subject:"Re\: \[edk2\] \[PATCH 5\/5\] Platforms\/AMD\/Overdrive\: add signed capsule update support"

Re: [edk2] [PATCH 5/5] Platforms/AMD/Overdrive: add signed capsule update support

2017-10-15 Thread Ard Biesheuvel

On 15 October 2017 at 20:10, Leif Lindholm  wrote:
> On Sun, Oct 15, 2017 at 10:54:53AM +0100, Ard Biesheuvel wrote:
>> Wire up the various modules and boilerplate configuration snippets
>> to implement signed capsule update for AMD Overdrive. Note that this
>> uses the insecure default key.
>>
>> The secure firmware on this SoC does not implement warm reboot, so we
>> cannot support capsules that persist across reset. Instead, the capsule
>> may be installed using CapsuleApp (from MdeModulePkg), from the UEFI
>> Shell prompt.
>>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Ard Biesheuvel 
>> ---
>>  Platform/AMD/OverdriveBoard/OverdriveBoard.dsc  
>>   | 27 ++-
>>  Platform/AMD/OverdriveBoard/OverdriveBoard.fdf  
>>   | 83 
>>  
>> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc
>> | 80 +++
>>  
>> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
>>  | 46 +++
>>  
>> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c
>> | 68 
>>  
>> Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini
>>  | 25 ++
>>  6 files changed, 328 insertions(+), 1 deletion(-)
>>
>> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc 
>> b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
>> index daa773172029..a15f96d2fba9 100644
>> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
>> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
>> @@ -123,7 +123,15 @@ DEFINE DO_FLASHER   = FALSE
>>
>> ResetSystemLib|ArmPkg/Library/ArmSmcPsciResetSystemLib/ArmSmcPsciResetSystemLib.inf
>>
>> RealTimeClockLib|Silicon/AMD/Styx/Library/RealTimeClockLib/RealTimeClockLib.inf
>>
>> -  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
>> +  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
>> +  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>> +  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
>> +  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
>> +  
>> EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
>> +  
>> FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
>> +  IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf
>> +  
>> PlatformFlashAccessLib|Silicon/AMD/Styx/Library/StyxPlatformFlashAccessLib/StyxPlatformFlashAccessLib.inf
>> +
>>
>> UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
>>
>> PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
>>BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
>> @@ -499,6 +507,15 @@ DEFINE DO_FLASHER   = FALSE
>>gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x0
>>gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x0
>>
>> +[PcdsDynamicExDefault.common.DEFAULT]
>> +  
>> gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100
>> +
>> +  # 642e4fcf-2df7-4415-8b70-a03909c57b55
>> +  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0xcf, 
>> 0x4f, 0x2e, 0x64, 0xf7, 0x2d, 0x15, 0x44, 0x8b, 0x70, 0xa0, 0x39, 0x09, 
>> 0xc5, 0x7b, 0x55}
>> +
>> +  # d34b3d29-0085-4ab3-8be8-84188cc50489
>> +  gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x29, 
>> 0x3d, 0x4b, 0xd3, 0x85, 0x0, 0xb3, 0x4a, 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 
>> 0x04, 0x89}
>> +
>>  [PcdsDynamicHii]
>>
>> gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5
>>
>> @@ -745,3 +762,11 @@ DEFINE DO_FLASHER   = FALSE
>>
>> ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
>>}
>>  !endif
>> +
>> +  #
>> +  # Firmware update
>> +  #
>> +  MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
>> +  
>> SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf
>> +  
>> SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf
>> +  
>> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
>> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf 
>> b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
>> index 23e57befcdd9..18f74b3c46fe 100644
>> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
>> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
>> @@ -249,6 +249,12 @@ READ_LOCK_STATUS   = TRUE
>>#
>>INF Silicon/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf
>>
>> +  #
>> +  # Firmware update
>> +  #
>> +  INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
>> +  INF 
>> SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf
>> +
>>

