Current container library cannot be used before memory is initialized
because the structure will only be initialized after memory. This
patch moved the initialization into Stage1A so that the library can be
used much earlier. The containers registered before memory will be
migrated into memory automatically post memory initialization. In this
way it avoids duplicated header authentication.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This will fix stage transition failures for X64 targets built with gcc
which is caused by mis-matched EFIAPI calling convention.
- Add EFIAPI to STAGE_ENTRY interface for Stage1A -> Stage1B
- Add EFIAPI to PAYLOAD_ENTRY interface for Stage2->OsLoader Payload
- Remove unused KERNEL_ENTRY interface
Signed-off-by: Aiden Park <aiden.park@intel.com>
* [QEMU] Enable Stage1A boot in X64 mode
This patch added necessary changes to enable QEMU boot through
Stage1A in SBL X64 build.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
* [QEMU] Enable QEMU Linux boot in X64 mode
This patch enabled SBL X64 boot for Linux. At this moment, since
FSP is still in 32 bit mode, it is required to thunk back into
32 bit mode to call FSP APIs.
It fixed#622.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Due to missing normal function implementations in some x64 code, GCC
optimized many code off from the final image which caused synbol
patching issue later on. This patch fixed this.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch allows both 32/64-bit addressing properly.
- Pointer type cast with UINTN
- Add missing EFIAPI for APIs
Signed-off-by: Aiden Park <aiden.park@intel.com>
This patch opitmized GDT loading in different stages. The old code
put GDT in code segment so it needs to be relocated every time when
code relocation/remapping occurs. By putting GDT into heap, it avoids
the GDT reloading. It only needs to be done twice, PreMem and PostMem.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch added DMA memory type into memory allocation pool for payloads.
This DMA memory buffer with PcdDmaBufferSize is located at address
aligned at PcdDmaBufferAlignment after Payload reserved memory. Memory
type EfiRuntimeServicesData is used to indicate DMA memory type.
Stage1B calculates the DMA memory location using fixed PCDs so that
platform can set up DMA protection as early as possible after memory is
ready. In Stage1B or Stage2 platform code should use platform VTd
information to setup PMR to protect all low memory except for the DMA
buffer range. DMA memory will be added into memory pool at the entry
point of the payload. Before transfering to OS, the DMA memory protection
can be disabled, and the DMA memory pool can be reclaimed for OS usage.
Currently only boot media device will utilize the DMA buffer range for
block access operations. So it should only be required by payloads. GFX,
when enabled, will also use DMA. It will be targeted to the system stolen
memory which is not protected by PMR.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
- Added GetHashToExtend to bootloader common API to
retrive digest to extend
- Hash calculations for stage component and config date updated
to use bootloader common API
- Added functionality to extend KeyHashManifest digest
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
LoadComponentCallback is extended to perfom TPM extend
for firmware component stages. Component callback would be
invoked after authentication.
TpmExtendStageHash would extend hash based on hash validity.
TpmExtendConfigData is added to handle the Config data blob extend.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch allows to setup Stage1 stack/data in any CAR range.
By default, the stack base offset is 0 from CarBase.
Signed-off-by: Aiden Park <aiden.park@intel.com>
This patch did some of the following clean up:
- Rename *_HOB to *_PARAM for Stage1A/Stage1B/Stage2.
This is to avoid confusion between real HOB and the parameter
data block passed through stages.
- Rename BistVal to CpuBist.
This is to make it more clear.
- Add BUF_INFO definition.
BUF_INFO will be used as a general structure.
- Remove CarBase/Top in Stage1B HOB
They are not used at all.
- Clean memory allocation in Stage1A
Restructured the buffer allocations for Stage1A global
data so that it is easier to read and maintain.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Hash and RSA signing parameters were hardcoded in
Crypto wrappers and secure boot libraries. This patch
address support for multiple hash and key sizes.
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
This will fully support PatchCheck.py.
- Remove all trailing whitespace
- Convert LF to CRLF by default
- Update EFI_D_* to DEBUG_*
- Re-enable CRLF check in PatchCheck.py
Signed-off-by: Aiden Park <aiden.park@intel.com>
- Add BistVal in STAGE1A_ASM_HOB structure
- Use MM0 register to preserve the BIST value
- Push BistVal while setup HOB in stack
- Add check for CPU BIST failure and halt the system when failed
Signed-off-by: Himanshu Sahdev aka CunningLearner sahdev.himan@gmail.com
This patch added a ContainerLib to support load and location a
component from a specified container. It copies the component
from flash to memory, authenticate it, and then decompress it if
required. It can also be used to support load component from flash
map in SBL stage2 or payload, such as payload or e-payload.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Restore the register information saved during the
normal boot, on S3 resume path for UEFI payload only.
Signed-off-by: Sai Talamudupula <sai.kiran.talamudupula@intel.com>
Add ACPI_ENABLED() to align with MEASURED_BOOT_ENABLED().
Update MEASURED_BOOT_ENABLED() by checking PcdMeasuredBootEnabled
firstly.
Update PlatformFeaturesInit () in stage1b to fix potential inconsistent.
Update other code for changes above.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Smm bases for all the procs need to be relocated on the
S3 resume path (as payload is not run) for Windows boot.
Signed-off-by: Sai Talamudupula <sai.kiran.talamudupula@intel.com>
Current SBL can only support on VBT file. However, different board
might need different VBT table. It is better to have the capability
to embed multiple VBT table into the image. This patch implemented
this feature and enabled it on QEMU. By default, it will take the
original behavior. if _MULTI_VBT_FILE in BoardConfig.py is specified,
multiple VBT files can be used.
If multiple VBT table support is required, list them as:
{VbtImageId1 :VbtFileName1, VbtImageId2 : VbtFileName2, ...}
VbtImageId is ID to identify a VBT image. It is a UINT32 number to
match the ImageId field in the VBT container.
VbtFileName is the VBT file name. It needs to be located under platform
VbtBin folder.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Singh Nitin G
Maurice Ma
Aiden Park
Subash Lakkimsetti
Subash Lakkimsetti
Subash Lakkimsetti
Himanshu Sahdev
Sai Talamudupula
Guo Dong