This commit adds the SMBIOS type 17 table support for Developerbox.
The SPD can be accessed only from the SCP through I2C bus,
so this commit expects that SCP-firmware reads the SPD and
stores it in the non-secure SRAM.
This commit also reduces the edk2 stack size to allocate
the space for storing SPD. It requires 2KB, 512bytes * 4 DIMMs.
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
The edk2 patch
SecurityPkg: Create library for setting Secure Boot variables.
removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each ARM platform which uses SecureBootConfigDxe.
Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Graeme Gregory <graeme@nuviainc.com> #SbsaQemu
Reviewed by: Sami Mujawar <sami.mujawar@arm.com> #ArmVExpress
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3246
MdeLibs.dsc.inc was added for some basic/default library
instances provided by MdePkg and RegisterFilterLibNull Library
was also added into it as the first version of MdeLibs.dsc.inc.
So update platform dsc to consume MdeLibs.dsc.inc for
RegisterFilterLibNull which will be consumed by IoLib and BaseLib.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Add the resolution for TimeBaseLib, which is now required to build
the EmbeddedPkg RTC driver.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Instead of unconditionally delaying the boot up to 5 seconds, even
if no network cable is connected in the first place, provide an
implementation of the EFI adapter information protocol so that the
upper networking layers can wait gracefully for the link to come up,
but only when the network is actually used to boot from.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
The recently added support for TPM2 measured boot added a description of
the TPM to the device tree, but failed to take the build configuration
into account, and so it adds it unconditionally.
Fix this, by #define'ing a TPM2_ENABLE CPP macro that can be referenced
in the device tree source file.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Enable the various components, library class resolutions and PCD defaults
to enable measured boot based on a version 2 TPM. The TPM is exposed as
having a memory mapped TIS frame, which is accomplished using the SPI
command sequencer that is available on this platform. Note that this
requires SCP firmware support.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
The latest NetsecDxe requires issueing phy reset at the
last stage of initialization to safely exit loopback mode.
However, as a result, it takes a couple of seconds for link state
to get stable, which could cause auto-chosen pxeboot to fail
due to MediaPresent check error.
This patch adds link state check with 5s timeout in NetsecDxe
initialization. The timeout value can be adjustable via
configuration file.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
This patch updates the platform DSC/FDF files to use the include fragment
files provided by NetworkPkg.
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Add the X64 emulator to the build if '-D X64EMU_ENABLE=TRUE' is passed
on the build command line. Note that this only works on AARCH64 builds.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
The current secure boot enabled DeveloperBox build contains all the
pieces to maintain the authenticated variable store, but doesn't
actually bother to check the signature on anything it boots. Fix that.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Bring DeveloperBox in line with EDK2 core changes to StandaloneMmPkg:
- switch from BaseExtractGuidedSectionLib to PrePiExtractGuidedSectionLib
- include a NULL library class resolution for VariableMmDependency
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm at linaro.org>
This implements support for UEFI secure boot on DeveloperBox using
the standalone MM framework. This moves all of the software handling
of the UEFI authenticated variable store into the standalone MM
context residing in a secure partition.
Note that SynQuacer as configured today is not a truly secure
platform, since the NOR flash registers are accessible to the
non-secure world. However, from a software point of view, all
of the required pieces are in place. (In particular, it is no
longer possible for the OS to stub out authentication checks
in the validation code residing in RuntimeServicesCode regions)
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Create a pair of .DSC/.FDF files that describe the components and
the firmware volumes and flash device that will be dispatched into
a secure partition in the secure world to control the UEFI secure
variable store.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
We are going to add a separate .DSC/.FDF combo for the standalone
MM components. So put all the pieces we will share in an include
file that both .DSC files can include.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
OpensslLib depends on ArmSoftFloatLib when built for 32-bit ARM, so
add the required resolution for it.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
EBC and 32-bit ARM are fundamentally incompatible, so only enable
it on AArch64 builds.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
On headless server systems where the PL011 serial port is the primary
console, having DEBUG output on the same port can be annoying, since
DEBUG output gets lost when the console driver clears the screen or
positions the cursor using control characters.
So add the ability to emit the DEBUG output on the DesignWare FUART
(which is exposed via the LS connector on DeveloperBox)
Mark Kettenis <mark.kettenis@xs4all.nl> says:
The DesignWare component is (largely) 16550-compatible. But the
FIFO's are optional and if they're not included you'll end up with
something that's probably closer to an 16450. I suspect in most
cases SoC designers will include the FIFO's though since without
them you really can't use the port at anything but the slowest
speeds.
So let's use the 16550 driver in MMIO mode to drive this IP.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
This driver uses OpteeLib to interface with OP-TEE based RNG service
(pseudo trusted application) to implement EFI_RNG_PROTOCOL that is used
to seed kernel entropy pool.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize will be removed, so
drop any overrides from the platforms in edk2-platforms.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