Re: [edk2] [PATCH 5/5] Platforms/AMD/Overdrive: add signed capsule update support

2017-10-15 Thread Leif Lindholm

On Sun, Oct 15, 2017 at 10:54:53AM +0100, Ard Biesheuvel wrote:
> Wire up the various modules and boilerplate configuration snippets
> to implement signed capsule update for AMD Overdrive. Note that this
> uses the insecure default key.
> 
> The secure firmware on this SoC does not implement warm reboot, so we
> cannot support capsules that persist across reset. Instead, the capsule
> may be installed using CapsuleApp (from MdeModulePkg), from the UEFI
> Shell prompt.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ard Biesheuvel 
> ---
>  Platform/AMD/OverdriveBoard/OverdriveBoard.dsc   
>  | 27 ++-
>  Platform/AMD/OverdriveBoard/OverdriveBoard.fdf   
>  | 83 
>  
> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc
> | 80 +++
>  
> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
>  | 46 +++
>  
> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c
> | 68 
>  
> Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini
>  | 25 ++
>  6 files changed, 328 insertions(+), 1 deletion(-)
> 
> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc 
> b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
> index daa773172029..a15f96d2fba9 100644
> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
> @@ -123,7 +123,15 @@ DEFINE DO_FLASHER   = FALSE
>
> ResetSystemLib|ArmPkg/Library/ArmSmcPsciResetSystemLib/ArmSmcPsciResetSystemLib.inf
>
> RealTimeClockLib|Silicon/AMD/Styx/Library/RealTimeClockLib/RealTimeClockLib.inf
>  
> -  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
> +  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
> +  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> +  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> +  
> EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
> +  
> FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
> +  IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf
> +  
> PlatformFlashAccessLib|Silicon/AMD/Styx/Library/StyxPlatformFlashAccessLib/StyxPlatformFlashAccessLib.inf
> +
>
> UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
>
> PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
>BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
> @@ -499,6 +507,15 @@ DEFINE DO_FLASHER   = FALSE
>gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x0
>gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x0
>  
> +[PcdsDynamicExDefault.common.DEFAULT]
> +  
> gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100
> +
> +  # 642e4fcf-2df7-4415-8b70-a03909c57b55
> +  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0xcf, 
> 0x4f, 0x2e, 0x64, 0xf7, 0x2d, 0x15, 0x44, 0x8b, 0x70, 0xa0, 0x39, 0x09, 0xc5, 
> 0x7b, 0x55}
> +
> +  # d34b3d29-0085-4ab3-8be8-84188cc50489
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x29, 
> 0x3d, 0x4b, 0xd3, 0x85, 0x0, 0xb3, 0x4a, 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 
> 0x04, 0x89}
> +
>  [PcdsDynamicHii]
>
> gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5
>  
> @@ -745,3 +762,11 @@ DEFINE DO_FLASHER   = FALSE
>
> ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
>}
>  !endif
> +
> +  #
> +  # Firmware update
> +  #
> +  MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
> +  SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf
> +  SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf
> +  
> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf 
> b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
> index 23e57befcdd9..18f74b3c46fe 100644
> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
> @@ -249,6 +249,12 @@ READ_LOCK_STATUS   = TRUE
>#
>INF Silicon/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf
>  
> +  #
> +  # Firmware update
> +  #
> +  INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
> +  INF 
> SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf
> +
>  [FV.STYX_EFI]
>  FvAlignment= 16
>  ERASE_POLARITY = 1
> @@ -277,6 +283,8 @@ READ_LOCK_STATUS   = TRUE
>INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
>INF

Re: [edk2] [PATCH 5/5] Platforms/AMD/Overdrive: add signed capsule update support

Re: [edk2] [PATCH 5/5] Platforms/AMD/Overdrive: add signed capsule update support

2 matches

Site Navigation

Mail list logo

Footer information