Currently SBL supports SMM REBASE based on configuration.
1) When payload doesn't support SMM, SBL need enable SMM rebase.
So SBL will rebase SMM to SMRAM and set SMRR to prevent SMRAM
access out of SMM and prevent payload SMM driver dispatch.
2) When payload support SMM, SBL need disable SMM rebase.
In this case SBL do nothing for SMM. Payload will do SMM
rebase.
In new UEFI payload (after stable branch 202311), SMM relocation
was removed CPU SMM driver. To work with new UEFI payload, SMM
relocation is expected in SBL, but SMRR should not be set so that
SMM drivers in UEFI payload could be dispatched into SMRAM.
This patch adds a new SMM rebase configuration that it rebase SMM
but it doesn't set SMRR.
Currently SBL supports rebase AUTO setting based on payload. This
patch also add auto support.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Added fips_selftest run before any crypto use in Stage1A.
updated IppCrypto to 1.0.1 version
Signed-off-by: Antara Borwankar <antara.borwankar@intel.com>
IAS boot image format is deprecated; it is recommended to use container
boot image.
- Removed references,files related to IAS image.
- Replaced IAS image boot options with container type image.
Signed-off-by: Chirag Vijay Kolhe <chirag.vijay.kolhe@intel.com>
New universal payload uses FDT instead HOB to pass information
from bootloader to payload. This BuildFdtLib could help build
the required FDT nodes.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Adding 64-bit DebugAgentLib source files, header files and nasm files to
build SBL image with ENABLE_SOURCE_DEBUG=1
Signed-off-by: Ong Ee Lim <ee.lim.ong@intel.com>
There is a flag in both multiboot and multiboot2 image indicating
modules must be loaded to page boundaries. Currently this flag is not
handled when loading multiboot images in ELF format. Check this flag
and move the loaded modules if needed before SetupMultibootInfo().
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
The SBL logo is verified as part of Stage2 verification, so untrusted
logos won't be parsed, but it's still good to prevent dereferencing BMP
header pointers that may fall outside of BMP file.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
Currently only PreOs and Extra0 image info is printed in boot options
list, this patch prints all of them.
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
The MULTIBOOT_MODULE type indicates the container contains only
multiboot modules and their string without a bootable kernel. Similar
to the MULTIBOOT container type, the files in container should be
organized in pairs which contains a zero-teminated text for string
and the a module binary.
This type should only be used in Extra images when Normal image is in
multiboot/multiboot2 format.
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
Required by multiboot spec (*1), a mod string is a zero-terminated
ASCII string. The patch introduces LoadMultibootModString to load
mod string from a IMAGE_DATA (allocating a new buffer when requiring
to append zero-terminated char).
The patch does not reuse GetFromConfigFile because GetFromConfigFile
was designed to be compatible with legacy format (e.g., EOF signature)
and truncates newline chars (which is not required by multiboot mod).
For performance, the patch does not run "isascii" check.
Minor changes:
- Fix typo error (InitMultibootMmap)
- Declare FreeImageData in Library/IasImageLib.h
- Dump mod string for debug build
Reference:
1. https://www.gnu.org/software/grub/manual/multiboot/multiboot.html
Verify: EHL CRB
Acked-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
Signed-off-by: Stanley Chang <stanley.chang@intel.com>
Currently there are only few use cases for the lite variable.
FSP2.4 requires bootloader to have variable support. To avoid
creating a new variable instance, just update lite variable to
align with FSP 2.4 variable requirements.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Update copyright years
Initialize pointers to NULL
Check pointers for NULL before de-reference
Standardize debug logs
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
* [ADL] Update TPM event logging to match BIOS
If measured boot disabled via BtG profile but enabled via SBL
config flag, skip logging startup locality TPM event
If measured boot enabled via BtG profile or SBL config flag, log
CRTM version TPM event
Set startup locality based off startup locality on ACM policy status
Log detail and authority PCR events based off SCTRM status on ACM
policy status
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
* Initialize startup locality and remove measured boot check
Initialize startup locality variable used in setting up event
log
Remove measured boot check as it is not seen in BIOS and it
occurs at higher level
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
---------
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
* Add Name field to IMAGE_DATA structure
Add a name field to the structure to be used by container parsing
functions. It will be useful to determine the name of the container
component when dealing with special files like ACPI blobs.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: save the name of the component when creating array of components
Saving the name will help us deal with special files like ACPI blobs
more easily
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: streamline container types
Update container functionality to streamline container types:
- Normal: PE32, FV, ELF images. Supports ACPI table update.
- Classic (Linux): Used for a traditional Linux boot setup.
(cmdline, bzImage, initrd). Additionally supports ACPI table update.
- Multiboot: Used for Multiboot/Multiboot-2 compliant ELF images.
Supports ACPI table update.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* Rename CLASSIC container to CLASSIC_LINUX
This type of container is to be used for a traditional Linux
boot setup consisting of a cmdline, bzImage, initrd(optional),
and other binary blobs or ACPI blobs.
Rename it to CLASSIC_LINUX to make the purpose of the container
clearer.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: copy Linux ExtraBlobs to reserved mem and add to cmdline
Until now, SBL loaded the Extra blobs with the Linux kernel
into memory. However, there was no way for the OS to know where
these blobs resided in memory. The blobs were also loaded in
memory that was not marked as reserved.
This patch copies the blobs to reserved memory and adds the
blob addresses into an expected placeholder in the Linux cmdline.
If the placeholder is not present, nothing related to that blob
will be added to the cmdline.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
---------
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
When running "perf" command from OsLoader shell, it would
print the performance data but it is difficult to know what
they are mean. The patch adds the description to performance
data.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Signed-off-by: Guo Dong <guo.dong@intel.com>
* OsLoader: remove references to IAS images
Change IAS references to 'Boot Image' since IAS support is deprecated.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* ContainerLib: add container type defines
Add comments to indicate the use cases of each container type
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: Use container defines instead of IAS defines
This commit also changes some comments referencing IAS instead of a container.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: remove ParseIasImage() since it is deprecated
Remove deprecated functionality and header include.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
Signed-off-by: Chirag Vijay Kolhe <chirag.vijay.kolhe@intel.com>
* OsLoader: add check for normal container type and fix comment
NORMAL type of container is usually used with FV, regular ELF images, etc.
This commit adds the check for it and removes the "non valid use case" comment.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* GenContainer: add comments explaining container types
Add comments explaining use cases of each container type
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: add a check for number of files in classic container
Classic Container needs to have the boot file in it. According
to the fixed order, this is the second file in the container.
Add a check to make sure there are atleast 2 files before attempting
boot.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* QEMU: replace IAS references in boot options with container
Clean up IAS reference from boot options list
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
Signed-off-by: Chirag Vijay Kolhe <chirag.vijay.kolhe@intel.com>
In the Ubuntu ISO image, it has 0xF8 partition entries.
The partition library could not work as expected since
it expects the partition entries are no more than 128.
Potentially it could have more partition entries, so just
remove the check.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Signed-off-by: Guo Dong <guo.dong@intel.com>
