMenu)) + PRIVATE_DATA(ShowSecurityMenu) = PcdGetBool (PcdDasharoEnterprise) || + PcdGetBool (PcdShowIommuOptions) || + PcdGetBool (PcdSecurityShowWiFiBtOption) || + PcdGetBool (PcdSecurityShowCameraOption) || + PcdGetBool (PcdShowLockBios) || + PcdGetBool (PcdShowSmmBwp) || + PcdGetBool (PcdShowFum); + + if (PRIVATE_DATA(ShowChipsetMenu)) + PRIVATE_DATA(ShowChipsetMenu) = PcdGetBool (PcdShowOcWdtOptions) || + PcdGetBool (PcdShowPs2Option); + + if (PRIVATE_DATA(ShowPowerMenu)) + PRIVATE_DATA(ShowPowerMenu) = PcdGetBool (PcdPowerMenuShowFanCurve) || + PcdGetBool (PcdPowerMenuShowSleepType) || + PcdGetBool (PcdPowerMenuShowBatteryThresholds) || + PcdGetBool (PcdShowCpuThrottlingThreshold) || + (FixedPcdGet8 (PcdDefaultPowerFailureState) != POWER_FAILURE_STATE_HIDDEN); + + if (PRIVATE_DATA(ShowCpuMenu)) + PRIVATE_DATA(ShowCpuMenu) = PcdGetBool(PcdShowCpuCoreDisable) || + PcdGetBool(PcdShowCpuHyperThreading); + + GetCpuInfo(&PRIVATE_DATA(BigCoreMaxCount), + &PRIVATE_DATA(SmallCoreMaxCount), + &PRIVATE_DATA(HybridCpuArchitecture), + &PRIVATE_DATA(HyperThreadingSupported)); + + if (!PRIVATE_DATA(HybridCpuArchitecture)) + PRIVATE_DATA(CoreMaxCount) = PRIVATE_DATA(BigCoreMaxCount); #define LOAD_VAR(var, field) do { \ BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.field); \ @@ -244,9 +265,40 @@ DasharoSystemFeaturesUiLibConstructor ( LOAD_VAR (DASHARO_VAR_USB_STACK, UsbStack); LOAD_VAR (DASHARO_VAR_WATCHDOG, WatchdogConfig); LOAD_VAR (DASHARO_VAR_WATCHDOG_AVAILABLE, WatchdogAvailable); + LOAD_VAR (DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, SmallCoreActiveCount); + LOAD_VAR (DASHARO_VAR_CORE_ACTIVE_COUNT, BigCoreActiveCount); + LOAD_VAR (DASHARO_VAR_CORE_ACTIVE_COUNT, CoreActiveCount); + LOAD_VAR (DASHARO_VAR_HYPER_THREADING, HyperThreading); #undef LOAD_VAR + if (PRIVATE_DATA(HybridCpuArchitecture) && + PRIVATE_DATA(SmallCoreActiveCount) == 0 && + PRIVATE_DATA(BigCoreActiveCount) == 0) { + /* + * Invalid setting, which causes a brick, enable all cores. coreboot will + * not allow to disable all cores and revert to default: enabling all + * cores. Match the behavior here, so the variables are not stuck in this + * state and showing variable state not matching the reality. + */ + PRIVATE_DATA(SmallCoreActiveCount) = DASHARO_CPU_CORES_ENABLE_ALL; + PRIVATE_DATA(BigCoreActiveCount) = DASHARO_CPU_CORES_ENABLE_ALL; + gRT->SetVariable ( + DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, + &gDasharoSystemFeaturesGuid, + DasharoGetVariableAttributes (DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT), + sizeof (PRIVATE_DATA(SmallCoreActiveCount)), + &PRIVATE_DATA(SmallCoreActiveCount) + ); + gRT->SetVariable ( + DASHARO_VAR_CORE_ACTIVE_COUNT, + &gDasharoSystemFeaturesGuid, + DasharoGetVariableAttributes (DASHARO_VAR_CORE_ACTIVE_COUNT), + sizeof (PRIVATE_DATA(BigCoreActiveCount)), + &PRIVATE_DATA(BigCoreActiveCount) + ); + } + return EFI_SUCCESS; } @@ -406,6 +458,7 @@ DasharoSystemFeaturesRouteConfig ( UINTN BufferSize; DASHARO_SYSTEM_FEATURES_PRIVATE_DATA *Private; DASHARO_FEATURES_DATA DasharoFeaturesData; + DASHARO_FEATURES_DATA *PrivateData; if (Progress == NULL) { return EFI_INVALID_PARAMETER; @@ -421,6 +474,7 @@ DasharoSystemFeaturesRouteConfig ( } Private = DASHARO_SYSTEM_FEATURES_PRIVATE_DATA_FROM_THIS (This); + PrivateData = &Private->DasharoFeaturesData; // Construct data structure from configuration string. BufferSize = sizeof (DasharoFeaturesData); @@ -433,6 +487,14 @@ DasharoSystemFeaturesRouteConfig ( ); ASSERT_EFI_ERROR (Status); + if (PrivateData->HybridCpuArchitecture) { + if (DasharoFeaturesData.SmallCoreActiveCount == 0 && PrivateData->BigCoreMaxCount == 0) + return EFI_INVALID_PARAMETER; + + if (DasharoFeaturesData.BigCoreActiveCount == 0 && PrivateData->SmallCoreMaxCount == 0) + return EFI_INVALID_PARAMETER; + } + // Can use CompareMem() on structures instead of a per-field comparison as // long as they are packed. #define STORE_VAR(var, field) do { \ @@ -477,6 +539,15 @@ DasharoSystemFeaturesRouteConfig ( STORE_VAR (DASHARO_VAR_USB_STACK, UsbStack); STORE_VAR (DASHARO_VAR_WATCHDOG, WatchdogConfig); STORE_VAR (DASHARO_VAR_WATCHDOG_AVAILABLE, WatchdogAvailable); + STORE_VAR (DASHARO_VAR_HYPER_THREADING, HyperThreading); + + if (PrivateData->HybridCpuArchitecture) { + STORE_VAR (DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, SmallCoreActiveCount); + STORE_VAR (DASHARO_VAR_CORE_ACTIVE_COUNT, BigCoreActiveCount); + } else { + // CoreActiveCount used for P-cores and non-hybrid CPU architectures to match FSP + STORE_VAR (DASHARO_VAR_CORE_ACTIVE_COUNT, CoreActiveCount); + } #undef STORE_VAR @@ -559,6 +630,9 @@ DasharoSystemFeaturesCallback ( case SLEEP_TYPE_QUESTION_ID: Value->u8 = DasharoGetVariableDefault (DASHARO_VAR_SLEEP_TYPE).Uint8; break; + case HYPER_THREADING_QUESTION_ID: + Value->b = DasharoGetVariableDefault (DASHARO_VAR_HYPER_THREADING).Boolean; + break; default: Status = EFI_UNSUPPORTED; break; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h index a22565b3d2..74db4ea934 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.h @@ -158,4 +158,12 @@ DasharoSystemFeaturesCallback ( OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest ); +VOID +GetCpuInfo ( + IN OUT UINT8 *MaxBigCoreCount, + IN OUT UINT8 *MaxSmallCoreCount, + IN OUT BOOLEAN *IsHybrid, + IN OUT BOOLEAN *HyperThreadingSupported + ); + #endif diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 766a1d6ab6..23f240c050 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -24,6 +24,7 @@ SPDX-License-Identifier: BSD-2-Clause #define DASHARO_PCI_CONFIGURATION_FORM_ID 0x1007 #define DASHARO_MEMORY_CONFIGURATION_FORM_ID 0x1008 #define DASHARO_SERIAL_PORT_CONFIGURATION_FORM_ID 0x1009 +#define DASHARO_CPU_CONFIGURATION_FORM_ID 0x100a #define DASHARO_FEATURES_DATA_VARSTORE_ID 0x0001 @@ -38,6 +39,7 @@ typedef struct { BOOLEAN ShowPciMenu; BOOLEAN ShowMemoryMenu; BOOLEAN ShowSerialPortMenu; + BOOLEAN ShowCpuMenu; BOOLEAN ShowLockBios; BOOLEAN ShowSmmBwp; BOOLEAN ShowFum; @@ -54,7 +56,8 @@ typedef struct { BOOLEAN S3SupportExperimental; BOOLEAN Have2ndUart; BOOLEAN ShowCpuThrottlingThreshold; - + BOOLEAN ShowCpuCoreDisable; + BOOLEAN ShowCpuHyperThreading; // Feature data BOOLEAN LockBios; BOOLEAN SmmBwp; @@ -81,6 +84,15 @@ typedef struct { UINT8 CpuThrottlingThreshold; UINT8 CpuMaxTemperature; UINT8 CpuMinThrottlingThreshold; + BOOLEAN HybridCpuArchitecture; + BOOLEAN HyperThreadingSupported; + BOOLEAN HyperThreading; + UINT8 BigCoreActiveCount; + UINT8 BigCoreMaxCount; + UINT8 SmallCoreActiveCount; + UINT8 SmallCoreMaxCount; + UINT8 CoreActiveCount; + UINT8 CoreMaxCount; } DASHARO_FEATURES_DATA; // @@ -115,6 +127,8 @@ typedef struct { #define MEMORY_PROFILE_XMP2 DASHARO_MEMORY_PROFILE_XMP2 #define MEMORY_PROFILE_XMP3 DASHARO_MEMORY_PROFILE_XMP3 +#define CPU_CORES_ENABLE_ALL DASHARO_CPU_CORES_ENABLE_ALL + // // Question IDs are used in VFR file to let the code in // DasharoSystemFeaturesCallback() know what form element caused @@ -133,5 +147,6 @@ typedef struct { #define INTEL_ME_MODE_QUESTION_ID 0x8009 #define SLEEP_TYPE_QUESTION_ID 0x800A #define SERIAL_PORT2_REDIR_QUESTION_ID 0x800B +#define HYPER_THREADING_QUESTION_ID 0x800C #endif diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 8c379ce390..cf1c0d3d01 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -41,6 +41,9 @@ #string STR_DASHARO_SERIAL_PORT_CONFIGURATION_TITLE #language en-US "Serial Port Configuration" #string STR_DASHARO_SERIAL_PORT_CONFIGURATION_HELP #language en-US "Serial port options" +#string STR_DASHARO_CPU_CONFIGURATION_TITLE #language en-US "CPU Configuration" +#string STR_DASHARO_CPU_CONFIGURATION_HELP #language en-US "CPU related configuration options" + #string STR_FUM_PROMPT #language en-US "> Enter Firmware Update Mode" #string STR_FUM_HELP #language en-US "Disables all firmware protections for the duration of next boot." @@ -171,3 +174,40 @@ #string STR_CPU_THROTTLING_THRESHOLD_PROMPT #language en-US "CPU Throttling Threshold" #string STR_CPU_THROTTLING_THRESHOLD_HELP #language en-US "The temperature above which the CPU will start throttling itself." #string STR_CPU_THROTTLING_THRESHOLD_RANGE_ERROR #language en-US "The throttling threshold must be between TjMax - 63 and TjMax!!" + +#string STR_BIG_CORE_COUNT_PROMPT #language en-US "Number of active P-cores" +#string STR_BIG_CORE_COUNT_HELP #language en-US "Specify the number of Performance cores that should remain active.\n\n" + "Minimum is one, maximum is processor dependent." + +#string STR_SMALL_CORE_COUNT_PROMPT #language en-US "Number of active E-cores" +#string STR_SMALL_CORE_COUNT_HELP #language en-US "Specify the number of Efficient cores that should remain active.\n\n" + "Minimum is zero (or one if there are no Performance cores in the system), " + "maximum is processor dependent." + +#string STR_CORE_COUNT_PROMPT #language en-US "Number of active CPU cores" +#string STR_CORE_COUNT_HELP #language en-US "Specify the number of CPU cores that should remain active.\n\n" + "Minimum is one, maximum is processor dependent." + +#string STR_HYPER_THREADING_PROMPT #language en-US "Hyper-Threading" +#string STR_HYPER_THREADING_HELP #language en-US "Enable/disable CPU Hyper-Threading feature.\n\n" + "All cores supporting Hyper-Threading will have their second logical thread enabled or disabled." + +#string STR_CPU_CORES_ENABLE_ALL #language en-US "All active" + +#string STR_0 #language en-US "0" +#string STR_1 #language en-US "1" +#string STR_2 #language en-US "2" +#string STR_3 #language en-US "3" +#string STR_4 #language en-US "4" +#string STR_5 #language en-US "5" +#string STR_6 #language en-US "6" +#string STR_7 #language en-US "7" +#string STR_8 #language en-US "8" +#string STR_9 #language en-US "9" +#string STR_10 #language en-US "10" +#string STR_11 #language en-US "11" +#string STR_12 #language en-US "12" +#string STR_13 #language en-US "13" +#string STR_14 #language en-US "14" +#string STR_15 #language en-US "15" +#string STR_16 #language en-US "16" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index 881cbed9c9..edc3eebbcb 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -25,6 +25,7 @@ DasharoSystemFeatures.h DasharoSystemFeaturesHii.h DasharoSystemFeatures.c + CpuTopology.c DasharoSystemFeaturesVfr.vfr DasharoSystemFeaturesStrings.uni @@ -44,6 +45,7 @@ DebugLib IoLib PcdLib + PciLib PrintLib HiiLib UefiHiiServicesLib @@ -89,3 +91,6 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuThrottlingThreshold + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuCoreDisable + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuHyperThreading diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index f262aafcd4..97f102196f 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -76,6 +76,12 @@ formset help = STRING_TOKEN(STR_DASHARO_SERIAL_PORT_CONFIGURATION_HELP); endif; + suppressif ideqval FeaturesData.ShowCpuMenu == 0; + goto DASHARO_CPU_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_CPU_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_CPU_CONFIGURATION_HELP); + endif; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EXIT_STRING); @@ -438,4 +444,186 @@ formset subtitle text = STRING_TOKEN(STR_EXIT_STRING); endform; + + form formid = DASHARO_CPU_CONFIGURATION_FORM_ID, + title = STRING_TOKEN(STR_DASHARO_CPU_CONFIGURATION_TITLE); + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + + suppressif ideqval FeaturesData.ShowCpuCoreDisable == 0; + + disableif ideqval FeaturesData.HybridCpuArchitecture == 0; + + suppressif ideqval FeaturesData.SmallCoreMaxCount == 0; + oneof varid = FeaturesData.SmallCoreActiveCount, + prompt = STRING_TOKEN(STR_SMALL_CORE_COUNT_PROMPT), + help = STRING_TOKEN(STR_SMALL_CORE_COUNT_HELP), + flags = RESET_REQUIRED, + + option text = STRING_TOKEN (STR_CPU_CORES_ENABLE_ALL), value = CPU_CORES_ENABLE_ALL, flags = DEFAULT; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 16; + option text = STRING_TOKEN (STR_15), value = 15, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 15; + option text = STRING_TOKEN (STR_14), value = 14, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 14; + option text = STRING_TOKEN (STR_13), value = 13, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 13; + option text = STRING_TOKEN (STR_12), value = 12, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 12; + option text = STRING_TOKEN (STR_11), value = 11, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 11; + option text = STRING_TOKEN (STR_10), value = 10, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 10; + option text = STRING_TOKEN (STR_9), value = 9, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 9; + option text = STRING_TOKEN (STR_8), value = 8, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 8; + option text = STRING_TOKEN (STR_7), value = 7, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 7; + option text = STRING_TOKEN (STR_6), value = 6, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 6; + option text = STRING_TOKEN (STR_5), value = 5, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 5; + option text = STRING_TOKEN (STR_4), value = 4, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 4; + option text = STRING_TOKEN (STR_3), value = 3, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 3; + option text = STRING_TOKEN (STR_2), value = 2, flags = 0; + endif; + suppressif ideqval FeaturesData.SmallCoreMaxCount < 2; + option text = STRING_TOKEN (STR_1), value = 1, flags = 0; + endif; + suppressif ideqval FeaturesData.BigCoreMaxCount == 0; + option text = STRING_TOKEN (STR_0), value = 0, flags = 0; + endif; + endoneof; + endif; + + suppressif ideqval FeaturesData.BigCoreMaxCount == 0; + oneof varid = FeaturesData.BigCoreActiveCount, + prompt = STRING_TOKEN(STR_BIG_CORE_COUNT_PROMPT), + help = STRING_TOKEN(STR_BIG_CORE_COUNT_HELP), + flags = RESET_REQUIRED, + + option text = STRING_TOKEN (STR_CPU_CORES_ENABLE_ALL), value = CPU_CORES_ENABLE_ALL, flags = DEFAULT; + suppressif ideqval FeaturesData.BigCoreMaxCount < 8; + option text = STRING_TOKEN (STR_7), value = 7, flags = 0; + endif; + suppressif ideqval FeaturesData.BigCoreMaxCount < 7; + option text = STRING_TOKEN (STR_6), value = 6, flags = 0; + endif; + suppressif ideqval FeaturesData.BigCoreMaxCount < 6; + option text = STRING_TOKEN (STR_5), value = 5, flags = 0; + endif; + suppressif ideqval FeaturesData.BigCoreMaxCount < 5; + option text = STRING_TOKEN (STR_4), value = 4, flags = 0; + endif; + suppressif ideqval FeaturesData.BigCoreMaxCount < 4; + option text = STRING_TOKEN (STR_3), value = 3, flags = 0; + endif; + suppressif ideqval FeaturesData.BigCoreMaxCount < 3; + option text = STRING_TOKEN (STR_2), value = 2, flags = 0; + endif; + suppressif ideqval FeaturesData.BigCoreMaxCount < 2; + option text = STRING_TOKEN (STR_1), value = 1, flags = 0; + endif; + endoneof; + endif; // suppressif FeaturesData.BigCoreMaxCount == 0 + + endif; // disableif HybridCpuArchitecture == 0 + + disableif ideqval FeaturesData.HybridCpuArchitecture == 1; + + suppressif ideqval FeaturesData.CoreMaxCount == 1; + oneof varid = FeaturesData.CoreActiveCount, + prompt = STRING_TOKEN(STR_CORE_COUNT_PROMPT), + help = STRING_TOKEN(STR_CORE_COUNT_HELP), + flags = RESET_REQUIRED, + + option text = STRING_TOKEN (STR_CPU_CORES_ENABLE_ALL), value = CPU_CORES_ENABLE_ALL, flags = DEFAULT; + suppressif ideqval FeaturesData.CoreMaxCount < 16; + option text = STRING_TOKEN (STR_15), value = 15, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 15; + option text = STRING_TOKEN (STR_14), value = 14, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 14; + option text = STRING_TOKEN (STR_13), value = 13, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 13; + option text = STRING_TOKEN (STR_12), value = 12, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 12; + option text = STRING_TOKEN (STR_11), value = 11, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 11; + option text = STRING_TOKEN (STR_10), value = 10, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 10; + option text = STRING_TOKEN (STR_9), value = 9, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 9; + option text = STRING_TOKEN (STR_8), value = 8, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 8; + option text = STRING_TOKEN (STR_7), value = 7, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 7; + option text = STRING_TOKEN (STR_6), value = 6, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 6; + option text = STRING_TOKEN (STR_5), value = 5, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 5; + option text = STRING_TOKEN (STR_4), value = 4, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 4; + option text = STRING_TOKEN (STR_3), value = 3, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 3; + option text = STRING_TOKEN (STR_2), value = 2, flags = 0; + endif; + suppressif ideqval FeaturesData.CoreMaxCount < 2; + option text = STRING_TOKEN (STR_1), value = 1, flags = 0; + endif; + // Not really valid value, but allowed if system has only E-cores + suppressif TRUE; + option text = STRING_TOKEN (STR_0), value = 0, flags = 0; + endif; + endoneof; + endif; // suppressif FeaturesData.CoreMaxCount == 1; + + endif; // disableif HybridCpuArchitecture == 1 + + endif; // suppressif ShowCpuCoreDisable == 0 + + suppressif ideqval FeaturesData.ShowCpuHyperThreading == 0; + suppressif ideqval FeaturesData.HyperThreadingSupported == 0; + checkbox varid = FeaturesData.HyperThreading, + questionid = HYPER_THREADING_QUESTION_ID, + prompt = STRING_TOKEN(STR_HYPER_THREADING_PROMPT), + help = STRING_TOKEN(STR_HYPER_THREADING_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + endcheckbox; + endif; + endif; + + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EXIT_STRING); + endform; // CPU configuration form + endformset; diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c index 510379568e..2d8a33a2b6 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c @@ -61,6 +61,9 @@ STATIC CHAR16 *mAutoCreatedVariables[] = { DASHARO_VAR_USB_STACK, DASHARO_VAR_WATCHDOG, DASHARO_VAR_WATCHDOG_AVAILABLE, + DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, + DASHARO_VAR_CORE_ACTIVE_COUNT, + DASHARO_VAR_HYPER_THREADING, }; /** @@ -167,6 +170,15 @@ GetVariableInfo ( } else if (StrCmp (VarName, DASHARO_VAR_WATCHDOG_AVAILABLE) == 0) { Data.Boolean = PcdGetBool (PcdShowOcWdtOptions); Size = sizeof (Data.Boolean); + } else if (StrCmp (VarName, DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT) == 0) { + Data.Uint8 = DASHARO_CPU_CORES_ENABLE_ALL; + Size = sizeof (Data.Uint8); + } else if (StrCmp (VarName, DASHARO_VAR_CORE_ACTIVE_COUNT) == 0) { + Data.Uint8 = DASHARO_CPU_CORES_ENABLE_ALL; + Size = sizeof (Data.Uint8); + } else if (StrCmp (VarName, DASHARO_VAR_HYPER_THREADING) == 0) { + Data.Boolean = PcdGetBool (PcdCpuHyperThreadingDefault); + Size = sizeof (Data.Boolean); } else { DEBUG ((EFI_D_ERROR, "%a(): Unknown variable: %s.\n", __FUNCTION__, VarName)); ASSERT ((0 && "No default value set for a variable.")); diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf index 100c85c12b..fd017c1eff 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf @@ -55,5 +55,6 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuThrottlingThreshold gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions gDasharoSystemFeaturesTokenSpaceGuid.PcdSleepTypeDefaultS3 + gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuHyperThreadingDefault gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms From b5eca829af8a64b9bbe739c59683b66b6b89129b Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Tue, 25 Jun 2024 16:27:15 +0300 Subject: [PATCH 315/357] DasharoPayloadPkg: Fix PCR banks missing from Tcg2ConfigDxe UI didn't allow configuring PCR banks of TPM2 and wasn't even displaying them. The cause lied in SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c returning EFI_UNSUPPORTED due to its internal state not being initialized (`mInternalTpm2DeviceInterface.Tpm2SubmitCommand == NULL` condition evaluated to true). Not fully understand what has changed in the codebase that this is needed now. I don't think that override creates a separate instance, but maybe it affects initialization order. Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index df73d23a66..660bf50979 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -874,10 +874,7 @@ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf - } + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf From cc38854f4ee4cccc18e7e6ee65a8abf7483fa53e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 20 Jun 2024 11:32:53 +0200 Subject: [PATCH 316/357] Rework the CPU throttling variables and setup UI management MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The CPU throttling used an excessive number of variables. The allowed range of values should be fixed at build, saving it as a NV variable makes no sense. Simplify the logic of the CPU throttling range, gaining a better UX than some error popups. Instead of setting the temperature, set the offset which has a fixed allowed range. Display the current threshold temperatue as grayed out fields instead. Also add PCD to control the default value of the throttling offset. Signed-off-by: Michał Żygowski --- DasharoModulePkg/DasharoModulePkg.dec | 3 +- DasharoModulePkg/Include/DasharoOptions.h | 4 +-- .../DasharoSystemFeatures.c | 13 ++++---- .../DasharoSystemFeaturesHii.h | 3 +- .../DasharoSystemFeaturesStrings.uni | 7 ++-- .../DasharoSystemFeaturesUiLib.inf | 1 + .../DasharoSystemFeaturesVfr.vfr | 32 ++++++++++++------- .../DasharoVariablesLib/DasharoVariablesLib.c | 14 ++------ .../DasharoVariablesLib.inf | 1 + 9 files changed, 43 insertions(+), 35 deletions(-) diff --git a/DasharoModulePkg/DasharoModulePkg.dec b/DasharoModulePkg/DasharoModulePkg.dec index 7f87c14a14..4790ad01d7 100644 --- a/DasharoModulePkg/DasharoModulePkg.dec +++ b/DasharoModulePkg/DasharoModulePkg.dec @@ -73,12 +73,13 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirection2DefaultState|FALSE|BOOLEAN|0x00000001F gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart|FALSE|BOOLEAN|0x000000021 gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtEnableDefault|FALSE|BOOLEAN|0x000000022 - gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuThrottlingThreshold|TRUE|BOOLEAN|0x00000023 + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuThrottlingThreshold|FALSE|BOOLEAN|0x00000023 gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuMaxTemperature|100|UINT8|0x00000024 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuMenu|FALSE|BOOLEAN|0x000000025 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuCoreDisable|FALSE|BOOLEAN|0x000000026 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuHyperThreading|FALSE|BOOLEAN|0x000000027 gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuHyperThreadingDefault|TRUE|BOOLEAN|0x000000028 + gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuThrottlingOffsetDefault|20|UINT8|0x00000029 [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] ## Indicate whether the password is cleared. diff --git a/DasharoModulePkg/Include/DasharoOptions.h b/DasharoModulePkg/Include/DasharoOptions.h index d1d8165eff..23273381a3 100644 --- a/DasharoModulePkg/Include/DasharoOptions.h +++ b/DasharoModulePkg/Include/DasharoOptions.h @@ -17,9 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // Settings #define DASHARO_VAR_BATTERY_CONFIG L"BatteryConfig" #define DASHARO_VAR_BOOT_MANAGER_ENABLED L"BootManagerEnabled" -#define DASHARO_VAR_CPU_MAX_TEMPERATURE L"CpuMaxTemperature" -#define DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD L"CpuMinThrottlingThreshold" -#define DASHARO_VAR_CPU_THROTTLING_THRESHOLD L"CpuThrottlingThreshold" +#define DASHARO_VAR_CPU_THROTTLING_OFFSET L"CpuThrottlingOffset" #define DASHARO_VAR_ENABLE_CAMERA L"EnableCamera" #define DASHARO_VAR_ENABLE_WIFI_BT L"EnableWifiBt" #define DASHARO_VAR_FAN_CURVE_OPTION L"FanCurveOption" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 25e571c874..27f107b990 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -192,8 +192,10 @@ DasharoSystemFeaturesUiLibConstructor ( PRIVATE_DATA(ShowPs2Option) = PcdGetBool (PcdShowPs2Option); PRIVATE_DATA(Have2ndUart) = PcdGetBool (PcdHave2ndUart); PRIVATE_DATA(ShowCpuThrottlingThreshold) = PcdGetBool (PcdShowCpuThrottlingThreshold); + PRIVATE_DATA(CpuMaxTemperature) = FixedPcdGet8 (PcdCpuMaxTemperature); PRIVATE_DATA(ShowCpuCoreDisable) = PcdGetBool(PcdShowCpuCoreDisable); PRIVATE_DATA(ShowCpuHyperThreading) = PcdGetBool(PcdShowCpuHyperThreading); + PRIVATE_DATA(ShowCpuHyperThreading) = PcdGetBool(PcdShowCpuHyperThreading); // Ensure at least one option is visible in given menu (if enabled), otherwise hide it if (PRIVATE_DATA(ShowSecurityMenu)) @@ -242,9 +244,7 @@ DasharoSystemFeaturesUiLibConstructor ( LOAD_VAR (DASHARO_VAR_BATTERY_CONFIG, BatteryConfig); LOAD_VAR (DASHARO_VAR_BOOT_MANAGER_ENABLED, BootManagerEnabled); - LOAD_VAR (DASHARO_VAR_CPU_MAX_TEMPERATURE, CpuMaxTemperature); - LOAD_VAR (DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD, CpuMinThrottlingThreshold); - LOAD_VAR (DASHARO_VAR_CPU_THROTTLING_THRESHOLD, CpuThrottlingThreshold); + LOAD_VAR (DASHARO_VAR_CPU_THROTTLING_OFFSET, CpuThrottlingOffset); LOAD_VAR (DASHARO_VAR_ENABLE_CAMERA, EnableCamera); LOAD_VAR (DASHARO_VAR_ENABLE_WIFI_BT, EnableWifiBt); LOAD_VAR (DASHARO_VAR_FAN_CURVE_OPTION, FanCurveOption); @@ -516,9 +516,7 @@ DasharoSystemFeaturesRouteConfig ( STORE_VAR (DASHARO_VAR_BATTERY_CONFIG, BatteryConfig); STORE_VAR (DASHARO_VAR_BOOT_MANAGER_ENABLED, BootManagerEnabled); - STORE_VAR (DASHARO_VAR_CPU_MAX_TEMPERATURE, CpuMaxTemperature); - STORE_VAR (DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD, CpuMinThrottlingThreshold); - STORE_VAR (DASHARO_VAR_CPU_THROTTLING_THRESHOLD, CpuThrottlingThreshold); + STORE_VAR (DASHARO_VAR_CPU_THROTTLING_OFFSET, CpuThrottlingOffset); STORE_VAR (DASHARO_VAR_ENABLE_CAMERA, EnableCamera); STORE_VAR (DASHARO_VAR_ENABLE_WIFI_BT, EnableWifiBt); STORE_VAR (DASHARO_VAR_FAN_CURVE_OPTION, FanCurveOption); @@ -633,6 +631,9 @@ DasharoSystemFeaturesCallback ( case HYPER_THREADING_QUESTION_ID: Value->b = DasharoGetVariableDefault (DASHARO_VAR_HYPER_THREADING).Boolean; break; + case CPU_THROTTLING_OFFSET_QUESTION_ID: + Value->u8 = DasharoGetVariableDefault (DASHARO_VAR_CPU_THROTTLING_OFFSET).Uint8; + break; default: Status = EFI_UNSUPPORTED; break; diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index 23f240c050..b83aba9108 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -82,8 +82,8 @@ typedef struct { BOOLEAN SerialPortRedirection; BOOLEAN SerialPort2Redirection; UINT8 CpuThrottlingThreshold; + UINT8 CpuThrottlingOffset; UINT8 CpuMaxTemperature; - UINT8 CpuMinThrottlingThreshold; BOOLEAN HybridCpuArchitecture; BOOLEAN HyperThreadingSupported; BOOLEAN HyperThreading; @@ -148,5 +148,6 @@ typedef struct { #define SLEEP_TYPE_QUESTION_ID 0x800A #define SERIAL_PORT2_REDIR_QUESTION_ID 0x800B #define HYPER_THREADING_QUESTION_ID 0x800C +#define CPU_THROTTLING_OFFSET_QUESTION_ID 0x800D #endif diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index cf1c0d3d01..01709381a0 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -171,9 +171,12 @@ #string STR_SERIAL_CONSOLE_REDIRECTION2_PROMPT #language en-US "Enable COM1 Serial Console Redirection" #string STR_SERIAL_CONSOLE_REDIRECTION2_HELP #language en-US "Redirect the firmware console to the second serial port." -#string STR_CPU_THROTTLING_THRESHOLD_PROMPT #language en-US "CPU Throttling Threshold" +#string STR_CPU_THROTTLING_THRESHOLD_PROMPT #language en-US "Current CPU Throttling Threshold Temperature" #string STR_CPU_THROTTLING_THRESHOLD_HELP #language en-US "The temperature above which the CPU will start throttling itself." -#string STR_CPU_THROTTLING_THRESHOLD_RANGE_ERROR #language en-US "The throttling threshold must be between TjMax - 63 and TjMax!!" + +#string STR_CPU_THROTTLING_OFFSET_PROMPT #language en-US "CPU Throttling Temperature Offset" +#string STR_CPU_THROTTLING_OFFSET_HELP #language en-US "The temperature offset from TjMax (maximum CPU temperature) above which the CPU will start throttling itself.\n\n" + "The value is also known as TCC offset." #string STR_BIG_CORE_COUNT_PROMPT #language en-US "Number of active P-cores" #string STR_BIG_CORE_COUNT_HELP #language en-US "Specify the number of Performance cores that should remain active.\n\n" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf index edc3eebbcb..2ae4d94e73 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf @@ -94,3 +94,4 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuMenu gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuCoreDisable gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuHyperThreading + gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuMaxTemperature diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 97f102196f..1954760a14 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -347,20 +347,30 @@ formset endif; suppressif ideqval FeaturesData.ShowCpuThrottlingThreshold == 0; - numeric varid = FeaturesData.CpuThrottlingThreshold, - prompt = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_PROMPT), - help = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_HELP), + numeric varid = FeaturesData.CpuThrottlingOffset, + questionid = CPU_THROTTLING_OFFSET_QUESTION_ID, + prompt = STRING_TOKEN(STR_CPU_THROTTLING_OFFSET_PROMPT), + help = STRING_TOKEN(STR_CPU_THROTTLING_OFFSET_HELP), flags = RESET_REQUIRED | INTERACTIVE, - minimum = 0, // Minimum threshold placeholder - maximum = 200, // Maximum threshold placeholder + minimum = 0, + maximum = 63, step = 1, - nosubmitif prompt = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_RANGE_ERROR), - ideqid FeaturesData.CpuThrottlingThreshold > FeaturesData.CpuMaxTemperature - endif - nosubmitif prompt = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_RANGE_ERROR), - ideqid FeaturesData.CpuThrottlingThreshold < FeaturesData.CpuMinThrottlingThreshold - endif + + write set(FeaturesData.CpuThrottlingThreshold, get(FeaturesData.CpuMaxTemperature) - pushthis); + endnumeric; + + grayoutif TRUE; + numeric varid = FeaturesData.CpuThrottlingThreshold, + prompt = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_PROMPT), + help = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_HELP), + minimum = 0, + maximum = 255, + + read get(FeaturesData.CpuMaxTemperature) - get(FeaturesData.CpuThrottlingOffset); + + endnumeric; + endif; endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c index 2d8a33a2b6..64b1f9ced1 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c @@ -38,9 +38,7 @@ typedef struct { STATIC CHAR16 *mAutoCreatedVariables[] = { DASHARO_VAR_BATTERY_CONFIG, DASHARO_VAR_BOOT_MANAGER_ENABLED, - DASHARO_VAR_CPU_MAX_TEMPERATURE, - DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD, - DASHARO_VAR_CPU_THROTTLING_THRESHOLD, + DASHARO_VAR_CPU_THROTTLING_OFFSET, DASHARO_VAR_ENABLE_CAMERA, DASHARO_VAR_ENABLE_WIFI_BT, DASHARO_VAR_FAN_CURVE_OPTION, @@ -95,14 +93,8 @@ GetVariableInfo ( } else if (StrCmp (VarName, DASHARO_VAR_BOOT_MANAGER_ENABLED) == 0) { Data.Boolean = TRUE; Size = sizeof (Data.Boolean); - } else if (StrCmp (VarName, DASHARO_VAR_CPU_MAX_TEMPERATURE) == 0) { - Data.Uint8 = FixedPcdGet8 (PcdCpuMaxTemperature); - Size = sizeof (Data.Uint8); - } else if (StrCmp (VarName, DASHARO_VAR_CPU_MIN_THROTTLING_THRESHOLD) == 0) { - Data.Uint8 = FixedPcdGet8 (PcdCpuMaxTemperature) - 63; - Size = sizeof (Data.Uint8); - } else if (StrCmp (VarName, DASHARO_VAR_CPU_THROTTLING_THRESHOLD) == 0) { - Data.Uint8 = 80; + } else if (StrCmp (VarName, DASHARO_VAR_CPU_THROTTLING_OFFSET) == 0) { + Data.Uint8 = FixedPcdGet8 (PcdCpuThrottlingOffsetDefault); Size = sizeof (Data.Uint8); } else if (StrCmp (VarName, DASHARO_VAR_ENABLE_CAMERA) == 0) { Data.Boolean = TRUE; diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf index fd017c1eff..5271bb7c7d 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf @@ -56,5 +56,6 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions gDasharoSystemFeaturesTokenSpaceGuid.PcdSleepTypeDefaultS3 gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuHyperThreadingDefault + gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuThrottlingOffsetDefault gDasharoPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms From 43302b40dae80ac3ac651421d04b232cd85cb358 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Fri, 18 Feb 2022 17:47:42 +0100 Subject: [PATCH 317/357] DasharoPayloadPkg: Load bootlogo bitmap from CBMEM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/Include/Coreboot.h | 6 +++ .../Include/Library/BlParseLib.h | 16 +++++++ .../Library/CbParseLib/CbParseLib.c | 33 ++++++++++++++ .../Library/CbParseLib/CbParseLib.inf | 1 + MdeModulePkg/Logo/Logo.c | 45 ++++++++++++++++--- MdeModulePkg/Logo/LogoDxe.inf | 3 ++ 6 files changed, 99 insertions(+), 5 deletions(-) diff --git a/DasharoPayloadPkg/Include/Coreboot.h b/DasharoPayloadPkg/Include/Coreboot.h index e2fd7f00c5..e3a624f9d3 100644 --- a/DasharoPayloadPkg/Include/Coreboot.h +++ b/DasharoPayloadPkg/Include/Coreboot.h @@ -712,6 +712,12 @@ struct cb_vboot_workbuf_v2 { UINT32 kernel_key_size; } __attribute__((packed)); +#define CB_TAG_LOGO 0x00a0 + +struct cb_bootlogo_header { + UINT64 size; +} __attribute__((packed)); + /* Helpful macros */ #define MEM_RANGE_COUNT(_rec) \ diff --git a/DasharoPayloadPkg/Include/Library/BlParseLib.h b/DasharoPayloadPkg/Include/Library/BlParseLib.h index a0bfa6ba35..353e0a0eaa 100644 --- a/DasharoPayloadPkg/Include/Library/BlParseLib.h +++ b/DasharoPayloadPkg/Include/Library/BlParseLib.h @@ -196,4 +196,20 @@ ParseCapsules ( IN BL_CAPSULE_CALLBACK CapsuleCallback ); +/** + Acquire boot logo from coreboot + + @param BmpAddress Pointer to the bitmap file + @param BmpSize Size of the image + + @retval RETURN_SUCCESS Successfully find the boot logo. + @retval RETURN_NOT_FOUND Failed to find the boot logo. +**/ +RETURN_STATUS +EFIAPI +ParseBootLogo ( + OUT UINT64 *BmpAddress, + OUT UINT32 *BmpSize + ); + #endif diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c index c0df8a672d..d51a2473d8 100644 --- a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.c @@ -991,3 +991,36 @@ ParseCapsules ( return RETURN_SUCCESS; } + +/** + Acquire boot logo from coreboot + + @param BmpAddress Pointer to the bitmap file + @param BmpSize Size of the image + + @retval RETURN_SUCCESS Successfully find the boot logo. + @retval RETURN_NOT_FOUND Failed to find the boot logo. +**/ +RETURN_STATUS +EFIAPI +ParseBootLogo ( + OUT UINT64 *BmpAddress, + OUT UINT32 *BmpSize + ) +{ + struct cb_cbmem_ref *CbLogo; + struct cb_bootlogo_header *CbLogoHeader; + + CbLogo = FindCbTag (CB_TAG_LOGO); + if (CbLogo == NULL) { + DEBUG ((DEBUG_INFO, "Did not find BootLogo tag\n")); + return RETURN_NOT_FOUND; + } + + CbLogoHeader = (struct cb_bootlogo_header*)(UINTN) CbLogo->cbmem_addr; + + *BmpAddress = CbLogo->cbmem_addr + sizeof(*CbLogoHeader); + *BmpSize = CbLogoHeader->size; + + return RETURN_SUCCESS; +} diff --git a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf index 5289968299..544c9423a6 100644 --- a/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf +++ b/DasharoPayloadPkg/Library/CbParseLib/CbParseLib.inf @@ -38,3 +38,4 @@ [Pcd] gDasharoPayloadPkgTokenSpaceGuid.PcdPayloadStackTop + diff --git a/MdeModulePkg/Logo/Logo.c b/MdeModulePkg/Logo/Logo.c index 8ab874d2da..2b996e9183 100644 --- a/MdeModulePkg/Logo/Logo.c +++ b/MdeModulePkg/Logo/Logo.c @@ -13,6 +13,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include +#include typedef struct { EFI_IMAGE_ID ImageId; @@ -56,7 +58,12 @@ GetImage ( OUT INTN *OffsetY ) { - UINT32 Current; + UINT32 Current; + UINTN GopBltSize; + EFI_GRAPHICS_OUTPUT_BLT_PIXEL *Blt; + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS BmpAddr; + UINT32 BmpSize; if ((Instance == NULL) || (Image == NULL) || (Attribute == NULL) || (OffsetX == NULL) || (OffsetY == NULL)) @@ -70,10 +77,38 @@ GetImage ( } (*Instance)++; - *Attribute = mLogos[Current].Attribute; - *OffsetX = mLogos[Current].OffsetX; - *OffsetY = mLogos[Current].OffsetY; - return mHiiImageEx->GetImageEx (mHiiImageEx, mHiiHandle, mLogos[Current].ImageId, Image); + + Status = ParseBootLogo (&BmpAddr, &BmpSize); + if (!EFI_ERROR (Status)) { + // Logo from CBMEM + *Attribute = EdkiiPlatformLogoDisplayAttributeCenter; + *OffsetX = 0; + *OffsetY = 0; + GopBltSize = 0; + Blt = NULL; + + Status = TranslateBmpToGopBlt ( + (void*) BmpAddr, + BmpSize, + &Blt, + &GopBltSize, + (UINTN*) &(Image->Height), + (UINTN*) &(Image->Width)); + + if (EFI_ERROR (Status)) { + return Status; + } + + Image->Bitmap = Blt; + + return Status; + } else { + // No logo in CBMEM, fallback to builtin + *Attribute = mLogos[Current].Attribute; + *OffsetX = mLogos[Current].OffsetX; + *OffsetY = mLogos[Current].OffsetY; + return mHiiImageEx->GetImageEx (mHiiImageEx, mHiiHandle, mLogos[Current].ImageId, Image); + } } EDKII_PLATFORM_LOGO_PROTOCOL mPlatformLogo = { diff --git a/MdeModulePkg/Logo/LogoDxe.inf b/MdeModulePkg/Logo/LogoDxe.inf index 41215d25d8..cd8ac8e2dc 100644 --- a/MdeModulePkg/Logo/LogoDxe.inf +++ b/MdeModulePkg/Logo/LogoDxe.inf @@ -34,6 +34,7 @@ Logo.idf [Packages] + DasharoPayloadPkg/DasharoPayloadPkg.dec MdeModulePkg/MdeModulePkg.dec MdePkg/MdePkg.dec @@ -41,6 +42,8 @@ UefiBootServicesTableLib UefiDriverEntryPoint DebugLib + BlParseLib + BmpSupportLib [Protocols] gEfiHiiDatabaseProtocolGuid ## CONSUMES From db4b8c53097d1e5385b361ad2c97dde7c69608ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 20 Jun 2024 15:55:14 +0200 Subject: [PATCH 318/357] DasharoModulePkg/DasharoSystemFeaturesUiLib: Write variables only for enabled options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../DasharoSystemFeatures.c | 182 +++++++++++------- .../DasharoSystemFeaturesHii.h | 1 + 2 files changed, 110 insertions(+), 73 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 27f107b990..2900192a94 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -195,7 +195,8 @@ DasharoSystemFeaturesUiLibConstructor ( PRIVATE_DATA(CpuMaxTemperature) = FixedPcdGet8 (PcdCpuMaxTemperature); PRIVATE_DATA(ShowCpuCoreDisable) = PcdGetBool(PcdShowCpuCoreDisable); PRIVATE_DATA(ShowCpuHyperThreading) = PcdGetBool(PcdShowCpuHyperThreading); - PRIVATE_DATA(ShowCpuHyperThreading) = PcdGetBool(PcdShowCpuHyperThreading); + PRIVATE_DATA(WatchdogAvailable) = PcdGetBool (PcdShowOcWdtOptions); + PRIVATE_DATA(ShowPowerFailureState) = FixedPcdGet8 (PcdDefaultPowerFailureState) != POWER_FAILURE_STATE_HIDDEN; // Ensure at least one option is visible in given menu (if enabled), otherwise hide it if (PRIVATE_DATA(ShowSecurityMenu)) @@ -230,16 +231,22 @@ DasharoSystemFeaturesUiLibConstructor ( if (!PRIVATE_DATA(HybridCpuArchitecture)) PRIVATE_DATA(CoreMaxCount) = PRIVATE_DATA(BigCoreMaxCount); -#define LOAD_VAR(var, field) do { \ - BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.field); \ - Status = gRT->GetVariable ( \ - (var), \ - &gDasharoSystemFeaturesGuid, \ - NULL, \ - &BufferSize, \ - &mDasharoSystemFeaturesPrivate.DasharoFeaturesData.field \ - ); \ - ASSERT_EFI_ERROR (Status); \ +#define LOAD_VAR(var, field) do { \ + BufferSize = sizeof (PRIVATE_DATA(field)); \ + Status = gRT->GetVariable ( \ + (var), \ + &gDasharoSystemFeaturesGuid, \ + NULL, \ + &BufferSize, \ + &PRIVATE_DATA(field) \ + ); \ + if (EFI_ERROR (Status)) \ + PRIVATE_DATA(field) = _Generic(PRIVATE_DATA(field), \ + UINT8: DasharoGetVariableDefault(var).Uint8, \ + DASHARO_WATCHDOG_CONFIG: DasharoGetVariableDefault(var).Watchdog, \ + DASHARO_IOMMU_CONFIG: DasharoGetVariableDefault(var).Iommu, \ + DASHARO_BATTERY_CONFIG: DasharoGetVariableDefault(var).Battery \ + ); \ } while (FALSE) LOAD_VAR (DASHARO_VAR_BATTERY_CONFIG, BatteryConfig); @@ -264,7 +271,6 @@ DasharoSystemFeaturesUiLibConstructor ( LOAD_VAR (DASHARO_VAR_USB_MASS_STORAGE, UsbMassStorage); LOAD_VAR (DASHARO_VAR_USB_STACK, UsbStack); LOAD_VAR (DASHARO_VAR_WATCHDOG, WatchdogConfig); - LOAD_VAR (DASHARO_VAR_WATCHDOG_AVAILABLE, WatchdogAvailable); LOAD_VAR (DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, SmallCoreActiveCount); LOAD_VAR (DASHARO_VAR_CORE_ACTIVE_COUNT, BigCoreActiveCount); LOAD_VAR (DASHARO_VAR_CORE_ACTIVE_COUNT, CoreActiveCount); @@ -272,6 +278,9 @@ DasharoSystemFeaturesUiLibConstructor ( #undef LOAD_VAR + PRIVATE_DATA(CpuThrottlingThreshold) = + PRIVATE_DATA(CpuMaxTemperature) - PRIVATE_DATA(CpuThrottlingOffset); + if (PRIVATE_DATA(HybridCpuArchitecture) && PRIVATE_DATA(SmallCoreActiveCount) == 0 && PRIVATE_DATA(BigCoreActiveCount) == 0) { @@ -283,20 +292,23 @@ DasharoSystemFeaturesUiLibConstructor ( */ PRIVATE_DATA(SmallCoreActiveCount) = DASHARO_CPU_CORES_ENABLE_ALL; PRIVATE_DATA(BigCoreActiveCount) = DASHARO_CPU_CORES_ENABLE_ALL; - gRT->SetVariable ( - DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, - &gDasharoSystemFeaturesGuid, - DasharoGetVariableAttributes (DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT), - sizeof (PRIVATE_DATA(SmallCoreActiveCount)), - &PRIVATE_DATA(SmallCoreActiveCount) - ); - gRT->SetVariable ( - DASHARO_VAR_CORE_ACTIVE_COUNT, - &gDasharoSystemFeaturesGuid, - DasharoGetVariableAttributes (DASHARO_VAR_CORE_ACTIVE_COUNT), - sizeof (PRIVATE_DATA(BigCoreActiveCount)), - &PRIVATE_DATA(BigCoreActiveCount) - ); + + if (PcdGetBool(PcdShowCpuCoreDisable)) { + gRT->SetVariable ( + DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, + &gDasharoSystemFeaturesGuid, + DasharoGetVariableAttributes (DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT), + sizeof (PRIVATE_DATA(SmallCoreActiveCount)), + &PRIVATE_DATA(SmallCoreActiveCount) + ); + gRT->SetVariable ( + DASHARO_VAR_CORE_ACTIVE_COUNT, + &gDasharoSystemFeaturesGuid, + DasharoGetVariableAttributes (DASHARO_VAR_CORE_ACTIVE_COUNT), + sizeof (PRIVATE_DATA(BigCoreActiveCount)), + &PRIVATE_DATA(BigCoreActiveCount) + ); + } } return EFI_SUCCESS; @@ -487,7 +499,7 @@ DasharoSystemFeaturesRouteConfig ( ); ASSERT_EFI_ERROR (Status); - if (PrivateData->HybridCpuArchitecture) { + if (PrivateData->HybridCpuArchitecture && PcdGetBool (PcdShowCpuCoreDisable)) { if (DasharoFeaturesData.SmallCoreActiveCount == 0 && PrivateData->BigCoreMaxCount == 0) return EFI_INVALID_PARAMETER; @@ -497,54 +509,78 @@ DasharoSystemFeaturesRouteConfig ( // Can use CompareMem() on structures instead of a per-field comparison as // long as they are packed. -#define STORE_VAR(var, field) do { \ - if (CompareMem (&Private->DasharoFeaturesData.field, \ - &DasharoFeaturesData.field, \ - sizeof (DasharoFeaturesData.field)) != 0) { \ - Status = gRT->SetVariable ( \ - (var), \ - &gDasharoSystemFeaturesGuid, \ - DasharoGetVariableAttributes (var), \ - sizeof (DasharoFeaturesData.field), \ - &DasharoFeaturesData.field \ - ); \ - if (EFI_ERROR (Status)) { \ - return Status; \ - } \ - } \ +#define STORE_VAR_IF(var, field, cond) do { \ + if (cond) { \ + if (CompareMem (&Private->DasharoFeaturesData.field, \ + &DasharoFeaturesData.field, \ + sizeof (DasharoFeaturesData.field)) != 0) { \ + Status = gRT->SetVariable ( \ + (var), \ + &gDasharoSystemFeaturesGuid, \ + DasharoGetVariableAttributes (var), \ + sizeof (DasharoFeaturesData.field), \ + &DasharoFeaturesData.field \ + ); \ + if (EFI_ERROR (Status)) { \ + return Status; \ + } \ + } \ + } \ } while (FALSE) - STORE_VAR (DASHARO_VAR_BATTERY_CONFIG, BatteryConfig); - STORE_VAR (DASHARO_VAR_BOOT_MANAGER_ENABLED, BootManagerEnabled); - STORE_VAR (DASHARO_VAR_CPU_THROTTLING_OFFSET, CpuThrottlingOffset); - STORE_VAR (DASHARO_VAR_ENABLE_CAMERA, EnableCamera); - STORE_VAR (DASHARO_VAR_ENABLE_WIFI_BT, EnableWifiBt); - STORE_VAR (DASHARO_VAR_FAN_CURVE_OPTION, FanCurveOption); - STORE_VAR (DASHARO_VAR_IOMMU_CONFIG, IommuConfig); - STORE_VAR (DASHARO_VAR_LOCK_BIOS, LockBios); - STORE_VAR (DASHARO_VAR_MEMORY_PROFILE, MemoryProfile); - STORE_VAR (DASHARO_VAR_ME_MODE, MeMode); - STORE_VAR (DASHARO_VAR_NETWORK_BOOT, NetworkBoot); - STORE_VAR (DASHARO_VAR_OPTION_ROM_POLICY, OptionRomExecution); - STORE_VAR (DASHARO_VAR_POWER_FAILURE_STATE, PowerFailureState); - STORE_VAR (DASHARO_VAR_PS2_CONTROLLER, Ps2Controller); - STORE_VAR (DASHARO_VAR_RESIZEABLE_BARS_ENABLED, ResizeableBarsEnabled); - STORE_VAR (DASHARO_VAR_SERIAL_REDIRECTION, SerialPortRedirection); - STORE_VAR (DASHARO_VAR_SERIAL_REDIRECTION2, SerialPort2Redirection); - STORE_VAR (DASHARO_VAR_SLEEP_TYPE, SleepType); - STORE_VAR (DASHARO_VAR_SMM_BWP, SmmBwp); - STORE_VAR (DASHARO_VAR_USB_MASS_STORAGE, UsbMassStorage); - STORE_VAR (DASHARO_VAR_USB_STACK, UsbStack); - STORE_VAR (DASHARO_VAR_WATCHDOG, WatchdogConfig); - STORE_VAR (DASHARO_VAR_WATCHDOG_AVAILABLE, WatchdogAvailable); - STORE_VAR (DASHARO_VAR_HYPER_THREADING, HyperThreading); - - if (PrivateData->HybridCpuArchitecture) { - STORE_VAR (DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, SmallCoreActiveCount); - STORE_VAR (DASHARO_VAR_CORE_ACTIVE_COUNT, BigCoreActiveCount); - } else { - // CoreActiveCount used for P-cores and non-hybrid CPU architectures to match FSP - STORE_VAR (DASHARO_VAR_CORE_ACTIVE_COUNT, CoreActiveCount); + if (PcdGetBool (PcdShowSecurityMenu)) { + STORE_VAR_IF (DASHARO_VAR_BOOT_MANAGER_ENABLED, BootManagerEnabled, PcdGetBool (PcdDasharoEnterprise)); + STORE_VAR_IF (DASHARO_VAR_ENABLE_CAMERA, EnableCamera, PcdGetBool (PcdSecurityShowCameraOption)); + STORE_VAR_IF (DASHARO_VAR_ENABLE_WIFI_BT, EnableWifiBt, PcdGetBool (PcdSecurityShowWiFiBtOption)); + STORE_VAR_IF (DASHARO_VAR_IOMMU_CONFIG, IommuConfig, PcdGetBool (PcdShowIommuOptions)); + STORE_VAR_IF (DASHARO_VAR_LOCK_BIOS, LockBios, PcdGetBool (PcdShowLockBios)); + STORE_VAR_IF (DASHARO_VAR_SMM_BWP, SmmBwp, PcdGetBool (PcdShowSmmBwp)); + } + + STORE_VAR_IF (DASHARO_VAR_MEMORY_PROFILE, MemoryProfile, PcdGetBool (PcdShowMemoryMenu)); + STORE_VAR_IF (DASHARO_VAR_ME_MODE, MeMode, PcdGetBool (PcdShowIntelMeMenu)); + STORE_VAR_IF (DASHARO_VAR_NETWORK_BOOT, NetworkBoot, PcdGetBool (PcdShowNetworkMenu)); + + if (PcdGetBool (PcdShowPowerMenu)) { + STORE_VAR_IF (DASHARO_VAR_SLEEP_TYPE, SleepType, PcdGetBool (PcdPowerMenuShowSleepType)); + STORE_VAR_IF (DASHARO_VAR_POWER_FAILURE_STATE, PowerFailureState, + FixedPcdGet8 (PcdDefaultPowerFailureState) != POWER_FAILURE_STATE_HIDDEN); + STORE_VAR_IF (DASHARO_VAR_FAN_CURVE_OPTION, FanCurveOption, PcdGetBool (PcdPowerMenuShowFanCurve)); + STORE_VAR_IF (DASHARO_VAR_BATTERY_CONFIG, BatteryConfig, PcdGetBool (PcdPowerMenuShowBatteryThresholds)); + STORE_VAR_IF (DASHARO_VAR_CPU_THROTTLING_OFFSET, CpuThrottlingOffset, PcdGetBool (PcdShowCpuThrottlingThreshold)); + } + + if (PcdGetBool (PcdShowPciMenu)) { + STORE_VAR_IF (DASHARO_VAR_OPTION_ROM_POLICY, OptionRomExecution, TRUE); + STORE_VAR_IF (DASHARO_VAR_RESIZEABLE_BARS_ENABLED, ResizeableBarsEnabled, PcdGetBool (PcdPciMenuShowResizeableBars)); + } + + if (PcdGetBool (PcdShowSerialPortMenu)) { + STORE_VAR_IF (DASHARO_VAR_SERIAL_REDIRECTION, SerialPortRedirection, TRUE); + STORE_VAR_IF (DASHARO_VAR_SERIAL_REDIRECTION2, SerialPort2Redirection, PcdGetBool (PcdHave2ndUart)); + } + + if (PcdGetBool (PcdShowUsbMenu)) { + STORE_VAR_IF (DASHARO_VAR_USB_MASS_STORAGE, UsbMassStorage, TRUE); + STORE_VAR_IF (DASHARO_VAR_USB_STACK, UsbStack, TRUE); + } + + if (PcdGetBool (PcdShowChipsetMenu)) { + STORE_VAR_IF (DASHARO_VAR_WATCHDOG, WatchdogConfig, PcdGetBool (PcdShowOcWdtOptions)); + STORE_VAR_IF (DASHARO_VAR_PS2_CONTROLLER, Ps2Controller, PcdGetBool (PcdShowPs2Option)); + } + + if (PcdGetBool (PcdShowCpuMenu)) { + STORE_VAR_IF (DASHARO_VAR_HYPER_THREADING, HyperThreading, PcdGetBool (PcdShowCpuHyperThreading)); + + if (PrivateData->HybridCpuArchitecture) { + STORE_VAR_IF (DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, SmallCoreActiveCount, PcdGetBool (PcdShowCpuCoreDisable)); + STORE_VAR_IF (DASHARO_VAR_CORE_ACTIVE_COUNT, BigCoreActiveCount, PcdGetBool (PcdShowCpuCoreDisable)); + } else { + // CoreActiveCount used for P-cores and non-hybrid CPU architectures to match FSP + STORE_VAR_IF (DASHARO_VAR_CORE_ACTIVE_COUNT, CoreActiveCount, PcdGetBool (PcdShowCpuCoreDisable)); + } + } #undef STORE_VAR diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h index b83aba9108..83fe4a028a 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesHii.h @@ -58,6 +58,7 @@ typedef struct { BOOLEAN ShowCpuThrottlingThreshold; BOOLEAN ShowCpuCoreDisable; BOOLEAN ShowCpuHyperThreading; + BOOLEAN ShowPowerFailureState; // Feature data BOOLEAN LockBios; BOOLEAN SmmBwp; From 103f78e0e20737fde7c471461927801b94d8ad47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 20 Jun 2024 15:55:39 +0200 Subject: [PATCH 319/357] DasharoModulePkg/DasharoSystemFeaturesUiLib: Use disableif for options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use disableif, which is more convenient for turning off the options entirely, as it will disable the IFR logic for everything nested under the disableif. Unlike supressif, disableif is evaluated only once. It saves time for the processing and will prevent some undesired behavior from occurring, such as a default value not correctly set for the hidden option and causing an IFR logic to fail in bounds check, etc. Signed-off-by: Michał Żygowski --- .../DasharoSystemFeaturesVfr.vfr | 457 +++++++++--------- 1 file changed, 233 insertions(+), 224 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr index 1954760a14..b843979bba 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesVfr.vfr @@ -23,63 +23,63 @@ formset title = STRING_TOKEN(STR_EDKII_MENU_TITLE); suppressif ideqval FeaturesData.ShowSecurityMenu == 0; - goto DASHARO_SECURITY_OPTIONS_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_SECURITY_OPTIONS_TITLE), - help = STRING_TOKEN(STR_DASHARO_SECURITY_OPTIONS_HELP); + goto DASHARO_SECURITY_OPTIONS_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_SECURITY_OPTIONS_TITLE), + help = STRING_TOKEN(STR_DASHARO_SECURITY_OPTIONS_HELP); endif; suppressif ideqval FeaturesData.ShowNetworkMenu == 0; - goto DASHARO_NETWORK_OPTIONS_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_NETWORKING_OPTIONS_TITLE), - help = STRING_TOKEN(STR_DASHARO_NETWORKING_OPTIONS_HELP); + goto DASHARO_NETWORK_OPTIONS_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_NETWORKING_OPTIONS_TITLE), + help = STRING_TOKEN(STR_DASHARO_NETWORKING_OPTIONS_HELP); endif; suppressif ideqval FeaturesData.ShowUsbMenu == 0; - goto DASHARO_USB_CONFIGURATION_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_USB_CONFIGURATION_TITLE), - help = STRING_TOKEN(STR_DASHARO_USB_CONFIGURATION_HELP); + goto DASHARO_USB_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_USB_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_USB_CONFIGURATION_HELP); endif; suppressif ideqval FeaturesData.ShowIntelMeMenu == 0; - goto DASHARO_INTEL_ME_OPTIONS_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_INTEL_ME_OPTIONS_TITLE), - help = STRING_TOKEN(STR_DASHARO_INTEL_ME_OPTIONS_HELP); + goto DASHARO_INTEL_ME_OPTIONS_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_INTEL_ME_OPTIONS_TITLE), + help = STRING_TOKEN(STR_DASHARO_INTEL_ME_OPTIONS_HELP); endif; suppressif ideqval FeaturesData.ShowChipsetMenu == 0; - goto DASHARO_CHIPSET_CONFIGURATION_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_CHIPSET_CONFIGURATION_TITLE), - help = STRING_TOKEN(STR_DASHARO_CHIPSET_CONFIGURATION_HELP); + goto DASHARO_CHIPSET_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_CHIPSET_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_CHIPSET_CONFIGURATION_HELP); endif; suppressif ideqval FeaturesData.ShowPowerMenu == 0; - goto DASHARO_POWER_CONFIGURATION_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_POWER_CONFIGURATION_TITLE), - help = STRING_TOKEN(STR_DASHARO_POWER_CONFIGURATION_HELP); + goto DASHARO_POWER_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_POWER_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_POWER_CONFIGURATION_HELP); endif; suppressif ideqval FeaturesData.ShowPciMenu == 0; - goto DASHARO_PCI_CONFIGURATION_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_PCI_CONFIGURATION_TITLE), - help = STRING_TOKEN(STR_DASHARO_PCI_CONFIGURATION_HELP); + goto DASHARO_PCI_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_PCI_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_PCI_CONFIGURATION_HELP); endif; suppressif ideqval FeaturesData.ShowMemoryMenu == 0; - goto DASHARO_MEMORY_CONFIGURATION_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_MEMORY_CONFIGURATION_TITLE), - help = STRING_TOKEN(STR_DASHARO_MEMORY_CONFIGURATION_HELP); + goto DASHARO_MEMORY_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_MEMORY_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_MEMORY_CONFIGURATION_HELP); endif; suppressif ideqval FeaturesData.ShowSerialPortMenu == 0; - goto DASHARO_SERIAL_PORT_CONFIGURATION_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_SERIAL_PORT_CONFIGURATION_TITLE), - help = STRING_TOKEN(STR_DASHARO_SERIAL_PORT_CONFIGURATION_HELP); + goto DASHARO_SERIAL_PORT_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_SERIAL_PORT_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_SERIAL_PORT_CONFIGURATION_HELP); endif; suppressif ideqval FeaturesData.ShowCpuMenu == 0; - goto DASHARO_CPU_CONFIGURATION_FORM_ID, - prompt = STRING_TOKEN(STR_DASHARO_CPU_CONFIGURATION_TITLE), - help = STRING_TOKEN(STR_DASHARO_CPU_CONFIGURATION_HELP); + goto DASHARO_CPU_CONFIGURATION_FORM_ID, + prompt = STRING_TOKEN(STR_DASHARO_CPU_CONFIGURATION_TITLE), + help = STRING_TOKEN(STR_DASHARO_CPU_CONFIGURATION_HELP); endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -92,40 +92,40 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - suppressif ideqval FeaturesData.ShowLockBios == 0; - checkbox varid = FeaturesData.LockBios, - prompt = STRING_TOKEN(STR_LOCK_BIOS_PROMPT), - help = STRING_TOKEN(STR_LOCK_BIOS_HELP), - flags = CHECKBOX_DEFAULT | RESET_REQUIRED, - endcheckbox; + disableif ideqval FeaturesData.ShowLockBios == 0; + checkbox varid = FeaturesData.LockBios, + prompt = STRING_TOKEN(STR_LOCK_BIOS_PROMPT), + help = STRING_TOKEN(STR_LOCK_BIOS_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, + endcheckbox; endif; - suppressif ideqval FeaturesData.ShowSmmBwp == 0; - checkbox varid = FeaturesData.SmmBwp, - prompt = STRING_TOKEN(STR_SMM_BWP_PROMPT), - help = STRING_TOKEN(STR_SMM_BWP_HELP), - flags = RESET_REQUIRED, - endcheckbox; + disableif ideqval FeaturesData.ShowSmmBwp == 0; + checkbox varid = FeaturesData.SmmBwp, + prompt = STRING_TOKEN(STR_SMM_BWP_PROMPT), + help = STRING_TOKEN(STR_SMM_BWP_HELP), + flags = RESET_REQUIRED, + endcheckbox; endif; - suppressif ideqval FeaturesData.SecurityMenuShowIommu == 0; + disableif ideqval FeaturesData.SecurityMenuShowIommu == 0; checkbox name = IommuEnable, varid = FeaturesData.IommuConfig.IommuEnable, prompt = STRING_TOKEN(STR_DMA_PROTECTION_PROMPT), help = STRING_TOKEN(STR_DMA_PROTECTION_HELP), flags = RESET_REQUIRED, endcheckbox; - endif; - suppressif questionref(IommuEnable) == FALSE; - checkbox varid = FeaturesData.IommuConfig.IommuHandoff, - prompt = STRING_TOKEN(STR_IOMMU_HANDOFF_PROMPT), - help = STRING_TOKEN(STR_IOMMU_HANDOFF_HELP), - flags = RESET_REQUIRED, - endcheckbox; + suppressif questionref(IommuEnable) == FALSE; + checkbox varid = FeaturesData.IommuConfig.IommuHandoff, + prompt = STRING_TOKEN(STR_IOMMU_HANDOFF_PROMPT), + help = STRING_TOKEN(STR_IOMMU_HANDOFF_HELP), + flags = RESET_REQUIRED, + endcheckbox; + endif; endif; - suppressif ideqval FeaturesData.DasharoEnterprise == 0; + disableif ideqval FeaturesData.DasharoEnterprise == 0; checkbox varid = FeaturesData.BootManagerEnabled, prompt = STRING_TOKEN(STR_BOOT_MENU_ENABLED_PROMPT), help = STRING_TOKEN(STR_BOOT_MENU_ENABLED_HELP), @@ -133,7 +133,7 @@ formset endcheckbox; endif; - suppressif ideqval FeaturesData.SecurityMenuShowWiFiBt == 0; + disableif ideqval FeaturesData.SecurityMenuShowWiFiBt == 0; checkbox varid = FeaturesData.EnableWifiBt, prompt = STRING_TOKEN(STR_WIFI_BT_ENABLE_PROMPT), help = STRING_TOKEN(STR_WIFI_BT_ENABLE_HELP), @@ -141,7 +141,7 @@ formset endcheckbox; endif; - suppressif ideqval FeaturesData.SecurityMenuShowCamera == 0; + disableif ideqval FeaturesData.SecurityMenuShowCamera == 0; checkbox varid = FeaturesData.EnableCamera, prompt = STRING_TOKEN(STR_ENABLE_CAMERA_PROMPT), help = STRING_TOKEN(STR_ENABLE_CAMERA_HELP), @@ -149,16 +149,16 @@ formset endcheckbox; endif; - suppressif ideqval FeaturesData.ShowFum == 0; - subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + disableif ideqval FeaturesData.ShowFum == 0; + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); + subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - text - help = STRING_TOKEN(STR_FUM_HELP), - text = STRING_TOKEN(STR_FUM_PROMPT), - flags = INTERACTIVE, - key = FIRMWARE_UPDATE_MODE_QUESTION_ID; - endif; + text + help = STRING_TOKEN(STR_FUM_HELP), + text = STRING_TOKEN(STR_FUM_PROMPT), + flags = INTERACTIVE, + key = FIRMWARE_UPDATE_MODE_QUESTION_ID; + endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -171,12 +171,14 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - checkbox varid = FeaturesData.NetworkBoot, - questionid = NETWORK_BOOT_QUESTION_ID, - prompt = STRING_TOKEN(STR_NETWORK_BOOT_ENABLE_PROMPT), - help = STRING_TOKEN(STR_NETWORK_BOOT_ENABLE_HELP), - flags = INTERACTIVE | RESET_REQUIRED, - endcheckbox; + disableif ideqval FeaturesData.ShowNetworkMenu == 0; + checkbox varid = FeaturesData.NetworkBoot, + questionid = NETWORK_BOOT_QUESTION_ID, + prompt = STRING_TOKEN(STR_NETWORK_BOOT_ENABLE_PROMPT), + help = STRING_TOKEN(STR_NETWORK_BOOT_ENABLE_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + endcheckbox; + endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -188,19 +190,21 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - checkbox name = UsbStack, - varid = FeaturesData.UsbStack, - prompt = STRING_TOKEN(STR_USB_STACK_ENABLE_PROMPT), - help = STRING_TOKEN(STR_USB_STACK_ENABLE_HELP), - flags = CHECKBOX_DEFAULT | RESET_REQUIRED, - endcheckbox; - - suppressif questionref(UsbStack) == FALSE; - checkbox varid = FeaturesData.UsbMassStorage, - prompt = STRING_TOKEN(STR_USB_MASS_STORAGE_ENABLE_PROMPT), - help = STRING_TOKEN(STR_USB_MASS_STORAGE_ENABLE_HELP), - flags = CHECKBOX_DEFAULT | RESET_REQUIRED, + disableif ideqval FeaturesData.ShowUsbMenu == 0; + checkbox name = UsbStack, + varid = FeaturesData.UsbStack, + prompt = STRING_TOKEN(STR_USB_STACK_ENABLE_PROMPT), + help = STRING_TOKEN(STR_USB_STACK_ENABLE_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, endcheckbox; + + suppressif questionref(UsbStack) == FALSE; + checkbox varid = FeaturesData.UsbMassStorage, + prompt = STRING_TOKEN(STR_USB_MASS_STORAGE_ENABLE_PROMPT), + help = STRING_TOKEN(STR_USB_MASS_STORAGE_ENABLE_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, + endcheckbox; + endif; endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -213,18 +217,20 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - oneof varid = FeaturesData.MeMode, - questionid = INTEL_ME_MODE_QUESTION_ID, - prompt = STRING_TOKEN(STR_ME_MODE_PROMPT), - help = STRING_TOKEN(STR_ME_MODE_HELP), - flags = RESET_REQUIRED | INTERACTIVE, + disableif ideqval FeaturesData.ShowIntelMeMenu == 0; + oneof varid = FeaturesData.MeMode, + questionid = INTEL_ME_MODE_QUESTION_ID, + prompt = STRING_TOKEN(STR_ME_MODE_PROMPT), + help = STRING_TOKEN(STR_ME_MODE_HELP), + flags = RESET_REQUIRED | INTERACTIVE, option text = STRING_TOKEN(STR_ME_MODE_ENABLE), value = ME_MODE_ENABLE, flags = 0; option text = STRING_TOKEN(STR_ME_MODE_DISABLE_HECI), value = ME_MODE_DISABLE_HECI, flags = 0; suppressif ideqval FeaturesData.MeHapAvailable == 0; option text = STRING_TOKEN(STR_ME_MODE_DISABLE_HAP), value = ME_MODE_DISABLE_HAP, flags = 0; endif; - endoneof; + endoneof; + endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -236,20 +242,20 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - suppressif ideqval FeaturesData.ShowPs2Option == 0; - checkbox varid = FeaturesData.Ps2Controller, - prompt = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_PROMPT), - help = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_HELP), - flags = CHECKBOX_DEFAULT | RESET_REQUIRED, + disableif ideqval FeaturesData.ShowPs2Option == 0; + checkbox varid = FeaturesData.Ps2Controller, + prompt = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_PROMPT), + help = STRING_TOKEN(STR_PS2_CONTROLLER_ENABLE_HELP), + flags = CHECKBOX_DEFAULT | RESET_REQUIRED, endcheckbox; endif; - suppressif ideqval FeaturesData.WatchdogAvailable == 0; - checkbox varid = FeaturesData.WatchdogConfig.WatchdogEnable, + disableif ideqval FeaturesData.WatchdogAvailable == 0; + checkbox varid = FeaturesData.WatchdogConfig.WatchdogEnable, questionid = WATCHDOG_ENABLE_QUESTION_ID, - prompt = STRING_TOKEN(STR_WATCHDOG_ENABLE_PROMPT), - help = STRING_TOKEN(STR_WATCHDOG_ENABLE_HELP), - flags = RESET_REQUIRED | INTERACTIVE, + prompt = STRING_TOKEN(STR_WATCHDOG_ENABLE_PROMPT), + help = STRING_TOKEN(STR_WATCHDOG_ENABLE_HELP), + flags = RESET_REQUIRED | INTERACTIVE, endcheckbox; suppressif ideqval FeaturesData.WatchdogConfig.WatchdogEnable == 0; @@ -276,101 +282,102 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - suppressif ideqval FeaturesData.PowerMenuShowFanCurve == 0; - oneof varid = FeaturesData.FanCurveOption, - prompt = STRING_TOKEN(STR_FAN_CURVE_PROMPT), - help = STRING_TOKEN(STR_FAN_CURVE_HELP), - flags = RESET_REQUIRED, + disableif ideqval FeaturesData.PowerMenuShowFanCurve == 0; + oneof varid = FeaturesData.FanCurveOption, + prompt = STRING_TOKEN(STR_FAN_CURVE_PROMPT), + help = STRING_TOKEN(STR_FAN_CURVE_HELP), + flags = RESET_REQUIRED, - option text = STRING_TOKEN(STR_FAN_CURVE_SILENT), value = FAN_CURVE_OPTION_SILENT, flags = DEFAULT; - option text = STRING_TOKEN(STR_FAN_CURVE_PERFORMANCE), value = FAN_CURVE_OPTION_PERFORMANCE, flags = 0; - endoneof; + option text = STRING_TOKEN(STR_FAN_CURVE_SILENT), value = FAN_CURVE_OPTION_SILENT, flags = DEFAULT; + option text = STRING_TOKEN(STR_FAN_CURVE_PERFORMANCE), value = FAN_CURVE_OPTION_PERFORMANCE, flags = 0; + endoneof; endif; - suppressif ideqval FeaturesData.PowerMenuShowSleepType == 0; - oneof varid = FeaturesData.SleepType, - questionid = SLEEP_TYPE_QUESTION_ID, - prompt = STRING_TOKEN(STR_SLEEP_TYPE_PROMPT), - help = STRING_TOKEN(STR_SLEEP_TYPE_HELP), - flags = RESET_REQUIRED | INTERACTIVE, - - option text = STRING_TOKEN(STR_SLEEP_TYPE_S0IX), value = SLEEP_TYPE_S0IX, flags = 0; - suppressif ideqval FeaturesData.S3SupportExperimental == 1; - option text = STRING_TOKEN(STR_SLEEP_TYPE_S3), value = SLEEP_TYPE_S3, flags = 0; - endif; - suppressif ideqval FeaturesData.S3SupportExperimental == 0; - option text = STRING_TOKEN(STR_SLEEP_TYPE_S3_EXPERIMENTAL), value = SLEEP_TYPE_S3, flags = 0; - endif; - endoneof; + disableif ideqval FeaturesData.PowerMenuShowSleepType == 0; + oneof varid = FeaturesData.SleepType, + questionid = SLEEP_TYPE_QUESTION_ID, + prompt = STRING_TOKEN(STR_SLEEP_TYPE_PROMPT), + help = STRING_TOKEN(STR_SLEEP_TYPE_HELP), + flags = RESET_REQUIRED | INTERACTIVE, + + option text = STRING_TOKEN(STR_SLEEP_TYPE_S0IX), value = SLEEP_TYPE_S0IX, flags = 0; + suppressif ideqval FeaturesData.S3SupportExperimental == 1; + option text = STRING_TOKEN(STR_SLEEP_TYPE_S3), value = SLEEP_TYPE_S3, flags = 0; + endif; + suppressif ideqval FeaturesData.S3SupportExperimental == 0; + option text = STRING_TOKEN(STR_SLEEP_TYPE_S3_EXPERIMENTAL), value = SLEEP_TYPE_S3, flags = 0; + endif; + endoneof; endif; - suppressif ideqval FeaturesData.PowerFailureState == POWER_FAILURE_STATE_HIDDEN; - oneof varid = FeaturesData.PowerFailureState, - questionid = POWER_FAILURE_STATE_QUESTION_ID, - prompt = STRING_TOKEN(STR_POWER_FAILURE_STATE_PROMPT), - help = STRING_TOKEN(STR_POWER_FAILURE_STATE_HELP), - flags = INTERACTIVE | RESET_REQUIRED, - - option text = STRING_TOKEN(STR_POWER_FAILURE_STATE_OFF), value = POWER_FAILURE_STATE_OFF, flags = 0; - option text = STRING_TOKEN(STR_POWER_FAILURE_STATE_ON), value = POWER_FAILURE_STATE_ON, flags = 0; - option text = STRING_TOKEN(STR_POWER_FAILURE_STATE_KEEP), value = POWER_FAILURE_STATE_KEEP, flags = 0; - endoneof; + disableif ideqval FeaturesData.ShowPowerFailureState == 0; + oneof varid = FeaturesData.PowerFailureState, + questionid = POWER_FAILURE_STATE_QUESTION_ID, + prompt = STRING_TOKEN(STR_POWER_FAILURE_STATE_PROMPT), + help = STRING_TOKEN(STR_POWER_FAILURE_STATE_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + + option text = STRING_TOKEN(STR_POWER_FAILURE_STATE_OFF), value = POWER_FAILURE_STATE_OFF, flags = 0; + option text = STRING_TOKEN(STR_POWER_FAILURE_STATE_ON), value = POWER_FAILURE_STATE_ON, flags = 0; + option text = STRING_TOKEN(STR_POWER_FAILURE_STATE_KEEP), value = POWER_FAILURE_STATE_KEEP, flags = 0; + endoneof; endif; - suppressif ideqval FeaturesData.PowerMenuShowBatteryThresholds == 0; - numeric varid = FeaturesData.BatteryConfig.StartThreshold, - questionid = BATTERY_START_THRESHOLD_QUESTION_ID, - prompt = STRING_TOKEN(STR_BATTERY_START_THRESHOLD_PROMPT), - help = STRING_TOKEN(STR_BATTERY_START_THRESHOLD_HELP), - flags = RESET_REQUIRED | INTERACTIVE, - minimum = 0, - maximum = 100, - step = 1, - - nosubmitif prompt = STRING_TOKEN(STR_BATTERY_THRESHOLD_RANGE_ERROR), - ideqid FeaturesData.BatteryConfig.StartThreshold > FeaturesData.BatteryConfig.StopThreshold - endif - endnumeric; - numeric varid = FeaturesData.BatteryConfig.StopThreshold, - questionid = BATTERY_STOP_THRESHOLD_QUESTION_ID, - prompt = STRING_TOKEN(STR_BATTERY_STOP_THRESHOLD_PROMPT), - help = STRING_TOKEN(STR_BATTERY_STOP_THRESHOLD_HELP), - flags = RESET_REQUIRED | INTERACTIVE, - minimum = 0, - maximum = 100, - step = 1, - - nosubmitif prompt = STRING_TOKEN(STR_BATTERY_THRESHOLD_RANGE_ERROR), - ideqid FeaturesData.BatteryConfig.StartThreshold > FeaturesData.BatteryConfig.StopThreshold - endif - endnumeric; + disableif ideqval FeaturesData.PowerMenuShowBatteryThresholds == 0; + numeric varid = FeaturesData.BatteryConfig.StartThreshold, + questionid = BATTERY_START_THRESHOLD_QUESTION_ID, + prompt = STRING_TOKEN(STR_BATTERY_START_THRESHOLD_PROMPT), + help = STRING_TOKEN(STR_BATTERY_START_THRESHOLD_HELP), + flags = RESET_REQUIRED | INTERACTIVE, + minimum = 0, + maximum = 100, + step = 1, + + nosubmitif prompt = STRING_TOKEN(STR_BATTERY_THRESHOLD_RANGE_ERROR), + ideqid FeaturesData.BatteryConfig.StartThreshold > FeaturesData.BatteryConfig.StopThreshold + endif + endnumeric; + + numeric varid = FeaturesData.BatteryConfig.StopThreshold, + questionid = BATTERY_STOP_THRESHOLD_QUESTION_ID, + prompt = STRING_TOKEN(STR_BATTERY_STOP_THRESHOLD_PROMPT), + help = STRING_TOKEN(STR_BATTERY_STOP_THRESHOLD_HELP), + flags = RESET_REQUIRED | INTERACTIVE, + minimum = 0, + maximum = 100, + step = 1, + + nosubmitif prompt = STRING_TOKEN(STR_BATTERY_THRESHOLD_RANGE_ERROR), + ideqid FeaturesData.BatteryConfig.StartThreshold > FeaturesData.BatteryConfig.StopThreshold + endif + endnumeric; endif; - suppressif ideqval FeaturesData.ShowCpuThrottlingThreshold == 0; - numeric varid = FeaturesData.CpuThrottlingOffset, - questionid = CPU_THROTTLING_OFFSET_QUESTION_ID, - prompt = STRING_TOKEN(STR_CPU_THROTTLING_OFFSET_PROMPT), - help = STRING_TOKEN(STR_CPU_THROTTLING_OFFSET_HELP), - flags = RESET_REQUIRED | INTERACTIVE, - minimum = 0, - maximum = 63, - step = 1, + disableif ideqval FeaturesData.ShowCpuThrottlingThreshold == 0; + numeric varid = FeaturesData.CpuThrottlingOffset, + questionid = CPU_THROTTLING_OFFSET_QUESTION_ID, + prompt = STRING_TOKEN(STR_CPU_THROTTLING_OFFSET_PROMPT), + help = STRING_TOKEN(STR_CPU_THROTTLING_OFFSET_HELP), + flags = RESET_REQUIRED | INTERACTIVE, + minimum = 0, + maximum = 63, + step = 1, - write set(FeaturesData.CpuThrottlingThreshold, get(FeaturesData.CpuMaxTemperature) - pushthis); + write set(FeaturesData.CpuThrottlingThreshold, get(FeaturesData.CpuMaxTemperature) - pushthis); - endnumeric; + endnumeric; - grayoutif TRUE; - numeric varid = FeaturesData.CpuThrottlingThreshold, - prompt = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_PROMPT), - help = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_HELP), - minimum = 0, - maximum = 255, + grayoutif TRUE; + numeric varid = FeaturesData.CpuThrottlingThreshold, + prompt = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_PROMPT), + help = STRING_TOKEN(STR_CPU_THROTTLING_THRESHOLD_HELP), + minimum = 0, + maximum = 255, - read get(FeaturesData.CpuMaxTemperature) - get(FeaturesData.CpuThrottlingOffset); + read get(FeaturesData.CpuMaxTemperature) - get(FeaturesData.CpuThrottlingOffset); - endnumeric; - endif; + endnumeric; + endif; endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -383,24 +390,26 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - suppressif ideqval FeaturesData.PciMenuShowResizeableBars == 0; - checkbox varid = FeaturesData.ResizeableBarsEnabled, - prompt = STRING_TOKEN(STR_RESIZEABLE_BARS_PROMPT), - help = STRING_TOKEN(STR_RESIZEABLE_BARS_HELP), - flags = RESET_REQUIRED, - endcheckbox; - endif; + disableif ideqval FeaturesData.ShowPciMenu == 0; + disableif ideqval FeaturesData.PciMenuShowResizeableBars == 0; + checkbox varid = FeaturesData.ResizeableBarsEnabled, + prompt = STRING_TOKEN(STR_RESIZEABLE_BARS_PROMPT), + help = STRING_TOKEN(STR_RESIZEABLE_BARS_HELP), + flags = RESET_REQUIRED, + endcheckbox; + endif; - oneof varid = FeaturesData.OptionRomExecution, - questionid = OPTION_ROM_STATE_QUESTION_ID, - prompt = STRING_TOKEN(STR_OPTION_ROM_PROMPT), - help = STRING_TOKEN(STR_OPTION_ROM_HELP), - flags = INTERACTIVE | RESET_REQUIRED, + oneof varid = FeaturesData.OptionRomExecution, + questionid = OPTION_ROM_STATE_QUESTION_ID, + prompt = STRING_TOKEN(STR_OPTION_ROM_PROMPT), + help = STRING_TOKEN(STR_OPTION_ROM_HELP), + flags = INTERACTIVE | RESET_REQUIRED, - option text = STRING_TOKEN(STR_OPTION_ROM_DISABLE), value = OPTION_ROM_POLICY_DISABLE_ALL, flags = 0; - option text = STRING_TOKEN(STR_OPTION_ROM_ENABLE), value = OPTION_ROM_POLICY_ENABLE_ALL, flags = 0; - option text = STRING_TOKEN(STR_OPTION_ROM_ENABLE_VGA), value = OPTION_ROM_POLICY_VGA_ONLY, flags = 0; - endoneof; + option text = STRING_TOKEN(STR_OPTION_ROM_DISABLE), value = OPTION_ROM_POLICY_DISABLE_ALL, flags = 0; + option text = STRING_TOKEN(STR_OPTION_ROM_ENABLE), value = OPTION_ROM_POLICY_ENABLE_ALL, flags = 0; + option text = STRING_TOKEN(STR_OPTION_ROM_ENABLE_VGA), value = OPTION_ROM_POLICY_VGA_ONLY, flags = 0; + endoneof; + endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -412,16 +421,18 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - oneof varid = FeaturesData.MemoryProfile, - prompt = STRING_TOKEN(STR_MEMORY_PROFILE_PROMPT), - help = STRING_TOKEN(STR_MEMORY_PROFILE_HELP), - flags = RESET_REQUIRED, + disableif ideqval FeaturesData.ShowMemoryMenu == 0; + oneof varid = FeaturesData.MemoryProfile, + prompt = STRING_TOKEN(STR_MEMORY_PROFILE_PROMPT), + help = STRING_TOKEN(STR_MEMORY_PROFILE_HELP), + flags = RESET_REQUIRED, - option text = STRING_TOKEN(STR_MEMORY_PROFILE_JEDEC), value = MEMORY_PROFILE_JEDEC, flags = DEFAULT; - option text = STRING_TOKEN(STR_MEMORY_PROFILE_XMP1), value = MEMORY_PROFILE_XMP1, flags = 0; - option text = STRING_TOKEN(STR_MEMORY_PROFILE_XMP2), value = MEMORY_PROFILE_XMP2, flags = 0; - option text = STRING_TOKEN(STR_MEMORY_PROFILE_XMP3), value = MEMORY_PROFILE_XMP3, flags = 0; - endoneof; + option text = STRING_TOKEN(STR_MEMORY_PROFILE_JEDEC), value = MEMORY_PROFILE_JEDEC, flags = DEFAULT; + option text = STRING_TOKEN(STR_MEMORY_PROFILE_XMP1), value = MEMORY_PROFILE_XMP1, flags = 0; + option text = STRING_TOKEN(STR_MEMORY_PROFILE_XMP2), value = MEMORY_PROFILE_XMP2, flags = 0; + option text = STRING_TOKEN(STR_MEMORY_PROFILE_XMP3), value = MEMORY_PROFILE_XMP3, flags = 0; + endoneof; + endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -433,20 +444,22 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - checkbox varid = FeaturesData.SerialPortRedirection, - questionid = SERIAL_PORT_REDIR_QUESTION_ID, - prompt = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION_PROMPT), - help = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION_HELP), - flags = INTERACTIVE | RESET_REQUIRED, - endcheckbox; + suppressif ideqval FeaturesData.ShowSerialPortMenu == 0; + checkbox varid = FeaturesData.SerialPortRedirection, + questionid = SERIAL_PORT_REDIR_QUESTION_ID, + prompt = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION_PROMPT), + help = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + endcheckbox; - suppressif ideqval FeaturesData.Have2ndUart == 0; - checkbox varid = FeaturesData.SerialPort2Redirection, + disableif ideqval FeaturesData.Have2ndUart == 0; + checkbox varid = FeaturesData.SerialPort2Redirection, questionid = SERIAL_PORT2_REDIR_QUESTION_ID, - prompt = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION2_PROMPT), - help = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION2_HELP), - flags = INTERACTIVE | RESET_REQUIRED, + prompt = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION2_PROMPT), + help = STRING_TOKEN(STR_SERIAL_CONSOLE_REDIRECTION2_HELP), + flags = INTERACTIVE | RESET_REQUIRED, endcheckbox; + endif; endif; subtitle text = STRING_TOKEN(STR_EMPTY_STRING); @@ -460,15 +473,15 @@ formset subtitle text = STRING_TOKEN(STR_EMPTY_STRING); - suppressif ideqval FeaturesData.ShowCpuCoreDisable == 0; + disableif ideqval FeaturesData.ShowCpuCoreDisable == 0; disableif ideqval FeaturesData.HybridCpuArchitecture == 0; suppressif ideqval FeaturesData.SmallCoreMaxCount == 0; - oneof varid = FeaturesData.SmallCoreActiveCount, - prompt = STRING_TOKEN(STR_SMALL_CORE_COUNT_PROMPT), - help = STRING_TOKEN(STR_SMALL_CORE_COUNT_HELP), - flags = RESET_REQUIRED, + oneof varid = FeaturesData.SmallCoreActiveCount, + prompt = STRING_TOKEN(STR_SMALL_CORE_COUNT_PROMPT), + help = STRING_TOKEN(STR_SMALL_CORE_COUNT_HELP), + flags = RESET_REQUIRED, option text = STRING_TOKEN (STR_CPU_CORES_ENABLE_ALL), value = CPU_CORES_ENABLE_ALL, flags = DEFAULT; suppressif ideqval FeaturesData.SmallCoreMaxCount < 16; @@ -609,18 +622,14 @@ formset suppressif ideqval FeaturesData.CoreMaxCount < 2; option text = STRING_TOKEN (STR_1), value = 1, flags = 0; endif; - // Not really valid value, but allowed if system has only E-cores - suppressif TRUE; - option text = STRING_TOKEN (STR_0), value = 0, flags = 0; - endif; endoneof; endif; // suppressif FeaturesData.CoreMaxCount == 1; endif; // disableif HybridCpuArchitecture == 1 - endif; // suppressif ShowCpuCoreDisable == 0 + endif; // disableif ShowCpuCoreDisable == 0 - suppressif ideqval FeaturesData.ShowCpuHyperThreading == 0; + disableif ideqval FeaturesData.ShowCpuHyperThreading == 0; suppressif ideqval FeaturesData.HyperThreadingSupported == 0; checkbox varid = FeaturesData.HyperThreading, questionid = HYPER_THREADING_QUESTION_ID, From 575c81e54d22e9917c644288d1d5217cf77a06ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 24 Jun 2024 12:41:20 +0200 Subject: [PATCH 320/357] DasharoModulePkg/DasharoVariablesLib: Autocreate variables only for enabled options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add list of conditions under which the variable should be created. We only want to create variables for options that are enabled in the given project/build. Signed-off-by: Michał Żygowski --- .../DasharoVariablesLib/DasharoVariablesLib.c | 70 +++++++++++-------- .../DasharoVariablesLib.inf | 38 ++++++++-- 2 files changed, 71 insertions(+), 37 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c index 64b1f9ced1..b5a3855726 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -33,35 +34,42 @@ typedef struct { UINT32 Attributes; // EFI variable attributes for this variable. } VAR_INFO; +typedef struct { + CHAR16 *Name; + BOOLEAN Condition; +} AUTO_VARIABLE; + // List of Dasharo EFI variables in gDasharoSystemFeaturesGuid namespace that -// are created if missing. -STATIC CHAR16 *mAutoCreatedVariables[] = { - DASHARO_VAR_BATTERY_CONFIG, - DASHARO_VAR_BOOT_MANAGER_ENABLED, - DASHARO_VAR_CPU_THROTTLING_OFFSET, - DASHARO_VAR_ENABLE_CAMERA, - DASHARO_VAR_ENABLE_WIFI_BT, - DASHARO_VAR_FAN_CURVE_OPTION, - DASHARO_VAR_IOMMU_CONFIG, - DASHARO_VAR_LOCK_BIOS, - DASHARO_VAR_MEMORY_PROFILE, - DASHARO_VAR_ME_MODE, - DASHARO_VAR_NETWORK_BOOT, - DASHARO_VAR_OPTION_ROM_POLICY, - DASHARO_VAR_POWER_FAILURE_STATE, - DASHARO_VAR_PS2_CONTROLLER, - DASHARO_VAR_RESIZEABLE_BARS_ENABLED, - DASHARO_VAR_SERIAL_REDIRECTION, - DASHARO_VAR_SERIAL_REDIRECTION2, - DASHARO_VAR_SLEEP_TYPE, - DASHARO_VAR_SMM_BWP, - DASHARO_VAR_USB_MASS_STORAGE, - DASHARO_VAR_USB_STACK, - DASHARO_VAR_WATCHDOG, - DASHARO_VAR_WATCHDOG_AVAILABLE, - DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, - DASHARO_VAR_CORE_ACTIVE_COUNT, - DASHARO_VAR_HYPER_THREADING, +// are created if missing. Each variable should have a FixedAtBuild PCD which +// controls the visibility/activity of the variable in the project and must be +// used to determine whether the variable should be created or not. + +STATIC CONST AUTO_VARIABLE mAutoCreatedVariables[] = { + { DASHARO_VAR_BATTERY_CONFIG, FixedPcdGetBool (PcdShowPowerMenu) && FixedPcdGetBool (PcdPowerMenuShowBatteryThresholds) }, + { DASHARO_VAR_BOOT_MANAGER_ENABLED, FixedPcdGetBool (PcdShowSecurityMenu) && FixedPcdGetBool (PcdDasharoEnterprise) }, + { DASHARO_VAR_CPU_THROTTLING_OFFSET, FixedPcdGetBool (PcdShowPowerMenu) && FixedPcdGetBool (PcdShowCpuThrottlingThreshold) }, + { DASHARO_VAR_ENABLE_CAMERA, FixedPcdGetBool (PcdShowSecurityMenu) && FixedPcdGetBool (PcdSecurityShowCameraOption) }, + { DASHARO_VAR_ENABLE_WIFI_BT, FixedPcdGetBool (PcdShowSecurityMenu) && FixedPcdGetBool (PcdSecurityShowWiFiBtOption) }, + { DASHARO_VAR_FAN_CURVE_OPTION, FixedPcdGetBool (PcdShowPowerMenu) && FixedPcdGetBool (PcdPowerMenuShowFanCurve) }, + { DASHARO_VAR_IOMMU_CONFIG, FixedPcdGetBool (PcdShowSecurityMenu) && FixedPcdGetBool (PcdShowIommuOptions) }, + { DASHARO_VAR_LOCK_BIOS, FixedPcdGetBool (PcdShowSecurityMenu) && FixedPcdGetBool (PcdShowLockBios) }, + { DASHARO_VAR_MEMORY_PROFILE, FixedPcdGetBool (PcdShowMemoryMenu) }, + { DASHARO_VAR_ME_MODE, FixedPcdGetBool (PcdShowIntelMeMenu) }, + { DASHARO_VAR_NETWORK_BOOT, FixedPcdGetBool (PcdShowNetworkMenu) }, + { DASHARO_VAR_OPTION_ROM_POLICY, FixedPcdGetBool (PcdShowPciMenu) }, + { DASHARO_VAR_POWER_FAILURE_STATE, FixedPcdGetBool (PcdShowPowerMenu) && (FixedPcdGet8 (PcdDefaultPowerFailureState) != DASHARO_POWER_FAILURE_STATE_HIDDEN) }, + { DASHARO_VAR_PS2_CONTROLLER, FixedPcdGetBool (PcdShowChipsetMenu) && FixedPcdGetBool (PcdShowPs2Option) }, + { DASHARO_VAR_RESIZEABLE_BARS_ENABLED, FixedPcdGetBool (PcdShowPciMenu) && FixedPcdGetBool (PcdPciMenuShowResizeableBars) }, + { DASHARO_VAR_SERIAL_REDIRECTION, FixedPcdGetBool (PcdShowSerialPortMenu) }, + { DASHARO_VAR_SERIAL_REDIRECTION2, FixedPcdGetBool (PcdShowSerialPortMenu) && FixedPcdGetBool (PcdHave2ndUart) }, + { DASHARO_VAR_SLEEP_TYPE, FixedPcdGetBool (PcdShowPowerMenu) && FixedPcdGetBool (PcdPowerMenuShowSleepType) }, + { DASHARO_VAR_SMM_BWP, FixedPcdGetBool (PcdShowSecurityMenu) && FixedPcdGetBool (PcdShowSmmBwp) }, + { DASHARO_VAR_USB_MASS_STORAGE, FixedPcdGetBool (PcdShowUsbMenu) }, + { DASHARO_VAR_USB_STACK, FixedPcdGetBool (PcdShowUsbMenu) }, + { DASHARO_VAR_WATCHDOG, FixedPcdGetBool (PcdShowChipsetMenu) && FixedPcdGetBool (PcdShowOcWdtOptions) }, + { DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, FixedPcdGetBool (PcdShowCpuMenu) && FixedPcdGetBool (PcdShowCpuCoreDisable) }, + { DASHARO_VAR_CORE_ACTIVE_COUNT, FixedPcdGetBool (PcdShowCpuMenu) && FixedPcdGetBool (PcdShowCpuCoreDisable) }, + { DASHARO_VAR_HYPER_THREADING, FixedPcdGetBool (PcdShowCpuMenu) && FixedPcdGetBool (PcdShowCpuHyperThreading) }, }; /** @@ -416,8 +424,10 @@ DasharoVariablesLibConstructor ( // Create Dasharo-specific variables that are missing by initializing // them with default values. - for (Idx = 0; Idx < ARRAY_SIZE (mAutoCreatedVariables); Idx++) - InitVariable (mAutoCreatedVariables[Idx]); + for (Idx = 0; Idx < ARRAY_SIZE (mAutoCreatedVariables); Idx++) { + if (mAutoCreatedVariables[Idx].Condition) + InitVariable (mAutoCreatedVariables[Idx].Name); + } return EFI_SUCCESS; } diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf index 5271bb7c7d..e6c935af42 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf @@ -43,18 +43,42 @@ gApuConfigurationFormsetGuid ### SOMETIMES CONSUMES [Pcd] - gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuMaxTemperature + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSecurityMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIntelMeMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowUsbMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowNetworkMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowChipsetMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPowerMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowFanCurve gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultNetworkBootEnable + gDasharoSystemFeaturesTokenSpaceGuid.PcdDasharoEnterprise + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions + gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault gDasharoSystemFeaturesTokenSpaceGuid.PcdDefaultPowerFailureState - gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart + gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowSleepType + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPciMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdPciMenuShowResizeableBars + gDasharoSystemFeaturesTokenSpaceGuid.PcdPowerMenuShowBatteryThresholds + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMemoryMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSerialPortMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState + gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowWiFiBtOption + gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowCameraOption gDasharoSystemFeaturesTokenSpaceGuid.PcdIntelMeDefaultState - gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtEnableDefault - gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtTimeoutDefault + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowLockBios + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSmmBwp + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option + gDasharoSystemFeaturesTokenSpaceGuid.PcdSleepTypeDefaultS3 gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirection2DefaultState - gDasharoSystemFeaturesTokenSpaceGuid.PcdSerialRedirectionDefaultState + gDasharoSystemFeaturesTokenSpaceGuid.PcdHave2ndUart + gDasharoSystemFeaturesTokenSpaceGuid.PcdOcWdtEnableDefault gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuThrottlingThreshold - gDasharoSystemFeaturesTokenSpaceGuid.PcdShowOcWdtOptions - gDasharoSystemFeaturesTokenSpaceGuid.PcdSleepTypeDefaultS3 + gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuMaxTemperature + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuMenu + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuCoreDisable + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowCpuHyperThreading gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuHyperThreadingDefault gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuThrottlingOffsetDefault From 16cdebacb8745ccb582ca4311510a209befab0ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 26 Jun 2024 10:32:36 +0200 Subject: [PATCH 321/357] DasharoSystemFeaturesUiLib,DasharoVariablesLib: Use FixedPcdGetBool MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use FixedPcdGetBool to emphasize the use of immutable FixedAtBuild PCD. It will also prevent changing the PCD type later and possibly alter the behavior of the menu by other modules if something was to change the PCD type. Signed-off-by: Michał Żygowski --- .../DasharoSystemFeatures.c | 154 +++++++++--------- .../DasharoVariablesLib/DasharoVariablesLib.c | 16 +- 2 files changed, 85 insertions(+), 85 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 2900192a94..36e0fb8da7 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -139,7 +139,7 @@ DasharoSystemFeaturesUiLibConstructor ( EFI_STATUS Status; UINTN BufferSize; - if (!PcdGetBool (PcdShowMenu)) + if (!FixedPcdGetBool (PcdShowMenu)) return EFI_SUCCESS; mDasharoSystemFeaturesPrivate.DriverHandle = NULL; @@ -164,64 +164,64 @@ DasharoSystemFeaturesUiLibConstructor ( ASSERT (mDasharoSystemFeaturesPrivate.HiiHandle != NULL); // Set menu visibility - PRIVATE_DATA(ShowSecurityMenu) = PcdGetBool (PcdShowSecurityMenu); - PRIVATE_DATA(ShowIntelMeMenu) = PcdGetBool (PcdShowIntelMeMenu); - PRIVATE_DATA(ShowUsbMenu) = PcdGetBool (PcdShowUsbMenu); - PRIVATE_DATA(ShowNetworkMenu) = PcdGetBool (PcdShowNetworkMenu); - PRIVATE_DATA(ShowChipsetMenu) = PcdGetBool (PcdShowChipsetMenu); - PRIVATE_DATA(ShowPowerMenu) = PcdGetBool (PcdShowPowerMenu); - PRIVATE_DATA(ShowPciMenu) = PcdGetBool (PcdShowPciMenu); - PRIVATE_DATA(ShowMemoryMenu) = PcdGetBool (PcdShowMemoryMenu); - PRIVATE_DATA(ShowSerialPortMenu) = PcdGetBool (PcdShowSerialPortMenu); - PRIVATE_DATA(ShowCpuMenu) = PcdGetBool (PcdShowCpuMenu); + PRIVATE_DATA(ShowSecurityMenu) = FixedPcdGetBool (PcdShowSecurityMenu); + PRIVATE_DATA(ShowIntelMeMenu) = FixedPcdGetBool (PcdShowIntelMeMenu); + PRIVATE_DATA(ShowUsbMenu) = FixedPcdGetBool (PcdShowUsbMenu); + PRIVATE_DATA(ShowNetworkMenu) = FixedPcdGetBool (PcdShowNetworkMenu); + PRIVATE_DATA(ShowChipsetMenu) = FixedPcdGetBool (PcdShowChipsetMenu); + PRIVATE_DATA(ShowPowerMenu) = FixedPcdGetBool (PcdShowPowerMenu); + PRIVATE_DATA(ShowPciMenu) = FixedPcdGetBool (PcdShowPciMenu); + PRIVATE_DATA(ShowMemoryMenu) = FixedPcdGetBool (PcdShowMemoryMenu); + PRIVATE_DATA(ShowSerialPortMenu) = FixedPcdGetBool (PcdShowSerialPortMenu); + PRIVATE_DATA(ShowCpuMenu) = FixedPcdGetBool (PcdShowCpuMenu); // Set feature visibility - PRIVATE_DATA(PowerMenuShowFanCurve) = PcdGetBool (PcdPowerMenuShowFanCurve); - PRIVATE_DATA(PowerMenuShowSleepType) = PcdGetBool (PcdPowerMenuShowSleepType); - PRIVATE_DATA(PowerMenuShowBatteryThresholds) = PcdGetBool (PcdPowerMenuShowBatteryThresholds); - PRIVATE_DATA(DasharoEnterprise) = PcdGetBool (PcdDasharoEnterprise); - PRIVATE_DATA(SecurityMenuShowIommu) = PcdGetBool (PcdShowIommuOptions); - PRIVATE_DATA(PciMenuShowResizeableBars) = PcdGetBool (PcdPciMenuShowResizeableBars); - PRIVATE_DATA(ShowSerialPortMenu) = PcdGetBool (PcdShowSerialPortMenu); - PRIVATE_DATA(SecurityMenuShowWiFiBt) = PcdGetBool (PcdSecurityShowWiFiBtOption); - PRIVATE_DATA(SecurityMenuShowCamera) = PcdGetBool (PcdSecurityShowCameraOption); - PRIVATE_DATA(MeHapAvailable) = PcdGetBool (PcdIntelMeHapAvailable); - PRIVATE_DATA(S3SupportExperimental) = PcdGetBool (PcdS3SupportExperimental); - PRIVATE_DATA(ShowLockBios) = PcdGetBool (PcdShowLockBios); - PRIVATE_DATA(ShowSmmBwp) = PcdGetBool (PcdShowSmmBwp); - PRIVATE_DATA(ShowFum) = PcdGetBool (PcdShowFum); - PRIVATE_DATA(ShowPs2Option) = PcdGetBool (PcdShowPs2Option); - PRIVATE_DATA(Have2ndUart) = PcdGetBool (PcdHave2ndUart); - PRIVATE_DATA(ShowCpuThrottlingThreshold) = PcdGetBool (PcdShowCpuThrottlingThreshold); + PRIVATE_DATA(PowerMenuShowFanCurve) = FixedPcdGetBool (PcdPowerMenuShowFanCurve); + PRIVATE_DATA(PowerMenuShowSleepType) = FixedPcdGetBool (PcdPowerMenuShowSleepType); + PRIVATE_DATA(PowerMenuShowBatteryThresholds) = FixedPcdGetBool (PcdPowerMenuShowBatteryThresholds); + PRIVATE_DATA(DasharoEnterprise) = FixedPcdGetBool (PcdDasharoEnterprise); + PRIVATE_DATA(SecurityMenuShowIommu) = FixedPcdGetBool (PcdShowIommuOptions); + PRIVATE_DATA(PciMenuShowResizeableBars) = FixedPcdGetBool (PcdPciMenuShowResizeableBars); + PRIVATE_DATA(ShowSerialPortMenu) = FixedPcdGetBool (PcdShowSerialPortMenu); + PRIVATE_DATA(SecurityMenuShowWiFiBt) = FixedPcdGetBool (PcdSecurityShowWiFiBtOption); + PRIVATE_DATA(SecurityMenuShowCamera) = FixedPcdGetBool (PcdSecurityShowCameraOption); + PRIVATE_DATA(MeHapAvailable) = FixedPcdGetBool (PcdIntelMeHapAvailable); + PRIVATE_DATA(S3SupportExperimental) = FixedPcdGetBool (PcdS3SupportExperimental); + PRIVATE_DATA(ShowLockBios) = FixedPcdGetBool (PcdShowLockBios); + PRIVATE_DATA(ShowSmmBwp) = FixedPcdGetBool (PcdShowSmmBwp); + PRIVATE_DATA(ShowFum) = FixedPcdGetBool (PcdShowFum); + PRIVATE_DATA(ShowPs2Option) = FixedPcdGetBool (PcdShowPs2Option); + PRIVATE_DATA(Have2ndUart) = FixedPcdGetBool (PcdHave2ndUart); + PRIVATE_DATA(ShowCpuThrottlingThreshold) = FixedPcdGetBool (PcdShowCpuThrottlingThreshold); PRIVATE_DATA(CpuMaxTemperature) = FixedPcdGet8 (PcdCpuMaxTemperature); - PRIVATE_DATA(ShowCpuCoreDisable) = PcdGetBool(PcdShowCpuCoreDisable); - PRIVATE_DATA(ShowCpuHyperThreading) = PcdGetBool(PcdShowCpuHyperThreading); - PRIVATE_DATA(WatchdogAvailable) = PcdGetBool (PcdShowOcWdtOptions); + PRIVATE_DATA(ShowCpuCoreDisable) = FixedPcdGetBool(PcdShowCpuCoreDisable); + PRIVATE_DATA(ShowCpuHyperThreading) = FixedPcdGetBool(PcdShowCpuHyperThreading); + PRIVATE_DATA(WatchdogAvailable) = FixedPcdGetBool (PcdShowOcWdtOptions); PRIVATE_DATA(ShowPowerFailureState) = FixedPcdGet8 (PcdDefaultPowerFailureState) != POWER_FAILURE_STATE_HIDDEN; // Ensure at least one option is visible in given menu (if enabled), otherwise hide it if (PRIVATE_DATA(ShowSecurityMenu)) - PRIVATE_DATA(ShowSecurityMenu) = PcdGetBool (PcdDasharoEnterprise) || - PcdGetBool (PcdShowIommuOptions) || - PcdGetBool (PcdSecurityShowWiFiBtOption) || - PcdGetBool (PcdSecurityShowCameraOption) || - PcdGetBool (PcdShowLockBios) || - PcdGetBool (PcdShowSmmBwp) || - PcdGetBool (PcdShowFum); + PRIVATE_DATA(ShowSecurityMenu) = FixedPcdGetBool (PcdDasharoEnterprise) || + FixedPcdGetBool (PcdShowIommuOptions) || + FixedPcdGetBool (PcdSecurityShowWiFiBtOption) || + FixedPcdGetBool (PcdSecurityShowCameraOption) || + FixedPcdGetBool (PcdShowLockBios) || + FixedPcdGetBool (PcdShowSmmBwp) || + FixedPcdGetBool (PcdShowFum); if (PRIVATE_DATA(ShowChipsetMenu)) - PRIVATE_DATA(ShowChipsetMenu) = PcdGetBool (PcdShowOcWdtOptions) || - PcdGetBool (PcdShowPs2Option); + PRIVATE_DATA(ShowChipsetMenu) = FixedPcdGetBool (PcdShowOcWdtOptions) || + FixedPcdGetBool (PcdShowPs2Option); if (PRIVATE_DATA(ShowPowerMenu)) - PRIVATE_DATA(ShowPowerMenu) = PcdGetBool (PcdPowerMenuShowFanCurve) || - PcdGetBool (PcdPowerMenuShowSleepType) || - PcdGetBool (PcdPowerMenuShowBatteryThresholds) || - PcdGetBool (PcdShowCpuThrottlingThreshold) || + PRIVATE_DATA(ShowPowerMenu) = FixedPcdGetBool (PcdPowerMenuShowFanCurve) || + FixedPcdGetBool (PcdPowerMenuShowSleepType) || + FixedPcdGetBool (PcdPowerMenuShowBatteryThresholds) || + FixedPcdGetBool (PcdShowCpuThrottlingThreshold) || (FixedPcdGet8 (PcdDefaultPowerFailureState) != POWER_FAILURE_STATE_HIDDEN); if (PRIVATE_DATA(ShowCpuMenu)) - PRIVATE_DATA(ShowCpuMenu) = PcdGetBool(PcdShowCpuCoreDisable) || - PcdGetBool(PcdShowCpuHyperThreading); + PRIVATE_DATA(ShowCpuMenu) = FixedPcdGetBool(PcdShowCpuCoreDisable) || + FixedPcdGetBool(PcdShowCpuHyperThreading); GetCpuInfo(&PRIVATE_DATA(BigCoreMaxCount), &PRIVATE_DATA(SmallCoreMaxCount), @@ -293,7 +293,7 @@ DasharoSystemFeaturesUiLibConstructor ( PRIVATE_DATA(SmallCoreActiveCount) = DASHARO_CPU_CORES_ENABLE_ALL; PRIVATE_DATA(BigCoreActiveCount) = DASHARO_CPU_CORES_ENABLE_ALL; - if (PcdGetBool(PcdShowCpuCoreDisable)) { + if (FixedPcdGetBool(PcdShowCpuCoreDisable)) { gRT->SetVariable ( DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, &gDasharoSystemFeaturesGuid, @@ -499,7 +499,7 @@ DasharoSystemFeaturesRouteConfig ( ); ASSERT_EFI_ERROR (Status); - if (PrivateData->HybridCpuArchitecture && PcdGetBool (PcdShowCpuCoreDisable)) { + if (PrivateData->HybridCpuArchitecture && FixedPcdGetBool (PcdShowCpuCoreDisable)) { if (DasharoFeaturesData.SmallCoreActiveCount == 0 && PrivateData->BigCoreMaxCount == 0) return EFI_INVALID_PARAMETER; @@ -528,57 +528,57 @@ DasharoSystemFeaturesRouteConfig ( } \ } while (FALSE) - if (PcdGetBool (PcdShowSecurityMenu)) { - STORE_VAR_IF (DASHARO_VAR_BOOT_MANAGER_ENABLED, BootManagerEnabled, PcdGetBool (PcdDasharoEnterprise)); - STORE_VAR_IF (DASHARO_VAR_ENABLE_CAMERA, EnableCamera, PcdGetBool (PcdSecurityShowCameraOption)); - STORE_VAR_IF (DASHARO_VAR_ENABLE_WIFI_BT, EnableWifiBt, PcdGetBool (PcdSecurityShowWiFiBtOption)); - STORE_VAR_IF (DASHARO_VAR_IOMMU_CONFIG, IommuConfig, PcdGetBool (PcdShowIommuOptions)); - STORE_VAR_IF (DASHARO_VAR_LOCK_BIOS, LockBios, PcdGetBool (PcdShowLockBios)); - STORE_VAR_IF (DASHARO_VAR_SMM_BWP, SmmBwp, PcdGetBool (PcdShowSmmBwp)); + if (FixedPcdGetBool (PcdShowSecurityMenu)) { + STORE_VAR_IF (DASHARO_VAR_BOOT_MANAGER_ENABLED, BootManagerEnabled, FixedPcdGetBool (PcdDasharoEnterprise)); + STORE_VAR_IF (DASHARO_VAR_ENABLE_CAMERA, EnableCamera, FixedPcdGetBool (PcdSecurityShowCameraOption)); + STORE_VAR_IF (DASHARO_VAR_ENABLE_WIFI_BT, EnableWifiBt, FixedPcdGetBool (PcdSecurityShowWiFiBtOption)); + STORE_VAR_IF (DASHARO_VAR_IOMMU_CONFIG, IommuConfig, FixedPcdGetBool (PcdShowIommuOptions)); + STORE_VAR_IF (DASHARO_VAR_LOCK_BIOS, LockBios, FixedPcdGetBool (PcdShowLockBios)); + STORE_VAR_IF (DASHARO_VAR_SMM_BWP, SmmBwp, FixedPcdGetBool (PcdShowSmmBwp)); } - STORE_VAR_IF (DASHARO_VAR_MEMORY_PROFILE, MemoryProfile, PcdGetBool (PcdShowMemoryMenu)); - STORE_VAR_IF (DASHARO_VAR_ME_MODE, MeMode, PcdGetBool (PcdShowIntelMeMenu)); - STORE_VAR_IF (DASHARO_VAR_NETWORK_BOOT, NetworkBoot, PcdGetBool (PcdShowNetworkMenu)); + STORE_VAR_IF (DASHARO_VAR_MEMORY_PROFILE, MemoryProfile, FixedPcdGetBool (PcdShowMemoryMenu)); + STORE_VAR_IF (DASHARO_VAR_ME_MODE, MeMode, FixedPcdGetBool (PcdShowIntelMeMenu)); + STORE_VAR_IF (DASHARO_VAR_NETWORK_BOOT, NetworkBoot, FixedPcdGetBool (PcdShowNetworkMenu)); - if (PcdGetBool (PcdShowPowerMenu)) { - STORE_VAR_IF (DASHARO_VAR_SLEEP_TYPE, SleepType, PcdGetBool (PcdPowerMenuShowSleepType)); + if (FixedPcdGetBool (PcdShowPowerMenu)) { + STORE_VAR_IF (DASHARO_VAR_SLEEP_TYPE, SleepType, FixedPcdGetBool (PcdPowerMenuShowSleepType)); STORE_VAR_IF (DASHARO_VAR_POWER_FAILURE_STATE, PowerFailureState, FixedPcdGet8 (PcdDefaultPowerFailureState) != POWER_FAILURE_STATE_HIDDEN); - STORE_VAR_IF (DASHARO_VAR_FAN_CURVE_OPTION, FanCurveOption, PcdGetBool (PcdPowerMenuShowFanCurve)); - STORE_VAR_IF (DASHARO_VAR_BATTERY_CONFIG, BatteryConfig, PcdGetBool (PcdPowerMenuShowBatteryThresholds)); - STORE_VAR_IF (DASHARO_VAR_CPU_THROTTLING_OFFSET, CpuThrottlingOffset, PcdGetBool (PcdShowCpuThrottlingThreshold)); + STORE_VAR_IF (DASHARO_VAR_FAN_CURVE_OPTION, FanCurveOption, FixedPcdGetBool (PcdPowerMenuShowFanCurve)); + STORE_VAR_IF (DASHARO_VAR_BATTERY_CONFIG, BatteryConfig, FixedPcdGetBool (PcdPowerMenuShowBatteryThresholds)); + STORE_VAR_IF (DASHARO_VAR_CPU_THROTTLING_OFFSET, CpuThrottlingOffset, FixedPcdGetBool (PcdShowCpuThrottlingThreshold)); } - if (PcdGetBool (PcdShowPciMenu)) { + if (FixedPcdGetBool (PcdShowPciMenu)) { STORE_VAR_IF (DASHARO_VAR_OPTION_ROM_POLICY, OptionRomExecution, TRUE); - STORE_VAR_IF (DASHARO_VAR_RESIZEABLE_BARS_ENABLED, ResizeableBarsEnabled, PcdGetBool (PcdPciMenuShowResizeableBars)); + STORE_VAR_IF (DASHARO_VAR_RESIZEABLE_BARS_ENABLED, ResizeableBarsEnabled, FixedPcdGetBool (PcdPciMenuShowResizeableBars)); } - if (PcdGetBool (PcdShowSerialPortMenu)) { + if (FixedPcdGetBool (PcdShowSerialPortMenu)) { STORE_VAR_IF (DASHARO_VAR_SERIAL_REDIRECTION, SerialPortRedirection, TRUE); - STORE_VAR_IF (DASHARO_VAR_SERIAL_REDIRECTION2, SerialPort2Redirection, PcdGetBool (PcdHave2ndUart)); + STORE_VAR_IF (DASHARO_VAR_SERIAL_REDIRECTION2, SerialPort2Redirection, FixedPcdGetBool (PcdHave2ndUart)); } - if (PcdGetBool (PcdShowUsbMenu)) { + if (FixedPcdGetBool (PcdShowUsbMenu)) { STORE_VAR_IF (DASHARO_VAR_USB_MASS_STORAGE, UsbMassStorage, TRUE); STORE_VAR_IF (DASHARO_VAR_USB_STACK, UsbStack, TRUE); } - if (PcdGetBool (PcdShowChipsetMenu)) { - STORE_VAR_IF (DASHARO_VAR_WATCHDOG, WatchdogConfig, PcdGetBool (PcdShowOcWdtOptions)); - STORE_VAR_IF (DASHARO_VAR_PS2_CONTROLLER, Ps2Controller, PcdGetBool (PcdShowPs2Option)); + if (FixedPcdGetBool (PcdShowChipsetMenu)) { + STORE_VAR_IF (DASHARO_VAR_WATCHDOG, WatchdogConfig, FixedPcdGetBool (PcdShowOcWdtOptions)); + STORE_VAR_IF (DASHARO_VAR_PS2_CONTROLLER, Ps2Controller, FixedPcdGetBool (PcdShowPs2Option)); } - if (PcdGetBool (PcdShowCpuMenu)) { - STORE_VAR_IF (DASHARO_VAR_HYPER_THREADING, HyperThreading, PcdGetBool (PcdShowCpuHyperThreading)); + if (FixedPcdGetBool (PcdShowCpuMenu)) { + STORE_VAR_IF (DASHARO_VAR_HYPER_THREADING, HyperThreading, FixedPcdGetBool (PcdShowCpuHyperThreading)); if (PrivateData->HybridCpuArchitecture) { - STORE_VAR_IF (DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, SmallCoreActiveCount, PcdGetBool (PcdShowCpuCoreDisable)); - STORE_VAR_IF (DASHARO_VAR_CORE_ACTIVE_COUNT, BigCoreActiveCount, PcdGetBool (PcdShowCpuCoreDisable)); + STORE_VAR_IF (DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT, SmallCoreActiveCount, FixedPcdGetBool (PcdShowCpuCoreDisable)); + STORE_VAR_IF (DASHARO_VAR_CORE_ACTIVE_COUNT, BigCoreActiveCount, FixedPcdGetBool (PcdShowCpuCoreDisable)); } else { // CoreActiveCount used for P-cores and non-hybrid CPU architectures to match FSP - STORE_VAR_IF (DASHARO_VAR_CORE_ACTIVE_COUNT, CoreActiveCount, PcdGetBool (PcdShowCpuCoreDisable)); + STORE_VAR_IF (DASHARO_VAR_CORE_ACTIVE_COUNT, CoreActiveCount, FixedPcdGetBool (PcdShowCpuCoreDisable)); } } @@ -679,7 +679,7 @@ DasharoSystemFeaturesCallback ( case EFI_BROWSER_ACTION_CHANGED: { if (QuestionId == FIRMWARE_UPDATE_MODE_QUESTION_ID) { - if (!PcdGetBool(PcdShowFum)) + if (!FixedPcdGetBool(PcdShowFum)) return EFI_UNSUPPORTED; do { diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c index b5a3855726..8eed0d8e25 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c @@ -127,10 +127,10 @@ GetVariableInfo ( Data.Uint8 = FixedPcdGet8 (PcdIntelMeDefaultState); Size = sizeof (Data.Uint8); } else if (StrCmp (VarName, DASHARO_VAR_NETWORK_BOOT) == 0) { - Data.Boolean = PcdGetBool (PcdDefaultNetworkBootEnable); + Data.Boolean = FixedPcdGetBool (PcdDefaultNetworkBootEnable); Size = sizeof (Data.Boolean); } else if (StrCmp (VarName, DASHARO_VAR_OPTION_ROM_POLICY) == 0) { - Data.Uint8 = PcdGetBool (PcdLoadOptionRoms) + Data.Uint8 = FixedPcdGetBool (PcdLoadOptionRoms) ? DASHARO_OPTION_ROM_POLICY_ENABLE_ALL : DASHARO_OPTION_ROM_POLICY_DISABLE_ALL; Size = sizeof (Data.Uint8); @@ -144,15 +144,15 @@ GetVariableInfo ( Data.Boolean = FALSE; Size = sizeof (Data.Boolean); } else if (StrCmp (VarName, DASHARO_VAR_SERIAL_REDIRECTION) == 0) { - Data.Boolean = PcdGetBool (PcdSerialRedirectionDefaultState); + Data.Boolean = FixedPcdGetBool (PcdSerialRedirectionDefaultState); Size = sizeof (Data.Boolean); ExtraAttrs = EFI_VARIABLE_RUNTIME_ACCESS; } else if (StrCmp (VarName, DASHARO_VAR_SERIAL_REDIRECTION2) == 0) { - Data.Boolean = PcdGetBool (PcdHave2ndUart) ? PcdGetBool (PcdSerialRedirection2DefaultState) : FALSE; + Data.Boolean = FixedPcdGetBool (PcdHave2ndUart) ? FixedPcdGetBool (PcdSerialRedirection2DefaultState) : FALSE; Size = sizeof (Data.Boolean); ExtraAttrs = EFI_VARIABLE_RUNTIME_ACCESS; } else if (StrCmp (VarName, DASHARO_VAR_SLEEP_TYPE) == 0) { - Data.Uint8 = PcdGetBool (PcdSleepTypeDefaultS3) ? DASHARO_SLEEP_TYPE_S3 : DASHARO_SLEEP_TYPE_S0IX; + Data.Uint8 = FixedPcdGetBool (PcdSleepTypeDefaultS3) ? DASHARO_SLEEP_TYPE_S3 : DASHARO_SLEEP_TYPE_S0IX; Size = sizeof (Data.Uint8); } else if (StrCmp (VarName, DASHARO_VAR_SMM_BWP) == 0) { Data.Boolean = FALSE; @@ -164,11 +164,11 @@ GetVariableInfo ( Data.Boolean = TRUE; Size = sizeof (Data.Boolean); } else if (StrCmp (VarName, DASHARO_VAR_WATCHDOG) == 0) { - Data.Watchdog.WatchdogEnable = PcdGetBool (PcdOcWdtEnableDefault); + Data.Watchdog.WatchdogEnable = FixedPcdGetBool (PcdOcWdtEnableDefault); Data.Watchdog.WatchdogTimeout = FixedPcdGet16 (PcdOcWdtTimeoutDefault); Size = sizeof (Data.Watchdog); } else if (StrCmp (VarName, DASHARO_VAR_WATCHDOG_AVAILABLE) == 0) { - Data.Boolean = PcdGetBool (PcdShowOcWdtOptions); + Data.Boolean = FixedPcdGetBool (PcdShowOcWdtOptions); Size = sizeof (Data.Boolean); } else if (StrCmp (VarName, DASHARO_VAR_SMALL_CORE_ACTIVE_COUNT) == 0) { Data.Uint8 = DASHARO_CPU_CORES_ENABLE_ALL; @@ -177,7 +177,7 @@ GetVariableInfo ( Data.Uint8 = DASHARO_CPU_CORES_ENABLE_ALL; Size = sizeof (Data.Uint8); } else if (StrCmp (VarName, DASHARO_VAR_HYPER_THREADING) == 0) { - Data.Boolean = PcdGetBool (PcdCpuHyperThreadingDefault); + Data.Boolean = FixedPcdGetBool (PcdCpuHyperThreadingDefault); Size = sizeof (Data.Boolean); } else { DEBUG ((EFI_D_ERROR, "%a(): Unknown variable: %s.\n", __FUNCTION__, VarName)); From 27e8dffad3f53ee74e3ff81d5a200bdc84dff3c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 1 Jul 2024 12:58:13 +0200 Subject: [PATCH 322/357] DasharoPayloadPkg/DasharoPayloadPkg.dsc: Move out the PCD settings from UiApp scope MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Setting the PCDs only in the UiApp scope does not seem not to be propagated to the DasharoModulesPkg libraries when FixedPcdGetBool is used with those PCDs. Move away the PCD settings to the global PCD section in the DSC. Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 660bf50979..d4edef34d6 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -467,6 +467,13 @@ gEfiMdePkgTokenSpaceGuid.PcdPerformanceLibraryPropertyMask|0x1 !endif +!if $(DASHARO_SYSTEM_FEATURES_ENABLE) == TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|TRUE + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions|$(IOMMU_ENABLE) + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSerialPortMenu|$(SERIAL_TERMINAL) + gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option|$(PS2_KEYBOARD_ENABLE) +!endif + [PcdsPatchableInModule.common] !if ($(TARGET) == DEBUG || $(USE_CBMEM_FOR_CONSOLE) == TRUE) gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|TRUE @@ -690,11 +697,6 @@ NULL|DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerUiLib.inf - - gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|$(DASHARO_SYSTEM_FEATURES_ENABLE) - gDasharoSystemFeaturesTokenSpaceGuid.PcdShowIommuOptions|$(IOMMU_ENABLE) - gDasharoSystemFeaturesTokenSpaceGuid.PcdShowSerialPortMenu|$(SERIAL_TERMINAL) - gDasharoSystemFeaturesTokenSpaceGuid.PcdShowPs2Option|$(PS2_KEYBOARD_ENABLE) } MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf !if $(RAM_DISK_ENABLE) == TRUE From 84b5cb8cbb6f8d3a48769f996c571527835fb718 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Tue, 19 May 2020 16:28:01 +0200 Subject: [PATCH 323/357] DasharoPayloadPkg: Remove iso9660 driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It prevents booting El torito CDROMs. Signed-off-by: Patrick Rudolph Signed-off-by: Michał Kopeć --- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 2 -- FSDrivers/IA32/iso9660_ia32.efi | Bin 18560 -> 0 bytes FSDrivers/X64/iso9660_x64.efi | Bin 21832 -> 0 bytes FSDrivers/iso9660.inf | 25 ------------------------ 4 files changed, 27 deletions(-) delete mode 100644 FSDrivers/IA32/iso9660_ia32.efi delete mode 100644 FSDrivers/X64/iso9660_x64.efi delete mode 100644 FSDrivers/iso9660.inf diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index e7aa3b9aa1..599b60570d 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -198,13 +198,11 @@ INF FatPkg/EnhancedFatDxe/Fat.inf # !if $(ARCH) == IA32 INF RuleOverride=BINARY USE = IA32 FSDrivers/exfat.inf -INF RuleOverride=BINARY USE = IA32 FSDrivers/iso9660.inf INF RuleOverride=BINARY USE = IA32 FSDrivers/ext2.inf INF RuleOverride=BINARY USE = IA32 FSDrivers/ntfs.inf INF RuleOverride=BINARY USE = IA32 FSDrivers/ext4.inf !else INF RuleOverride=BINARY USE = X64 FSDrivers/exfat.inf -INF RuleOverride=BINARY USE = X64 FSDrivers/iso9660.inf INF RuleOverride=BINARY USE = X64 FSDrivers/ext2.inf INF RuleOverride=BINARY USE = X64 FSDrivers/ntfs.inf INF RuleOverride=BINARY USE = X64 FSDrivers/ext4.inf diff --git a/FSDrivers/IA32/iso9660_ia32.efi b/FSDrivers/IA32/iso9660_ia32.efi deleted file mode 100644 index e177be663715326e828afe67fcd8423c402bfa82..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 18560 zcmeHvdw5h;mhY)lB~+l`1c(qcwgrL`K}cZ|DTz`fIY|TxD=8~PH0>}FkZ0(m4hd+q z;z?mP$79nY+H_yrX6D*=oZHTAd)h&?k*1*mvmA>A! zGr&HdU*S6MpRsy;UFPynGOU$O_Z){j%t_xnVin&xx1rKdKAV|(4lORXo=j;v84(2mupZ@PA3GbmbUJAD#P30^we_IZ zACX6GSYT1wl3I_aK=@6^Nkyq2$DbsC)A^*H;|`?_>iKxXY(qIdGxcL}>w?QrD6~oH z`8a;R@>yT#8z`qBK5fGStI}p`JwAftBK2_i@1WzR&$w=`Z$86&S{_;)n|}=-kM!%K z!q0Z99veGUUatDG{XV07JU3c-jA3Ozh!)$ymk=#>m=EqewCcV`f5=T!IhCgRZ0hW6 zU%62>p4+w>NK++8G>JyFS~@#g!2JfBoe?cCQ5A4hs;4~JfFN4+A*>+H72)VA{Aj9r zfiqwAOy~8=eqn;pXBf=F%50CiB4)pUcI{`M1NyvYVUk)}F23AWz)Gh_Js6G{ioWbB zSA@n6kwPUx)Pr$J50eNFCn5o)oJvI7Fs{PZ7}e~Gu49e@zESfJZ;-BDoWi36@+Mfa`_XZ)HP?B zeeTys5XznDK&b{uG2#8e$>CkWi5x0)U$uODXq{!1d~0Z3(h_-eXq{D%hil3U=#*JF zBM@YWh~u(SPUYzB_X1-_+YDfY*c$E2()>n!x+e8%ue1Z$r>-XlTFwFo{l>=4kcZOl z3`ZLB{ALAU)xg1W)V+$j$_2}8e(jaF(U2;5(`5qHCR%FMUvn|)_oLh7Ip{T@hNuH@ zsCu%E9uVd)XFHYYLU5$&afBm5hjPl{)AvAZFor0kL6m;WO`C>_F+?r2$#Yb{N3F9% z94YFYA~w57^%t2R9yZ(KuFRBE0Kt5j1A}U!R_M@Q1Xh+gUSCPib7XAi<^OSIG;vBA z(ya0@&|s|2)+Lh))k+k^*5Qkrv|aTSfznha*{fn>QOX7E_mQDg_9>B4{WsL`l*6xE z@#2c~GvL=}<&i=Q?;}YoI=BO#QJmwCFB?Xb7ZJ;#O;rR4DyqQU^S`L_b>gi<>7%!( z@@=AE0Ldnfgxb*`2~e>oKB9^v@z$ZF(OXnWAE@dj4dSn#P?{g%mI|Hjy76mnUVbP; zElR^gno!OZ^a9+)@lQ}Rl2d;RbzJD|@3n9|y_u4Ykqi=gRy}q!N!F(lhEoo;FxzkV zGFi9Y0vOWJsqah;?ZJ~|kkC8^IvMYvTr%Edw`shReOZ#O*$>^FAPMyg_uU*LR$cE1afwIhNMw_b4XYs{D-ovs_%lA$y@EWu=Uw#8?$ zN{*6v@4zJOSH19Qc6E$8%XZJr_Y~MtcdC!r)dwBorpP@D?Dx!er0#iC+|)L<>&n=M ze{iT$8YV=y*Df}Hf|)-Y5t|R;iOy5^oZmS}4DTgo`v!^Ycj5(bbzav|Rko|PF_ur% zhsW5IopzSODr~BJD(e&F@}T+?s&tBsx@S;p+^XgLk=(cIsO5}Rwrlx6aCeK%GCJ6h zKBll`bo@`^`X$s|<0-VVHrj#3(y5#r#J*u|tX0m5-=SrSS?5@lu4N9+I;TqdhFe-P z9#k$G^2sdu6#MYPCzdl>=Dlj*RMvs450$t*ZewTSpJ=v`YH)a;`tEQ`hQ7qRcvyV53ZD*HugY*9cz7zv-7ReV{MHmX*s{35pWed zJH_VzhLS7nkRL;1Vh2)cBzC^AvU6A18J6`;f}L-!Wv7wY`P6bz%Y0yf9UIuW2zGKt znyi2_`E2}N(nGrIJiM{xf?GZnykkSAtGMO1_*ZK((UiPOFwMw1q~(vAjcF}7XhY_3 z)SgC#((W*)DRs7;eU91i=J3&=Exbz}w3w#dxKsJYDu2y7d}Zu_QR}GC_mM#t+F#`R7@~~)F0ZyN98dr?S}Jq+{2>o59L|RPJ_7E#!75zv7MFJeY%0U z2iRGO<6T$+x4`kqm{5#*yRin2eV#e6UAtmKQLJ1{62l(>PPt?e!@J88^K;z zf3SDLp>!bF+r6Q}P)^KD-7RjNcNw7};zA1cb|ct3-WR%vV6Pa#-aM<)VQW1xg5%=B z9>ITyh_UH75B9Ea4jo3hxQAyCSar?gP(=q5M%o16CqdtYiw}e*)#vL4Xk0<4`q}eDn9oo;g7FSo9=r z%^$`tDaNxcf!_M$mNZZN=GH%_0GqNe!Y;M=E^i3*Lioz=P>au)74PIkyh%h9J3v3Q z9048URJm7t$5EkNe6}9cq%~cnh_yZ$c!)Ga<43+n+OwCgk*LccANUWz?EXf4aXnc- z$N3D~O<0p#>>eom#7y=<>sKitC(%V3I|HYz?24ePmeR|hKIUlgB`Ldl&}~cUckB!d zLfI8UT}k{`ocgbzl`A3~yI3VzFHVpyE+)iRQ-1V&l>ghsYbYnWzXVRx7WQHYkS(k~ zyI8qIbVH=`#CI;S#vTZkHTJT@$`>=0eWArom(bBjk}ssaI|5mgz>T<54G{6IUpkcC zJuSZPuF`-BF)RLxatYpag2@QcCqSt*3N_m;T<_yd60fx|3GifLSs+o|>KL_{Ieajh zcd0E$IQ}mq{17V((_36Svd^F`DeNN{+JCUoy_lspl*AtA!`mhogF|^1WCanC-x|av zmKY}I5CDL?tHl+(nM8FNMw&1XF042g7UBoi*}v-G5l;r|V29bBGX0-SOe_WANm{vo zzE4jvCC7t&$QQAe8EGT<;7v25QZI@Hb@liea&PednqJzSpDlrO3ykQV%U-mBwCi zjUE2d5@Ax$a;YZ+V)W@d&LaZc39<3iMfj-Le4f}S84uQnFOOuD`;2<0Ur#Y5qCPZ! zd25EHdxp2CZsPSTP3XvodK~71ubgKok&O5OwZy5`6FzgT@%TBeCROTTk2_h(_~qv_ z01++9w)2)n*&KuVxYKe@c`8i^&Qs?*)so3Za9WxnA2a0c`GyZOF(OErS9!bDs$*>K zG&_52nuB1yc6`|=Je%)~+NP1ZsQBS&X>54>7I1Cct4IHrITG4fAy#>ucloE+D|ND- zdKV(#sC5c3NDjoFJmBj>B%oGxsh)`#Mf5I+zv;eEeUJr?F{#^9b!;0Z%8=5SE{M%L z(7W;niuZ-J$@-IEU3;F^A+GbJ1O)otUS*G=HIJr3cWJs@pn7{kPY+MC$kSDy0|ESu zz_I$fYLjP3-SxMFHAGseR&V#ns$-bXlLX`o+z09h*V^2z^)_}6etM6=j)c#PuSHtF zyp4Jnn!DszT>G&$7sEXE=G4HHqR$gq1o3;iX+I?rCjF8Mm!He99O@`e6O;!8ne2oG zdY+{2^dEn1$}I)%ZTX%I=H08=27?uq*2)#IF4dD+QBlr;;rdO58Ec%#Hb7@i*6}YE zME)+-yH|yg^Ukzpk$P5P@udi=dzjDe+TSrN%>vo5()76PUo5Wk%a3Mg&9`wlJL0XW z)Kh6D7rx&QWf*cgl;DFFEJw<*GVC>0JIjnRv(NZFp#}(a4+n=GwzUL$2&j8f^KG=; zv$U3>y*>`SZGhKqPix*UzXlv^^>}uAz$oBXK1XsQO{>J}!w&O;YuRc`gAX1aOfHz- z8jNLiUbXh0%nqp2!-hOI3Y&m@qtY?l@#rxh++Ao=cl=Iu1nUUzm$UwlfPrrPA22>* zKY)7FQkyF>V~$M>r{T*SxVyw=iYnZPWw%;^6v+&~T@0T=$Lbt}j1FjLgu693%wJyS z(_KIWE-4R!X>U_R+!~2>0F)-yP10e-u%J*L7HT{!1nsJy+Q%~$gDMYENVG{hD31y? z9uk6SY6Vu64*f_Rq$wPQ71amiJDVfH+tCz@@gF+et>TMSs6?28NHC|seL)OAjBii; zbHyO|k3x+Hgfp)(&+l3kr2tfz~?Dh*|1g8`t zfPnf%koF}+5JHnsu=JQ=!~-03EJt?B6*iv9G09)-PA`_Hdg6cL z6x;zEz(t>VoOHG@r#Szrh0S zTA4)_*<}`pOp@E#ZYHtoU}yrg8IBtTP`+Sndn0ZdjInFbVWgRObD z0h`jA#Jufz7vD*Bd*6`L*+o@u&-#$b5w;t}sEiK-V)tP*VqNmCe%x4bwr91m#t5cJ z)b(h#5nwrv?F?G-Vg@}X$eBvxn?ewDy$#=t838HIDohIpV=n;$nUzCOEQWI=vG#u| z+bZX2frF^&Apl-O%Vre(>=eS|DpV!JsQ-MR?M6T-Pi14N@L%wzN^fa$x3=+9gnaC@ zemf$5c(Fm~*s#X$r`nC5m{oSOYM5F`iJwx?X9)3IKrBc=0#lIm}ZT@!NJ_LL-X5z%U1|G?nW|@g7g!0ryG45IcQMB$bcM zp#U{SrS^#cFud)-@o4|94hEtmoDfREpcPAB=q@9^PI<~M$b&d%ynuC~(E(*I#B4Y*e^>{xgO$YYHg z*&((M>cTEbsKq$oLMh_rWrA>@WEtZNh=!YRe8hC+3*S833e9&A! zQ|a@I&G&$W`q4_?U>E|%mC^^T{5@V`85qq<-$Jo@G$53|C&cCl`Ael3{toqVG_Mnz zzlMV9GnKy8B(Pesna&3&eM`jf$Am-TE#zRP_}pv!wIMhpM#ES6Vi)*r+7|*L>|)aw z^puCQ50sPNHGLp>P{YAU&b*rt-flGH&E-B_yA`f9Of{-^qgu5czHP&+V@}hz zMx`xd*a2j&y_@8JW2aO5`vjI1WsRGlUe|u^2DQhM+b&#ShrpXH z>oB{lG;R`th;4pJv5mBe!<4%AU$|hAHia6u2*DIX+GI#AY+r}8*#Zj${pVYqV)M_T zmGiC0bNvJ_kV~qlJa4|iup05Ea(iM@ORNT8XbJmJWn|H@U2ju=fDEXp${U-$Fp!4O zUOP@x+GQru9z2GI7^am;|ByL?ceFEcxXzRK#CKq&+e~Dj3?B~Y0aD!-qr?g-wAD71 zr$}d^bveW>ZuN=fxDBJ*P`WwjHiT}2>6S`2d%5_IFNJQlawA)nHfkXUrWoHcVc8wn zGvpaCPi&$|(Lf*H!mQCandYaeHo{{AiZpt$;^s-h0tA@uzk;cgr+czvw3Tp$+O?Ui zt?2~R_N<2O@{7*;J75p$t1sn)r?^NPpEvOWWg-f+KpR#i;a7pd?APpM{*_Li;GH;Q zYXS0?JpzV1jpuMBCuJjszA0mpD;MhKK|mRM6~fhu+jo>yyb0BhCT zu|NW4TEC|%<=%Ps?Jv_b#R6}0Hy^{0!FC{UUrSfQ;LQ$Wv6%zOmy07#0Ez? zROG8;AdOKRbR+Wmk%P+D0D{h$3={h$7V`rfZ2mK>Hb&vwjjO*wbv%f6@iE^cUfVnv z)WoqFNJ#rp#*4oP*iVQFf77+_iOTOye5`K*jW?yw!urPSV%n1=PHi>rO~0ad!Gd5Z zOy5aOVJe`IU;+(p#$Ap)l3mmaEy%-TFfxr2?(qlVA1?fY+L$o$14@Wgid^qd~k-Vhie>0a*l>Ep;qkkF6BlX-UI%Fz)n@X0KyV#_jc5PP|WnMf<3 zq1#5G$P+^*9MO>KRWDwt8~Zlg$fwQWdL6 z)jt_6l!!wep{K%TK_4AHp;fuutIt2ixx;!oJ`QqM=Van64eraJ3-TK>q1U@?CG5JYy(fnrA*^GN|=EDY+p)6WxqX!bP zQ7Hn?4yOvw#FHBcoiwRS4QwkbQ@z`LtQ#hB+ZU!rq;^`eXTX5fK$rIXRv4}}8!NeK z$SB^*0&g+z+vUrWePwz#a$r!H>U}#LQ3G$u_bZnza%E^;ibXD03yZ-27~((B?$aMR zN+(!2f7AlmpTeSdi8y`LNlYh5yEwJyx1%TYF{*r760ol`u>(u;4$Ms;W*bNa=Rf-h zDv}~fV>{e<(`Bj?!*o!HO2qKv7+mU8MaV@ULZZY}vlk`XocPduM(F85cRJ-1)`b-8 zY2=tF?^7~S^LE2rRDTXm$t3c!dNB+Xgpn*9gpzCoS(S7>2V^EH&H*VjIo=9CXQB|IugPX%HYCeinaA{0=-cPP9TB;e6%<81rWwG-3+?4N@1*^dvIfh>VM(xx zl-`~ediJpia%Sk+s;M}AS@J{8_kQTacR^deM;;U{oDO0UioQd7E>?d^vw(8)vd;&7 z`;-nRG8LrkX`dU0Rqi5W5BTLVp=T^Ud1UAr+YWhX=$Yg{6QX=V1O*y(Mf%S^zD9pi z`}GF80%ooX`X69sO*>oDX`0>+$*`(7n0K4H8ZLV~3%sdT=BuUCQSPpE)TY{SKm5F`LqCpAB!G-O*aog#nDq*qzzBq?%Bpk28n)DNE_ zb=Enu&O{|TfrDfx!K*m-2@{w04v{*=<|vp!bljy@yT(SU(CyuKn1)vvdwW;yzpNM`>TZS83d0#Zpr`NMgc~ zw%TrUL;zhwhT3?Lt z-j*eIj%nO$kt4$!+hcdr%uE^B2++fgOe)0Q+?&iwX~hydn~zxNTFY!YwE_}`(J2l2 zf^2WPNFnZ;!8?#f5@J8cO?&^XKVv+-_!(-7jgH&cEK|_l>pw22>y_O~d`chlTKIs{ z$%fpcme{aWE_d=hM+{~$d>Lr1a!*w1BI{rmKuc)mJoEe&I`E3&Jt*H$VoSsvZzKh8 z!#;&tn8xE%?G;M*>wohp`B^)mh(Gm)Z2$x^6SP+-?XTZ&f>24kQrudfq!!whuaYgN z5yI%3vA++LH1(DnbvX5n$isaYk*86YrXPgGVyyeLlH>{>T4DJ5^jlDCse^y+#ojn- z&zION^6jWa^uReObU-E+c_q0xxkvx8i6mZC!Y)k;^u&IP5y=7gv0ebIG67&TIdC_a z)P^CG5qf%L?u_7Iwmbe6XdA}bv;ve_bEgE8SQjgFV5+0wq`%8FIEL%TF-=E^a@8sX z90+@GUNaxRED@jI20_#!Y3!I$JY7`&I|)iV2%^{#*xi?8&lsL!_!U%y-q%qf$k|X| zG~7<__+xDsj@<6IvzH?%aP7B-={fRcss>ri?})z`df$#wX2IO}ek#3)>nT0q$M#CP z7N(PAu3bL$W$G1!RG*Cn10>0}T*mpdFm<|Y99(s}DqueM>Hmlb1_0PkA)^GNR|Yvk z-KJBIfmQ7nn~8uUH0rTioxKkqd@rSinj|=+4TeF)BJGVVPp}uP>L)ifLGGG;+WSN$ zooBeDKZsQcl<@ljnn9VPV!r;;*CyG7>$a=N#>q0!eC}X^X1-~IFf41oxhxsjOyN;_ zz8=A_YwFm6Q3q`?x$F02smeMB?WfkJX+N}Bj%szj8Ll-B<|4lpid`fn93Us;?W7fu zo^cK=-5V|8Lsl)EuKM%g+Tq}%C8dBBq9t?b0TI%!nLG@|aEATGn%|+7`1E3UTn(oV z0_|mG%hJmAoo9ix8%MhIu^*U>lAn{SXsZb^A0fnqqLyYSw(hYcG0NyCPTX(FxvF$* zh}13L4S4Lx`^rqZl!&41H*m-maRCk{AVxcn)faDtu8+YN!j$#w8m7D7KK^tnhOz+B(3=*c(+Jd^)#xQ$6JCQYZDQh9Xd(^^8 z4X4~Nt0MC8KZamsz9H`|gX|3Xpy8Vieqb?}ej=*3o%t)-oX4;>&=>P=@24MI;D8CX zVUU0`;xoYMy=ql2Y~-E2FggI<&jC?Bnid3S3^|PqyG!ptC{3~=()9)iiN-?0p!DTH z*wiK?&7L@QHJR4dB%O4%vXs=&Fj0HX4vygF9Qy6B#|6!iN3a?UPC?%@&^N5T?SGQ! z#TGhCfX+#ba10gt9JA|K3XQer`e3AGWrPQP=-milKo&4HN6a-f&aRtw+yFaHQ7h95 zEk`k$l%3;eWQfnd0mkXqMBH9GitQGFQ}|holS~sepF=AiufGGgSY8f;Tn0TJEZ1{R zLo_85AA!LwKu4HO%A6o~B*^8`Zdjc#mf|#4k)Bwr7iX}F%=kkH=AWaDMb7smlh~Fv zeiFZVfAC&)eu7wY&=uee3kDs?b!XJ2vJ5`x;=`3T2T~ADkVS4G;~Go!mzj&qOHuAB z9DIHL96}S4%GJLb$b{;^XrM>m1?HPNq8R*YDu}|ZS<0%t(V~rSz)HO{v}O4dK-V4sI3pf)3d_K+WONRCRJDBb~ihEk7+VFll+ z#|KBnM=*YtwqT-bzqu8Sqq^sbOL!Jz>aLlqa3UVZ_NyHFvozF> zsKrkFa1Q4rVxM4a^&geY(SHp~ZQA+I7|k@7dGWgvAAaS55UX5!iGJLKvsnuLYH8qi zO?;kfSqT-J4a&=xrI}5RX=*#QC`&Y9-ht z)&alCZLFf-#&FiJ7#tsC#W-Tt0|u~aDjpBf2{eM02K1=U{F5m?nj9-(L)uGkpcrVe zcEt<1Uf*Qxr6=)@-{+~kmhj^nha@?!)f1U7$7j40qK4%3kTsEd0<%V!FuTGZm{OzGq=NF4WSik)QfJIahQ-d|MNOSX$Y7uEtjGa7q?QfG@TwP-w!He5L4qn8V3P?Y{z5*xk%pc|=(V6LjC^8SAtH&9(feRw=Jpm`1o zuXgcQZ3lXGZtQ|f`3p$V(UX zzXzADtbRZkI#?JgOvs+zaQB4loPpc4h6&lz=*xV${)qR`3Ac;V6&a&7fM@%-AQHz+NT7cZ`^bv|5E$%U(y00s3_TqCbqB+TL>au!vuTFT1_?dqCUbwrJG z<-*mgAvob-n1r)N4)S(&!G)aqSu1LZR#;Nv`)^II9xU|w5|lq&{BZv(kzeyf&58lR zJW;c9^}^uNzlGE)s%z_()~piz)lbNf`dVkj(wY^hLs4OQVWNe!Y7ud5aswi(Yu8jS za!#D)&JwPC-IJXqBmj$-uBaZ6|6H&wFI-YB6r$JKnw3lI(3UG}W43GBJvq5~_fB`u zDkvVQN$=i*mECY$7d(P6xqe;R@sAD;|9P>n z@y?m8-e0@6WE8%Av-ejKN9r9v_~nnD1YBc2w$$O8Xl;6Iz~#gB+gzL;$`ORUE~J|P>p(wuVsCHkqw`*QWYPZNFS>;- zyO!3@_)%HT2SeV&_e19Qxa;Z>Z5sy;m*8~af#E;THFlkU1+L%WdLP$rTt{%lab3cdQh-(Ch%32J5Jutp|Mi!Ijv81X^9Ho@+DIj!;96etqWGKtecvc)}|Io1%Z!?y=n7Ts`-1@)qSinYSWubzU&9A@AwD zP+oIhOWq548}l~hZO(f&Z%f|md2i&snfF%S+j-maw&z9i+VeW|_U3iv9n9;_JC@gz V*PEy3oyt3%_jO($euys!{~I^M0`C9- diff --git a/FSDrivers/X64/iso9660_x64.efi b/FSDrivers/X64/iso9660_x64.efi deleted file mode 100644 index a3c3bd8055a75fbe27bed15126e2fc85a92ba65b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 21832 zcmdUX3wTpi_U}oPv?;Wnf*=J^f(A_mApz7zKoXj?JCZ=9JUW63wB;d{Vw*$DLkOgG zdN{^mMs#%kj)RUf<4CzWGY&6NQwp?&Q7Vd{h!#{hA%MXAm4ZUw{+dIX{LQT>$y-Y8 zD|r?=k;@e0BV)lH`GPO(wpcfl$l`@g7TRuRb&*Bstl4cb5pbp;gW~Ka``!^#a;vVF z+t|EFHq#f_m}7xS>Y|wHS_6i7t89vIiydmRw>ox-kGG(wxFO9|-{_JfuF&CjSMYp9 z>g`@tplfVTWufMj0g*I8aE01OyVE1F<41^Nn`5KUN#EGs9i0pVNX!Y)ZuGn80yNi(cHy+1x>C_4 z6s4jl0d1CBF^psJ##ye$h{=ON-HwP@J1icL+apbzbRZ@{*IWOy=yHo2IbEEbk^hLC zRB*%~y6U&NWJuu%WOaedYMdskok>|8hOAmhR@=}Dvbw-!HBOV&PEA&aA*)7lLw+Y& zwUDe1LssXxtag&D#%Z$JnUoa=4K&6AB4*G;@{w znXGw?rug!hY$g9eV;p+gsCJddWI-30lFt|~VgrPZc$~>8C~ZPJCg(GI!JDdLln zctp;3QuAh*AIzcVd=8RILMN>8d$KUcB;zI;5mU?B#5VDIO#Oe94Mj~%SrMcT=xSl1 z3vsCjO6sXZaWW>aSdDBfjmbZ!3=I`;k-D?Gy;3G?=9MTGVn^AggyqIq1oiSO3vCWk z6Db3535G^oC~jn%zytaPtM6pto^Gcg$Z=L;*ur#e@piVU3$G;Pm3$j0xH7<|tCCg3 zrp`5WdjrG#b&b{#^BosG#14%T?lV<~!g z!<6w5bZa0J7@F0Cn0{nln>lx;HgT1m5bw&AB_`X(8=VOIxjIEt2-$@Qw)7C3N6pVT=+)n z2E=R}r-Eb~WyI7d@1TrdKqy~Dda7ErYHL%|l*ug2wWElIf6~ELoQQxOVotzf7IT(b zY;G~fZE@o1vlQYv(J~#+X_f_ezGw-eDKZTf(kWzKv#ixJTP?35qn6Sr@`vh{OYyj9 z1xR~Dv~r+U4%EtlS~*ZF2Wm|MwI+dDlR&K+P_|-w1hA*x{{WwHOvx-DnSrt_bppm= z&Bmc9pdaeSQeCsrnkd<6%%L1gZc4V{9eZmXdnXHv*TzhgMy+EbSc{YwLDNtUnmW5LF zOAJ8b1$b`H>f!;T`W$uQdh%(!(8}ab)kV}ayd+DV#z*0LqUI+?oZ94?IEl$`PthjT ziW8?fXN*6|10Rx;ikqu&PrpkOeIZRSM)D_VyScOwUtft%tM}+42PVm)ZZ^bm+?j+P!@z_oM4rR2 zau}E@8Vn$}8o+=YVSx*?hU4$I1&!)oE z>6jyhDPEJfCc+$dBiYu!t%*6_WpayHYk;1>vWvCfkVw+sE&94KO|098F#s)1d~`Pr z>S(JfvbXw_9$kFl4EUFgCcoUxFE@H~TD_t3Y1LnN!>j{7TpDYP>RCABZCW6iZWpz- zw|X5d{&0_UvGyqp;a=6Z3!DN^eV^Dd@zGk8_``h#!1C$fs2oo7%6onChti1HEiBx( z3;K2S{@lLtG*A5x3bXrxb(R{r^S2j!?EFvuH(W$DyPw(vyIkAzx-~@=#yJx z`^GC1bscwyd+59&)#Q`AOQ)i}Fj(-gUaZ@zQKuIlZMj07`wDdiPbcd1oVss8ogUPs zfV!}uGj%>kqek5(lzx}G-=kz)XX^C-7IlUz)D?ibZxhrR+(cb$BuS|k=QgoDFvz{C zhsNn{vDm`v?+*KfI2bi9oT2l^TOizcAU%Ioj}%XRx7hKi@QPA>CHW>SXhsiwmeg6z z@FJQ*9eU|2T3whjIg82X)g3hHO7ab}nhgaIF)9n+Kt4OqT<$ak>j0^$*j zazPfQv3ne+z4H6CoQ;#ylraV}m2!cBmE3KT$D7n&(v*j>gh^m>Ue*=}N)T)RWQ3V1 z$uoJCiIyzt!Q@8Oov?xSz0seeKGcyS)_sNMp-Vckt{+DADKoXkC2u#U5g@t3AXk{w zVKj!^NbqSWdjvK+F%SbF$BtzUE^$K-i?e>e{6XkgyE7PvU+r2Iu;?0(q3XG=g8fms)%PSQ9Om&=b9|2||~G(9sTO@Dki= zZ+v^qL7nuCN4levVZ{;J1aZjd7qDDxJeslMD0$WCXL-S;#-ph#j%tAFd+1m^5*>>b zg2Xd{Q|vKY37u~3IWn#jTa z;h%s#a^c6oehY_51AA{0?4!{H;3({qShox{5MUoW*y>c5!TueHWV>UE;hKm0N5{&rsD3heTCl=*XjcU%-7C;bKJ;Y&l8mdj_WP0o57!5RtN162T5%pjW`%Y|-1Sb4oWe`7Yl)mAqfx}^*>#1ULQc=GLYH8vCqVzgzFRw~HiXP) z^mr5L!u_s zOhRrmApZnwRnFI`avQl#lZt#L+k9khFEaV>(6C$|oHnbv9xf1BVUn5bAs?RyYy!PV z37Py6`HfcffyBr#(uifjT~-Qmv9m)YVd3rmc`eyKWs1!kkN9=FypBqfbj;y%H=~}k>eF~*=zOa5 zL8wD?y+teDLW4UzQgF-XIa%{sv(?wWipRb3b|Rcp?63P=tTjQ6+)7?9R@^|gp8|DC z5e7eDCO`OIVilUBo`qV$wQaNs@#)&#jtf=&n=y(YG&}h^3#?^kV$Dvz+QKqq$3CK+ zi-HXdb|%`E)^tXL=aWlpZh1*An|Bi9<=GHCw3?t5ai6lp=GA@a#m-X*V1El#lsu*h z2K#RJEm=PKc)XA=pKuYzQ46^589urE7Ho5iZ1U1uAb=uUv*8vH1`!a1iMM2VB{KG*%O2e`mC5pg84Nwm`monVTcDT|y; zeB~^6S%VlQG-~m1wDQY4Xy;?|%70sAR5yTBU)ZR-o$LU3=R zZV1+7>7>30$C%(eS6}T>GA!f>qzGQ!8Ly*J%>SrvuY7>J2rlut#zwWDtF}?v=&^qt z`X(;ct;MLJQ5T0{-zaryHl9I-h<=?O1Ft)ZS6|8B{qi|)<1r)W>S)2W6Yh|d39U&H z)ZhM{6e7*rc+}{Z&w6#oy-F7!NZ=C7gZi44DOMM6%VeJg+&b;rpu^mW7n-oNc;)7r z8-4JMa^>q5VKAWOl`BoIonx|eUU_kLEETOiScOUsvc}JhOc!Iy)f8W{coc&r0UnY= zh(vBA_gj3$ZLtA10LN|&E&*>opq8YXZ?l0_@S&qjcUIjFv^}+7OPhW2a;Q-U#D;(h zZIu#&gL8=upWo3k264*te7ICy0w!;~(UrR`5cTD>@leVcNYkp^QTH{1V-&k4rXkhT zH@p-vY`kToP(a8icC%a2kyDz(!U3)7yB(5k)#stb(Xm*flqm*#WW+rNv2GOJ5;`W< z+VJ9b?37%-k^&R#$q1K8th*M4P$#A!(1#dMpa*m83W!`;ZGcCb8bjO=JjVt~+z^Q# z2evLao-XX9$V*xikwj1J-ar?oJPZ)avtrj{F-C0@TIrnPnjKOvPwl}#ccxUMeo>Y> z=s58Ftp-MqcG95QNB};z7uD79haB6)$Csd*LcOWt#*t*XU5<{xv1mC;VYvak(OG*k zaI2@bl{yk!Z=&OvL`NMu=3nkOOdHLBo)O88;ciW0s|}Zd`dLawJ`I_MUXMn_jjb+6 zOW;Vf17ZkWGN2<3ndqxgqV;VE2=;`_;aumf4URe;K|-jJn^dF$Dz3&$Lb$73bbHiv*gqcz?WM$5(!Hgrr-z$uwUbf~dmz+nhF3`_#yZLj&! zwrSidak+=KTPgkwg|$auxZ;uE($u&h{Wp^XmTaz(Ne!me1ba;2TPFJr|fM7oe zr0qGPhICM6j=ly$eeyZAA7qc|Rd)jKuFx{4UK&A+#WHwK?MC#Yj+BhvD=~L`3V}%S zi%Jhc9jMjI2?*F;Y)6)bCt46by6xp0vLyRyiO5#%*qG3KM?L_P3sA0jYRrRXD?2yq z(y3W@uaeKBy$Ia{@wgDX1{4*tFbuO#{@N$UaG1x550Gx7jEH?voa>}5aZ4J%QJSRy>Ec$zO< zYRQhj9k_`?h`WwzEU80_&=RLUknY9NO7v0c5L$wTD2?L~n?sF%%^OS8sG)?TnI*9I zM=l@D%mHaG6lM{@SzCqx1T;mx9%}BBk8u)Sg9r&#L^Loed&{NLZY?ln`kp@OlYL5 zbE8w#h==Rmyon5X~b);g_4ZvxCUqdkMs$3rt>WagvEJNnPzHS>4xS-EVO2&g4U(FPwqi zC|YsJIYt!3pVp%o`sTxWCd7JPE`B&sjCn-8R(wHzO29!2+!hx)0)pa$)BP-IXlT2c zjncq5XcW@lcwEb5alp4-?x=NheXm=}IOUKE(cI&c(Y?lwesrSriD24EoyVc<)cJt^LE2R1`(1=pW%jSayF{AEBE#$=;tWT}rwj>LLWFWM4Fdc1DV zLI-RHSom4XDr9}(%v}QnVP`FWgV~N?QpKCtxihX+J-VS+{ngS*$k&^G+82I|HwvU8 z4 zloQc4tWB}E2U63;&_?9WH4CH@qB{Wf_&o}OdklW1t2dly z^4GOWICscY`=j*OH(vRW7lsmM3?0O}`DhD;e-H`6YI<}djfV399$@?9vF|0af}n%R zwLFa$pe;1tAD%~C!^sCp9OfpMg|~7BOcpm3iWu>EjEL0;aqkHzxr!c{^vIw`S9)}z zM>;)B6U2>$sq`>RP=qZvVZcJNluX`gc?mD-Ode4?5sa#M>pc9L?+58o;(-{iWY>)_)rd-whjo-dsJ5g)>(|FMNvc zU26>5)?vg93HO}O%QDb#4QGX4j(HvLigjtmCl znQJRxaA80sBo7AXE!QibkCI0VYx*Mw1fb0T?Ro>W2nnm|+90?#Vk*$Q?ZQM4*$i&- z!^U&{K#1sRA@|M{o%7GYwxa13Go9H9PG^mS{GNEg`^T<_RkQrCJV@mko%zA! z0|Nxj4kI*ifc0)APoI+8cwf*c#XyG34M6UNdW+U9Hj4muqsdac7b`_GKtIDl|5#5mYS2_Y zd6?odSYLJoDqz)Id=nWc91|uttJ~2KtzzCQ1H?wTf({|Dgb?fxE1I69g53yV zUM6Fe*3+klOkw!_;VC*P!!PgmIWWnqx5mbK<2$^xjf|lx1#04RfXs!55_D^fA!-K! zXN@y=B#_yhkakyBaFGsHy%P3{t-y&s2}!z{Al#q{1f0Wdn=70n`qk6zoF+m$i|GOu z6ImI$2^oJU;WeU6d~xTd9<1}krg8w-OV<3tpx2S6f_CWG8aSP-b z@455DJTs&()|ue?MkkX0EANcyu_My##y)^dc=qU{?Qpc1=EO;xSAw7^lizefD~sUd zw*!4#cKBs~T4!r5W)#zAB^xP|*YK1!El!{On8iw!m^Zn!dBHt_95>&p`1n?3jU@p-sO1B646Sw^1B>7BJWeCJJnvF(vB6g2&=-keIOhsAHNx-sxuMr z!&=Yera)gP79#cXal{*3ao8BV)BXkPHao!NsQSB)v`azY)dAWW(PajXBz8s%kWV6s z+Zd}kCe|d9*do2El_ZhG7O9Ouuh`y>Byk&q?*Ur^%U?>9hT&FS+QM6L*4>R!jD%vq zEp#=(i@O21x=#DClj;`N^ zjwBBJef5Ue9tsMYcIpuBZ;bt&VwfeL!g$gBMY?0FAuc1YqeBg9LI)br9UvI7 z>q6J7y4Wsi!;PJ`o8mW#F5;Ynf+%PYNg+C;)bv%|Ktl_CAn>`8gWwR0O-!DX7550u zv^m69!buiMvt~YdPHwZ)slDSoAiOMFv8kz;76i$MAWAP_j$0v!?!S0IBa5XILhe9Sk&T4dwmq$1bWEW#jkf~nPB<)frQ5!P_#Wzto{Q)En0z8QRfH;qQ3_hTI$p@oB=TX2+UH=6k zFE@#GeoRM-CLxe#oCfZB!^?CyFdWPr&4KF)uxpc%&_Li1w;#+Dr-2k9C22HbaZ;%( zxGYsC-RD*O{3c#c&V}dpBedV_S-{Ceb8q;O1zQL)go@N7pU2~J6J2lVd8QX2JN73B z0xE*~2E|RZAvVQPAbL~{c~^Y9dh=f3eNf6+agkTmT}$FTDAxTHLh~zS3toq3i&!>J zmL!yHGULq^Txz)4EN_z#)NPT@*!Q{=sTdkDh`e?yGB#j`xDG5e_K##@KrC#GI^dHe zk8)55?jzcTP#I~_B^>^0?7Iq8q?G1_-asA9(3dMmQAtH=cIFB}Ib0DXkHRsz5K|J3?Pv3hgkfPksj3 zs7w#F3Fa0_eS$T*La9fv#_*kH#j zAEp^C^AzE?;Li%bfzIJ<>KAQ9w{#EY6Bgotr7w*4naQ*<>LHnrW`8%=EMzNz4=IHGh!51Es zeuSjI zqyW)dAA$ob$YjD4sSBa-wAOh`#%FlLlZ<>eVs}yOE7_q=MJrlbie0)2d|kw^3uL># z_84^1t*|l~uK3@8r-|@%;Ua-pM`wo|0tP8m`y^n;mS9)nmQM|&z*0G;Gy35}3!3-5 z-C0--f=;UG3^RCfyS!na=mOeTJ6Aby<1}0u$2GqZfiCjdSQI9(o4gHC6s$L*YcO4* z_25gKf-L-jJeaQ}Qn=laO=jY|ivgAbOeI(ccxOfYeC}-+2(kxE{tO0}c}X#=7V*u* zM|7GrU(@oP(t}vx%=p5>rA#)+ZRZZS5cM|Un+`AZ!xU>mty3qZA#v#z{#6-nVc{Z7 z$0(V`$FL*8WZWs;#1uc=q9QXfpwnu43MPfP5Hr4s-8?zngpzzZY2&zShIQ$(O#oCn z5rl0c)M3^%HakB?iI3`nngBw%4R$2g57YKoppmwua zCv`#Y=jfqZ*yamY!Qf)blE<|BQ|c0U9TTO{C!fWFLo{u|MG_6r&0Ym=W%_>&!4mW>k!CBJXDSVz|=bO%|esgRB6v#>jp z`!H@S(KHz4x23@i@Du@3PU}~YvN{f1C$Egf1e2F*FlHY^4}pseYkG>5?xix!EAUCm z_TuV8p;tbpR`6vQ2Q*aUgXgISC>|K0y)Oi%p4dg?%gxegraS_F%U~hEKKTOpjO7S+ z0v;8rA?cA8LF&yE4|c^0Gav&W-mQznH(;{CLLAA8xg^B%9B9=gUyhfOukwD{PQ5*_?aXLfho%X ztimZ>PmJ>`e_c)8vBqV`3#UWz()_YkB%eb3+4x}-M)nAerU_(s&!y4K^)1l&j;Io>< z!7<-=;tKktDcF1jL_wHbgqu-*K93K8W)h-}f(uR_T%ZtxkB1m0@({zbmLM9T@Wo_^ zp~13ND|sy$V%TblpoA&U1d;gUcgY>`k)R~lS?p5nbT({jA!R0J`iVjC_3Ha$LUPs| z$DuQ^t{i4B+LarZo}0mKz*6lThFD8x1-3Gm&(siHn?P5kxCah3l9SZJM%)Ki>}6_) z`RCdRp6Y0FS*V-h#8p8zZd4)9!V9ug-MheoHaC2_;hKZG=1W?l9?8{al1)Q)Ezl+z z@>534bW9VH7Ir33%-A&WR7fCN4=YpO>5~{l3G=*)lt6eH5QbUlamB1S?h~qT4Fn$Z zWup?q8nqLC?J>24Rx&;vNiA%o7LX6rf}$&2K2|Ot1XY3{7==msAgHodD@n=+L6rzf zU;#tmLeVlFYv7SN~smuC$t7OWQS^5OcP@S3pctskxkV~ zv5X|MShV_DIE-HSlq=Hbk{oO!?o4MP$mU2fQx0ZnQ9C7n1#btN(nmDNS$Ze=clF9Hkk~zX!!P zZ1M+~-7N_=n~A-cgE@S4ftkk~%=v%&67(KYO5Cz$N{vbV3(WO@Y}Fzp=}ruJ$$z68 zJ?~Pe914wDVhrF!+>eFcO7U?z+@biUnZ9l;B>kCA`olfAa8J8QQ=Ka&P2tZ~bSV|^@_f8t}qC@IG0AgcIkMjYk67u|{LX1Usj zp=~s^@X2w(Hd46D{GNv{05T0g{6GN9aI5xtDCyyJoV?Ifg6OSD(c`O7^6XHO6g`&A zSGAI)=&@wBX(dU~W63;?5-gddfQfU66^l*$Kyy=XRN)sCAEgDAKD-{KUR zFYw79sY5a0;6i136|hV;c15!o?C7=_Vr-dDVpJqgQ4-Fajf8G4gnN!c&Kvex<4*)> z5LlyI!0sV5Qn+W9);bC`8P$g6d4&iqEqxXE2lnZ6Z6$y(_7eM|Yyt#!+ z)GWkXC6F9ESQt59Dla!z1uEyxpM6*2ZMHPGG?@>~eW>g%A+w8+DGadX*4#S4HvIBq zXw3lIPL7<9(W0g=1oIJt={2PzIJMlJNSODzi3x&Y2 z0(e&lCHN~BtiYY9oCgk62svn3iFN@&LOLHg;>iG^Mu5>0^4vC?9Z#Wb{%m1xRfXgB z+igOTR8mq_RV7TBQ8^#PnkUVlH@~8KzPX@$(SkXbOWkGVWq~qt{*1ZhQf1lY;whDL zf24GbG;3B_rFmjSg}LaV8Rg}dn->LUl$V*^^#9xVDrS_LJ(ZOem4bKv!WrdrOU;Ed zDrY=|Q7VN=^Q)u<3o0rDWu?Lxv`YXin!C767*`Q6PbiyFx=3)BEu33YmH?t*Qdn6L zC@Z0E<8ha&VisCfRY;W}P?%g%E@J%>mzNXR1r_tF2pjW5GZriW zo*e97>v(+N=IyYT^xK?BuV&hN@;Rt_an|8|?|1uEzOee{(T)Cf_O;o0ul4c&E|QUc z)Ahf3IN2_lrooiZ@6J3eokXgRUzV2qAD=q3fYsrD)VNmypBm)r@i%Y?mBRAE+|%!6 ziWB4ai$qFa0n=|uBAt{-cjjv4nThn5!?kzVI{w>~p#KgW!gc=jpE~ZTpOo(H_P9e> z+d8*$#KZRtf2ZpfypPx3Z}?t)9KX)}-`ihsaK)wfy8Y@ljek$fpOQZMp)2ry@xAwc z33_i%q@xn)#6M0zBVo=BwU6KUGr8h$+! zY5znzG?8}Z`Twsx`I*)DJK@*<#*MMtI^!}#s;V4<|0Qfj`H-^Gc|&hqILSSBsLh@` zWQ;VoymZKfvRQNIBk}k=t|HF^1$lY54Jp2Tc%r;;-s~Z>U?8d%RRzi(sv445F^0H3 zV6dNmoa@-S!ga;#rmvf`Zo#^mb-{J@ z>z-b>cAdGw+F)zQZE!ZQhQfy8hUpD+8WuFvGz1&!8&)?w-LSUdrG{4VS{m9K z4m7kks12tZIvRxaruA9tv)7x~Ti4sx=dO3IXX^{;A}{|x-30u1O}3S(BU96Fd6YeR zE>oA5vUX+attiS#(dq1>Ei*NJ`lC!&rZ=SMjDoEuwadU%ok6$qjuf3??Sr;Cwqc!0 zMB4zpPFQPx;rd`-VI==IUYN;U4RS8Xskn>&+3eqgYcRW-8$YSIV8~l^)8}GakE0*= z`LAb8??3#8b?d6@VpVKL$=a3r(YBTP5w?{nH?GyE=u%SBh4vjM0vSCgj3ZzP^mRrc zIov+fW=qviGUzjMCRCJ`Rn9G$XPz<`Ywp~@oI&Qwiqa~|IVm%w9I| zhoa~0L+!(IhvwefD{~mVqKv=(i%?hUZs?32c&J~g6Tx#`mz0${o$&HF>4`Va{l4F% zJ%{_eV5&X3@4sHzmLr|7nfCBw3uk0*>_7gK_eUK1&9e_Z@uH=zw$It8QcvI67Wh1U zwNml%=>wZ$ug&gv=(?Z0@rj&fF#Pp_ncm9Q^2m~St#I{UJjdRuZr%9EO*gZTI@TU! zN2{mgrCoTs@#lLk+%@jZ^`E^s)zo_Y#`C}a>=SWU>KkdPuczMsRn5$SMR(78=(DfN z_Z792z5Dv}t?OLX-#YK!~)dr(YuhYdl^BgJxp6i5{&V6$@zyBL+8~faJ;Q8G@ zi_RD^s{0Kq^ZxMa+dJFl^!?`PuRf{TwCL)Ur*?K5k^jJ@{og+L>Ar8pS6_SP)w6dv zV;iepS+34_d-mMbL$l(4x!`@jXuEOyH{VXY^R6Y2<&D4Z$tU;PP8Qwj>;1$d=CwWU zJHKbyyl)On&ira|kI5Gg9UJsUqxso*+kot)OV>2x-G060_~uN1>y!svBlUV5RT z#J1>42hm<`d(hVPvYFD|()s0@&MzspE~zHXQ0UWaS6$Ahzz7DRG0D1=6rIzSmTDY$ zl|CiyyXDr-iiOE+Sg8|w+~qz{KIVlRpZ&6%bg}G-J@b!M+&gD-uNSs#ylJ>RYt>VK z{!{PI{`izZIY(w>+iD&Y=cl#>$<0|i~p+Anl_S^RUM%%}~9Z_*^{`NoJ)BD;>uUnkI+E=x| z%g6x@lKVu~H}1dA_0?K#`}7Yj{u6(?cSC-UFVAlr8C==cbJrJRKR*0$|BusuS~cR& zuPzF{@uh#-%u_X^e?Gisan8*nhn24}4tev?l33)~X#48(=56218dcQuaLavv==EgE s>057^ee&ep;kOnYS~T@~`>X*|ZrIRgx25;4@Sv1+FKzX`GHvz$28SO6y#N3J diff --git a/FSDrivers/iso9660.inf b/FSDrivers/iso9660.inf deleted file mode 100644 index 49063d8c59..0000000000 --- a/FSDrivers/iso9660.inf +++ /dev/null @@ -1,25 +0,0 @@ -# ISO9660 filesystem driver. See */LICENSE.txt for details. -# https://www.rodsbooks.com/refind/ v0.12 - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = iso9660 - FILE_GUID = 33FAF091-A3E0-43E9-B303-DAFB6A226B6E - MODULE_TYPE = UEFI_DRIVER - VERSION_STRING = 1.0 - - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 IPF EBC -# - -VALID_ARCHITECTURES = X64 IA32 - -[Binaries.X64] - PE32|X64/iso9660_x64.efi|* - -[Binaries.IA32] - PE32|IA32/iso9660_ia32.efi|* - From f0b7c4a23e59a269598108f30e1cf9ee6b70c8f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Go=C5=82a=C5=9B?