On 15 October 2017 at 20:10, Leif Lindholm <leif.lindh...@linaro.org> wrote: > On Sun, Oct 15, 2017 at 10:54:53AM +0100, Ard Biesheuvel wrote: >> Wire up the various modules and boilerplate configuration snippets >> to implement signed capsule update for AMD Overdrive. Note that this >> uses the insecure default key. >> >> The secure firmware on this SoC does not implement warm reboot, so we >> cannot support capsules that persist across reset. Instead, the capsule >> may be installed using CapsuleApp (from MdeModulePkg), from the UEFI >> Shell prompt. >> >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> >> --- >> Platform/AMD/OverdriveBoard/OverdriveBoard.dsc >> | 27 ++++++- >> Platform/AMD/OverdriveBoard/OverdriveBoard.fdf >> | 83 ++++++++++++++++++++ >> >> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc >> | 80 +++++++++++++++++++ >> >> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf >> | 46 +++++++++++ >> >> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c >> | 68 ++++++++++++++++ >> >> Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini >> | 25 ++++++ >> 6 files changed, 328 insertions(+), 1 deletion(-) >> >> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc >> b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc >> index daa773172029..a15f96d2fba9 100644 >> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc >> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc >> @@ -123,7 +123,15 @@ DEFINE DO_FLASHER = FALSE >> >> ResetSystemLib|ArmPkg/Library/ArmSmcPsciResetSystemLib/ArmSmcPsciResetSystemLib.inf >> >> RealTimeClockLib|Silicon/AMD/Styx/Library/RealTimeClockLib/RealTimeClockLib.inf >> >> - CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf >> + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf >> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf >> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf >> + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf >> + >> EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf >> + >> FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf >> + IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf >> + >> PlatformFlashAccessLib|Silicon/AMD/Styx/Library/StyxPlatformFlashAccessLib/StyxPlatformFlashAccessLib.inf >> + >> >> UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf >> >> PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf >> BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf >> @@ -499,6 +507,15 @@ DEFINE DO_FLASHER = FALSE >> gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x0 >> gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x0 >> >> +[PcdsDynamicExDefault.common.DEFAULT] >> + >> gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100 >> + >> + # 642e4fcf-2df7-4415-8b70-a03909c57b55 >> + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0xcf, >> 0x4f, 0x2e, 0x64, 0xf7, 0x2d, 0x15, 0x44, 0x8b, 0x70, 0xa0, 0x39, 0x09, >> 0xc5, 0x7b, 0x55} >> + >> + # d34b3d29-0085-4ab3-8be8-84188cc50489 >> + gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x29, >> 0x3d, 0x4b, 0xd3, 0x85, 0x0, 0xb3, 0x4a, 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, >> 0x04, 0x89} >> + >> [PcdsDynamicHii] >> >> gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5 >> >> @@ -745,3 +762,11 @@ DEFINE DO_FLASHER = FALSE >> >> ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf >> } >> !endif >> + >> + # >> + # Firmware update >> + # >> + MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf >> + >> SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf >> + >> SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf >> + >> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf >> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf >> b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf >> index 23e57befcdd9..18f74b3c46fe 100644 >> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf >> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf >> @@ -249,6 +249,12 @@ READ_LOCK_STATUS = TRUE >> # >> INF Silicon/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf >> >> + # >> + # Firmware update >> + # >> + INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf >> + INF >> SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf >> + >> [FV.STYX_EFI] >> FvAlignment = 16 >> ERASE_POLARITY = 1 >> @@ -277,6 +283,8 @@ READ_LOCK_STATUS = TRUE >> INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf >> INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf >> INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf >> + INF RuleOverride = FMP_IMAGE_DESC >> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf >> + >> >> FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { >> SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED >> = TRUE { >> @@ -284,6 +292,73 @@ READ_LOCK_STATUS = TRUE >> } >> } >> >> +[FV.CapsuleDispatchFv] >> +FvAlignment = 16 >> +ERASE_POLARITY = 1 >> +MEMORY_MAPPED = TRUE >> +STICKY_WRITE = TRUE >> +LOCK_CAP = TRUE >> +LOCK_STATUS = TRUE >> +WRITE_DISABLED_CAP = TRUE >> +WRITE_ENABLED_CAP = TRUE >> +WRITE_STATUS = TRUE >> +WRITE_LOCK_CAP = TRUE >> +WRITE_LOCK_STATUS = TRUE >> +READ_DISABLED_CAP = TRUE >> +READ_ENABLED_CAP = TRUE >> +READ_STATUS = TRUE >> +READ_LOCK_CAP = TRUE >> +READ_LOCK_STATUS = TRUE >> + >> + INF >> SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf >> + >> +[FV.SystemFirmwareUpdateCargo] >> +FvAlignment = 16 >> +ERASE_POLARITY = 1 >> +MEMORY_MAPPED = TRUE >> +STICKY_WRITE = TRUE >> +LOCK_CAP = TRUE >> +LOCK_STATUS = TRUE >> +WRITE_DISABLED_CAP = TRUE >> +WRITE_ENABLED_CAP = TRUE >> +WRITE_STATUS = TRUE >> +WRITE_LOCK_CAP = TRUE >> +WRITE_LOCK_STATUS = TRUE >> +READ_DISABLED_CAP = TRUE >> +READ_ENABLED_CAP = TRUE >> +READ_STATUS = TRUE >> +READ_LOCK_CAP = TRUE >> +READ_LOCK_STATUS = TRUE >> + >> + FILE RAW = 642e4fcf-2df7-4415-8b70-a03909c57b55 { # >> PcdEdkiiSystemFirmwareFileGuid >> + FV = STYX_EFI >> + } >> + >> + FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # >> gEdkiiSystemFmpCapsuleDriverFvFileGuid >> + FV = CapsuleDispatchFv >> + } >> + >> + FILE RAW = 812136D3-4D3A-433A-9418-29BB9BF78F6E { # >> gEdkiiSystemFmpCapsuleConfigFileGuid >> + >> Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini >> + } >> + >> +[FmpPayload.FmpPayloadSystemFirmwarePkcs7] >> +IMAGE_HEADER_INIT_VERSION = 0x02 >> +IMAGE_TYPE_ID = d34b3d29-0085-4ab3-8be8-84188cc50489 # >> PcdSystemFmpCapsuleImageTypeIdGuid >> +IMAGE_INDEX = 0x1 >> +HARDWARE_INSTANCE = 0x0 >> +MONOTONIC_COUNT = 0x1 >> +CERTIFICATE_GUID = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 # PKCS7 >> + >> + FV = SystemFirmwareUpdateCargo >> + >> +[Capsule.StyxFirmwareUpdateCapsuleFmpPkcs7] >> +CAPSULE_GUID = 6dcbd5ed-e82d-4c44-bda1-7194199ad92a # >> gEfiFmpCapsuleGuid >> +CAPSULE_HEADER_SIZE = 0x20 >> +CAPSULE_HEADER_INIT_VERSION = 0x1 >> + >> + FMP_PAYLOAD = FmpPayloadSystemFirmwarePkcs7 >> + >> >> >> ################################################################################ >> # >> @@ -413,3 +488,11 @@ READ_LOCK_STATUS = TRUE >> RAW ASL |.aml >> } >> >> +[Rule.Common.PEIM.FMP_IMAGE_DESC] >> + FILE PEIM = $(NAMED_GUID) { >> + RAW BIN |.acpi >> + PEI_DEPEX PEI_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex >> + PE32 PE32 Align=4K $(INF_OUTPUT)/$(MODULE_NAME).efi >> + UI STRING="$(MODULE_NAME)" Optional >> + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) >> + } >> diff --git >> a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc >> >> b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc >> new file mode 100644 >> index 000000000000..8737c02fa006 >> --- /dev/null >> +++ >> b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc >> @@ -0,0 +1,80 @@ >> +/** @file >> + System Firmware descriptor. >> + >> + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> >> + Copyright (c) 2017, Linaro, Ltd. All rights reserved.<BR> >> + >> + This program and the accompanying materials >> + are licensed and made available under the terms and conditions of the BSD >> License >> + which accompanies this distribution. The full text of the license may be >> found at >> + http://opensource.org/licenses/bsd-license.php >> + >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR >> IMPLIED. >> + >> +**/ >> + >> +#include <PiPei.h> >> +#include <Protocol/FirmwareManagement.h> >> +#include <Guid/EdkiiSystemFmpCapsule.h> >> + >> +#define PACKAGE_VERSION 0xFFFFFFFF >> +#define PACKAGE_VERSION_STRING L"Unknown" >> + >> +#define CURRENT_FIRMWARE_VERSION 0x00000001 >> +#define CURRENT_FIRMWARE_VERSION_STRING L"0x00000001" >> +#define LOWEST_SUPPORTED_FIRMWARE_VERSION 0x00000001 >> + >> +#define IMAGE_ID SIGNATURE_64('O', 'V', 'R', >> 'D', 'R', 'I', 'V', 'E') >> +#define IMAGE_ID_STRING L"AMD Seattle Overdrive UEFI" >> + >> +// PcdSystemFmpCapsuleImageTypeIdGuid >> +#define IMAGE_TYPE_ID_GUID { 0xd34b3d29, 0x0085, 0x4ab3, { >> 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89 } } >> + >> +typedef struct { >> + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR Descriptor; >> + // real string data >> + CHAR16 >> ImageIdNameStr[sizeof(IMAGE_ID_STRING)/sizeof(CHAR16)]; >> + CHAR16 >> VersionNameStr[sizeof(CURRENT_FIRMWARE_VERSION_STRING)/sizeof(CHAR16)]; >> + CHAR16 >> PackageVersionNameStr[sizeof(PACKAGE_VERSION_STRING)/sizeof(CHAR16)]; >> +} IMAGE_DESCRIPTOR; >> + >> +STATIC IMAGE_DESCRIPTOR mImageDescriptor = >> +{ >> + { >> + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE, >> + sizeof(EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR), >> + sizeof(IMAGE_DESCRIPTOR), >> + PACKAGE_VERSION, // PackageVersion >> + OFFSET_OF (IMAGE_DESCRIPTOR, PackageVersionNameStr), // >> PackageVersionName >> + 1, // ImageIndex; >> + {0x0}, // Reserved >> + IMAGE_TYPE_ID_GUID, // ImageTypeId; >> + IMAGE_ID, // ImageId; >> + OFFSET_OF (IMAGE_DESCRIPTOR, ImageIdNameStr), // ImageIdName; >> + CURRENT_FIRMWARE_VERSION, // Version; >> + OFFSET_OF (IMAGE_DESCRIPTOR, VersionNameStr), // VersionName; >> + {0x0}, // Reserved2 >> + FixedPcdGet32(PcdFdSize), // Size; >> + IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | >> + IMAGE_ATTRIBUTE_RESET_REQUIRED | >> + IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | >> + IMAGE_ATTRIBUTE_IN_USE, // >> AttributesSupported; >> + IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | >> + IMAGE_ATTRIBUTE_RESET_REQUIRED | >> + IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | >> + IMAGE_ATTRIBUTE_IN_USE, // >> AttributesSetting; >> + 0x0, // >> Compatibilities; >> + LOWEST_SUPPORTED_FIRMWARE_VERSION, // >> LowestSupportedImageVersion; >> + 0x00000000, // >> LastAttemptVersion; >> + 0, // >> LastAttemptStatus; >> + {0x0}, // Reserved3 >> + 0, // >> HardwareInstance; >> + }, >> + // real string data >> + IMAGE_ID_STRING, >> + CURRENT_FIRMWARE_VERSION_STRING, >> + PACKAGE_VERSION_STRING, >> +}; >> + >> +VOID* CONST ReferenceAcpiTable = &mImageDescriptor; >> diff --git >> a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf >> >> b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf >> new file mode 100644 >> index 000000000000..9d47d3b2923a >> --- /dev/null >> +++ >> b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf >> @@ -0,0 +1,46 @@ >> +## @file >> +# System Firmware descriptor. >> +# >> +# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> >> +# This program and the accompanying materials >> +# are licensed and made available under the terms and conditions of the >> BSD License >> +# which accompanies this distribution. The full text of the license may >> be found at >> +# http://opensource.org/licenses/bsd-license.php >> +# >> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR >> IMPLIED. >> +# >> +## >> + >> +[Defines] >> + INF_VERSION = 0x0001001A >> + BASE_NAME = SystemFirmwareDescriptor >> + FILE_GUID = 90B2B846-CA6D-4D6E-A8D3-C140A8E110AC >> + MODULE_TYPE = PEIM >> + VERSION_STRING = 1.0 >> + ENTRY_POINT = SystemFirmwareDescriptorPeimEntry >> + >> +[Sources] >> + SystemFirmwareDescriptorPei.c >> + SystemFirmwareDescriptor.aslc >> + >> +[Packages] >> + ArmPkg/ArmPkg.dec >> + MdePkg/MdePkg.dec >> + MdeModulePkg/MdeModulePkg.dec >> + SignedCapsulePkg/SignedCapsulePkg.dec >> + >> +[LibraryClasses] >> + PcdLib >> + PeiServicesLib >> + DebugLib >> + PeimEntryPoint > > Sort alphabetically in this file, please. > >> + >> +[FixedPcd] >> + gArmTokenSpaceGuid.PcdFdSize >> + >> +[Pcd] >> + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor >> + >> +[Depex] >> + TRUE >> diff --git >> a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c >> >> b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c >> new file mode 100644 >> index 000000000000..8d40956726ab >> --- /dev/null >> +++ >> b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c >> @@ -0,0 +1,68 @@ >> +/** @file >> + System Firmware descriptor producer. >> + >> + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> >> + This program and the accompanying materials >> + are licensed and made available under the terms and conditions of the BSD >> License >> + which accompanies this distribution. The full text of the license may be >> found at >> + http://opensource.org/licenses/bsd-license.php >> + >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR >> IMPLIED. >> + >> +**/ >> + >> +#include <PiPei.h> >> +#include <Library/PcdLib.h> >> +#include <Library/PeiServicesLib.h> >> +#include <Library/DebugLib.h> > > Sort please. > > No further comments. > If you fold that in, for the series: > Reviewed-by: Leif Lindholm <leif.lindh...@linaro.org> > > Certainly, 1/5 can be pushed separately. >
Thanks. Pushed as a3877da646af Platform/AMD/Overdrive: remove StatusCodeLib references 4b75f2a85e1b Silicon/AMD/Styx: update SMMU id to MMU-401 dae45a713641 Silicon/Amd/Styx: fix flasher support 7cb9786ee99b Silicon/AMD/Styx: add PlatformFlashAccessLib implementation a54cdba5b641 Platforms/AMD/Overdrive: add signed capsule update support _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel