dasharo/slimbootloader.github.io
0
0
Fork 0
mirror of https://github.com/Dasharo/slimbootloader.github.io.git synced 2026-03-06 15:26:36 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
bc9010f2c7ed0488a67abfa96374b1dbae5e717d
slimbootloader.github.io/tutorials/ex_corrupt_sbl_component.html

467 lines
42 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
<meta charset="utf-8" /><meta name="generator" content="Docutils 0.18.1: http://docutils.sourceforge.net/" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Exercise \- Corrupt SBL Component &mdash; Slim Bootloader 1.0 documentation</title>
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
<link rel="stylesheet" href="../_static/graphviz.css" type="text/css" />
<link rel="stylesheet" href="../_static/custom.css" type="text/css" />
<link rel="shortcut icon" href="../_static/sbl_logo_blue_32x32_icon.ico"/>
<!--[if lt IE 9]>
<script src="../_static/js/html5shiv.min.js"></script>
<![endif]-->
<script src="../_static/jquery.js"></script>
<script src="../_static/_sphinx_javascript_frameworks_compat.js"></script>
<script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"></script>
<script src="../_static/doctools.js"></script>
<script src="../_static/sphinx_highlight.js"></script>
<script src="../_static/js/theme.js"></script>
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="Specifications" href="../specs/index.html" />
<link rel="prev" title="Exercise \- UEFI Payload" href="ex_uefi_payload.html" />
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" >
<a href="../index.html" class="icon icon-home">
Slim Bootloader
<img src="../_static/sbl_logo_white_200x200.png" class="logo" alt="Logo"/>
</a>
<div class="version">
1.0
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../introduction/index.html">Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="../getting-started/index.html">Getting Started</a></li>
<li class="toctree-l1"><a class="reference internal" href="../supported-hardware/index.html">Supported Hardware</a></li>
<li class="toctree-l1"><a class="reference internal" href="../developer-guides/index.html">Developers Guide</a></li>
<li class="toctree-l1"><a class="reference internal" href="../security/index.html">Security Features</a></li>
<li class="toctree-l1"><a class="reference internal" href="../how-tos/index.html">How-Tos</a></li>
<li class="toctree-l1"><a class="reference internal" href="../tools/index.html">Tools</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Tutorials</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="ex_build_sbl_for_qemu.html">Exercise \- Build SBL for QEMU</a></li>
<li class="toctree-l2"><a class="reference internal" href="ex_run_sbl_on_qemu.html">Exercise \- Run SBL on QEMU</a></li>
<li class="toctree-l2"><a class="reference internal" href="ex_debug_sbl_on_qemu_with_gdb.html">Exercise \- Debug SBL on QEMU with GDB</a></li>
<li class="toctree-l2"><a class="reference internal" href="ex_sbl_shell_cli.html">Exercise \- SBL Shell/CLI</a></li>
<li class="toctree-l2"><a class="reference internal" href="ex_boot_to_linux.html">Exercise \- Boot to Linux</a></li>
<li class="toctree-l2"><a class="reference internal" href="ex_feature_custom_splash.html">Exercise \- Feature Customization - Splash</a></li>
<li class="toctree-l2"><a class="reference internal" href="ex_feature_custom_verified_boot.html">Exercise \- Feature Customization - Verified Boot</a></li>
<li class="toctree-l2"><a class="reference internal" href="ex_feature_custom_boot_order.html">Exercise \- Feature Customization - Boot Order</a></li>
<li class="toctree-l2"><a class="reference internal" href="ex_uefi_payload.html">Exercise \- UEFI Payload</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">Exercise \- Corrupt SBL Component</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#corruptcomponentutility-static-corruption-tool">CorruptComponentUtility (static corruption tool)</a></li>
<li class="toctree-l3"><a class="reference internal" href="#corruptcomp-runtime-corruption-tool">corruptcomp (runtime corruption tool)</a></li>
<li class="toctree-l3"><a class="reference internal" href="#behavior-when-sbl-component-is-corrupted">Behavior when SBL component is corrupted</a></li>
<li class="toctree-l3"><a class="reference internal" href="#obb-corruption-example">OBB Corruption Example</a></li>
<li class="toctree-l3"><a class="reference internal" href="#ibb-corruption-example">IBB Corruption Example</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../specs/index.html">Specifications</a></li>
<li class="toctree-l1"><a class="reference internal" href="../references/references.html">References and Links</a></li>
<li class="toctree-l1"><a class="reference internal" href="../references/terminology.html">Terminology and Acronyms</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" >
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../index.html">Slim Bootloader</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../index.html" class="icon icon-home" aria-label="Home"></a></li>
