Current SBL hash store has many limitations:
- Only support fixed hash size
- Only support 1:1 public key and usage mapping
- Only support build time key enrollment
This patch addressed this issue by introducing:
- Add a updatable KEYH component to hold extra key hash
- Allow append new hash entries from KEYH
- Use variable length entry for hash
- Introduce "Usage" bit mask for a key usage
This will allow using a single key to sign multiple components, or
using multiple keys to sign a single component. The built-in hash
store will only contain hash for STAGE1B, STAGE2, PAYLOAD,
PAYLOAD_FWU and MASTER public key hash. Master key hash will be used
to verify the KEYH component loaded at runtime in Stage1B. Once KEYH
is loaded, it will be appended into global hash store. The combined
hash store will be used to verify other components on the boot flow.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch moved some library APIs into BootloaderCommonLib, including
GetComponentInfo() and GetComponentHash().
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This will fully support PatchCheck.py.
- Remove all trailing whitespace
- Convert LF to CRLF by default
- Update EFI_D_* to DEBUG_*
- Re-enable CRLF check in PatchCheck.py
Signed-off-by: Aiden Park <aiden.park@intel.com>
On WHL, if using Boot Guard profile 0, booting from BP1 will be
significantly slower than BP0. It is because some code region in BP1
is not covered by MTRR cache settings. This patch adjusted MTRR
settings during PostTempRamInit notification to cover full flash
code region if Boot Guard profile 0 is used.
It fixed#188.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
There are 'uninitialized' errors and size exceed error in PAYLOAD
with old gcc versions. This change has been verified with gcc-4.8,
gcc-5, gcc-7 and gcc-8 on Ubuntu 18.04 LTS.
Signed-off-by: Aiden Park <aiden.park@intel.com>
Maurice Ma
Aiden Park
Guo Dong
Aiden Park