[edk2] [PATCH v2 2/3] ArmPlatformPkg: enable use of authenticated variables in NorFlashDxe

Ard Biesheuvel Mon, 04 May 2015 02:18:42 -0700

The NorFlashDxe uses an explicit 'BEFORE xxx' Depex declaration to
ensure that it is dispatched before VariableRuntimeDxe, and uses the
file GUID of the latter as 'xxx' explicitly to accomplish that.


However, when enabling UEFI Secure Boot, this breaks down since the
authenticated VariableRuntimeDxe is a completely separate driver, with
a different GUID.

So instead, replace the Depex with a Depex on CpuDxe (which supplies
the Arch CPU Protocol that this driver actually does depend on) and
add both NorFlashDxe and CpuDxe to the APRIORI DXE section of the
platforms that use this NOR flash driver.

Also, store the EFI variable GUID in a PCD so that we can override it
with the one needed for initializing the authenticated variable store.
This way, there is no need to pull in any authenticated variable store
headers or other dependencies.

Contributed-under: TianoCore Contribution Agreement 1.0
Reviewed-by: Laszlo Ersek <ler...@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org>
---
 ArmPlatformPkg/ArmJunoPkg/ArmJuno.fdf                          |  2 ++
 ArmPlatformPkg/ArmPlatformPkg.dec                              | 12 
++++++++----
 ArmPlatformPkg/ArmRealViewEbPkg/ArmRealViewEb-RTSM-MPCore.fdf  |  4 ++++
 ArmPlatformPkg/ArmRealViewEbPkg/ArmRealViewEb-RTSM-UniCore.fdf |  4 ++++
 ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-CTA15-A7.fdf         |  4 ++++
 ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-CTA9x4.fdf           |  4 ++++
 ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.fdf      |  2 ++
 ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A15.fdf         |  2 ++
 ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A15_MPCore.fdf  |  2 ++
 ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A9x4.fdf        |  2 ++
 ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-AEMv8Ax4.fdf    |  2 ++
 ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec               |  4 ----
 ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualizationQemu.fdf  |  2 ++
 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf             |  7 ++-----
 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c            |  4 ++--
 15 files changed, 42 insertions(+), 15 deletions(-)

diff --git a/ArmPlatformPkg/ArmJunoPkg/ArmJuno.fdf 
b/ArmPlatformPkg/ArmJunoPkg/ArmJuno.fdf
index f399c91ffe71..fafef70c39d7 100644
--- a/ArmPlatformPkg/ArmJunoPkg/ArmJuno.fdf
+++ b/ArmPlatformPkg/ArmJunoPkg/ArmJuno.fdf
@@ -87,6 +87,8 @@ READ_LOCK_STATUS   = TRUE
 
   APRIORI DXE {
     INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+    INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+    INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
   }
 
   INF MdeModulePkg/Core/Dxe/DxeMain.inf
diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec 
b/ArmPlatformPkg/ArmPlatformPkg.dec
index 9364bb92c5f0..d6dcce98c0b1 100644
--- a/ArmPlatformPkg/ArmPlatformPkg.dec
+++ b/ArmPlatformPkg/ArmPlatformPkg.dec
@@ -32,10 +32,6 @@
 
 [Guids.common]
   gArmPlatformTokenSpaceGuid   = { 0x9c0aaed4, 0x74c5, 0x4043, { 0xb4, 0x17, 
0xa3, 0x22, 0x38, 0x14, 0xce, 0x76 } }
-  #
-  # Following Guid must match FILE_GUID in 
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
-  #
-  gVariableRuntimeDxeFileGuid = { 0xcbd2e4d5, 0x7068, 0x4ff5, { 0xb4, 0x62, 
0x98, 0x22, 0xb4, 0xad, 0x8d, 0x60 } }
 
   ## Include/Guid/ArmGlobalVariableHob.h
   gArmGlobalVariableGuid      = { 0xc3253c90, 0xa24f, 0x4599, { 0xa6, 0x64, 
0x1f, 0x88, 0x13, 0x77, 0x8f, 0xc9} }
@@ -143,6 +139,14 @@
   gArmPlatformTokenSpaceGuid.PcdDefaultConInPaths|L""|VOID*|0x0000001B
   gArmPlatformTokenSpaceGuid.PcdDefaultConOutPaths|L""|VOID*|0x0000001C
 
+  #
+  # The EFI variable GUID to use when initializing the non-volatile variable
+  # store at runtime. This defaults to the non-authenticated one, but should
+  # be set to use the authenticated version when using the authenticated
+  # variable runtime DXE
+  #
+  gArmPlatformTokenSpaceGuid.PcdVarStoreVariableGuid|{ 0x16, 0x36, 0xcf, 0xdd, 
0x75, 0x32, 0x64, 0x41, 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d 
}|VOID*|0x0000003B
+
 [PcdsFixedAtBuild.common,PcdsDynamic.common]
   ## PL031 RealTimeClock
   gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024
diff --git a/ArmPlatformPkg/ArmRealViewEbPkg/ArmRealViewEb-RTSM-MPCore.fdf 
b/ArmPlatformPkg/ArmRealViewEbPkg/ArmRealViewEb-RTSM-MPCore.fdf
index 8382d2762391..5e946141b48f 100644
--- a/ArmPlatformPkg/ArmRealViewEbPkg/ArmRealViewEb-RTSM-MPCore.fdf
+++ b/ArmPlatformPkg/ArmRealViewEbPkg/ArmRealViewEb-RTSM-MPCore.fdf
@@ -109,6 +109,10 @@ READ_STATUS        = TRUE
 READ_LOCK_CAP      = TRUE
 READ_LOCK_STATUS   = TRUE
 
+  APRIORI DXE {
+    INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+    INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
+  }
   INF MdeModulePkg/Core/Dxe/DxeMain.inf
 
   #
diff --git a/ArmPlatformPkg/ArmRealViewEbPkg/ArmRealViewEb-RTSM-UniCore.fdf 
b/ArmPlatformPkg/ArmRealViewEbPkg/ArmRealViewEb-RTSM-UniCore.fdf
index d5b4eb68e2e4..bf709e722b36 100644
--- a/ArmPlatformPkg/ArmRealViewEbPkg/ArmRealViewEb-RTSM-UniCore.fdf
+++ b/ArmPlatformPkg/ArmRealViewEbPkg/ArmRealViewEb-RTSM-UniCore.fdf
@@ -110,6 +110,10 @@ READ_STATUS        = TRUE
 READ_LOCK_CAP      = TRUE
 READ_LOCK_STATUS   = TRUE
 
+  APRIORI DXE {
+    INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+    INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
+  }
   INF MdeModulePkg/Core/Dxe/DxeMain.inf
 
   #
diff --git a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-CTA15-A7.fdf 
b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-CTA15-A7.fdf
index 7390db30b9f5..1807f1841c84 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-CTA15-A7.fdf
+++ b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-CTA15-A7.fdf
@@ -65,6 +65,10 @@ READ_STATUS        = TRUE
 READ_LOCK_CAP      = TRUE
 READ_LOCK_STATUS   = TRUE
 
+  APRIORI DXE {
+    INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+    INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
+  }
   INF MdeModulePkg/Core/Dxe/DxeMain.inf
 
   #
diff --git a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-CTA9x4.fdf 
b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-CTA9x4.fdf
index a2a4add74dd7..04f3c9f49ae0 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-CTA9x4.fdf
+++ b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-CTA9x4.fdf
@@ -138,6 +138,10 @@ READ_STATUS        = TRUE
 READ_LOCK_CAP      = TRUE
 READ_LOCK_STATUS   = TRUE
 
+  APRIORI DXE {
+    INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+    INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
+  }
   INF MdeModulePkg/Core/Dxe/DxeMain.inf
 
   #
diff --git a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.fdf 
b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.fdf
index 1c709771b571..ccd8b7e51cea 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.fdf
+++ b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.fdf
@@ -126,6 +126,8 @@ READ_LOCK_STATUS   = TRUE
 
   APRIORI DXE {
     INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+    INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+    INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
   }
 
   INF MdeModulePkg/Core/Dxe/DxeMain.inf
diff --git a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A15.fdf 
b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A15.fdf
index e7871903285c..51aa506fa9e0 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A15.fdf
+++ b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A15.fdf
@@ -112,6 +112,8 @@ READ_LOCK_STATUS   = TRUE
 
   APRIORI DXE {
     INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+    INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+    INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
   }
 
   INF MdeModulePkg/Core/Dxe/DxeMain.inf
diff --git a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A15_MPCore.fdf 
b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A15_MPCore.fdf
index f62ae424e6bb..641d812fbadc 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A15_MPCore.fdf
+++ b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A15_MPCore.fdf
@@ -112,6 +112,8 @@ READ_LOCK_STATUS   = TRUE
 
   APRIORI DXE {
     INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+    INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+    INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
   }
 
   INF MdeModulePkg/Core/Dxe/DxeMain.inf
diff --git a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A9x4.fdf 
b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A9x4.fdf
index f0182bb532a5..8f51639c3dd4 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A9x4.fdf
+++ b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A9x4.fdf
@@ -112,6 +112,8 @@ READ_LOCK_STATUS   = TRUE
 
   APRIORI DXE {
     INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+    INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+    INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
   }
 
   INF MdeModulePkg/Core/Dxe/DxeMain.inf
diff --git a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-AEMv8Ax4.fdf 
b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-AEMv8Ax4.fdf
index 9f940235ecd2..c3e663c3b12b 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-AEMv8Ax4.fdf
+++ b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-AEMv8Ax4.fdf
@@ -114,6 +114,8 @@ READ_LOCK_STATUS   = TRUE
 
   APRIORI DXE {
     INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+    INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+    INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
   }
 
   INF MdeModulePkg/Core/Dxe/DxeMain.inf
diff --git a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec 
b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec
index e8108bc34b56..fd59375d9baf 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec
+++ b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec
@@ -33,10 +33,6 @@
 
 [Guids.common]
   gArmVExpressTokenSpaceGuid    =  { 0x9c0aaed4, 0x74c5, 0x4043, { 0xb4, 0x17, 
0xa3, 0x22, 0x38, 0x14, 0xce, 0x76 } }
-  #
-  # Following Guid must match FILE_GUID in 
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
-  #
-  gVariableRuntimeDxeFileGuid = { 0xcbd2e4d5, 0x7068, 0x4ff5, { 0xb4, 0x62, 
0x98, 0x22, 0xb4, 0xad, 0x8d, 0x60 } }
 
 [PcdsFeatureFlag.common]
 
diff --git a/ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualizationQemu.fdf 
b/ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualizationQemu.fdf
index e0ec44bf3f4f..91c51ea31c4d 100644
--- a/ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualizationQemu.fdf
+++ b/ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualizationQemu.fdf
@@ -103,6 +103,8 @@ READ_LOCK_STATUS   = TRUE
   APRIORI DXE {
     INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
     INF ArmPlatformPkg/ArmVirtualizationPkg/VirtFdtDxe/VirtFdtDxe.inf
+    INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+    INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
   }
   INF MdeModulePkg/Core/Dxe/DxeMain.inf
   INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf 
b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
index a161c0399e52..0bf1e89a51d1 100644
--- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
+++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
@@ -46,7 +46,6 @@
 
 [Guids]
   gEfiSystemNvDataFvGuid
-  gEfiVariableGuid
   gEfiEventVirtualAddressChangeGuid
 
 [Protocols]
@@ -64,9 +63,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
 
   gArmPlatformTokenSpaceGuid.PcdNorFlashCheckBlockLocked
+  gArmPlatformTokenSpaceGuid.PcdVarStoreVariableGuid
 
 [Depex]
-  #
-  # NorFlashDxe must be loaded before VariableRuntimeDxe in case empty flash 
needs populating with default values
-  #
-  BEFORE gVariableRuntimeDxeFileGuid
+  gEfiCpuArchProtocolGuid
diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c 
b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c
index 4f56bae33022..1de9635b6736 100644
--- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c
+++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c
@@ -111,7 +111,7 @@ InitializeFvAndVariableStoreHeaders (
   // VARIABLE_STORE_HEADER
   //
   VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)Headers + 
FirmwareVolumeHeader->HeaderLength);
-  CopyGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid);
+  CopyGuid (&VariableStoreHeader->Signature, FixedPcdGetPtr 
(PcdVarStoreVariableGuid));
   VariableStoreHeader->Size = PcdGet32(PcdFlashNvStorageVariableSize) - 
FirmwareVolumeHeader->HeaderLength;
   VariableStoreHeader->Format            = VARIABLE_STORE_FORMATTED;
   VariableStoreHeader->State             = VARIABLE_STORE_HEALTHY;
@@ -178,7 +178,7 @@ ValidateFvHeader (
   VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)FwVolHeader + 
FwVolHeader->HeaderLength);
 
   // Check the Variable Store Guid
-  if( CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) == 
FALSE ) {
+  if (!CompareGuid (&VariableStoreHeader->Signature, FixedPcdGetPtr 
(PcdVarStoreVariableGuid))) {
     DEBUG ((EFI_D_ERROR, "ValidateFvHeader: Variable Store Guid 
non-compatible\n"));
     return EFI_NOT_FOUND;
   }
-- 
1.9.1


------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

[edk2] [PATCH v2 2/3] ArmPlatformPkg: enable use of authenticated variables in NorFlashDxe

Reply via email to