<li class="breadcrumb-item"><a href="index.html">Tutorials</a></li>
<li class="breadcrumb-item active">Exercise \- Corrupt SBL Component</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<section id="exercise-corrupt-spn-component">
<span id="exercisecorruptsblcomponent"></span><h1>Exercise \- Corrupt SBL Component<a class="headerlink" href="#exercise-corrupt-spn-component" title="Permalink to this heading"></a></h1>
<section id="corruptcomponentutility-static-corruption-tool">
<span id="corruptcomponentutility"></span><h2>CorruptComponentUtility (static corruption tool)<a class="headerlink" href="#corruptcomponentutility-static-corruption-tool" title="Permalink to this heading"></a></h2>
<p>The <code class="docutils literal notranslate"><span class="pre">CorruptComponentUtility</span></code> tool corrupts an SBL component (e.g. an item from its flash map) in either
an IFWI or standalone SBL image. This tool is useful for testing the firmware resiliency and recovery feature
(see <a class="reference internal" href="../security/firmware-resiliency-and-recovery.html#firmware-resiliency-and-recovery"><span class="std std-ref">Firmware Resiliency and Recovery</span></a>).</p>
<p>Command Syntax:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">usage</span><span class="p">:</span> <span class="n">CorruptComponentUtility</span><span class="o">.</span><span class="n">py</span> <span class="p">[</span><span class="o">-</span><span class="n">h</span><span class="p">]</span> <span class="o">-</span><span class="n">i</span> <span class="n">INPUT_IMAGE</span> <span class="o">-</span><span class="n">o</span> <span class="n">OUTPUT_IMAGE</span> <span class="o">-</span><span class="n">p</span> <span class="n">COMPONENT_PATH</span>
<span class="n">optional</span> <span class="n">arguments</span><span class="p">:</span>
<span class="o">-</span><span class="n">h</span><span class="p">,</span> <span class="o">--</span><span class="n">help</span> <span class="n">show</span> <span class="n">this</span> <span class="n">help</span> <span class="n">message</span> <span class="ow">and</span> <span class="n">exit</span>
<span class="o">-</span><span class="n">i</span> <span class="n">INPUT_IMAGE</span><span class="p">,</span> <span class="o">--</span><span class="nb">input</span><span class="o">-</span><span class="n">image</span> <span class="n">INPUT_IMAGE</span>
<span class="n">Specify</span> <span class="nb">input</span> <span class="n">IFWI</span><span class="o">/</span><span class="n">SBL</span> <span class="n">image</span> <span class="n">file</span> <span class="n">path</span>
<span class="o">-</span><span class="n">o</span> <span class="n">OUTPUT_IMAGE</span><span class="p">,</span> <span class="o">--</span><span class="n">output</span><span class="o">-</span><span class="n">image</span> <span class="n">OUTPUT_IMAGE</span>
<span class="n">Specify</span> <span class="n">output</span> <span class="n">IFWI</span><span class="o">/</span><span class="n">SBL</span> <span class="n">image</span> <span class="n">file</span> <span class="n">path</span>
<span class="o">-</span><span class="n">p</span> <span class="n">COMPONENT_PATH</span><span class="p">,</span> <span class="o">--</span><span class="n">path</span> <span class="n">COMPONENT_PATH</span>
<span class="n">Specify</span> <span class="n">path</span> <span class="n">of</span> <span class="n">component</span> <span class="n">to</span> <span class="n">corrupt</span> <span class="ow">in</span> <span class="n">IFWI</span><span class="o">/</span><span class="n">SBL</span> <span class="n">binary</span> <span class="p">(</span><span class="n">e</span><span class="o">.</span><span class="n">g</span><span class="o">.</span> <span class="n">IFWI</span><span class="o">/</span><span class="n">BIOS</span><span class="o">/</span><span class="n">TS0</span><span class="o">/</span><span class="n">SG1A</span> <span class="k">for</span> <span class="n">BP0</span> <span class="n">Stage</span> <span class="mi">1</span><span class="n">A</span> <span class="n">of</span> <span class="n">IFWI</span> <span class="n">binary</span><span class="p">,</span> <span class="n">use</span> <span class="n">IfwiUtility</span><span class="o">.</span><span class="n">py</span> <span class="n">to</span> <span class="n">see</span> <span class="nb">all</span> <span class="n">available</span> <span class="n">paths</span><span class="p">)</span>
</pre></div>
</div>
<p>Command Example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">python</span> <span class="n">CorruptComponentUtility</span><span class="o">.</span><span class="n">py</span> <span class="o">-</span><span class="n">i</span> <span class="n">sbl_ifwi</span><span class="o">.</span><span class="n">bin</span> <span class="o">-</span><span class="n">o</span> <span class="n">sbl_ifwi_corrupt</span><span class="o">.</span><span class="n">bin</span> <span class="o">-</span><span class="n">p</span> <span class="n">IFWI</span><span class="o">/</span><span class="n">BIOS</span><span class="o">/</span><span class="n">TS0</span><span class="o">/</span><span class="n">SG1B</span>