= Date: Fri, 12 Jul 2024 14:04:55 +0200 Subject: [PATCH 324/357] UserAuthenticationDxe: Loosen Password requirements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Go¿a¿ Signed-off-by: Filip Gołaś --- .../UserAuthenticationDxePassword.c | 19 ------------------- .../UserAuthenticationDxeStrings.uni | 4 ++-- 2 files changed, 2 insertions(+), 21 deletions(-) diff --git a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxePassword.c b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxePassword.c index 24fcdeea0f..f76b4f9f0d 100644 --- a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxePassword.c +++ b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxePassword.c @@ -322,7 +322,6 @@ IsPasswordSet ( Return if the password is strong. Criteria: 1) length >= PASSWORD_MIN_SIZE - 2) include lower case, upper case, number, symbol. @param[in] Password The user input password. @param[in] PasswordSize The size of Password in byte. @@ -346,24 +345,6 @@ IsPasswordStrong ( return FALSE; } - HasLowerCase = FALSE; - HasUpperCase = FALSE; - HasNumber = FALSE; - HasSymbol = FALSE; - for (Index = 0; Index < PasswordSize - 1; Index++) { - if (Password[Index] >= 'a' && Password[Index] <= 'z') { - HasLowerCase = TRUE; - } else if (Password[Index] >= 'A' && Password[Index] <= 'Z') { - HasUpperCase = TRUE; - } else if (Password[Index] >= '0' && Password[Index] <= '9') { - HasNumber = TRUE; - } else { - HasSymbol = TRUE; - } - } - if ((!HasLowerCase) || (!HasUpperCase) || (!HasNumber) || (!HasSymbol)) { - return FALSE; - } return TRUE; } diff --git a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeStrings.uni b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeStrings.uni index 8c0298ac23..3d32ec10e6 100644 --- a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeStrings.uni +++ b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeStrings.uni @@ -19,8 +19,8 @@ #language fr-FR "Password Management" #string STR_ADMIN_PASSWORD_PROMPT #language en-US "Change Admin Password" #language fr-FR "Change Admin Password" -#string STR_ADMIN_PASSWORD_HELP #language en-US "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, and symbol. Input an empty password can clean old admin password, then no need input password to enter UI." - #language fr-FR "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, and symbol. Input an empty password can clean old admin password, then no need input password to enter UI." +#string STR_ADMIN_PASSWORD_HELP #language en-US "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars. Input an empty password can clean old admin password, then no need input password to enter UI." + #language fr-FR "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars. Input an empty password can clean old admin password, then no need input password to enter UI." #string STR_ADMIN_PASSWORD_STS_HELP #language en-US "Current Admin Password status: Installed or Not Installed." #language fr-FR "Current Admin Password status: Installed or Not Installed." #string STR_ADMIN_PASSWORD_STS_PROMPT #language en-US "Admin Password Status" From 16a96c02ff8dee91e0963f1124f3c965e9432769 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Go=C5=82a=C5=9B?= Date: Fri, 12 Jul 2024 14:27:51 +0200 Subject: [PATCH 325/357] UserAuthenticationDxe: Remove unused variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Go¿a¿ Signed-off-by: Filip Gołaś --- .../UserAuthenticationDxe/UserAuthenticationDxePassword.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxePassword.c b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxePassword.c index f76b4f9f0d..ed13e39fc9 100644 --- a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxePassword.c +++ b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxePassword.c @@ -335,12 +335,6 @@ IsPasswordStrong ( IN UINTN PasswordSize ) { - UINTN Index; - BOOLEAN HasLowerCase; - BOOLEAN HasUpperCase; - BOOLEAN HasNumber; - BOOLEAN HasSymbol; - if (PasswordSize < PASSWORD_MIN_SIZE) { return FALSE; } From 793d703fc4cd4052b3db2029c41913108901019d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Go=C5=82a=C5=9B?= Date: Fri, 12 Jul 2024 14:26:05 +0200 Subject: [PATCH 326/357] UserAuthenticationDxe.c: Update DisplayString2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The policies were loosened up Signed-off-by: Filip Gołaś --- DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c index 4710efbaf2..5e0736484c 100644 --- a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c +++ b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c @@ -173,7 +173,7 @@ PrintSetPasswordStatus ( if (ReturnStatus == EFI_UNSUPPORTED) { DisplayString = L"New password is not strong enough!"; - DisplayString2 = L"Password must at least 8 chars and include lowercase, uppercase alphabetic, number and symbol"; + DisplayString2 = L"Password must at least 8 chars"; do { CreatePopUp ( From 5cf2731ce74362d609acb213c3092f5fb5bcb83f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Go=C5=82a=C5=9B?= Date: Mon, 15 Jul 2024 07:26:31 +0200 Subject: [PATCH 327/357] UsetAuthenticationDxe.c: Fix typo in DisplayString MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Go¿a¿ Signed-off-by: Filip Gołaś --- DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c index 5e0736484c..7ac2f8b3e3 100644 --- a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c +++ b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c @@ -173,7 +173,7 @@ PrintSetPasswordStatus ( if (ReturnStatus == EFI_UNSUPPORTED) { DisplayString = L"New password is not strong enough!"; - DisplayString2 = L"Password must at least 8 chars"; + DisplayString2 = L"Password must be at least 8 chars"; do { CreatePopUp ( From b0827cde82482049a66490008cfea084a83443e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Go=C5=82a=C5=9B?= Date: Mon, 15 Jul 2024 07:34:32 +0200 Subject: [PATCH 328/357] UserAuthentication.h: Increase PASSWORD_MAX_SIZE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Go¿a¿ Signed-off-by: Filip Gołaś --- DasharoModulePkg/Include/Guid/UserAuthentication.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DasharoModulePkg/Include/Guid/UserAuthentication.h b/DasharoModulePkg/Include/Guid/UserAuthentication.h index 762895e24f..959916e755 100644 --- a/DasharoModulePkg/Include/Guid/UserAuthentication.h +++ b/DasharoModulePkg/Include/Guid/UserAuthentication.h @@ -10,7 +10,7 @@ #define __USER_AUTHENTICATION_GUID_H__ #define PASSWORD_MIN_SIZE 9 // MIN number of chars of password, including NULL. -#define PASSWORD_MAX_SIZE 33 // MAX number of chars of password, including NULL. +#define PASSWORD_MAX_SIZE 65 // MAX number of chars of password, including NULL. #define PASSWORD_SALT_SIZE 32 #define PASSWORD_HASH_SIZE 32 // SHA256_DIGEST_SIZE From f8c6b65fa7b8edb89e37498c543d97c4ce89cbd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Go=C5=82a=C5=9B?= Date: Mon, 15 Jul 2024 09:24:21 +0200 Subject: [PATCH 329/357] UserAuthentication.h: Try messing with sha256 hash MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Go¿a¿ Signed-off-by: Filip Gołaś --- DasharoModulePkg/Include/Guid/UserAuthentication.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DasharoModulePkg/Include/Guid/UserAuthentication.h b/DasharoModulePkg/Include/Guid/UserAuthentication.h index 959916e755..c27e4634f3 100644 --- a/DasharoModulePkg/Include/Guid/UserAuthentication.h +++ b/DasharoModulePkg/Include/Guid/UserAuthentication.h @@ -12,8 +12,8 @@ #define PASSWORD_MIN_SIZE 9 // MIN number of chars of password, including NULL. #define PASSWORD_MAX_SIZE 65 // MAX number of chars of password, including NULL. -#define PASSWORD_SALT_SIZE 32 -#define PASSWORD_HASH_SIZE 32 // SHA256_DIGEST_SIZE +#define PASSWORD_SALT_SIZE 64 +#define PASSWORD_HASH_SIZE 64 // SHA256_DIGEST_SIZE #define PASSWORD_MAX_TRY_COUNT 3 #define PASSWORD_HISTORY_CHECK_COUNT 5 From 536b489d0de4398977e1c24249adb0e6032cd92c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Go=C5=82a=C5=9B?= Date: Mon, 15 Jul 2024 10:41:41 +0200 Subject: [PATCH 330/357] Revert "UserAuthentication.h: Try messing with sha256 hash" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit adce3c229614cf27e4ba7494b6c6c419b20f5435. Signed-off-by: Filip Gołaś --- DasharoModulePkg/Include/Guid/UserAuthentication.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DasharoModulePkg/Include/Guid/UserAuthentication.h b/DasharoModulePkg/Include/Guid/UserAuthentication.h index c27e4634f3..959916e755 100644 --- a/DasharoModulePkg/Include/Guid/UserAuthentication.h +++ b/DasharoModulePkg/Include/Guid/UserAuthentication.h @@ -12,8 +12,8 @@ #define PASSWORD_MIN_SIZE 9 // MIN number of chars of password, including NULL. #define PASSWORD_MAX_SIZE 65 // MAX number of chars of password, including NULL. -#define PASSWORD_SALT_SIZE 64 -#define PASSWORD_HASH_SIZE 64 // SHA256_DIGEST_SIZE +#define PASSWORD_SALT_SIZE 32 +#define PASSWORD_HASH_SIZE 32 // SHA256_DIGEST_SIZE #define PASSWORD_MAX_TRY_COUNT 3 #define PASSWORD_HISTORY_CHECK_COUNT 5 From e3b0a348dd978663afc3c1f441e4ac8e44fe78a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Go=C5=82a=C5=9B?= Date: Mon, 15 Jul 2024 12:06:34 +0200 Subject: [PATCH 331/357] UserAuthenticationDxe.c: Password Dialog show input MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Go¿a¿ Signed-off-by: Filip Gołaś --- DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c index 7ac2f8b3e3..e1afc820a5 100644 --- a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c +++ b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c @@ -108,7 +108,8 @@ GetUserInput ( // add Next key entry // UserInput[InputLength] = InputKey.UnicodeChar; - Mask[InputLength] = L'*'; + //Mask[InputLength] = L'*'; + Mask[InputLength] = InputKey.UnicodeChar; InputLength++; } } From 73fc346961fea9be26eda3e958214c5ac3752da4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Go=C5=82a=C5=9B?= Date: Mon, 15 Jul 2024 12:28:37 +0200 Subject: [PATCH 332/357] UserAuthenticationDxeFormset.h: Increase Passwd length MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Go¿a¿ Signed-off-by: Filip Gołaś --- .../UserAuthenticationDxe/UserAuthenticationDxeFormset.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeFormset.h b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeFormset.h index 581849b534..a88996cfac 100644 --- a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeFormset.h +++ b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeFormset.h @@ -17,7 +17,7 @@ #define ADMIN_PASSWORD_KEY_ID 0x2001 -#define MAX_PASSWORD_LEN 32 +#define MAX_PASSWORD_LEN 64 #define MIN_PASSWORD_LEN 0 #endif From a0727d62b881a4de8c5a5d91cd133278da3fa49f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Go=C5=82a=C5=9B?= Date: Mon, 15 Jul 2024 12:42:59 +0200 Subject: [PATCH 333/357] Revert "UserAuthenticationDxe.c: Password Dialog show input" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 6fac4ac3a9dc71bf3d70012d3bb8e885e715a00c. Signed-off-by: Filip Gołaś --- DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c index e1afc820a5..7ac2f8b3e3 100644 --- a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c +++ b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxe.c @@ -108,8 +108,7 @@ GetUserInput ( // add Next key entry // UserInput[InputLength] = InputKey.UnicodeChar; - //Mask[InputLength] = L'*'; - Mask[InputLength] = InputKey.UnicodeChar; + Mask[InputLength] = L'*'; InputLength++; } } From c30aa2f48b6ed3f60b21436b2eaed7a1bd4687d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Go=C5=82a=C5=9B?= Date: Fri, 26 Jul 2024 07:33:15 +0200 Subject: [PATCH 334/357] DasharoSystemFeaturesStrings.uni: Threshold help: lower for desktop use MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Gołaś --- .../DasharoSystemFeaturesStrings.uni | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 01709381a0..307787aee7 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -148,10 +148,10 @@ #string STR_WIFI_BT_ENABLE_HELP #language en-US "When not enabled, WiFi + Bluetooth card slot is disabled." #string STR_BATTERY_START_THRESHOLD_PROMPT #language en-US "Battery Start Charge Threshold" -#string STR_BATTERY_START_THRESHOLD_HELP #language en-US "The battery will start charging once the charge level drops below this value." +#string STR_BATTERY_START_THRESHOLD_HELP #language en-US "The battery will only start charging once the charge level drops below this value. Consider lowering the value to around 70% if the device is mostly used when connected to an AC adapter to reduce battery wear." #string STR_BATTERY_STOP_THRESHOLD_PROMPT #language en-US "Battery Stop Charge Threshold" -#string STR_BATTERY_STOP_THRESHOLD_HELP #language en-US "The battery will stop charging once the charge level reaches this value." +#string STR_BATTERY_STOP_THRESHOLD_HELP #language en-US "The battery will only stop charging once the charge level reaches this value. Consider lowering this value to around 80% if the device is mostly used when connected to an AC adapter to reduce battery wear." #string STR_BATTERY_THRESHOLD_RANGE_ERROR #language en-US "The battery stop threshold must be greater than the start threshold!" From 68769c619d6b0d8af6b2ae5089e49c6caa86d698 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 22 Jun 2024 20:26:41 +0300 Subject: [PATCH 335/357] BaseTools/FmpCapsuleHeader.py: Explain error when throwing exceptions This gives a caller a chance to report a meaningful error to the user. Signed-off-by: Sergii Dmytruk --- .../Common/Uefi/Capsule/FmpCapsuleHeader.py | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/BaseTools/Source/Python/Common/Uefi/Capsule/FmpCapsuleHeader.py b/BaseTools/Source/Python/Common/Uefi/Capsule/FmpCapsuleHeader.py index 8abb449c6f..6a112d5f89 100644 --- a/BaseTools/Source/Python/Common/Uefi/Capsule/FmpCapsuleHeader.py +++ b/BaseTools/Source/Python/Common/Uefi/Capsule/FmpCapsuleHeader.py @@ -92,7 +92,7 @@ def Encode (self): def Decode (self, Buffer): if len (Buffer) < self._StructSize: - raise ValueError + raise ValueError ('Buffer is too small for decoding') (Version, UpdateImageTypeId, UpdateImageIndex, r0, r1, r2, UpdateImageSize, UpdateVendorCodeSize, UpdateHardwareInstance, ImageCapsuleSupport) = \ struct.unpack ( self._StructFormat, @@ -100,11 +100,11 @@ def Decode (self, Buffer): ) if Version < self.EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER_INIT_VERSION: - raise ValueError + raise ValueError ('Incorrect capsule image header version') if UpdateImageIndex < 1: - raise ValueError + raise ValueError ('Update image index is less than 1') if UpdateImageSize + UpdateVendorCodeSize != len (Buffer[self._StructSize:]): - raise ValueError + raise ValueError ('Non-vendor and vendor parts do not add up') self.Version = Version self.UpdateImageTypeId = uuid.UUID (bytes_le = UpdateImageTypeId) @@ -120,7 +120,7 @@ def Decode (self, Buffer): def DumpInfo (self): if not self._Valid: - raise ValueError + raise ValueError ('Can not dump an invalid header') print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.Version = {Version:08X}'.format (Version = self.Version)) print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.UpdateImageTypeId = {UpdateImageTypeId}'.format (UpdateImageTypeId = str(self.UpdateImageTypeId).upper())) print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.UpdateImageIndex = {UpdateImageIndex:08X}'.format (UpdateImageIndex = self.UpdateImageIndex)) @@ -180,7 +180,7 @@ def AddEmbeddedDriver (self, EmbeddedDriver): def GetEmbeddedDriver (self, Index): if Index > len (self._EmbeddedDriverList): - raise ValueError + raise ValueError ('Invalid embedded driver index') return self._EmbeddedDriverList[Index] def AddPayload (self, UpdateImageTypeId, Payload = b'', VendorCodeBytes = b'', HardwareInstance = 0, UpdateImageIndex = 1, CapsuleSupport = 0): @@ -188,7 +188,7 @@ def AddPayload (self, UpdateImageTypeId, Payload = b'', VendorCodeBytes = b'', H def GetFmpCapsuleImageHeader (self, Index): if Index >= len (self._FmpCapsuleImageHeaderList): - raise ValueError + raise ValueError ('Invalid capsule image index') return self._FmpCapsuleImageHeaderList[Index] def Encode (self): @@ -234,14 +234,14 @@ def Encode (self): def Decode (self, Buffer): if len (Buffer) < self._StructSize: - raise ValueError + raise ValueError ('Buffer is too small for decoding') (Version, EmbeddedDriverCount, PayloadItemCount) = \ struct.unpack ( self._StructFormat, Buffer[0:self._StructSize] ) if Version < self.EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER_INIT_VERSION: - raise ValueError + raise ValueError ('Incorrect capsule header version') self.Version = Version self.EmbeddedDriverCount = EmbeddedDriverCount @@ -258,7 +258,7 @@ def Decode (self, Buffer): for Index in range (0, EmbeddedDriverCount + PayloadItemCount): ItemOffset = struct.unpack (self._ItemOffsetFormat, Buffer[Offset:Offset + self._ItemOffsetSize])[0] if ItemOffset >= len (Buffer): - raise ValueError + raise ValueError ('Item offset is outside of buffer') self._ItemOffsetList.append (ItemOffset) Offset = Offset + self._ItemOffsetSize Result = Buffer[Offset:] @@ -297,7 +297,7 @@ def Decode (self, Buffer): def DumpInfo (self): if not self._Valid: - raise ValueError + raise ValueError ('Can not dump an invalid header') print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER.Version = {Version:08X}'.format (Version = self.Version)) print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER.EmbeddedDriverCount = {EmbeddedDriverCount:08X}'.format (EmbeddedDriverCount = self.EmbeddedDriverCount)) for EmbeddedDriver in self._EmbeddedDriverList: From 2b9d5d09b81234cbf2d4b5fc5162339feed59ea9 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 22 Jun 2024 20:31:39 +0300 Subject: [PATCH 336/357] BaseTools/GenerateCapsule.py: Fix --decode operation Commit b68d566439683d0ebe60d52c85ff0e90331db740 added support for input subject name with signtool and broke --decode operation by using incorrect identifier in one place (could be an incomplete rename during review). It's `args.SignToolSubjectName`, not `args.SignSubjectName`. Signed-off-by: Sergii Dmytruk --- BaseTools/Source/Python/Capsule/GenerateCapsule.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools/Source/Python/Capsule/GenerateCapsule.py index 35435946c6..9a395d0072 100644 --- a/BaseTools/Source/Python/Capsule/GenerateCapsule.py +++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py @@ -690,7 +690,7 @@ def Decode (PayloadDescriptorList, PayloadJsonDescriptorList, Buffer): args.HardwareInstance, args.UpdateImageIndex, args.SignToolPfxFile, - args.SignSubjectName, + args.SignToolSubjectName, args.OpenSslSignerPrivateCertFile, args.OpenSslOtherPublicCertFile, args.OpenSslTrustedPublicCertFile, From 55936941e9bc8073fee42e7a89521afd27e92c66 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 22 Jun 2024 20:38:03 +0300 Subject: [PATCH 337/357] BaseTools/GenerateCapsule.py: Disallow UpdateImageIndex == 0 on --encode This field seems to be one-based according UEFI specification, default value is 1 and --decode of GenerateCapsule.py errors upon seeing UpdateImageIndex less than 1. So align --encode behaviour to enforce a value within the 1..255 range. Signed-off-by: Sergii Dmytruk --- BaseTools/Source/Python/Capsule/GenerateCapsule.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools/Source/Python/Capsule/GenerateCapsule.py index 9a395d0072..de1dbbab5f 100644 --- a/BaseTools/Source/Python/Capsule/GenerateCapsule.py +++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py @@ -513,11 +513,11 @@ def Validate(self, args): raise argparse.ArgumentTypeError ('JSON field MonotonicCount must be an integer in range 0x0..0xffffffffffffffff') else: raise argparse.ArgumentTypeError ('--monotonic-count must be an integer in range 0x0..0xffffffffffffffff') - if self.UpdateImageIndex >0xFF: + if self.UpdateImageIndex < 0x1 or self.UpdateImageIndex > 0xFF: if args.JsonFile: - raise argparse.ArgumentTypeError ('JSON field UpdateImageIndex must be an integer in range 0x0..0xff') + raise argparse.ArgumentTypeError ('JSON field UpdateImageIndex must be an integer in range 0x1..0xff') else: - raise argparse.ArgumentTypeError ('--update-image-index must be an integer in range 0x0..0xff') + raise argparse.ArgumentTypeError ('--update-image-index must be an integer in range 0x1..0xff') if self.UseSignTool: if self.SignToolPfxFile is not None: From 0f285893890886ce3f99af477f672eb25bf76697 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 22 Jun 2024 20:42:16 +0300 Subject: [PATCH 338/357] BaseTools/GenerateCapsule.py: Better error message on --decode failure Print error text from the exception. Signed-off-by: Sergii Dmytruk --- BaseTools/Source/Python/Capsule/GenerateCapsule.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools/Source/Python/Capsule/GenerateCapsule.py index de1dbbab5f..4d4e526432 100644 --- a/BaseTools/Source/Python/Capsule/GenerateCapsule.py +++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py @@ -873,8 +873,8 @@ def Decode (PayloadDescriptorList, PayloadJsonDescriptorList, Buffer): print ('GenerateCapsule: error: can not write embedded driver file {File}'.format (File = EmbeddedDriverPath)) sys.exit (1) - except: - print ('GenerateCapsule: error: can not decode capsule') + except Exception as Msg: + print ('GenerateCapsule: error: can not decode capsule: ' + str(Msg)) sys.exit (1) GenerateOutputJson(PayloadJsonDescriptorList) PayloadIndex = 0 From 3a42552fc6c5b9d6a65d3863a4ee568f974722c4 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 22 Jun 2024 20:43:13 +0300 Subject: [PATCH 339/357] BaseTools/GenerateCapsule.py: Require --output for --decode --decode unconditionally uses args.OutputFile.name as a prefix for output files that it creates and fails in a non-pretty way without --output option. This doesn't address creation/truncation of the file specified via --output, but at least you're able to decode a capsule. Signed-off-by: Sergii Dmytruk --- BaseTools/Source/Python/Capsule/GenerateCapsule.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools/Source/Python/Capsule/GenerateCapsule.py index 4d4e526432..87fa998274 100644 --- a/BaseTools/Source/Python/Capsule/GenerateCapsule.py +++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py @@ -519,6 +519,10 @@ def Validate(self, args): else: raise argparse.ArgumentTypeError ('--update-image-index must be an integer in range 0x1..0xff') + if args.Decode: + if args.OutputFile is None: + raise argparse.ArgumentTypeError ('--decode requires --output') + if self.UseSignTool: if self.SignToolPfxFile is not None: self.SignToolPfxFile.close() From 2374aa6bf948e3d4dd9d408411b26eb49e9a74f4 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 22 Jun 2024 20:46:44 +0300 Subject: [PATCH 340/357] BaseTools/GenerateCapsule.py: Fix inconsistent error formatting Just add a space between colon and a more detailed error message in two places. Signed-off-by: Sergii Dmytruk --- BaseTools/Source/Python/Capsule/GenerateCapsule.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools/Source/Python/Capsule/GenerateCapsule.py index 87fa998274..d694130bc4 100644 --- a/BaseTools/Source/Python/Capsule/GenerateCapsule.py +++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py @@ -580,7 +580,7 @@ def Encode (PayloadDescriptorList, EmbeddedDriverDescriptorList, Buffer): try: SinglePayloadDescriptor.Validate (args) except Exception as Msg: - print ('GenerateCapsule: error:' + str(Msg)) + print ('GenerateCapsule: error: ' + str(Msg)) sys.exit (1) for SinglePayloadDescriptor in PayloadDescriptorList: ImageCapsuleSupport = 0x0000000000000000 @@ -708,7 +708,7 @@ def Decode (PayloadDescriptorList, PayloadJsonDescriptorList, Buffer): try: SinglePayloadDescriptor.Validate (args) except Exception as Msg: - print ('GenerateCapsule: error:' + str(Msg)) + print ('GenerateCapsule: error: ' + str(Msg)) sys.exit (1) try: Result = UefiCapsuleHeader.Decode (Buffer) From eb218796794a6225f4d5813de29f49d865c7f9b1 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 22 Jun 2024 20:47:56 +0300 Subject: [PATCH 341/357] BaseTools/GenerateCapsule.py: Fix checking for DepExp presence struct.unpack() returns a tuple even for a single-element pack, resulting in signature verification being evaluated to false even when the signature is there. This fixes --decode and --dump-info actions incorrectly reporting issues with parsing capsule dependencies when there are none. Signed-off-by: Sergii Dmytruk --- BaseTools/Source/Python/Capsule/GenerateCapsule.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools/Source/Python/Capsule/GenerateCapsule.py index d694130bc4..a773cfb2b3 100644 --- a/BaseTools/Source/Python/Capsule/GenerateCapsule.py +++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py @@ -831,7 +831,7 @@ def Decode (PayloadDescriptorList, PayloadJsonDescriptorList, Buffer): print ('--------') print ('No EFI_FIRMWARE_IMAGE_AUTHENTICATION') - PayloadSignature = struct.unpack (' Date: Thu, 25 Jul 2024 13:56:04 +0200 Subject: [PATCH 342/357] DasharoPayloadPkg/PlatformBootManagerLib: Add missing BlParseLib in the INF file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix build complaining on missing ParseVBootWorkbuf. Signed-off-by: Michał Żygowski --- .../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + 1 file changed, 1 insertion(+) diff --git a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 11360551c7..97ca5d9e87 100644 --- a/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/DasharoPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -54,6 +54,7 @@ Tcg2PhysicalPresenceLib CustomizedDisplayLib LaptopBatteryLib + BlParseLib [Guids] gEfiEndOfDxeEventGroupGuid From ff274c8c16c5198463de52b7a59b793e45b25997 Mon Sep 17 00:00:00 2001 From: Matt DeVillier Date: Tue, 21 Apr 2020 21:16:16 -0500 Subject: [PATCH 343/357] DasharoPayloadPkg: Add PlatformGopPolicy Add PlatformGopPolicy to use external GOP driver Signed-off-by: Matt DeVillier --- .../PlatformGopPolicy/PlatformGopPolicy.c | 174 ++++++++++++++++++ .../PlatformGopPolicy/PlatformGopPolicy.h | 70 +++++++ .../PlatformGopPolicy/PlatformGopPolicy.inf | 44 +++++ 3 files changed, 288 insertions(+) create mode 100644 DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.c create mode 100644 DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.h create mode 100644 DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.inf diff --git a/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.c b/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.c new file mode 100644 index 0000000000..f3e9785c70 --- /dev/null +++ b/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.c @@ -0,0 +1,174 @@ +/*++ + +Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved + + + SPDX-License-Identifier: BSD-2-Clause-Patent + + + + +--*/ + +/** @file +**/ + +#include +#include +#include +#include "PlatformGopPolicy.h" + +#include +#include + +PLATFORM_GOP_POLICY_PROTOCOL mPlatformGOPPolicy; + +// +// Function implementations +// + +/** + The function will execute with as the platform policy, and gives + the Platform Lid Status. IBV/OEM can customize this code for their specific + policy action. + + @param CurrentLidStatus Gives the current LID Status + + @retval EFI_SUCCESS. + +**/ +EFI_STATUS +EFIAPI +GetPlatformLidStatus ( + OUT LID_STATUS *CurrentLidStatus +) +{ + *CurrentLidStatus = LidOpen; + + return EFI_SUCCESS; +} + +/** + The function will execute and gives the Video Bios Table Size and Address. + + @param VbtAddress Gives the Physical Address of Video BIOS Table + + @param VbtSize Gives the Size of Video BIOS Table + + @retval EFI_STATUS. + +**/ + +EFI_STATUS +EFIAPI +GetVbtData ( + OUT EFI_PHYSICAL_ADDRESS *VbtAddress, + OUT UINT32 *VbtSize +) +{ + EFI_STATUS Status; + UINTN FvProtocolCount; + EFI_HANDLE *FvHandles; + EFI_FIRMWARE_VOLUME2_PROTOCOL *Fv; + UINTN Index; + UINT32 AuthenticationStatus; + + UINT8 *Buffer; + UINTN VbtBufferSize; + + Buffer = 0; + FvHandles = NULL; + + if (VbtAddress == NULL || VbtSize == NULL){ + return EFI_INVALID_PARAMETER; + } + Status = gBS->LocateHandleBuffer ( + ByProtocol, + &gEfiFirmwareVolume2ProtocolGuid, + NULL, + &FvProtocolCount, + &FvHandles + ); + + if (!EFI_ERROR (Status)) { + for (Index = 0; Index < FvProtocolCount; Index++) { + Status = gBS->HandleProtocol ( + FvHandles[Index], + &gEfiFirmwareVolume2ProtocolGuid, + (VOID **) &Fv + ); + VbtBufferSize = 0; + Status = Fv->ReadSection ( + Fv, + &gBmpImageGuid, + EFI_SECTION_RAW, + 0, + (void **)&Buffer, + &VbtBufferSize, + &AuthenticationStatus + ); + + if (!EFI_ERROR (Status)) { + *VbtAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + *VbtSize = (UINT32)VbtBufferSize; + Status = EFI_SUCCESS; + break; + } + } + } else { + Status = EFI_NOT_FOUND; + } + + if (FvHandles != NULL) { + gBS->FreePool (FvHandles); + FvHandles = NULL; + } + + return Status; +} + +/** + Entry point for the Platform GOP Policy Driver. + + @param ImageHandle Image handle of this driver. + @param SystemTable Global system service table. + + @retval EFI_SUCCESS Initialization complete. + @retval EFI_OUT_OF_RESOURCES Do not have enough resources to initialize the driver. + +**/ + +EFI_STATUS +EFIAPI +PlatformGOPPolicyEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) + +{ + EFI_STATUS Status = EFI_SUCCESS; + + gBS = SystemTable->BootServices; + + gBS->SetMem ( + &mPlatformGOPPolicy, + sizeof (PLATFORM_GOP_POLICY_PROTOCOL), + 0 + ); + + mPlatformGOPPolicy.Revision = PLATFORM_GOP_POLICY_PROTOCOL_REVISION_01; + mPlatformGOPPolicy.GetPlatformLidStatus = GetPlatformLidStatus; + mPlatformGOPPolicy.GetVbtData = GetVbtData; + + // + // Install protocol to allow access to this Policy. + // + Status = gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gPlatformGOPPolicyGuid, + &mPlatformGOPPolicy, + NULL + ); + + return Status; +} diff --git a/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.h b/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.h new file mode 100644 index 0000000000..9205afbd8f --- /dev/null +++ b/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.h @@ -0,0 +1,70 @@ +/*++ + +Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved + + + SPDX-License-Identifier: BSD-2-Clause-Patent + + + + +--*/ + +/** @file +**/ + +#ifndef _PLATFORM_GOP_POLICY_PROTOCOL_H_ +#define _PLATFORM_GOP_POLICY_PROTOCOL_H_ + +#define EFI_PLATFORM_GOP_POLICY_PROTOCOL_GUID \ + { 0xec2e931b, 0x3281, 0x48a5, 0x81, 0x7, 0xdf, 0x8a, 0x8b, 0xed, 0x3c, 0x5d } + +#define EFI_BMP_IMAGE_GUID \ + { 0x878AC2CC, 0x5343, 0x46F2, 0xB5, 0x63, 0x51, 0xF8, 0x9D, 0xAF, 0x56, 0xBA } + +#define PLATFORM_GOP_POLICY_PROTOCOL_REVISION_01 0x01 +#define PLATFORM_GOP_POLICY_PROTOCOL_REVISION_02 x0222 + +#pragma pack(1) + +typedef enum { + LidClosed, + LidOpen, + LidStatusMax +} LID_STATUS; + +typedef enum { + Docked, + UnDocked, + DockStatusMax +} DOCK_STATUS; + +typedef +EFI_STATUS +(EFIAPI *GET_PLATFORM_LID_STATUS) ( + OUT LID_STATUS *CurrentLidStatus +); + +typedef +EFI_STATUS +(EFIAPI *GET_VBT_DATA) ( + OUT EFI_PHYSICAL_ADDRESS *VbtAddress, + OUT UINT32 *VbtSize +); + +#pragma pack() + +typedef struct _PLATFORM_GOP_POLICY_PROTOCOL { + UINT32 Revision; + GET_PLATFORM_LID_STATUS GetPlatformLidStatus; + GET_VBT_DATA GetVbtData; +} PLATFORM_GOP_POLICY_PROTOCOL; + +// +// Extern the GUID for protocol users. +// +extern EFI_GUID gPlatformGOPPolicyGuid; + +extern EFI_GUID gBmpImageGuid; + +#endif diff --git a/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.inf b/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.inf new file mode 100644 index 0000000000..ba5b05efeb --- /dev/null +++ b/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.inf @@ -0,0 +1,44 @@ +# +# +# Copyright (c) 1999 - 2019, Intel Corporation. All rights reserved +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PlatformGOPPolicy + FILE_GUID = 9737D7CA-D869-45e5-A5EF-75D9438688DE + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = PlatformGOPPolicyEntryPoint + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = X64 +# + +[Sources.common] + PlatformGopPolicy.c + +[Packages] + MdePkg/MdePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + UefiDriverEntryPoint + UefiRuntimeServicesTableLib + +[Guids] + gBmpImageGuid + +[Protocols] + gEfiFirmwareVolume2ProtocolGuid + gPlatformGOPPolicyGuid + +[Depex] + gEfiVariableArchProtocolGuid From 5a418fd7fc056a060982b9bfc7e1550953031c43 Mon Sep 17 00:00:00 2001 From: Matt DeVillier Date: Tue, 21 Apr 2020 21:27:49 -0500 Subject: [PATCH 344/357] DasharoPayloadPkg: Use PlatformGopPolicy Use PlatformGopPolicy in place of GraphicsOutputDxe if command line param passed Signed-off-by: Matt DeVillier --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 9 ++++++++- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 21 ++++++++++++++++++++- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index d4edef34d6..1c5c97fb7a 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -109,6 +109,7 @@ DEFINE PERFORMANCE_MEASUREMENT_ENABLE = FALSE DEFINE RAM_DISK_ENABLE = FALSE DEFINE APU_CONFIG_ENABLE = FALSE + DEFINE USE_PLATFORM_GOP = FALSE # # Network definition @@ -825,9 +826,15 @@ MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf - DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf +!if $(USE_PLATFORM_GOP) == TRUE + DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.inf +!else + DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf +!endif + + # # Network Support # diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index 599b60570d..f9f052e50a 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -175,9 +175,28 @@ INF MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf INF MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf INF MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf -INF DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf INF DasharoPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf +!if $(USE_PLATFORM_GOP) == TRUE +!if "X64" in $(ARCH) +INF DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.inf +!endif +FILE DRIVER = FF0C8745-3270-4439-B74F-3E45F8C77064 { + SECTION DXE_DEPEX_EXP = {gPlatformGOPPolicyGuid} + SECTION PE32 = DasharoPayloadPkg/IntelGopDriver.efi + SECTION UI = "IntelGopDriver" +} + +FILE FREEFORM = 878AC2CC-5343-46F2-B563-51F89DAF56BA { + SECTION RAW = DasharoPayloadPkg/vbt.bin + SECTION UI = "IntelGopVbt" +} +!else + INF DasharoPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf +!endif + + + # # SCSI/ATA/IDE/DISK Support # From 418c430f030a0982cb314392d37c2dd9edaed9fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 12 Aug 2024 11:19:27 +0200 Subject: [PATCH 345/357] DasharoPayloadPkg: Add LaptopLidLib MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../Include/Library/LaptopLidLib.h | 44 ++++ .../Library/LaptopLidLib/LaptopLidLib.c | 228 ++++++++++++++++++ .../Library/LaptopLidLib/LaptopLidLib.inf | 33 +++ .../Library/LaptopLidLib/LaptopLidLibNull.c | 30 +++ .../Library/LaptopLidLib/LaptopLidLibNull.inf | 28 +++ 5 files changed, 363 insertions(+) create mode 100644 DasharoPayloadPkg/Include/Library/LaptopLidLib.h create mode 100644 DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLib.c create mode 100644 DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLib.inf create mode 100644 DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLibNull.c create mode 100644 DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLibNull.inf diff --git a/DasharoPayloadPkg/Include/Library/LaptopLidLib.h b/DasharoPayloadPkg/Include/Library/LaptopLidLib.h new file mode 100644 index 0000000000..ace3a6ee14 --- /dev/null +++ b/DasharoPayloadPkg/Include/Library/LaptopLidLib.h @@ -0,0 +1,44 @@ +/** @file + Library that query laptop EC for lid state. + +Copyright (c) 2023, 3mdeb. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include + +#ifndef __LAPTOP_LID_LIB__ +#define __LAPTOP_LID_LIB__ + +#pragma pack(1) + +typedef enum { + LidClosed, + LidOpen, + LidStatusMax +} LID_STATUS; + +#pragma pack() + +/** + This function retrieves the lid state from EC. + + @param LidState Pointer to the lid state + + @retval RETURN_SUCCESS Successfully probed the lid state. + @retval RETURN_UNSUPPORTED Function is unsupported. + @retval RETURN_TIMEOUT EC communication timeout. + @retval RETURN_INVALID_PARAMETER NULL pointer passed as parameter + +**/ +EFI_STATUS +EFIAPI +LaptopGetLidState ( + LID_STATUS *LidState + ); + +#endif diff --git a/DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLib.c b/DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLib.c new file mode 100644 index 0000000000..7e08f93f47 --- /dev/null +++ b/DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLib.c @@ -0,0 +1,228 @@ +/** @file + Library that query laptop EC for lid state. + +Copyright (c) 2024, 3mdeb. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#define EC_POLL_DELAY_US 10 +#define EC_SEND_TIMEOUT_US 20000 // 20ms +#define EC_RECV_TIMEOUT_US 320000 // 320ms + +#define EC_SC 0x66 +#define EC_DATA 0x62 + +#define EC_CMD (1 << 3) +#define EC_IBF (1 << 1) +#define EC_OBF (1 << 0) + +#define RD_EC 0x80 + +#define LID_STATE_REG 0x3 +#define LID_STATE (1 << 0) + + +RETURN_STATUS +EcScWait ( + UINTN TimeoutUs, + UINT8 Mask, + UINT8 State + ) +{ + while (TimeoutUs > 0 && (IoRead8(EC_SC) & Mask) != State) { + MicroSecondDelay(EC_POLL_DELAY_US); + TimeoutUs -= EC_POLL_DELAY_US; + } + + return TimeoutUs > 0 ? RETURN_SUCCESS : RETURN_TIMEOUT; +} + +RETURN_STATUS +EcReadySend ( + UINTN TimeoutUs + ) +{ + return EcScWait(TimeoutUs, EC_IBF, 0); +} + +RETURN_STATUS +EcReadyRecv ( + UINTN TimeoutUs + ) +{ + return EcScWait(TimeoutUs, EC_OBF, EC_OBF); +} + +RETURN_STATUS +EcRecvDataTimeout ( + UINT8 *Data, + UINTN TimeoutUs + ) +{ + EFI_STATUS Status; + + if (!Data) + return RETURN_INVALID_PARAMETER; + + Status = EcReadyRecv(TimeoutUs); + + if (Status != RETURN_SUCCESS) + return Status; + + *Data = IoRead8(EC_DATA); + + return RETURN_SUCCESS; +} + +RETURN_STATUS +EcSendDataTimeout ( + UINT8 Data, + UINTN TimeoutUs + ) +{ + EFI_STATUS Status; + + Status = EcReadySend(TimeoutUs); + + if (Status != RETURN_SUCCESS) + return Status; + + IoWrite8(EC_DATA, Data); + + return RETURN_SUCCESS; +} + +RETURN_STATUS +EcSendCmdTimeout ( + UINT8 Cmd, + UINTN TimeoutUs + ) +{ + EFI_STATUS Status; + + if (!Cmd) + return RETURN_INVALID_PARAMETER; + + Status = EcReadySend(TimeoutUs); + + if (Status != RETURN_SUCCESS) + return Status; + + IoWrite8(EC_SC, Cmd); + + return RETURN_SUCCESS; +} + +RETURN_STATUS +EcSendCmd ( + UINT8 Cmd + ) +{ + return EcSendCmdTimeout(Cmd, EC_SEND_TIMEOUT_US); +} + +RETURN_STATUS +EcSendData ( + UINT8 Data + ) +{ + return EcSendDataTimeout(Data, EC_SEND_TIMEOUT_US); +} + +RETURN_STATUS +EcRecvData ( + UINT8 *Data + ) +{ + return EcRecvDataTimeout(Data, EC_RECV_TIMEOUT_US); +} + +RETURN_STATUS +EcReadReg ( + UINT8 Reg, + UINT8 *Data + ) +{ + EFI_STATUS Status; + + Status = EcSendCmd(RD_EC); + + if (Status != RETURN_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Failed to send read EC command for reg %02x: %r\n", Reg, Status)); + return Status; + } + + Status = EcSendData(Reg); + + if (Status != RETURN_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Failed to send read EC address %02x: %r\n", Reg, Status)); + return Status; + } + + return EcRecvData(Data); +} + +RETURN_STATUS +EcReadReg32 ( + UINT8 Reg, + UINT32 *Data32 + ) +{ + RETURN_STATUS Status; + UINT8 Data8[4]; + UINTN Index; + + if (!Data32) + return RETURN_INVALID_PARAMETER; + + *Data32 = 0; + + for (Index = 0; Index < 4; Index++) { + Status = EcReadReg(Reg + Index, &Data8[Index]); + + if (Status != RETURN_SUCCESS) + return Status; + + *Data32 |= (UINT32)Data8[Index] << (8 * Index); + } + + return RETURN_SUCCESS; +} + +/** + This function retrieves the lid state from EC. + + @param LidState Pointer to the lid state + + @retval RETURN_SUCCESS Successfully probed the lid state. + @retval RETURN_UNSUPPORTED Function is unsupported. + @retval RETURN_TIMEOUT EC communication timeout. + @retval RETURN_INVALID_PARAMETER NULL pointer passed as parameter + +**/ +EFI_STATUS +EFIAPI +LaptopGetLidState ( + LID_STATUS *LidState + ) +{ + EFI_STATUS Status; + UINT8 Reg; + + Status = EcReadReg(LID_STATE_REG, &Reg); + + if (Status != RETURN_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Failed to read lid state: %r\n", Status)); + return Status; + } + + *LidState = (Reg & LID_STATE) ? LidOpen : LidClosed; + + DEBUG ((DEBUG_INFO, "Lid %a\n", *LidState ? "open" : "closed")); + + return RETURN_SUCCESS; +} + diff --git a/DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLib.inf b/DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLib.inf new file mode 100644 index 0000000000..2162428005 --- /dev/null +++ b/DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLib.inf @@ -0,0 +1,33 @@ +## @file +# Library that query laptop EC for lid state. +# +# Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = LaptopLidLib + FILE_GUID = F0E7259F-8EAE-4CED-82E8-F0971660A644 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = LaptopLidLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + LaptopLidLib.c + +[Packages] + MdePkg/MdePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec + +[LibraryClasses] + IoLib + TimerLib + DebugLib diff --git a/DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLibNull.c b/DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLibNull.c new file mode 100644 index 0000000000..2be773605d --- /dev/null +++ b/DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLibNull.c @@ -0,0 +1,30 @@ +/** @file + Library that query laptop EC for lid state. + +Copyright (c) 2024, 3mdeb. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +/** + This function retrieves the lid state from EC. + + @param LidState Pointer to the lid state + + @retval RETURN_SUCCESS Successfully probed the lid state. + @retval RETURN_UNSUPPORTED Function is unsupported. + @retval RETURN_TIMEOUT EC communication timeout. + @retval RETURN_INVALID_PARAMETER NULL pointer passed as parameter + +**/ +EFI_STATUS +EFIAPI +LaptopGetLidState ( + LID_STATUS *LidState + ) +{ + *LidState = LidOpen; + return EFI_SUCCESS; +} diff --git a/DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLibNull.inf b/DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLibNull.inf new file mode 100644 index 0000000000..da267d4141 --- /dev/null +++ b/DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLibNull.inf @@ -0,0 +1,28 @@ +## @file +# Include all platform specific features which can be customized by IBV/OEM. +# +# Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = LaptopLidLib + FILE_GUID = F0E7259F-8EAE-4CED-82E8-F0971660A644 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = LaptopLidLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + LaptopLidLibNull.c + +[Packages] + MdePkg/MdePkg.dec + DasharoPayloadPkg/DasharoPayloadPkg.dec From 15e8a0877230c00029bb6fd0843f7494a8bfd8d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 12 Aug 2024 11:31:55 +0200 Subject: [PATCH 346/357] DasharoPayloadPkg: Use LaptopLidLib MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 9 +++++++++ DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.c | 8 +++++++- DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.h | 6 ------ .../PlatformGopPolicy/PlatformGopPolicy.inf | 1 + 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 1c5c97fb7a..03a895605f 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -110,6 +110,7 @@ DEFINE RAM_DISK_ENABLE = FALSE DEFINE APU_CONFIG_ENABLE = FALSE DEFINE USE_PLATFORM_GOP = FALSE + DEFINE USE_LAPTOP_LID_LIB = FALSE # # Network definition @@ -334,6 +335,14 @@ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf !endif +!if $(USE_PLATFORM_GOP) == TRUE +!if $(USE_LAPTOP_LID_LIB) == TRUE + LaptopLidLib|DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLib.inf +!else + LaptopLidLib|DasharoPayloadPkg/Library/LaptopLidLib/LaptopLidLibNull.inf +!endif +!endif + [LibraryClasses.IA32.SEC] DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf diff --git a/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.c b/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.c index f3e9785c70..1205a3843c 100644 --- a/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.c +++ b/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.c @@ -15,6 +15,7 @@ Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved #include #include +#include #include #include "PlatformGopPolicy.h" @@ -43,7 +44,12 @@ GetPlatformLidStatus ( OUT LID_STATUS *CurrentLidStatus ) { - *CurrentLidStatus = LidOpen; + EFI_STATUS Status; + + Status = LaptopGetLidState (CurrentLidStatus); + + if (EFI_ERROR (Status)) + *CurrentLidStatus = LidOpen; return EFI_SUCCESS; } diff --git a/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.h b/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.h index 9205afbd8f..251d6701e8 100644 --- a/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.h +++ b/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.h @@ -27,12 +27,6 @@ Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved #pragma pack(1) -typedef enum { - LidClosed, - LidOpen, - LidStatusMax -} LID_STATUS; - typedef enum { Docked, UnDocked, diff --git a/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.inf b/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.inf index ba5b05efeb..c424f23753 100644 --- a/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.inf +++ b/DasharoPayloadPkg/PlatformGopPolicy/PlatformGopPolicy.inf @@ -32,6 +32,7 @@ DebugLib UefiDriverEntryPoint UefiRuntimeServicesTableLib + LaptopLidLib [Guids] gBmpImageGuid From 9ba058043c890f787be4f8217b27ff3963219139 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Thu, 15 Aug 2024 20:44:17 +0300 Subject: [PATCH 347/357] CryptoPkg/BaseCryptLib[MbedTls]/SysCall/TimerWrapper.c: fix memory leak Make gmtime() return pointer to a statically allocated storage. This is how it's documented and that's how it gets used. The API isn't thread-safe but given that EDK2 is essentially single-threaded (MP Services Protocol is a special exception). Given that this code gets run at runtime phase, the leak could potentially be used to exhaust memory reserved for the runtime phase. Signed-off-by: Sergii Dmytruk --- .../BaseCryptLib/SysCall/TimerWrapper.c | 34 ++++++++----------- .../SysCall/TimerWrapper.c | 34 ++++++++----------- 2 files changed, 30 insertions(+), 38 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c index 2dfc6fe6c5..f51bf2caae 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c @@ -135,7 +135,8 @@ gmtime ( const time_t *timer ) { - struct tm *GmTime; + STATIC struct tm GmTime; + UINT64 DayNo; UINT64 DayRemainder; time_t Year; @@ -148,23 +149,18 @@ gmtime ( return NULL; } - GmTime = malloc (sizeof (struct tm)); - if (GmTime == NULL) { - return NULL; - } - - ZeroMem ((VOID *)GmTime, (UINTN)sizeof (struct tm)); + ZeroMem ((VOID *)&GmTime, (UINTN)sizeof (GmTime)); DayNo = (UINT64)DivS64x64Remainder (*timer, SECSPERDAY, &Remainder); DayRemainder = (UINT64)Remainder; DivS64x64Remainder (DayRemainder, SECSPERMIN, &Remainder); - GmTime->tm_sec = (int)Remainder; + GmTime.tm_sec = (int)Remainder; DivS64x64Remainder (DayRemainder, SECSPERHOUR, &Remainder); - GmTime->tm_min = (int)DivS64x64Remainder (Remainder, SECSPERMIN, NULL); - GmTime->tm_hour = (int)DivS64x64Remainder (DayRemainder, SECSPERHOUR, NULL); + GmTime.tm_min = (int)DivS64x64Remainder (Remainder, SECSPERMIN, NULL); + GmTime.tm_hour = (int)DivS64x64Remainder (DayRemainder, SECSPERHOUR, NULL); DivS64x64Remainder ((DayNo + 4), 7, &Remainder); - GmTime->tm_wday = (int)Remainder; + GmTime.tm_wday = (int)Remainder; for (Year = 1970, YearNo = 0; DayNo > 0; Year++) { TotalDays = (UINT32)(IsLeap (Year) ? 366 : 365); @@ -176,8 +172,8 @@ gmtime ( } } - GmTime->tm_year = (int)(YearNo + (1970 - 1900)); - GmTime->tm_yday = (int)DayNo; + GmTime.tm_year = (int)(YearNo + (1970 - 1900)); + GmTime.tm_yday = (int)DayNo; for (MonthNo = 12; MonthNo > 1; MonthNo--) { if (DayNo >= CumulativeDays[IsLeap (Year)][MonthNo]) { @@ -186,12 +182,12 @@ gmtime ( } } - GmTime->tm_mon = (int)MonthNo - 1; - GmTime->tm_mday = (int)DayNo + 1; + GmTime.tm_mon = (int)MonthNo - 1; + GmTime.tm_mday = (int)DayNo + 1; - GmTime->tm_isdst = 0; - GmTime->tm_gmtoff = 0; - GmTime->tm_zone = NULL; + GmTime.tm_isdst = 0; + GmTime.tm_gmtoff = 0; + GmTime.tm_zone = NULL; - return GmTime; + return &GmTime; } diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c index 669696b99a..7bf6cde0b8 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c @@ -113,7 +113,8 @@ gmtime ( const time_t *timer ) { - struct tm *GmTime; + STATIC struct tm GmTime; + UINT16 DayNo; UINT16 DayRemainder; time_t Year; @@ -125,20 +126,15 @@ gmtime ( return NULL; } - GmTime = AllocateZeroPool (sizeof (struct tm)); - if (GmTime == NULL) { - return NULL; - } - - ZeroMem ((VOID *)GmTime, (UINTN)sizeof (struct tm)); + ZeroMem ((VOID *)&GmTime, (UINTN)sizeof (GmTime)); DayNo = (UINT16)(*timer / SECSPERDAY); DayRemainder = (UINT16)(*timer % SECSPERDAY); - GmTime->tm_sec = (int)(DayRemainder % SECSPERMIN); - GmTime->tm_min = (int)((DayRemainder % SECSPERHOUR) / SECSPERMIN); - GmTime->tm_hour = (int)(DayRemainder / SECSPERHOUR); - GmTime->tm_wday = (int)((DayNo + 4) % 7); + GmTime.tm_sec = (int)(DayRemainder % SECSPERMIN); + GmTime.tm_min = (int)((DayRemainder % SECSPERHOUR) / SECSPERMIN); + GmTime.tm_hour = (int)(DayRemainder / SECSPERHOUR); + GmTime.tm_wday = (int)((DayNo + 4) % 7); for (Year = 1970, YearNo = 0; DayNo > 0; Year++) { TotalDays = (UINT16)(IsLeap (Year) ? 366 : 365); @@ -150,8 +146,8 @@ gmtime ( } } - GmTime->tm_year = (int)(YearNo + (1970 - 1900)); - GmTime->tm_yday = (int)DayNo; + GmTime.tm_year = (int)(YearNo + (1970 - 1900)); + GmTime.tm_yday = (int)DayNo; for (MonthNo = 12; MonthNo > 1; MonthNo--) { if (DayNo >= CumulativeDays[IsLeap (Year)][MonthNo]) { @@ -160,14 +156,14 @@ gmtime ( } } - GmTime->tm_mon = (int)MonthNo - 1; - GmTime->tm_mday = (int)DayNo + 1; + GmTime.tm_mon = (int)MonthNo - 1; + GmTime.tm_mday = (int)DayNo + 1; - GmTime->tm_isdst = 0; - GmTime->tm_gmtoff = 0; - GmTime->tm_zone = NULL; + GmTime.tm_isdst = 0; + GmTime.tm_gmtoff = 0; + GmTime.tm_zone = NULL; - return GmTime; + return &GmTime; } /**_time64 function. **/ From ae0ecedb0c0e57157f11e320f6a4e66806355404 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Thu, 15 Aug 2024 20:54:48 +0300 Subject: [PATCH 348/357] CryptoPkg/BaseCryptLibMbedTls: switch to calloc()/free() This is a follow up for 6ca206042ff7e436140fb3389162229947335fc4 and 784750e01d26f0fc473edc01cc50d7c45f74336f which provide more detailed information on the issue and how this addresses it. The files modified by this commit were chosen based on the list of sources in CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf The only source permitted to request memory from boot services is SysCall/RuntimeMemAllocation.c which does it in constructor before ExitBootServices() is called. Trying to update minimal set of files because some of the API which does allocations get used outside of BaseCryptLibMbedTls and can do FreePool(). In the updated files, allocations are of two types: - temporary allocations within a function (they don't get returned or set to some output parameter) - paired alloc/free kind of functions which remain in control of how the memory is treated Signed-off-by: Sergii Dmytruk --- CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c | 9 +++++---- CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c | 8 +++----- .../Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c | 6 ++---- CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c | 10 +++++----- 4 files changed, 15 insertions(+), 18 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c index c4cda57b4d..8083b3fef2 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c @@ -24,11 +24,14 @@ HmacMdNew ( { VOID *HmacMdCtx; - HmacMdCtx = AllocateZeroPool (sizeof (mbedtls_md_context_t)); + HmacMdCtx = calloc (sizeof (mbedtls_md_context_t), 1); if (HmacMdCtx == NULL) { return NULL; } + // XXX: No mbedtls_md_init()? mbedtls_md_free() shouldn't be called in this + // case. `HmacMdFree (HmacMdNew ())` can cause problems. + return HmacMdCtx; } @@ -44,9 +47,7 @@ HmacMdFree ( ) { mbedtls_md_free (HmacMdCtx); - if (HmacMdCtx != NULL) { - FreePool (HmacMdCtx); - } + free (HmacMdCtx); } /** diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c index 56411174dd..ad26b57168 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c @@ -52,7 +52,7 @@ RsaGetPrivateKeyFromPem ( NewPemData = NULL; if (PemData[PemSize - 1] != 0) { - NewPemData = AllocateZeroPool (PemSize + 1); + NewPemData = calloc (PemSize + 1, 1); if (NewPemData == NULL) { return FALSE; } @@ -73,10 +73,8 @@ RsaGetPrivateKeyFromPem ( Ret = mbedtls_pk_parse_key (&Pk, PemData, PemSize, (CONST UINT8 *)Password, PasswordLen, NULL, NULL); - if (NewPemData != NULL) { - FreePool (NewPemData); - NewPemData = NULL; - } + free (NewPemData); + NewPemData = NULL; if (Ret != 0) { mbedtls_pk_free (&Pk); diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c index 8b61ae02ec..d41b064002 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c @@ -33,7 +33,7 @@ RsaNew ( { VOID *RsaContext; - RsaContext = AllocateZeroPool (sizeof (mbedtls_rsa_context)); + RsaContext = calloc (sizeof (mbedtls_rsa_context), 1); if (RsaContext == NULL) { return RsaContext; } @@ -59,9 +59,7 @@ RsaFree ( ) { mbedtls_rsa_free (RsaContext); - if (RsaContext != NULL) { - FreePool (RsaContext); - } + free (RsaContext); } /** diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c index 84b67c8f0a..3cf44e9b95 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c @@ -82,7 +82,7 @@ X509ConstructCertificate ( return FALSE; } - MbedTlsCert = AllocateZeroPool (sizeof (mbedtls_x509_crt)); + MbedTlsCert = calloc (sizeof (mbedtls_x509_crt), 1); if (MbedTlsCert == NULL) { return FALSE; } @@ -95,7 +95,7 @@ X509ConstructCertificate ( return TRUE; } else { mbedtls_x509_crt_free (MbedTlsCert); - FreePool (MbedTlsCert); + free (MbedTlsCert); return FALSE; } } @@ -139,7 +139,7 @@ X509ConstructCertificateStackV ( Ret = 0; Crt = NULL; if (*X509Stack == NULL) { - Crt = AllocateZeroPool (sizeof (mbedtls_x509_crt)); + Crt = calloc (sizeof (mbedtls_x509_crt), 1); if (Crt == NULL) { return FALSE; } @@ -174,7 +174,7 @@ X509ConstructCertificateStackV ( } else { if (Crt != NULL) { mbedtls_x509_crt_free (Crt); - FreePool (Crt); + free (Crt); *X509Stack = NULL; } @@ -230,7 +230,7 @@ X509Free ( { if (X509Cert != NULL) { mbedtls_x509_crt_free (X509Cert); - FreePool (X509Cert); + free (X509Cert); } } From aac230a400fbfa2f05cae75f340d0c6f90998e8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Fri, 9 Aug 2024 19:26:00 +0200 Subject: [PATCH 349/357] DasharoPayloadPkg: Fix PciHostBridgeLib for resources above 4G MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is a port of upstream commits c248802 and bfefdc2 On modern platforms with TBT devices the coreboot resource allocator opens large PCI bridge MMIO windows above 4GiB to place hotplugable PCI BARs there as they won't fit below 4GiB. In addition modern GPGPU devices have very big PCI bars that doesn't fit below 4GiB. The PciHostBridgeLib made lots of assumptions about the coreboot resource allocator that were not verified at runtime and are no longer true. Remove all of the 'coreboot specific' code and implement the same logic as OvmfPkg's ScanForRootBridges. Fixes assertion "ASSERT [PciHostBridgeDxe] Bridge->Mem.Limit < 0x0000000100000000ULL". Co-authored-by: Patrick Rudolph Signed-off-by: Michał Kopeć --- .../PciHostBridgeLib/PciHostBridgeSupport.c | 138 +++--------------- 1 file changed, 22 insertions(+), 116 deletions(-) diff --git a/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeSupport.c b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeSupport.c index d460434dae..0e0520fe92 100644 --- a/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeSupport.c +++ b/DasharoPayloadPkg/Library/PciHostBridgeLib/PciHostBridgeSupport.c @@ -19,88 +19,6 @@ #include #include "PciHostBridge.h" -/** - Adjust the collected PCI resource. - - @param[in] Io IO aperture. - - @param[in] Mem MMIO aperture. - - @param[in] MemAbove4G MMIO aperture above 4G. - - @param[in] PMem Prefetchable MMIO aperture. - - @param[in] PMemAbove4G Prefetchable MMIO aperture above 4G. -**/ -VOID -AdjustRootBridgeResource ( - IN PCI_ROOT_BRIDGE_APERTURE *Io, - IN PCI_ROOT_BRIDGE_APERTURE *Mem, - IN PCI_ROOT_BRIDGE_APERTURE *MemAbove4G, - IN PCI_ROOT_BRIDGE_APERTURE *PMem, - IN PCI_ROOT_BRIDGE_APERTURE *PMemAbove4G -) -{ - UINT64 Mask; - - // - // For now try to downgrade everything into MEM32 since - // - coreboot does not assign resource above 4GB - // - coreboot might allocate interleaved MEM32 and PMEM32 resource - // in some cases - // - if (PMem->Base < Mem->Base) { - Mem->Base = PMem->Base; - } - - if (PMem->Limit > Mem->Limit) { - Mem->Limit = PMem->Limit; - } - - PMem->Base = MAX_UINT64; - PMem->Limit = 0; - - if (MemAbove4G->Base < 0x100000000ULL) { - if (MemAbove4G->Base < Mem->Base) { - Mem->Base = MemAbove4G->Base; - } - if (MemAbove4G->Limit > Mem->Limit) { - Mem->Limit = MemAbove4G->Limit; - } - MemAbove4G->Base = MAX_UINT64; - MemAbove4G->Limit = 0; - } - - if (PMemAbove4G->Base < 0x100000000ULL) { - if (PMemAbove4G->Base < Mem->Base) { - Mem->Base = PMemAbove4G->Base; - } - if (PMemAbove4G->Limit > Mem->Limit) { - Mem->Limit = PMemAbove4G->Limit; - } - PMemAbove4G->Base = MAX_UINT64; - PMemAbove4G->Limit = 0; - } - - // - // Align IO resource at 4K boundary - // - Mask = 0xFFFULL; - Io->Limit = ((Io->Limit + Mask) & ~Mask) - 1; - if (Io->Base != MAX_UINT64) { - Io->Base &= ~Mask; - } - - // - // Align MEM resource at 1MB boundary - // - Mask = 0xFFFFFULL; - Mem->Limit = ((Mem->Limit + Mask) & ~Mask) - 1; - if (Mem->Base != MAX_UINT64) { - Mem->Base &= ~Mask; - } -} - /** Probe a bar is existed or not. @@ -111,28 +29,24 @@ AdjustRootBridgeResource ( STATIC VOID PcatPciRootBridgeBarExisted ( - IN UINT64 Address, + IN UINTN Address, OUT UINT32 *OriginalValue, OUT UINT32 *Value ) { - UINTN PciAddress; - - PciAddress = (UINTN)Address; - // // Preserve the original value // - *OriginalValue = PciRead32 (PciAddress); + *OriginalValue = PciRead32 (Address); // // Disable timer interrupt while the BAR is probed // DisableInterrupts (); - PciWrite32 (PciAddress, 0xFFFFFFFF); - *Value = PciRead32 (PciAddress); - PciWrite32 (PciAddress, *OriginalValue); + PciWrite32 (Address, 0xFFFFFFFF); + *Value = PciRead32 (Address); + PciWrite32 (Address, *OriginalValue); // // Enable interrupt @@ -209,10 +123,6 @@ PcatPciRootBridgeWarnAboutBrokenFW ( @param[in] Mem MMIO aperture. @param[in] MemAbove4G MMIO aperture above 4G. - - @param[in] PMem Prefetchable MMIO aperture. - - @param[in] PMemAbove4G Prefetchable MMIO aperture above 4G. **/ STATIC VOID @@ -225,9 +135,7 @@ PcatPciRootBridgeParseBars ( IN UINTN BarOffsetEnd, IN PCI_ROOT_BRIDGE_APERTURE *Io, IN PCI_ROOT_BRIDGE_APERTURE *Mem, - IN PCI_ROOT_BRIDGE_APERTURE *MemAbove4G, - IN PCI_ROOT_BRIDGE_APERTURE *PMem, - IN PCI_ROOT_BRIDGE_APERTURE *PMemAbove4G + IN PCI_ROOT_BRIDGE_APERTURE *MemAbove4G ) { @@ -292,11 +200,7 @@ PcatPciRootBridgeParseBars ( // Length = ((~Length) + 1) & 0xffffffff; - if ((Value & BIT3) == BIT3) { - MemAperture = PMem; - } else { - MemAperture = Mem; - } + MemAperture = Mem; } else { // // 64bit @@ -315,8 +219,8 @@ PcatPciRootBridgeParseBars ( Length = LShiftU64 (1ULL, LowBit); } - if ((Value & BIT3) == BIT3) { - MemAperture = PMemAbove4G; + if (Base < BASE_4GB) { + MemAperture = Mem; } else { MemAperture = MemAbove4G; } @@ -363,6 +267,8 @@ PcatPciRootBridgeParseBars ( } } +STATIC PCI_ROOT_BRIDGE_APERTURE mNonExistAperture = { MAX_UINT64, 0 }; + /** Scan for all root bridges in platform. @@ -386,7 +292,7 @@ ScanForRootBridges ( UINT64 Base; UINT64 Limit; UINT64 Value; - PCI_ROOT_BRIDGE_APERTURE Io, Mem, MemAbove4G, PMem, PMemAbove4G, *MemAperture; + PCI_ROOT_BRIDGE_APERTURE Io, Mem, MemAbove4G, *MemAperture; PCI_ROOT_BRIDGE *RootBridges; UINTN BarOffsetEnd; @@ -406,9 +312,7 @@ ScanForRootBridges ( ZeroMem (&Io, sizeof (Io)); ZeroMem (&Mem, sizeof (Mem)); ZeroMem (&MemAbove4G, sizeof (MemAbove4G)); - ZeroMem (&PMem, sizeof (PMem)); - ZeroMem (&PMemAbove4G, sizeof (PMemAbove4G)); - Io.Base = Mem.Base = MemAbove4G.Base = PMem.Base = PMemAbove4G.Base = MAX_UINT64; + Io.Base = Mem.Base = MemAbove4G.Base = MAX_UINT64; // // Scan all the PCI devices on the primary bus of the PCI root bridge // @@ -518,13 +422,17 @@ ScanForRootBridges ( Base = ((UINT32) Pci.Bridge.PrefetchableMemoryBase & 0xfff0) << 16; Limit = (((UINT32) Pci.Bridge.PrefetchableMemoryLimit & 0xfff0) << 16) | 0xfffff; - MemAperture = &PMem; if (Value == BIT0) { Base |= LShiftU64 (Pci.Bridge.PrefetchableBaseUpper32, 32); Limit |= LShiftU64 (Pci.Bridge.PrefetchableLimitUpper32, 32); - MemAperture = &PMemAbove4G; } if ((Base > 0) && (Base < Limit)) { + if (Base < BASE_4GB) { + MemAperture = &Mem; + } else { + MemAperture = &MemAbove4G; + } + if (MemAperture->Base > Base) { MemAperture->Base = Base; } @@ -573,8 +481,7 @@ ScanForRootBridges ( OFFSET_OF (PCI_TYPE00, Device.Bar), BarOffsetEnd, &Io, - &Mem, &MemAbove4G, - &PMem, &PMemAbove4G + &Mem, &MemAbove4G ); // @@ -644,12 +551,11 @@ ScanForRootBridges ( ); ASSERT (RootBridges != NULL); - AdjustRootBridgeResource (&Io, &Mem, &MemAbove4G, &PMem, &PMemAbove4G); - InitRootBridge ( Attributes, Attributes, 0, (UINT8) PrimaryBus, (UINT8) SubBus, - &Io, &Mem, &MemAbove4G, &PMem, &PMemAbove4G, + &Io, &Mem, &MemAbove4G, + &mNonExistAperture, &mNonExistAperture, &RootBridges[*NumberOfRootBridges] ); RootBridges[*NumberOfRootBridges].ResourceAssigned = TRUE; From 0266320c6dc9fc98440f152450fd1cf28df682a6 Mon Sep 17 00:00:00 2001 From: Artur Kowalski Date: Tue, 27 Aug 2024 14:55:05 +0200 Subject: [PATCH 350/357] OvmfPkg: DxeTcg2PhysicalPresenceLib: fix changing of PCR banks Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction writes to TPM2 physical presence PPI provided by coreboot (a memory region preserved across reboots). CPU caches must be explicitly flushed prior to platform reboot or request written to PPI will be lost. Signed-off-by: Artur Kowalski --- .../Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c | 2 ++ .../Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf | 1 + 2 files changed, 3 insertions(+) diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c index 7332644c2f..db9ffcb06a 100644 --- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c +++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c @@ -34,6 +34,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include @@ -914,6 +915,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( mPpi->Request = OperationRequest; mPpi->RequestParameter = RequestParameter; + WriteBackDataCache(); return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; } diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf index b808e31240..0595639d07 100644 --- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf +++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf @@ -63,6 +63,7 @@ UefiLib UefiRuntimeServicesTableLib Tcg2PhysicalPresencePlatformLib + CacheMaintenanceLib [Protocols] gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES From 4d1eaf5387d2c85477b14ccecaeed5704b3aeeb5 Mon Sep 17 00:00:00 2001 From: Artur Kowalski Date: Tue, 10 Sep 2024 11:09:47 +0200 Subject: [PATCH 351/357] OvmfPkg: DxeTcg2PhysicalPresenceLib: fix bootloop Flush cache not only when placing request in PPI, but also after clearing old request from PPI. Signed-off-by: Artur Kowalski --- .../DxeTcg2PhysicalPresenceLib.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c index db9ffcb06a..79e8662b27 100644 --- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c +++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c @@ -747,6 +747,8 @@ Tcg2ExecutePendingTpmRequest ( mPpi->LastRequest = mPpi->Request; mPpi->Request = TCG2_PHYSICAL_PRESENCE_NO_ACTION; mPpi->RequestParameter = 0; + + WriteBackDataCacheRange((VOID*)mPpi, sizeof(QEMU_TPM_PPI)); return; } @@ -777,6 +779,7 @@ Tcg2ExecutePendingTpmRequest ( mPpi->RequestParameter = 0; if (mPpi->Response == TCG_PP_OPERATION_RESPONSE_USER_ABORT) { + WriteBackDataCacheRange((VOID*)mPpi, sizeof(QEMU_TPM_PPI)); return; } @@ -806,6 +809,7 @@ Tcg2ExecutePendingTpmRequest ( } Print (L"Rebooting system to make TPM2 settings in effect\n"); + WriteBackDataCacheRange((VOID*)mPpi, sizeof(QEMU_TPM_PPI)); gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); ASSERT (FALSE); } @@ -915,7 +919,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( mPpi->Request = OperationRequest; mPpi->RequestParameter = RequestParameter; - WriteBackDataCache(); + WriteBackDataCacheRange((VOID*)mPpi, sizeof(QEMU_TPM_PPI)); return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; } From 6b645e469f2e8d30be6823c1fb96b2a4427205cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 24 Sep 2024 14:27:23 +0200 Subject: [PATCH 352/357] DasharoPayloadPkg: Use INIT-SIPI-SIPI for first AP wakeup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It has been observed on MinnowBoard Turbot that the detected CPU count is lower than the number of all cores. In the tested unit, CPU is dual core, so only the BSP is detected. However, similar situation is observed on MTL laptop, where a total of 22 cores should be reported, but only 1 is detected. After EDK2 rebase a new PCD has been added, PcdFirstTimeWakeUpAPsBySipi which, when enabled (by default), sends only SIPI to APs. When disabled sends full INIT-SIPI-SIPI sequence. Only the latter case causes all the APs to wake up and be detected. Signed-off-by: Michał Żygowski Signed-off-by: Sergii Dmytruk --- DasharoPayloadPkg/DasharoPayloadPkg.dsc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.dsc b/DasharoPayloadPkg/DasharoPayloadPkg.dsc index 03a895605f..1a816adbc0 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.dsc +++ b/DasharoPayloadPkg/DasharoPayloadPkg.dsc @@ -463,6 +463,8 @@ gDasharoPayloadPkgTokenSpaceGuid.PcdSerialOnSuperIo|$(UART_ON_SUPERIO) + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE + !if $(SECURE_BOOT_DEFAULT_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|1 !else From ff743466f81b65fff49de52a4b6b5a43dbd4253f Mon Sep 17 00:00:00 2001 From: Wiktor Mowinski Date: Thu, 26 Sep 2024 17:33:49 +0200 Subject: [PATCH 353/357] DasharoSystemFeatures: Change power state after fail option name Signed-off-by: Wiktor Mowinski --- .../DasharoSystemFeaturesStrings.uni | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni index 307787aee7..8739ecd8e2 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesStrings.uni @@ -121,9 +121,10 @@ #string STR_SLEEP_TYPE_S3 #language en-US "Suspend to RAM (S3)" #string STR_SLEEP_TYPE_S3_EXPERIMENTAL #language en-US "Suspend to RAM (S3) - Experimental" -#string STR_POWER_FAILURE_STATE_PROMPT #language en-US "Power state after power failure" +#string STR_POWER_FAILURE_STATE_PROMPT #language en-US "Power state after power/AC loss" #string STR_POWER_FAILURE_STATE_HELP #language en-US "Selects state the system gets into when power supply is restored after power failure.\n\n" - "Note that the definition of power failure varies between platforms and it might take absence of power for up to 30 seconds for this option to apply." + + "Note that the definition of power failure varies between platforms and it might take absence of power for up to 30 seconds for this option to apply.\n\n" #string STR_POWER_FAILURE_STATE_OFF #language en-US "Powered Off" #string STR_POWER_FAILURE_STATE_ON #language en-US "Powered On" From e91a6e499eff7ff601fe65383d16811ee96fce2c Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Wed, 17 Jul 2024 19:45:44 +0300 Subject: [PATCH 354/357] DasharoModulePkg/DasharoVariablesLib: fix non-deterministic measurements This fixes "SecurityPkg: measure Dasharo variables before boot". gRT->GetNextVariableName() doesn't return variables in any fixed order. Seems like the order matches order in SMMSTORE. This means that measuring variables while enumerating them will produce different results depending on which variables were update last (setting a variable in SMMSTORE is marking old entry as deleted and appending of a new one). Sort list of variables that share the same GUID before measuring any of them to impose a fixed order. Also fix spacing in several places. Signed-off-by: Sergii Dmytruk --- .../DasharoVariablesLib/DasharoVariablesLib.c | 90 ++++++++++++++++++- 1 file changed, 86 insertions(+), 4 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c index 8eed0d8e25..fa42bfd3ff 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c @@ -338,6 +338,27 @@ MeasureVariable ( return Status; } +/** + A comparison function for sorting an array of variable names. + + @param Buffer1 Pointer to pointer of the first variable name. + @param Buffer2 Pointer to pointer of the second variable name. + + @retval <0 The first variable name is less than the second one. + @retval =0 The names are equal. + @retval >0 The first variable name is greater than the second one. +**/ +STATIC +INTN +EFIAPI +CompareVariableNames ( + IN CONST VOID *Buffer1, + IN CONST VOID *Buffer2 + ) +{ + return StrCmp (*(CONST CHAR16 **) Buffer1, *(CONST CHAR16 **) Buffer2); +} + /** Measures single all existing variables with the specified GUID. @@ -357,12 +378,25 @@ MeasureVariables ( UINTN MaxNameSize; UINTN NameSize; EFI_GUID Guid; + CHAR16 **Names; + UINTN NameCount; + CHAR16 SortBuf; + UINTN MaxNameCount; + UINTN Index; - MaxNameSize = 32*sizeof (CHAR16); + MaxNameSize = 32 * sizeof (CHAR16); Name = AllocateZeroPool (MaxNameSize); if (Name == NULL) return EFI_OUT_OF_RESOURCES; + MaxNameCount = 32; + NameCount = 0; + Names = AllocatePool (MaxNameCount * sizeof (*Names)); + if (Names == NULL) { + FreePool(Name); + return EFI_OUT_OF_RESOURCES; + } + while (TRUE) { NameSize = MaxNameSize; Status = gRT->GetNextVariableName (&NameSize, Name, &Guid); @@ -373,7 +407,7 @@ MeasureVariables ( break; } - StrnCpyS (NewBuf, NameSize/sizeof (CHAR16), Name, MaxNameSize/sizeof (CHAR16)); + StrnCpyS (NewBuf, NameSize / sizeof (CHAR16), Name, MaxNameSize / sizeof (CHAR16)); FreePool (Name); Name = NewBuf; @@ -390,11 +424,59 @@ MeasureVariables ( if (EFI_ERROR (Status)) break; - if (CompareGuid (&Guid, Vendor)) - MeasureVariable (Name, Vendor); + if (!CompareGuid (&Guid, Vendor)) + continue; + + if (NameCount == MaxNameCount - 1) { + Names = ReallocatePool ( + MaxNameCount * sizeof (*Names), + 2 * MaxNameCount * sizeof (*Names), + Names + ); + if (Names == NULL) { + Status = EFI_OUT_OF_RESOURCES; + break; + } + + MaxNameCount *= 2; + } + + Names[NameCount] = AllocateCopyPool (NameSize, Name); + if (Names[NameCount] == NULL) { + Status = EFI_OUT_OF_RESOURCES; + break; + } + + NameCount++; } + if (Status == EFI_SUCCESS) { + // + // Achieve predictable ordering of variables by sorting them by name within + // a particular vendor. + // + QuickSort ( + Names, + NameCount, + sizeof (*Names), + CompareVariableNames, + &SortBuf + ); + + for (Index = 0; Index < NameCount; Index++) { + Status = MeasureVariable (Names[Index], Vendor); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_WARN, "%a(): Failed to measure variable: %g:%s.\n", + __FUNCTION__, Vendor, Name)); + } + } + } + + for (Index = 0; Index < NameCount; Index++) + FreePool (Names[Index]); + FreePool (Name); + FreePool (Names); return Status; } From e4ab769b68d6b78dbbef619f2906c97e6a177f60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 24 Oct 2024 16:55:43 +0200 Subject: [PATCH 355/357] DasharoPayloadPkg/DasharoPayloadPkg.fdf: Add missing TPM1.2 menu module MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- DasharoPayloadPkg/DasharoPayloadPkg.fdf | 1 + 1 file changed, 1 insertion(+) diff --git a/DasharoPayloadPkg/DasharoPayloadPkg.fdf b/DasharoPayloadPkg/DasharoPayloadPkg.fdf index f9f052e50a..9842d7cc92 100644 --- a/DasharoPayloadPkg/DasharoPayloadPkg.fdf +++ b/DasharoPayloadPkg/DasharoPayloadPkg.fdf @@ -342,6 +342,7 @@ INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf !if $(TPM_ENABLE) == TRUE INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf !if $(OPAL_PASSWORD_ENABLE) == TRUE INF SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf From d1399bf8473823f457617752767e9b56d3c2b1c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Wed, 24 Feb 2021 01:43:24 +0100 Subject: [PATCH 356/357] MdeModulePkg/Library/BootLogoLib/BootLogoLib.c: draw progress bar without spaces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .../Library/BootLogoLib/BootLogoLib.c | 33 ++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c b/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c index a7a831ae46..e142b67838 100644 --- a/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c +++ b/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c @@ -522,7 +522,7 @@ BootLogoUpdateProgress ( 0, PosX, PosY, - BlockWidth - 1, + BlockWidth, BlockHeight, (BlockWidth) * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL) ); @@ -544,6 +544,37 @@ BootLogoUpdateProgress ( } } + /* Draw any reminder pixels at the right end of the screen when progress is 100% */ + if (Progress == 100) { + if (GraphicsOutput != NULL) { + Status = GraphicsOutput->Blt ( + GraphicsOutput, + &ProgressColor, + EfiBltVideoFill, + 0, + 0, + PosX, + PosY, + SizeOfX - PosX, + BlockHeight, + (SizeOfX - PosX) * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL) + ); + } else if (FeaturePcdGet (PcdUgaConsumeSupport)) { + Status = UgaDraw->Blt ( + UgaDraw, + (EFI_UGA_PIXEL *)&ProgressColor, + EfiUgaVideoFill, + 0, + 0, + PosX, + PosY, + SizeOfX - PosX, + BlockHeight, + (SizeOfX - PosX) * sizeof (EFI_UGA_PIXEL) + ); + } + } + PrintXY ( (SizeOfX - StrLen (Title) * EFI_GLYPH_WIDTH) / 2, PosY - EFI_GLYPH_HEIGHT - 1, From f3e18c6cd9c9afb15b83edf9b88c76e5898dbd88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 4 Nov 2024 13:36:18 +0100 Subject: [PATCH 357/357] .gitmodules: Update subhooks moduel URL to fix build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- .gitmodules | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitmodules b/.gitmodules index 8b93c1e68f..3c42ac8b2c 100644 --- a/.gitmodules +++ b/.gitmodules @@ -16,7 +16,7 @@ [submodule "BaseTools/Source/C/BrotliCompress/brotli"] path = BaseTools/Source/C/BrotliCompress/brotli url = https://github.com/google/brotli - ignore = untracked + ignore = untracked [submodule "RedfishPkg/Library/JsonLib/jansson"] path = RedfishPkg/Library/JsonLib/jansson url = https://github.com/akheron/jansson @@ -25,10 +25,10 @@ url = https://github.com/google/googletest.git [submodule "UnitTestFrameworkPkg/Library/SubhookLib/subhook"] path = UnitTestFrameworkPkg/Library/SubhookLib/subhook - url = https://github.com/Zeex/subhook.git -[submodule "MdePkg/Library/BaseFdtLib/libfdt"] - path = MdePkg/Library/BaseFdtLib/libfdt - url = https://github.com/devicetree-org/pylibfdt.git + url = https://github.com/Dasharo/subhook.git +[submodule "MdePkg/Library/BaseFdtLib/libfdt"] + path = MdePkg/Library/BaseFdtLib/libfdt + url = https://github.com/devicetree-org/pylibfdt.git [submodule "MdePkg/Library/MipiSysTLib/mipisyst"] path = MdePkg/Library/MipiSysTLib/mipisyst url = https://github.com/MIPI-Alliance/public-mipi-sys-t.git