When changing a boot option from a non-RAW type to RAW, the boot command
does not set the valid field of the LbaImage.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
New UEFI payload depends on SBL to rebase SMM and reports SMM rebase information.
This patch build SMM rebase related HOB for UEFI payload.
SMM rebase memory is located at the end of SMRAM. and this patch also updated
SMM memory HOB.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Currently SBL supports SMM REBASE based on configuration.
1) When payload doesn't support SMM, SBL need enable SMM rebase.
So SBL will rebase SMM to SMRAM and set SMRR to prevent SMRAM
access out of SMM and prevent payload SMM driver dispatch.
2) When payload support SMM, SBL need disable SMM rebase.
In this case SBL do nothing for SMM. Payload will do SMM
rebase.
In new UEFI payload (after stable branch 202311), SMM relocation
was removed CPU SMM driver. To work with new UEFI payload, SMM
relocation is expected in SBL, but SMRR should not be set so that
SMM drivers in UEFI payload could be dispatched into SMRAM.
This patch adds a new SMM rebase configuration that it rebase SMM
but it doesn't set SMRR.
Currently SBL supports rebase AUTO setting based on payload. This
patch also add auto support.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Added fips_selftest run before any crypto use in Stage1A.
updated IppCrypto to 1.0.1 version
Signed-off-by: Antara Borwankar <antara.borwankar@intel.com>
Current implementation only supports the case that ELF file doesn't reload.
If the ELF file has to be reload (e.g.: to meet alignment requirement), SBL
need copy it to a different location and run.
Recently EDKII updated universal payload ELF image link script, and the new
ELF text alignment was changed to 0x1000 from 0x40. Mostly the default file
load location could not meet this requirement. So enhancement SBL to copy
it to a new location for this case.
Signed-off-by: Guo Dong <guo.dong@intel.com>
CfgDataTool de-dupes config data in some circumstances when using the
"merge" command. In such a case, the CDATA_FLAG_TYPE_REFER flag is set
in the header, and a special REFERENCE_CFG_DATA struct is added after the
conditions that points to the reference Config Data. ConfigDataLib's
BuildConfigData() triggers a config data corruption when handling these
that needed to be fixed. Instead, the setup payload will expand these
de-duped configs using the reference data so they can be modified
independently. This will cause an increase in Config Data size when
saving data from setup in these cases.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
IAS boot image format is deprecated; it is recommended to use container
boot image.
- Removed references,files related to IAS image.
- Replaced IAS image boot options with container type image.
Signed-off-by: Chirag Vijay Kolhe <chirag.vijay.kolhe@intel.com>
Remove clear FSP hob from Uefi payload boot path because Fsp NotifyPhase needs FSP hob to work.
Fixed 32bit address FspHotList in FSP INFO. UEFI payload consumes ths info to clear FSP hob.
Move clear FSP hob at EndOfFirmware for Osloader.
Signed-off-by: Kevin Tsai <kevin.tsai@intel.com>
Currently an ASSERT is triggered halting the system if the
command length is greater than the argv buffer size. Handle this
error gracefully to avoid system halt.
Signed-off-by: Sachin Kamat <sachin.kamat@intel.com>
- NULL Pointer Dereference (CWE-476) on the PciRootBridgeInfo
- Assignment to Variable without Use (CWE-563) on Status
- The return value of AsciiSPrint should be UINTN, so remove Status
Signed-off-by: Vincent Chen <vincent.chen@intel.com>
New universal payload uses FDT instead HOB to pass information
from bootloader to payload. This BuildFdtLib could help build
the required FDT nodes.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Prevent GenContainer.py from creating monolithic signed containers with
no component authorization data. Prevent ContainerLib from
authenticating such containers when verified boot is enabled.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
Latest ipp-crytpo code is FIPS compliant. Need to add it as a submodule
to maintain FIPS compliance. This requires adding each ASM optimized
implementation as a separate .inf file and selecting at the platform
level. Old IppCryptoLib instance needs to be kept for backwards
compatibility.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
In X64 build, an stack segment exception was seen when
debug timer interrupt is enabled.
Just disable interrupt to WA this issue.
Signed-off-by: Guo Dong <guo.dong@intel.com>