</pre></div>
</div>
<p>If the input/output is an IFWI, the output can be flashed directly to the board and booted. This will exercise SBL corruption
handling (e.g. recovery or halt).</p>
<p>If the input/output is an SBL image, the output can be integrated into a FW update capsule and a FW update can be run on
the board to consume the FW update capsule (see <a class="reference internal" href="../security/firmware-update.html#firmware-update"><span class="std std-ref">Firmware Update</span></a>). This will exercise SBL corruption handing (e.g. recovery or halt).</p>
</section>
<section id="corruptcomp-runtime-corruption-tool">
<span id="corruptcomp"></span><h2>corruptcomp (runtime corruption tool)<a class="headerlink" href="#corruptcomp-runtime-corruption-tool" title="Permalink to this heading"></a></h2>
<p>The <code class="docutils literal notranslate"><span class="pre">corruptcomp</span></code> tool corrupts an SBL component (e.g. an item from its flash map) in the SPI flash.
This tool is useful for testing the firmware resiliency and recovery feature (see <a class="reference internal" href="../security/firmware-resiliency-and-recovery.html#firmware-resiliency-and-recovery"><span class="std std-ref">Firmware Resiliency and Recovery</span></a>).</p>
<p>The <code class="docutils literal notranslate"><span class="pre">corruptcomp</span></code> tool can be added into OSL shell. To get it to show up, include <code class="docutils literal notranslate"><span class="pre">ShellCommandRegister</span> <span class="pre">(Shell,</span> <span class="pre">&amp;ShellCommandCorruptComp);</span></code>
in the <code class="docutils literal notranslate"><span class="pre">LoadShellCommands</span></code> function of ShellCmds.c. Also, to ensure BIOS region is writable by the tool, set
<code class="docutils literal notranslate"><span class="pre">FspsConfig-&gt;PchWriteProtectionEnable[PrIndex]</span> <span class="pre">=</span> <span class="pre">FALSE;</span></code> for each existing <code class="docutils literal notranslate"><span class="pre">PrIndex</span></code> in the <code class="docutils literal notranslate"><span class="pre">UpdateFspConfig</span></code> function of the platforms
FspsUpdUpdateLib.c.</p>
<p>For example, in C:\SblPlatform\SblOpen\BootloaderCommonPkg\Library\ShellLib\ShellCmds.c, the following addition
should be made:</p>
<blockquote>
<div><div class="highlight-C notranslate"><div class="highlight"><pre><span></span><span class="c1">// Basic Shell commands</span>
<span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandExit</span><span class="p">);</span>
<span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandHelp</span><span class="p">);</span>
<span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandMm</span><span class="p">);</span>
<span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandCpuid</span><span class="p">);</span>
<span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandMsr</span><span class="p">);</span>
<span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandMtrr</span><span class="p">);</span>
<span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandUcode</span><span class="p">);</span>
<span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandCls</span><span class="p">);</span>
<span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="o">!</span><span class="n">FeaturePcdGet</span><span class="w"> </span><span class="p">(</span><span class="n">PcdMiniShellEnabled</span><span class="p">))</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="c1">// More Shell commands</span>
<span class="w"> </span><span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandPci</span><span class="p">);</span>
<span class="w"> </span><span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandHob</span><span class="p">);</span>
<span class="w"> </span><span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandMmap</span><span class="p">);</span>
<span class="w"> </span><span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandPerf</span><span class="p">);</span>
<span class="w"> </span><span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandBoot</span><span class="p">);</span>
<span class="w"> </span><span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandMmcDll</span><span class="p">);</span>
<span class="w"> </span><span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandCdata</span><span class="p">);</span>
<span class="w"> </span><span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandDmesg</span><span class="p">);</span>
<span class="w"> </span><span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandReset</span><span class="p">);</span>
<span class="w"> </span><span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandFs</span><span class="p">);</span>
