On Sun, Oct 15, 2017 at 10:54:53AM +0100, Ard Biesheuvel wrote: > Wire up the various modules and boilerplate configuration snippets > to implement signed capsule update for AMD Overdrive. Note that this > uses the insecure default key. > > The secure firmware on this SoC does not implement warm reboot, so we > cannot support capsules that persist across reset. Instead, the capsule > may be installed using CapsuleApp (from MdeModulePkg), from the UEFI > Shell prompt. > > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> > --- > Platform/AMD/OverdriveBoard/OverdriveBoard.dsc > | 27 ++++++- > Platform/AMD/OverdriveBoard/OverdriveBoard.fdf > | 83 ++++++++++++++++++++ > > Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc > | 80 +++++++++++++++++++ > > Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf > | 46 +++++++++++ > > Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c > | 68 ++++++++++++++++ > > Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini > | 25 ++++++ > 6 files changed, 328 insertions(+), 1 deletion(-) > > diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc > b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc > index daa773172029..a15f96d2fba9 100644 > --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc > +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc > @@ -123,7 +123,15 @@ DEFINE DO_FLASHER = FALSE > > ResetSystemLib|ArmPkg/Library/ArmSmcPsciResetSystemLib/ArmSmcPsciResetSystemLib.inf > > RealTimeClockLib|Silicon/AMD/Styx/Library/RealTimeClockLib/RealTimeClockLib.inf > > - CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf > + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > + > EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf > + > FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf > + IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf > + > PlatformFlashAccessLib|Silicon/AMD/Styx/Library/StyxPlatformFlashAccessLib/StyxPlatformFlashAccessLib.inf > + > > UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf > > PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf > BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf > @@ -499,6 +507,15 @@ DEFINE DO_FLASHER = FALSE > gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x0 > gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x0 > > +[PcdsDynamicExDefault.common.DEFAULT] > + > gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100 > + > + # 642e4fcf-2df7-4415-8b70-a03909c57b55 > + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0xcf, > 0x4f, 0x2e, 0x64, 0xf7, 0x2d, 0x15, 0x44, 0x8b, 0x70, 0xa0, 0x39, 0x09, 0xc5, > 0x7b, 0x55} > + > + # d34b3d29-0085-4ab3-8be8-84188cc50489 > + gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x29, > 0x3d, 0x4b, 0xd3, 0x85, 0x0, 0xb3, 0x4a, 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, > 0x04, 0x89} > + > [PcdsDynamicHii] > > gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5 > > @@ -745,3 +762,11 @@ DEFINE DO_FLASHER = FALSE > > ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf > } > !endif > + > + # > + # Firmware update > + # > + MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf > + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf > + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf > + > Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf > diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf > b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf > index 23e57befcdd9..18f74b3c46fe 100644 > --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf > +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf > @@ -249,6 +249,12 @@ READ_LOCK_STATUS = TRUE > # > INF Silicon/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf > > + # > + # Firmware update > + # > + INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf > + INF > SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf > + > [FV.STYX_EFI] > FvAlignment = 16 > ERASE_POLARITY = 1 > @@ -277,6 +283,8 @@ READ_LOCK_STATUS = TRUE > INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf > INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf > INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > + INF RuleOverride = FMP_IMAGE_DESC > Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf > + > > FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { > SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED > = TRUE { > @@ -284,6 +292,73 @@ READ_LOCK_STATUS = TRUE > } > } > > +[FV.CapsuleDispatchFv] > +FvAlignment = 16 > +ERASE_POLARITY = 1 > +MEMORY_MAPPED = TRUE > +STICKY_WRITE = TRUE > +LOCK_CAP = TRUE > +LOCK_STATUS = TRUE > +WRITE_DISABLED_CAP = TRUE > +WRITE_ENABLED_CAP = TRUE > +WRITE_STATUS = TRUE > +WRITE_LOCK_CAP = TRUE > +WRITE_LOCK_STATUS = TRUE > +READ_DISABLED_CAP = TRUE > +READ_ENABLED_CAP = TRUE > +READ_STATUS = TRUE > +READ_LOCK_CAP = TRUE > +READ_LOCK_STATUS = TRUE > + > + INF > SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf > + > +[FV.SystemFirmwareUpdateCargo] > +FvAlignment = 16 > +ERASE_POLARITY = 1 > +MEMORY_MAPPED = TRUE > +STICKY_WRITE = TRUE > +LOCK_CAP = TRUE > +LOCK_STATUS = TRUE > +WRITE_DISABLED_CAP = TRUE > +WRITE_ENABLED_CAP = TRUE > +WRITE_STATUS = TRUE > +WRITE_LOCK_CAP = TRUE > +WRITE_LOCK_STATUS = TRUE > +READ_DISABLED_CAP = TRUE > +READ_ENABLED_CAP = TRUE > +READ_STATUS = TRUE > +READ_LOCK_CAP = TRUE > +READ_LOCK_STATUS = TRUE > + > + FILE RAW = 642e4fcf-2df7-4415-8b70-a03909c57b55 { # > PcdEdkiiSystemFirmwareFileGuid > + FV = STYX_EFI > + } > + > + FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # > gEdkiiSystemFmpCapsuleDriverFvFileGuid > + FV = CapsuleDispatchFv > + } > + > + FILE RAW = 812136D3-4D3A-433A-9418-29BB9BF78F6E { # > gEdkiiSystemFmpCapsuleConfigFileGuid > + > Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini > + } > + > +[FmpPayload.FmpPayloadSystemFirmwarePkcs7] > +IMAGE_HEADER_INIT_VERSION = 0x02 > +IMAGE_TYPE_ID = d34b3d29-0085-4ab3-8be8-84188cc50489 # > PcdSystemFmpCapsuleImageTypeIdGuid > +IMAGE_INDEX = 0x1 > +HARDWARE_INSTANCE = 0x0 > +MONOTONIC_COUNT = 0x1 > +CERTIFICATE_GUID = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 # PKCS7 > + > + FV = SystemFirmwareUpdateCargo > + > +[Capsule.StyxFirmwareUpdateCapsuleFmpPkcs7] > +CAPSULE_GUID = 6dcbd5ed-e82d-4c44-bda1-7194199ad92a # > gEfiFmpCapsuleGuid > +CAPSULE_HEADER_SIZE = 0x20 > +CAPSULE_HEADER_INIT_VERSION = 0x1 > + > + FMP_PAYLOAD = FmpPayloadSystemFirmwarePkcs7 > + > > > ################################################################################ > # > @@ -413,3 +488,11 @@ READ_LOCK_STATUS = TRUE > RAW ASL |.aml > } > > +[Rule.Common.PEIM.FMP_IMAGE_DESC] > + FILE PEIM = $(NAMED_GUID) { > + RAW BIN |.acpi > + PEI_DEPEX PEI_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex > + PE32 PE32 Align=4K $(INF_OUTPUT)/$(MODULE_NAME).efi > + UI STRING="$(MODULE_NAME)" Optional > + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) > + } > diff --git > a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc > > b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc > new file mode 100644 > index 000000000000..8737c02fa006 > --- /dev/null > +++ > b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc > @@ -0,0 +1,80 @@ > +/** @file > + System Firmware descriptor. > + > + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> > + Copyright (c) 2017, Linaro, Ltd. All rights reserved.<BR> > + > + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the BSD > License > + which accompanies this distribution. The full text of the license may be > found at > + http://opensource.org/licenses/bsd-license.php > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR > IMPLIED. > + > +**/ > + > +#include <PiPei.h> > +#include <Protocol/FirmwareManagement.h> > +#include <Guid/EdkiiSystemFmpCapsule.h> > + > +#define PACKAGE_VERSION 0xFFFFFFFF > +#define PACKAGE_VERSION_STRING L"Unknown" > + > +#define CURRENT_FIRMWARE_VERSION 0x00000001 > +#define CURRENT_FIRMWARE_VERSION_STRING L"0x00000001" > +#define LOWEST_SUPPORTED_FIRMWARE_VERSION 0x00000001 > + > +#define IMAGE_ID SIGNATURE_64('O', 'V', 'R', 'D', > 'R', 'I', 'V', 'E') > +#define IMAGE_ID_STRING L"AMD Seattle Overdrive UEFI" > + > +// PcdSystemFmpCapsuleImageTypeIdGuid > +#define IMAGE_TYPE_ID_GUID { 0xd34b3d29, 0x0085, 0x4ab3, { > 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89 } } > + > +typedef struct { > + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR Descriptor; > + // real string data > + CHAR16 > ImageIdNameStr[sizeof(IMAGE_ID_STRING)/sizeof(CHAR16)]; > + CHAR16 > VersionNameStr[sizeof(CURRENT_FIRMWARE_VERSION_STRING)/sizeof(CHAR16)]; > + CHAR16 > PackageVersionNameStr[sizeof(PACKAGE_VERSION_STRING)/sizeof(CHAR16)]; > +} IMAGE_DESCRIPTOR; > + > +STATIC IMAGE_DESCRIPTOR mImageDescriptor = > +{ > + { > + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE, > + sizeof(EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR), > + sizeof(IMAGE_DESCRIPTOR), > + PACKAGE_VERSION, // PackageVersion > + OFFSET_OF (IMAGE_DESCRIPTOR, PackageVersionNameStr), // > PackageVersionName > + 1, // ImageIndex; > + {0x0}, // Reserved > + IMAGE_TYPE_ID_GUID, // ImageTypeId; > + IMAGE_ID, // ImageId; > + OFFSET_OF (IMAGE_DESCRIPTOR, ImageIdNameStr), // ImageIdName; > + CURRENT_FIRMWARE_VERSION, // Version; > + OFFSET_OF (IMAGE_DESCRIPTOR, VersionNameStr), // VersionName; > + {0x0}, // Reserved2 > + FixedPcdGet32(PcdFdSize), // Size; > + IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | > + IMAGE_ATTRIBUTE_RESET_REQUIRED | > + IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | > + IMAGE_ATTRIBUTE_IN_USE, // > AttributesSupported; > + IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | > + IMAGE_ATTRIBUTE_RESET_REQUIRED | > + IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | > + IMAGE_ATTRIBUTE_IN_USE, // > AttributesSetting; > + 0x0, // > Compatibilities; > + LOWEST_SUPPORTED_FIRMWARE_VERSION, // > LowestSupportedImageVersion; > + 0x00000000, // > LastAttemptVersion; > + 0, // > LastAttemptStatus; > + {0x0}, // Reserved3 > + 0, // > HardwareInstance; > + }, > + // real string data > + IMAGE_ID_STRING, > + CURRENT_FIRMWARE_VERSION_STRING, > + PACKAGE_VERSION_STRING, > +}; > + > +VOID* CONST ReferenceAcpiTable = &mImageDescriptor; > diff --git > a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf > > b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf > new file mode 100644 > index 000000000000..9d47d3b2923a > --- /dev/null > +++ > b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf > @@ -0,0 +1,46 @@ > +## @file > +# System Firmware descriptor. > +# > +# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> > +# This program and the accompanying materials > +# are licensed and made available under the terms and conditions of the BSD > License > +# which accompanies this distribution. The full text of the license may be > found at > +# http://opensource.org/licenses/bsd-license.php > +# > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR > IMPLIED. > +# > +## > + > +[Defines] > + INF_VERSION = 0x0001001A > + BASE_NAME = SystemFirmwareDescriptor > + FILE_GUID = 90B2B846-CA6D-4D6E-A8D3-C140A8E110AC > + MODULE_TYPE = PEIM > + VERSION_STRING = 1.0 > + ENTRY_POINT = SystemFirmwareDescriptorPeimEntry > + > +[Sources] > + SystemFirmwareDescriptorPei.c > + SystemFirmwareDescriptor.aslc > + > +[Packages] > + ArmPkg/ArmPkg.dec > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + SignedCapsulePkg/SignedCapsulePkg.dec > + > +[LibraryClasses] > + PcdLib > + PeiServicesLib > + DebugLib > + PeimEntryPoint
Sort alphabetically in this file, please. > + > +[FixedPcd] > + gArmTokenSpaceGuid.PcdFdSize > + > +[Pcd] > + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor > + > +[Depex] > + TRUE > diff --git > a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c > > b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c > new file mode 100644 > index 000000000000..8d40956726ab > --- /dev/null > +++ > b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c > @@ -0,0 +1,68 @@ > +/** @file > + System Firmware descriptor producer. > + > + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> > + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the BSD > License > + which accompanies this distribution. The full text of the license may be > found at > + http://opensource.org/licenses/bsd-license.php > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR > IMPLIED. > + > +**/ > + > +#include <PiPei.h> > +#include <Library/PcdLib.h> > +#include <Library/PeiServicesLib.h> > +#include <Library/DebugLib.h> Sort please. No further comments. If you fold that in, for the series: Reviewed-by: Leif Lindholm <leif.lindh...@linaro.org> Certainly, 1/5 can be pushed separately. / Leif > +#include <Protocol/FirmwareManagement.h> > +#include <Guid/EdkiiSystemFmpCapsule.h> > + > +/** > + Entrypoint for SystemFirmwareDescriptor PEIM. > + > + @param[in] FileHandle Handle of the file being invoked. > + @param[in] PeiServices Describes the list of possible PEI Services. > + > + @retval EFI_SUCCESS PPI successfully installed. > +**/ > +EFI_STATUS > +EFIAPI > +SystemFirmwareDescriptorPeimEntry ( > + IN EFI_PEI_FILE_HANDLE FileHandle, > + IN CONST EFI_PEI_SERVICES **PeiServices > + ) > +{ > + EFI_STATUS Status; > + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *Descriptor; > + UINTN Size; > + UINTN Index; > + UINT32 AuthenticationStatus; > + > + // > + // Search RAW section. > + // > + Index = 0; > + while (TRUE) { > + Status = PeiServicesFfsFindSectionData3(EFI_SECTION_RAW, Index, > FileHandle, > + (VOID **)&Descriptor, &AuthenticationStatus); > + if (EFI_ERROR(Status)) { > + // Should not happen, must something wrong in FDF. > + ASSERT(FALSE); > + return EFI_NOT_FOUND; > + } > + if (Descriptor->Signature == > EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE) { > + break; > + } > + Index++; > + } > + > + DEBUG((DEBUG_INFO, "EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR size - 0x%x\n", > + Descriptor->Length)); > + > + Size = Descriptor->Length; > + PcdSetPtrS (PcdEdkiiSystemFirmwareImageDescriptor, &Size, Descriptor); > + > + return EFI_SUCCESS; > +} > diff --git > a/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini > > b/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini > new file mode 100644 > index 000000000000..c89e95f60fba > --- /dev/null > +++ > b/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini > @@ -0,0 +1,25 @@ > +## @file > +# > +# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> > +# This program and the accompanying materials > +# are licensed and made available under the terms and conditions of the BSD > License > +# which accompanies this distribution. The full text of the license may be > found at > +# http://opensource.org/licenses/bsd-license.php > +# > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR > IMPLIED. > +# > +## > + > +[Head] > +NumOfUpdate = 1 > +NumOfRecovery = 0 > +Update0 = StyxFvMain > + > +[StyxFvMain] > +FirmwareType = 0 # SystemFirmware > +AddressType = 0 # 0 - relative address, 1 - absolute address. > +BaseAddress = 0x00200000 # Base address offset on flash > +Length = 0x00260000 # Length > +ImageOffset = 0x00000000 # Image offset of this SystemFirmware image > +FileGuid = 642e4fcf-2df7-4415-8b70-a03909c57b55 # > PcdEdkiiSystemFirmwareFileGuid > -- > 2.11.0 > _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel