New UEFI payload depends on SBL to rebase SMM and reports SMM rebase information.
This patch build SMM rebase related HOB for UEFI payload.
SMM rebase memory is located at the end of SMRAM. and this patch also updated
SMM memory HOB.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Currently SBL supports SMM REBASE based on configuration.
1) When payload doesn't support SMM, SBL need enable SMM rebase.
So SBL will rebase SMM to SMRAM and set SMRR to prevent SMRAM
access out of SMM and prevent payload SMM driver dispatch.
2) When payload support SMM, SBL need disable SMM rebase.
In this case SBL do nothing for SMM. Payload will do SMM
rebase.
In new UEFI payload (after stable branch 202311), SMM relocation
was removed CPU SMM driver. To work with new UEFI payload, SMM
relocation is expected in SBL, but SMRR should not be set so that
SMM drivers in UEFI payload could be dispatched into SMRAM.
This patch adds a new SMM rebase configuration that it rebase SMM
but it doesn't set SMRR.
Currently SBL supports rebase AUTO setting based on payload. This
patch also add auto support.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Added fips_selftest run before any crypto use in Stage1A.
updated IppCrypto to 1.0.1 version
Signed-off-by: Antara Borwankar <antara.borwankar@intel.com>
CfgDataTool de-dupes config data in some circumstances when using the
"merge" command. In such a case, the CDATA_FLAG_TYPE_REFER flag is set
in the header, and a special REFERENCE_CFG_DATA struct is added after the
conditions that points to the reference Config Data. ConfigDataLib's
BuildConfigData() triggers a config data corruption when handling these
that needed to be fixed. Instead, the setup payload will expand these
de-duped configs using the reference data so they can be modified
independently. This will cause an increase in Config Data size when
saving data from setup in these cases.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
Mismatch between YAML config type and value was causing setup to crash.
Handle it gracefully and print an error instead.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
IAS boot image format is deprecated; it is recommended to use container
boot image.
- Removed references,files related to IAS image.
- Replaced IAS image boot options with container type image.
Signed-off-by: Chirag Vijay Kolhe <chirag.vijay.kolhe@intel.com>
Remove clear FSP hob from Uefi payload boot path because Fsp NotifyPhase needs FSP hob to work.
Fixed 32bit address FspHotList in FSP INFO. UEFI payload consumes ths info to clear FSP hob.
Move clear FSP hob at EndOfFirmware for Osloader.
Signed-off-by: Kevin Tsai <kevin.tsai@intel.com>
Fix loading and saving issues with SblSetup payload when Config Data
layout differs from ConfigDataDef.json file. ConfigDataDef.json used
by setup payload has config data order based on defaults, while actual
binary config values retrieved from ConfigLib can have order changes
triggered by board deltas.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
FSP 2.4 introduces the possibility of FSP built for x64 architecture.
This adds support for x64 FSP calling conventions based on the header x64
support attribute. Support for x64 FSP-T requires entering long mode
prior to FSP-T execution.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
FSP 2.4 with MultiPhase support expects FSP UPD buffer to stay accessible
after CallFspMemoryInit() returns, so FSP must be allocated from the heap
instead of stack.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
Prevent GenContainer.py from creating monolithic signed containers with
no component authorization data. Prevent ContainerLib from
authenticating such containers when verified boot is enabled.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
Latest ipp-crytpo code is FIPS compliant. Need to add it as a submodule
to maintain FIPS compliance. This requires adding each ASM optimized
implementation as a separate .inf file and selecting at the platform
level. Old IppCryptoLib instance needs to be kept for backwards
compatibility.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
Some silicon requires longer than provided for all APs to enter the wakeup
routine. This change makes this platform configurable. The default wait
time is none and can be increased for platforms with higher core count Si.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
If Verified Boot is disabled, the data pointed by HashStorePtr is
not well-defined, so is the content of the KeyHash Hob.
In this case, if fwupdate tries to verify the PUBKEY_FWU hash
of the FwuImage, the result will be non-deterministic.
Signed-off-by: Vincent Chen <vincent.chen@intel.com>
When platform chooses BusScanTypeList for PCI enumeration, the BusLimit should be set to PCI_MAX_BUS.
The BusScanItems defines primary bus for PCie root port. If there is device attached to root port,
which will present on secondary bus, in the meantime the bus number is greater than Buslimit, this device
cannot be found from enumeration. Assign PCI_MAX_BUS to BusLimit to prevent this issue.
Signed-off-by: Kevin Tsai <kevin.tsai@intel.com>
This commit adds support for PCIe resizable BARsupport.
The feature can be enabled by setting PcdResizableBarSupport
for the board build script and its disabled by default.
Signed-off-by: pastorcx <mariano-paulx.pastorcici@intel.com>
When no auth parameter is specified on the command line, gen_layout
chooses auth type based on provided key, but this does not get correctly
applied to the monolithic signing component because of an order of
operations issue.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
Guo Dong
Kevin Tsai
Fernando Silva
Antara Borwankar
Biswas Arghya
Bejean Mosher
Chirag Vijay Kolhe
Sachin Kamat
Vincent Chen
Pastorcici, Mariano-paulX