<span class="w"> </span><span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandUsbDev</span><span class="p">);</span>
<span class="w"> </span><span class="c1">// Load Platform specific shell commands</span>
<span class="w"> </span><span class="n">ShellExtensionCmds</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">GetShellExtensionCmds</span><span class="w"> </span><span class="p">();</span>
<span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="p">(</span><span class="n">Iter</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ShellExtensionCmds</span><span class="p">;</span><span class="w"> </span><span class="o">*</span><span class="n">Iter</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span><span class="w"> </span><span class="n">Iter</span><span class="o">++</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">*</span><span class="n">Iter</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
<span class="hll"><span class="n">ShellCommandRegister</span><span class="w"> </span><span class="p">(</span><span class="n">Shell</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ShellCommandCorruptComp</span><span class="p">);</span><span class="w"> </span><span class="c1">// Added</span>
</span></pre></div>
</div>
</div></blockquote>
<p>And in SblOpen\Platform\AlderlakeBoardPkg\Library\FspsUpdUpdateLib\FspsUpdUpdateLib.c, the following
changes should be made:</p>
<blockquote>
<div><div class="highlight-C notranslate"><div class="highlight"><pre><span></span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">GetBootMode</span><span class="w"> </span><span class="p">()</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">BOOT_ON_FLASH_UPDATE</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">BiosProtected</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">FALSE</span><span class="p">;</span>
<span class="w"> </span><span class="n">PrIndex</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w"> </span><span class="n">Status</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SpiGetRegionAddress</span><span class="w"> </span><span class="p">(</span><span class="n">FlashRegionBios</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">BaseAddress</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">TotalSize</span><span class="p">);</span>
<span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="o">!</span><span class="n">EFI_ERROR</span><span class="w"> </span><span class="p">(</span><span class="n">Status</span><span class="p">))</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">BiosProtected</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">TRUE</span><span class="p">;</span>
<span class="w"> </span><span class="n">Status</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">GetComponentInfo</span><span class="w"> </span><span class="p">(</span><span class="n">FLASH_MAP_SIG_UEFIVARIABLE</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">Address</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">VarSize</span><span class="p">);</span>
<span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="o">!</span><span class="n">EFI_ERROR</span><span class="w"> </span><span class="p">(</span><span class="n">Status</span><span class="p">))</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="c1">//</span>
<span class="w"> </span><span class="c1">// Protect the BIOS region except for the UEFI variable region</span>
<span class="w"> </span><span class="c1">//</span>
<span class="w"> </span><span class="n">Address</span><span class="w"> </span><span class="o">-=</span><span class="w"> </span><span class="p">((</span><span class="n">UINT32</span><span class="p">)(</span><span class="o">~</span><span class="n">TotalSize</span><span class="p">)</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="mi">1</span><span class="p">);</span>
<span class="hll"><span class="w"> </span><span class="n">FspsConfig</span><span class="o">-&gt;</span><span class="n">PchWriteProtectionEnable</span><span class="p">[</span><span class="n">PrIndex</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">FALSE</span><span class="p">;</span><span class="w"> </span><span class="c1">// Changed from TRUE</span>
</span><span class="w"> </span><span class="n">FspsConfig</span><span class="o">-&gt;</span><span class="n">PchReadProtectionEnable</span><span class="p">[</span><span class="n">PrIndex</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">FALSE</span><span class="p">;</span>
<span class="w"> </span><span class="n">FspsConfig</span><span class="o">-&gt;</span><span class="n">PchProtectedRangeBase</span><span class="p">[</span><span class="n">PrIndex</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">UINT16</span><span class="p">)</span><span class="w"> </span><span class="p">(</span><span class="n">BaseAddress</span><span class="w"> </span><span class="o">&gt;&gt;</span><span class="w"> </span><span class="mi">12</span><span class="p">);</span>
