Currently SBL library has GetDeviceAddr() to get the device
address based on device type and instance. This patch adds
SetDeviceAddr() to update a given device type and address so
that platform could update the device table dynamically.
Signed-off-by: Guo Dong <guo.dong@intel.com>
This patch moved GetHashToExtend function from BootloaderCommonLib
to SecureBootLib. It is a better place to contain this interface.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch allows both 32/64-bit addressing properly.
- Pointer type cast with UINTN
- Add missing EFIAPI for APIs
Signed-off-by: Aiden Park <aiden.park@intel.com>
1) GetComponentInfoByPartition does not check FlashMapPtr, added code
to return error if FlashMapPtr is NULL
2) In GetComponentHash function, there is no check for if HashEntryPtr is
greater than or equal to HashEndPtr. In this case HashEntryData will be
corrupted.
3) In InitFirmwareUpdate function, if we could not find corresponding
image in capsule, there is an error message but after that we continue
to update reserved region based on ImageHdr which is not valid.
Added code to continue if image is not found in capsule.
4) In UpdateSblComponent function, Status is uninitialized.
Initialized Status to not found.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
- Added GetHashToExtend to bootloader common API to
retrive digest to extend
- Hash calculations for stage component and config date updated
to use bootloader common API
- Added functionality to extend KeyHashManifest digest
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch added routine to get component entry from flash map
this is required in case when component entry flags are required.
GetComponentInfoByPartition function will reuse the newly added
routine GetComponentEntryByPartition.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
Current SBL hash store has many limitations:
- Only support fixed hash size
- Only support 1:1 public key and usage mapping
- Only support build time key enrollment
This patch addressed this issue by introducing:
- Add a updatable KEYH component to hold extra key hash
- Allow append new hash entries from KEYH
- Use variable length entry for hash
- Introduce "Usage" bit mask for a key usage
This will allow using a single key to sign multiple components, or
using multiple keys to sign a single component. The built-in hash
store will only contain hash for STAGE1B, STAGE2, PAYLOAD,
PAYLOAD_FWU and MASTER public key hash. Master key hash will be used
to verify the KEYH component loaded at runtime in Stage1B. Once KEYH
is loaded, it will be appended into global hash store. The combined
hash store will be used to verify other components on the boot flow.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch moved some library APIs into BootloaderCommonLib, including
GetComponentInfo() and GetComponentHash().
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This will fully support PatchCheck.py.
- Remove all trailing whitespace
- Convert LF to CRLF by default
- Update EFI_D_* to DEBUG_*
- Re-enable CRLF check in PatchCheck.py
Signed-off-by: Aiden Park <aiden.park@intel.com>
On WHL, if using Boot Guard profile 0, booting from BP1 will be
significantly slower than BP0. It is because some code region in BP1
is not covered by MTRR cache settings. This patch adjusted MTRR
settings during PostTempRamInit notification to cover full flash
code region if Boot Guard profile 0 is used.
It fixed#188.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
There are 'uninitialized' errors and size exceed error in PAYLOAD
with old gcc versions. This change has been verified with gcc-4.8,
gcc-5, gcc-7 and gcc-8 on Ubuntu 18.04 LTS.
Signed-off-by: Aiden Park <aiden.park@intel.com>
