Re: [edk2] [PATCH 5/5] Platforms/AMD/Overdrive: add signed capsule update support
On 15 October 2017 at 20:10, Leif Lindholmwrote: > On Sun, Oct 15, 2017 at 10:54:53AM +0100, Ard Biesheuvel wrote: >> Wire up the various modules and boilerplate configuration snippets >> to implement signed capsule update for AMD Overdrive. Note that this >> uses the insecure default key. >> >> The secure firmware on this SoC does not implement warm reboot, so we >> cannot support capsules that persist across reset. Instead, the capsule >> may be installed using CapsuleApp (from MdeModulePkg), from the UEFI >> Shell prompt. >> >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Ard Biesheuvel >> --- >> Platform/AMD/OverdriveBoard/OverdriveBoard.dsc >> | 27 ++- >> Platform/AMD/OverdriveBoard/OverdriveBoard.fdf >> | 83 >> >> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc >> | 80 +++ >> >> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf >> | 46 +++ >> >> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c >> | 68 >> >> Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini >> | 25 ++ >> 6 files changed, 328 insertions(+), 1 deletion(-) >> >> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc >> b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc >> index daa773172029..a15f96d2fba9 100644 >> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc >> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc >> @@ -123,7 +123,15 @@ DEFINE DO_FLASHER = FALSE >> >> ResetSystemLib|ArmPkg/Library/ArmSmcPsciResetSystemLib/ArmSmcPsciResetSystemLib.inf >> >> RealTimeClockLib|Silicon/AMD/Styx/Library/RealTimeClockLib/RealTimeClockLib.inf >> >> - CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf >> + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf >> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf >> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf >> + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf >> + >> EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf >> + >> FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf >> + IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf >> + >> PlatformFlashAccessLib|Silicon/AMD/Styx/Library/StyxPlatformFlashAccessLib/StyxPlatformFlashAccessLib.inf >> + >> >> UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf >> >> PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf >>BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf >> @@ -499,6 +507,15 @@ DEFINE DO_FLASHER = FALSE >>gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x0 >>gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x0 >> >> +[PcdsDynamicExDefault.common.DEFAULT] >> + >> gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100 >> + >> + # 642e4fcf-2df7-4415-8b70-a03909c57b55 >> + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0xcf, >> 0x4f, 0x2e, 0x64, 0xf7, 0x2d, 0x15, 0x44, 0x8b, 0x70, 0xa0, 0x39, 0x09, >> 0xc5, 0x7b, 0x55} >> + >> + # d34b3d29-0085-4ab3-8be8-84188cc50489 >> + gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x29, >> 0x3d, 0x4b, 0xd3, 0x85, 0x0, 0xb3, 0x4a, 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, >> 0x04, 0x89} >> + >> [PcdsDynamicHii] >> >> gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5 >> >> @@ -745,3 +762,11 @@ DEFINE DO_FLASHER = FALSE >> >> ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf >>} >> !endif >> + >> + # >> + # Firmware update >> + # >> + MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf >> + >> SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf >> + >> SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf >> + >> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf >> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf >> b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf >> index 23e57befcdd9..18f74b3c46fe 100644 >> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf >> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf >> @@ -249,6 +249,12 @@ READ_LOCK_STATUS = TRUE >># >>INF Silicon/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf >> >> + # >> + # Firmware update >> + # >> + INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf >> + INF >> SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf >> + >>
Re: [edk2] [PATCH 5/5] Platforms/AMD/Overdrive: add signed capsule update support
On Sun, Oct 15, 2017 at 10:54:53AM +0100, Ard Biesheuvel wrote: > Wire up the various modules and boilerplate configuration snippets > to implement signed capsule update for AMD Overdrive. Note that this > uses the insecure default key. > > The secure firmware on this SoC does not implement warm reboot, so we > cannot support capsules that persist across reset. Instead, the capsule > may be installed using CapsuleApp (from MdeModulePkg), from the UEFI > Shell prompt. > > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Ard Biesheuvel> --- > Platform/AMD/OverdriveBoard/OverdriveBoard.dsc > | 27 ++- > Platform/AMD/OverdriveBoard/OverdriveBoard.fdf > | 83 > > Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc > | 80 +++ > > Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf > | 46 +++ > > Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c > | 68 > > Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini > | 25 ++ > 6 files changed, 328 insertions(+), 1 deletion(-) > > diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc > b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc > index daa773172029..a15f96d2fba9 100644 > --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc > +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc > @@ -123,7 +123,15 @@ DEFINE DO_FLASHER = FALSE > > ResetSystemLib|ArmPkg/Library/ArmSmcPsciResetSystemLib/ArmSmcPsciResetSystemLib.inf > > RealTimeClockLib|Silicon/AMD/Styx/Library/RealTimeClockLib/RealTimeClockLib.inf > > - CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf > + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > + > EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf > + > FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf > + IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf > + > PlatformFlashAccessLib|Silicon/AMD/Styx/Library/StyxPlatformFlashAccessLib/StyxPlatformFlashAccessLib.inf > + > > UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf > > PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf >BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf > @@ -499,6 +507,15 @@ DEFINE DO_FLASHER = FALSE >gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x0 >gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x0 > > +[PcdsDynamicExDefault.common.DEFAULT] > + > gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100 > + > + # 642e4fcf-2df7-4415-8b70-a03909c57b55 > + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0xcf, > 0x4f, 0x2e, 0x64, 0xf7, 0x2d, 0x15, 0x44, 0x8b, 0x70, 0xa0, 0x39, 0x09, 0xc5, > 0x7b, 0x55} > + > + # d34b3d29-0085-4ab3-8be8-84188cc50489 > + gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x29, > 0x3d, 0x4b, 0xd3, 0x85, 0x0, 0xb3, 0x4a, 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, > 0x04, 0x89} > + > [PcdsDynamicHii] > > gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5 > > @@ -745,3 +762,11 @@ DEFINE DO_FLASHER = FALSE > > ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf >} > !endif > + > + # > + # Firmware update > + # > + MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf > + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf > + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf > + > Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf > diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf > b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf > index 23e57befcdd9..18f74b3c46fe 100644 > --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf > +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf > @@ -249,6 +249,12 @@ READ_LOCK_STATUS = TRUE ># >INF Silicon/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf > > + # > + # Firmware update > + # > + INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf > + INF > SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf > + > [FV.STYX_EFI] > FvAlignment= 16 > ERASE_POLARITY = 1 > @@ -277,6 +283,8 @@ READ_LOCK_STATUS = TRUE >INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf >INF