<span class="w"> </span><span class="n">FspsConfig</span><span class="o">-&gt;</span><span class="n">PchProtectedRangeLimit</span><span class="p">[</span><span class="n">PrIndex</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">UINT16</span><span class="p">)</span><span class="w"> </span><span class="p">((</span><span class="n">BaseAddress</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="n">Address</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="p">)</span><span class="w"> </span><span class="o">&gt;&gt;</span><span class="w"> </span><span class="mi">12</span><span class="p">);</span>
<span class="w"> </span><span class="n">PrIndex</span><span class="o">++</span><span class="p">;</span>
<span class="hll"><span class="w"> </span><span class="n">FspsConfig</span><span class="o">-&gt;</span><span class="n">PchWriteProtectionEnable</span><span class="p">[</span><span class="n">PrIndex</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">FALSE</span><span class="p">;</span><span class="w"> </span><span class="c1">// Changed from TRUE</span>
</span><span class="w"> </span><span class="n">FspsConfig</span><span class="o">-&gt;</span><span class="n">PchReadProtectionEnable</span><span class="p">[</span><span class="n">PrIndex</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">FALSE</span><span class="p">;</span>
<span class="w"> </span><span class="n">FspsConfig</span><span class="o">-&gt;</span><span class="n">PchProtectedRangeBase</span><span class="p">[</span><span class="n">PrIndex</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">UINT16</span><span class="p">)</span><span class="w"> </span><span class="p">((</span><span class="n">BaseAddress</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="n">Address</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="n">VarSize</span><span class="p">)</span><span class="w"> </span><span class="o">&gt;&gt;</span><span class="w"> </span><span class="mi">12</span><span class="p">);</span>
<span class="w"> </span><span class="n">FspsConfig</span><span class="o">-&gt;</span><span class="n">PchProtectedRangeLimit</span><span class="p">[</span><span class="n">PrIndex</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">UINT16</span><span class="p">)</span><span class="w"> </span><span class="p">((</span><span class="n">BaseAddress</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="n">TotalSize</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="p">)</span><span class="w"> </span><span class="o">&gt;&gt;</span><span class="w"> </span><span class="mi">12</span><span class="p">);</span>
<span class="w"> </span><span class="n">PrIndex</span><span class="o">++</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="c1">//</span>
<span class="w"> </span><span class="c1">// Protect the whole BIOS region</span>
<span class="w"> </span><span class="c1">//</span>
<span class="hll"><span class="w"> </span><span class="n">FspsConfig</span><span class="o">-&gt;</span><span class="n">PchWriteProtectionEnable</span><span class="p">[</span><span class="n">PrIndex</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">FALSE</span><span class="p">;</span><span class="w"> </span><span class="c1">// Changed from TRUE</span>
</span><span class="w"> </span><span class="n">FspsConfig</span><span class="o">-&gt;</span><span class="n">PchReadProtectionEnable</span><span class="p">[</span><span class="n">PrIndex</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">FALSE</span><span class="p">;</span>
<span class="w"> </span><span class="n">FspsConfig</span><span class="o">-&gt;</span><span class="n">PchProtectedRangeBase</span><span class="p">[</span><span class="n">PrIndex</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">UINT16</span><span class="p">)</span><span class="w"> </span><span class="p">(</span><span class="n">BaseAddress</span><span class="w"> </span><span class="o">&gt;&gt;</span><span class="w"> </span><span class="mi">12</span><span class="p">);</span>
<span class="w"> </span><span class="n">FspsConfig</span><span class="o">-&gt;</span><span class="n">PchProtectedRangeLimit</span><span class="p">[</span><span class="n">PrIndex</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">UINT16</span><span class="p">)</span><span class="w"> </span><span class="p">((</span><span class="n">BaseAddress</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="n">TotalSize</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="p">)</span><span class="w"> </span><span class="o">&gt;&gt;</span><span class="w"> </span><span class="mi">12</span><span class="p">);</span>
<span class="w"> </span><span class="n">PrIndex</span><span class="o">++</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="n">DEBUG</span><span class="w"> </span><span class="p">(((</span><span class="n">BiosProtected</span><span class="p">)</span><span class="w"> </span><span class="o">?</span><span class="w"> </span><span class="n">DEBUG_INFO</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="n">DEBUG_WARN</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;BIOS SPI region will %a protected</span><span class="se">\n</span><span class="s">&quot;</span><span class="p">,</span><span class="w"> </span><span class="p">(</span><span class="n">BiosProtected</span><span class="p">)</span><span class="w"> </span><span class="o">?</span><span class="w"> </span><span class="s">&quot;be&quot;</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s">&quot;NOT BE&quot;</span><span class="p">));</span>
<span class="p">}</span>
</pre></div>
</div>
</div></blockquote>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>This tool should <em>not</em> be enabled in production builds as its use can prevent the system from booting in certain circumstances.</p>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>If SBL is corrupted by this tool and unable to boot, reflashing SBL to SPI is necessary.</p>
</div>
<p>Command Syntax:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">Usage</span><span class="p">:</span> <span class="n">corruptcomp</span> <span class="o">&lt;</span><span class="n">boot</span> <span class="n">partition</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="n">component</span><span class="o">&gt;</span>
<span class="n">Example</span><span class="p">:</span> <span class="n">corruptcomp</span> <span class="mi">1</span> <span class="n">SG1A</span>
<span class="n">Example</span><span class="p">:</span> <span class="n">corruptcomp</span> <span class="mi">0</span> <span class="n">SG1B</span>
<span class="n">Example</span><span class="p">:</span> <span class="n">corruptcomp</span> <span class="mi">0</span> <span class="n">SG02</span>
</pre></div>
</div>
<p>Command Example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">corruptcomp</span> <span class="mi">0</span> <span class="n">SG1B</span>
</pre></div>
</div>
<p>After one or more corruptions, a reset should be run to exercise SBL with the corruptions.</p>
</section>
<section id="behavior-when-sbl-component-is-corrupted">
<h2>Behavior when SBL component is corrupted<a class="headerlink" href="#behavior-when-sbl-component-is-corrupted" title="Permalink to this heading"></a></h2>
<p>If SBL resiliency is enabled and an SBL component is corrupted, the system halts for some
time after hash verification of the corrupted component fails. If an IBB corruption is present (i.e. a
corruption in uCode, ACM, Stage 1A, Configuration Data, Key Hash, or Stage 1B), a recovery flow
on the opposite partition is immediately launched. If an OBB corruption is present (i.e. a corruption
in Stage 2 or Firmware Update Payload), the boot is tried a total of 3 times on the current partition
before a recovery flow is launched on the opposite partition. If both partitions are corrupted, the
system halts and reboots are discontinued.</p>
<p>During the recovery flow, the working boot partition is written to the failing boot partition.
In the case of a failure on normal boot, the backup partition is copied to the primary partition. In
the case of a failure on update boot, the primary partition is copied to the backup partition. After
both cases, a normal boot occurs from the primary partition.</p>
</section>
<section id="obb-corruption-example">
<h2>OBB Corruption Example<a class="headerlink" href="#obb-corruption-example" title="Permalink to this heading"></a></h2>
<p>To test recovery from OBB corruption, first build an IFWI with resiliency (see <a class="reference internal" href="../security/firmware-resiliency-and-recovery.html#firmware-resiliency-and-recovery"><span class="std std-ref">Firmware Resiliency and Recovery</span></a>)
and <code class="docutils literal notranslate"><span class="pre">corruptcomp</span></code> tool (see <a class="reference internal" href="#corruptcomp"><span class="std std-ref">corruptcomp (runtime corruption tool)</span></a>) enabled. Then, flash the IFWI to board.</p>
<p>Next, boot to OSL shell and run the following commands:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>corruptcomp<span class="w"> </span><span class="m">0</span><span class="w"> </span>SG02
reset
</pre></div>
</div>
<p>The following logs should be output:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>============= Intel Slim Bootloader STAGE1A =============
...
============= Intel Slim Bootloader STAGE1B =============
...
BOOT: BP0
MODE: 1
...
Loading Stage2 error - Security Violation !
Failed to load Stage2!
...
============= Intel Slim Bootloader STAGE1A =============
...
============= Intel Slim Bootloader STAGE1B =============
...
BOOT: BP0
MODE: 1
...
Loading Stage2 error - Security Violation !
Failed to load Stage2!
...
============= Intel Slim Bootloader STAGE1A =============
...
============= Intel Slim Bootloader STAGE1B =============
...
BOOT: BP0
MODE: 1
...
Loading Stage2 error - Security Violation !
Failed to load Stage2!
...
============= Intel Slim Bootloader STAGE1A =============
...
============= Intel Slim Bootloader STAGE1B =============
...
BOOT: BP0
MODE: 1
...
Boot failure occurred! Failed boot count: 3
Boot failure threshold reached! Switching to partition: 1
============= Intel Slim Bootloader STAGE1A =============
...
============= Intel Slim Bootloader STAGE1B =============
...
BOOT: BP1
MODE: 18
...
============= Intel Slim Bootloader STAGE2 =============
...
Firmware update mode, unlock Bios setting
...
Loading Payload ID FWUP
Loading Component FLMP:FWUP
...
Triggered FW recovery!
Updating 0x00A00000, Size:0x010000
................
Finished 1%
...
Finished 100%
Exiting Firmware Update (Status: Success)
Set next FWU state: 0x77
Reset required to proceed.
============= Intel Slim Bootloader STAGE1A =============
...
============= Intel Slim Bootloader STAGE1B =============
...
BOOT: BP0
MODE: 1
...
============= Intel Slim Bootloader STAGE2 =============
...
====================Os Loader====================
...
Starting Kernel ...
...
</pre></div>
</div>
</section>
<section id="ibb-corruption-example">
<h2>IBB Corruption Example<a class="headerlink" href="#ibb-corruption-example" title="Permalink to this heading"></a></h2>
<p>To test recovery from IBB corruption, first build an IFWI with resiliency enabled
(see <a class="reference internal" href="../security/firmware-resiliency-and-recovery.html#firmware-resiliency-and-recovery"><span class="std std-ref">Firmware Resiliency and Recovery</span></a>). Then, flash the IFWI to board.</p>
<p>Next, corrupt the SBL image using the following command:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>python<span class="w"> </span>CorruptComponentUtility.py<span class="w"> </span>-i<span class="w"> </span>sbl.bin<span class="w"> </span>-o<span class="w"> </span>sbl_corrupt.bin<span class="w"> </span>-p<span class="w"> </span>IFWI/BIOS/TS1/SG1B
</pre></div>
</div>
<p>Next, embed the corrupted SBL image into a FW update capsule and transfer it to
board. Then, boot to OSL shell and launch a firmware update (see <a class="reference internal" href="../security/firmware-update.html#firmware-update"><span class="std std-ref">Firmware Update</span></a>).</p>
<p>The following logs should be output:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>============= Intel Slim Bootloader STAGE1A =============
...
============= Intel Slim Bootloader STAGE1B =============
...
BOOT: BP0
MODE: 18
...
============= Intel Slim Bootloader STAGE2 =============
...
Firmware update mode, unlock Bios setting
...
Loading Payload ID FWUP
Loading Component FLMP:FWUP
...
Triggered FW update!
...
=================Read Capsule Image==============
...
Updating Slim Bootloader from version 1 to version 2
...
Updating 0x00600000, Size:0x010000
................
Finished 0%
...
Finished 100%
Set next FWU state: 0x7E
Reset required to proceed.
============= Intel Slim Bootloader STAGE1A =============
...
============= Intel Slim Bootloader STAGE1B =============
...
Partition to be updated is same as current boot partition (primary)
...
BOOT: BP0
MODE: 18
...
============= Intel Slim Bootloader STAGE2 =============
...
Firmware update mode, unlock Bios setting
...
Loading Payload ID FWUP
Loading Component FLMP:FWUP
...
Triggered FW recovery!
Updating 0x00600000, Size:0x010000
................
Finished 1%
...
Finished 100%
Exiting Firmware Update (Status: Success)
Set next FWU state: 0x77
Reset required to proceed.
============= Intel Slim Bootloader STAGE1A =============
...
============= Intel Slim Bootloader STAGE1B =============
...
BOOT: BP0
MODE: 1
...
============= Intel Slim Bootloader STAGE2 =============
...
====================Os Loader====================
...
Starting Kernel ...
...
</pre></div>
</div>
</section>
</section>
</div>
</div>
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="ex_uefi_payload.html" class="btn btn-neutral float-left" title="Exercise \- UEFI Payload" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="../specs/index.html" class="btn btn-neutral float-right" title="Specifications" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>
<div role="contentinfo">
<p>&#169; Copyright 2018 - 2024, Intel Corporation.
<span class="lastupdated">Last updated on Jun 07, 2024.
</span></p>
</div>
Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
<a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink