[edk2] [PATCH 5/5] Platforms/AMD/Overdrive: add signed capsule update support

Ard Biesheuvel posted 5 patches 7 years, 2 months ago
[edk2] [PATCH 5/5] Platforms/AMD/Overdrive: add signed capsule update support
Posted by Ard Biesheuvel 7 years, 2 months ago
Wire up the various modules and boilerplate configuration snippets
to implement signed capsule update for AMD Overdrive. Note that this
uses the insecure default key.

The secure firmware on this SoC does not implement warm reboot, so we
cannot support capsules that persist across reset. Instead, the capsule
may be installed using CapsuleApp (from MdeModulePkg), from the UEFI
Shell prompt.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 Platform/AMD/OverdriveBoard/OverdriveBoard.dsc                                        | 27 ++++++-
 Platform/AMD/OverdriveBoard/OverdriveBoard.fdf                                        | 83 ++++++++++++++++++++
 Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc    | 80 +++++++++++++++++++
 Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf     | 46 +++++++++++
 Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c    | 68 ++++++++++++++++
 Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini | 25 ++++++
 6 files changed, 328 insertions(+), 1 deletion(-)

diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
index daa773172029..a15f96d2fba9 100644
--- a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
+++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
@@ -123,7 +123,15 @@ DEFINE DO_FLASHER   = FALSE
   ResetSystemLib|ArmPkg/Library/ArmSmcPsciResetSystemLib/ArmSmcPsciResetSystemLib.inf
   RealTimeClockLib|Silicon/AMD/Styx/Library/RealTimeClockLib/RealTimeClockLib.inf
 
-  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
+  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+  EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
+  FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
+  IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf
+  PlatformFlashAccessLib|Silicon/AMD/Styx/Library/StyxPlatformFlashAccessLib/StyxPlatformFlashAccessLib.inf
+
   UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
   PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
   BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
@@ -499,6 +507,15 @@ DEFINE DO_FLASHER   = FALSE
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x0
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x0
 
+[PcdsDynamicExDefault.common.DEFAULT]
+  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100
+
+  # 642e4fcf-2df7-4415-8b70-a03909c57b55
+  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0xcf, 0x4f, 0x2e, 0x64, 0xf7, 0x2d, 0x15, 0x44, 0x8b, 0x70, 0xa0, 0x39, 0x09, 0xc5, 0x7b, 0x55}
+
+  # d34b3d29-0085-4ab3-8be8-84188cc50489
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x29, 0x3d, 0x4b, 0xd3, 0x85, 0x0, 0xb3, 0x4a, 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89}
+
 [PcdsDynamicHii]
   gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5
 
@@ -745,3 +762,11 @@ DEFINE DO_FLASHER   = FALSE
       ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
   }
 !endif
+
+  #
+  # Firmware update
+  #
+  MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
+  SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf
+  SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf
+  Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
index 23e57befcdd9..18f74b3c46fe 100644
--- a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
+++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
@@ -249,6 +249,12 @@ READ_LOCK_STATUS   = TRUE
   #
   INF Silicon/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf
 
+  #
+  # Firmware update
+  #
+  INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
+  INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf
+
 [FV.STYX_EFI]
 FvAlignment        = 16
 ERASE_POLARITY     = 1
@@ -277,6 +283,8 @@ READ_LOCK_STATUS   = TRUE
   INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
   INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
   INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+  INF RuleOverride = FMP_IMAGE_DESC Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
+
 
   FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
     SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE {
@@ -284,6 +292,73 @@ READ_LOCK_STATUS   = TRUE
     }
   }
 
+[FV.CapsuleDispatchFv]
+FvAlignment        = 16
+ERASE_POLARITY     = 1
+MEMORY_MAPPED      = TRUE
+STICKY_WRITE       = TRUE
+LOCK_CAP           = TRUE
+LOCK_STATUS        = TRUE
+WRITE_DISABLED_CAP = TRUE
+WRITE_ENABLED_CAP  = TRUE
+WRITE_STATUS       = TRUE
+WRITE_LOCK_CAP     = TRUE
+WRITE_LOCK_STATUS  = TRUE
+READ_DISABLED_CAP  = TRUE
+READ_ENABLED_CAP   = TRUE
+READ_STATUS        = TRUE
+READ_LOCK_CAP      = TRUE
+READ_LOCK_STATUS   = TRUE
+
+  INF  SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf
+
+[FV.SystemFirmwareUpdateCargo]
+FvAlignment        = 16
+ERASE_POLARITY     = 1
+MEMORY_MAPPED      = TRUE
+STICKY_WRITE       = TRUE
+LOCK_CAP           = TRUE
+LOCK_STATUS        = TRUE
+WRITE_DISABLED_CAP = TRUE
+WRITE_ENABLED_CAP  = TRUE
+WRITE_STATUS       = TRUE
+WRITE_LOCK_CAP     = TRUE
+WRITE_LOCK_STATUS  = TRUE
+READ_DISABLED_CAP  = TRUE
+READ_ENABLED_CAP   = TRUE
+READ_STATUS        = TRUE
+READ_LOCK_CAP      = TRUE
+READ_LOCK_STATUS   = TRUE
+
+  FILE RAW = 642e4fcf-2df7-4415-8b70-a03909c57b55 { # PcdEdkiiSystemFirmwareFileGuid
+    FV = STYX_EFI
+  }
+
+  FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # gEdkiiSystemFmpCapsuleDriverFvFileGuid
+    FV = CapsuleDispatchFv
+  }
+
+  FILE RAW = 812136D3-4D3A-433A-9418-29BB9BF78F6E { # gEdkiiSystemFmpCapsuleConfigFileGuid
+    Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini
+  }
+
+[FmpPayload.FmpPayloadSystemFirmwarePkcs7]
+IMAGE_HEADER_INIT_VERSION = 0x02
+IMAGE_TYPE_ID             = d34b3d29-0085-4ab3-8be8-84188cc50489 # PcdSystemFmpCapsuleImageTypeIdGuid
+IMAGE_INDEX               = 0x1
+HARDWARE_INSTANCE         = 0x0
+MONOTONIC_COUNT           = 0x1
+CERTIFICATE_GUID          = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 # PKCS7
+
+  FV = SystemFirmwareUpdateCargo
+
+[Capsule.StyxFirmwareUpdateCapsuleFmpPkcs7]
+CAPSULE_GUID                = 6dcbd5ed-e82d-4c44-bda1-7194199ad92a # gEfiFmpCapsuleGuid
+CAPSULE_HEADER_SIZE         = 0x20
+CAPSULE_HEADER_INIT_VERSION = 0x1
+
+  FMP_PAYLOAD = FmpPayloadSystemFirmwarePkcs7
+
 
 ################################################################################
 #
@@ -413,3 +488,11 @@ READ_LOCK_STATUS   = TRUE
     RAW ASL                |.aml
   }
 
+[Rule.Common.PEIM.FMP_IMAGE_DESC]
+  FILE PEIM = $(NAMED_GUID) {
+     RAW BIN                  |.acpi
+     PEI_DEPEX PEI_DEPEX Optional        $(INF_OUTPUT)/$(MODULE_NAME).depex
+     PE32      PE32    Align=4K          $(INF_OUTPUT)/$(MODULE_NAME).efi
+     UI       STRING="$(MODULE_NAME)" Optional
+     VERSION  STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
+  }
diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc
new file mode 100644
index 000000000000..8737c02fa006
--- /dev/null
+++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc
@@ -0,0 +1,80 @@
+/** @file
+  System Firmware descriptor.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2017, Linaro, Ltd. All rights reserved.<BR>
+
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiPei.h>
+#include <Protocol/FirmwareManagement.h>
+#include <Guid/EdkiiSystemFmpCapsule.h>
+
+#define PACKAGE_VERSION                     0xFFFFFFFF
+#define PACKAGE_VERSION_STRING              L"Unknown"
+
+#define CURRENT_FIRMWARE_VERSION            0x00000001
+#define CURRENT_FIRMWARE_VERSION_STRING     L"0x00000001"
+#define LOWEST_SUPPORTED_FIRMWARE_VERSION   0x00000001
+
+#define IMAGE_ID                            SIGNATURE_64('O', 'V', 'R', 'D', 'R', 'I', 'V', 'E')
+#define IMAGE_ID_STRING                     L"AMD Seattle Overdrive UEFI"
+
+// PcdSystemFmpCapsuleImageTypeIdGuid
+#define IMAGE_TYPE_ID_GUID                  { 0xd34b3d29, 0x0085, 0x4ab3, { 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89 } }
+
+typedef struct {
+  EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR  Descriptor;
+  // real string data
+  CHAR16                                  ImageIdNameStr[sizeof(IMAGE_ID_STRING)/sizeof(CHAR16)];
+  CHAR16                                  VersionNameStr[sizeof(CURRENT_FIRMWARE_VERSION_STRING)/sizeof(CHAR16)];
+  CHAR16                                  PackageVersionNameStr[sizeof(PACKAGE_VERSION_STRING)/sizeof(CHAR16)];
+} IMAGE_DESCRIPTOR;
+
+STATIC IMAGE_DESCRIPTOR mImageDescriptor =
+{
+  {
+    EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE,
+    sizeof(EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR),
+    sizeof(IMAGE_DESCRIPTOR),
+    PACKAGE_VERSION,                                       // PackageVersion
+    OFFSET_OF (IMAGE_DESCRIPTOR, PackageVersionNameStr),   // PackageVersionName
+    1,                                                     // ImageIndex;
+    {0x0},                                                 // Reserved
+    IMAGE_TYPE_ID_GUID,                                    // ImageTypeId;
+    IMAGE_ID,                                              // ImageId;
+    OFFSET_OF (IMAGE_DESCRIPTOR, ImageIdNameStr),          // ImageIdName;
+    CURRENT_FIRMWARE_VERSION,                              // Version;
+    OFFSET_OF (IMAGE_DESCRIPTOR, VersionNameStr),          // VersionName;
+    {0x0},                                                 // Reserved2
+    FixedPcdGet32(PcdFdSize),                              // Size;
+    IMAGE_ATTRIBUTE_IMAGE_UPDATABLE |
+      IMAGE_ATTRIBUTE_RESET_REQUIRED |
+      IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED |
+      IMAGE_ATTRIBUTE_IN_USE,                              // AttributesSupported;
+    IMAGE_ATTRIBUTE_IMAGE_UPDATABLE |
+      IMAGE_ATTRIBUTE_RESET_REQUIRED |
+      IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED |
+      IMAGE_ATTRIBUTE_IN_USE,                              // AttributesSetting;
+    0x0,                                                   // Compatibilities;
+    LOWEST_SUPPORTED_FIRMWARE_VERSION,                     // LowestSupportedImageVersion;
+    0x00000000,                                            // LastAttemptVersion;
+    0,                                                     // LastAttemptStatus;
+    {0x0},                                                 // Reserved3
+    0,                                                     // HardwareInstance;
+  },
+  // real string data
+  IMAGE_ID_STRING,
+  CURRENT_FIRMWARE_VERSION_STRING,
+  PACKAGE_VERSION_STRING,
+};
+
+VOID* CONST ReferenceAcpiTable = &mImageDescriptor;
diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
new file mode 100644
index 000000000000..9d47d3b2923a
--- /dev/null
+++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
@@ -0,0 +1,46 @@
+## @file
+#  System Firmware descriptor.
+#
+#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution.  The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x0001001A
+  BASE_NAME                      = SystemFirmwareDescriptor
+  FILE_GUID                      = 90B2B846-CA6D-4D6E-A8D3-C140A8E110AC
+  MODULE_TYPE                    = PEIM
+  VERSION_STRING                 = 1.0
+  ENTRY_POINT                    = SystemFirmwareDescriptorPeimEntry
+
+[Sources]
+  SystemFirmwareDescriptorPei.c
+  SystemFirmwareDescriptor.aslc
+
+[Packages]
+  ArmPkg/ArmPkg.dec
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SignedCapsulePkg/SignedCapsulePkg.dec
+
+[LibraryClasses]
+  PcdLib
+  PeiServicesLib
+  DebugLib
+  PeimEntryPoint
+
+[FixedPcd]
+  gArmTokenSpaceGuid.PcdFdSize
+
+[Pcd]
+  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor
+
+[Depex]
+  TRUE
diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c
new file mode 100644
index 000000000000..8d40956726ab
--- /dev/null
+++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c
@@ -0,0 +1,68 @@
+/** @file
+  System Firmware descriptor producer.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiPei.h>
+#include <Library/PcdLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/DebugLib.h>
+#include <Protocol/FirmwareManagement.h>
+#include <Guid/EdkiiSystemFmpCapsule.h>
+
+/**
+  Entrypoint for SystemFirmwareDescriptor PEIM.
+
+  @param[in]  FileHandle  Handle of the file being invoked.
+  @param[in]  PeiServices Describes the list of possible PEI Services.
+
+  @retval EFI_SUCCESS            PPI successfully installed.
+**/
+EFI_STATUS
+EFIAPI
+SystemFirmwareDescriptorPeimEntry (
+  IN EFI_PEI_FILE_HANDLE     FileHandle,
+  IN CONST EFI_PEI_SERVICES  **PeiServices
+  )
+{
+  EFI_STATUS                              Status;
+  EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR  *Descriptor;
+  UINTN                                   Size;
+  UINTN                                   Index;
+  UINT32                                  AuthenticationStatus;
+
+  //
+  // Search RAW section.
+  //
+  Index = 0;
+  while (TRUE) {
+    Status = PeiServicesFfsFindSectionData3(EFI_SECTION_RAW, Index, FileHandle,
+               (VOID **)&Descriptor, &AuthenticationStatus);
+    if (EFI_ERROR(Status)) {
+      // Should not happen, must something wrong in FDF.
+      ASSERT(FALSE);
+      return EFI_NOT_FOUND;
+    }
+    if (Descriptor->Signature == EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE) {
+      break;
+    }
+    Index++;
+  }
+
+  DEBUG((DEBUG_INFO, "EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR size - 0x%x\n",
+    Descriptor->Length));
+
+  Size = Descriptor->Length;
+  PcdSetPtrS (PcdEdkiiSystemFirmwareImageDescriptor, &Size, Descriptor);
+
+  return EFI_SUCCESS;
+}
diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini b/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini
new file mode 100644
index 000000000000..c89e95f60fba
--- /dev/null
+++ b/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini
@@ -0,0 +1,25 @@
+## @file
+#
+#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution.  The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Head]
+NumOfUpdate = 1
+NumOfRecovery = 0
+Update0 = StyxFvMain
+
+[StyxFvMain]
+FirmwareType  = 0             # SystemFirmware
+AddressType   = 0             # 0 - relative address, 1 - absolute address.
+BaseAddress   = 0x00200000    # Base address offset on flash
+Length        = 0x00260000    # Length
+ImageOffset   = 0x00000000    # Image offset of this SystemFirmware image
+FileGuid      = 642e4fcf-2df7-4415-8b70-a03909c57b55  # PcdEdkiiSystemFirmwareFileGuid
-- 
2.11.0

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 5/5] Platforms/AMD/Overdrive: add signed capsule update support
Posted by Leif Lindholm 7 years, 2 months ago
On Sun, Oct 15, 2017 at 10:54:53AM +0100, Ard Biesheuvel wrote:
> Wire up the various modules and boilerplate configuration snippets
> to implement signed capsule update for AMD Overdrive. Note that this
> uses the insecure default key.
> 
> The secure firmware on this SoC does not implement warm reboot, so we
> cannot support capsules that persist across reset. Instead, the capsule
> may be installed using CapsuleApp (from MdeModulePkg), from the UEFI
> Shell prompt.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>  Platform/AMD/OverdriveBoard/OverdriveBoard.dsc                                        | 27 ++++++-
>  Platform/AMD/OverdriveBoard/OverdriveBoard.fdf                                        | 83 ++++++++++++++++++++
>  Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc    | 80 +++++++++++++++++++
>  Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf     | 46 +++++++++++
>  Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c    | 68 ++++++++++++++++
>  Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini | 25 ++++++
>  6 files changed, 328 insertions(+), 1 deletion(-)
> 
> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
> index daa773172029..a15f96d2fba9 100644
> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
> @@ -123,7 +123,15 @@ DEFINE DO_FLASHER   = FALSE
>    ResetSystemLib|ArmPkg/Library/ArmSmcPsciResetSystemLib/ArmSmcPsciResetSystemLib.inf
>    RealTimeClockLib|Silicon/AMD/Styx/Library/RealTimeClockLib/RealTimeClockLib.inf
>  
> -  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
> +  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
> +  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> +  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> +  EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
> +  FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
> +  IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf
> +  PlatformFlashAccessLib|Silicon/AMD/Styx/Library/StyxPlatformFlashAccessLib/StyxPlatformFlashAccessLib.inf
> +
>    UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
>    PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
>    BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
> @@ -499,6 +507,15 @@ DEFINE DO_FLASHER   = FALSE
>    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x0
>    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x0
>  
> +[PcdsDynamicExDefault.common.DEFAULT]
> +  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100
> +
> +  # 642e4fcf-2df7-4415-8b70-a03909c57b55
> +  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0xcf, 0x4f, 0x2e, 0x64, 0xf7, 0x2d, 0x15, 0x44, 0x8b, 0x70, 0xa0, 0x39, 0x09, 0xc5, 0x7b, 0x55}
> +
> +  # d34b3d29-0085-4ab3-8be8-84188cc50489
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x29, 0x3d, 0x4b, 0xd3, 0x85, 0x0, 0xb3, 0x4a, 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89}
> +
>  [PcdsDynamicHii]
>    gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5
>  
> @@ -745,3 +762,11 @@ DEFINE DO_FLASHER   = FALSE
>        ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
>    }
>  !endif
> +
> +  #
> +  # Firmware update
> +  #
> +  MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
> +  SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf
> +  SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf
> +  Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
> index 23e57befcdd9..18f74b3c46fe 100644
> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
> @@ -249,6 +249,12 @@ READ_LOCK_STATUS   = TRUE
>    #
>    INF Silicon/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf
>  
> +  #
> +  # Firmware update
> +  #
> +  INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
> +  INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf
> +
>  [FV.STYX_EFI]
>  FvAlignment        = 16
>  ERASE_POLARITY     = 1
> @@ -277,6 +283,8 @@ READ_LOCK_STATUS   = TRUE
>    INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
>    INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
>    INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> +  INF RuleOverride = FMP_IMAGE_DESC Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
> +
>  
>    FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
>      SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE {
> @@ -284,6 +292,73 @@ READ_LOCK_STATUS   = TRUE
>      }
>    }
>  
> +[FV.CapsuleDispatchFv]
> +FvAlignment        = 16
> +ERASE_POLARITY     = 1
> +MEMORY_MAPPED      = TRUE
> +STICKY_WRITE       = TRUE
> +LOCK_CAP           = TRUE
> +LOCK_STATUS        = TRUE
> +WRITE_DISABLED_CAP = TRUE
> +WRITE_ENABLED_CAP  = TRUE
> +WRITE_STATUS       = TRUE
> +WRITE_LOCK_CAP     = TRUE
> +WRITE_LOCK_STATUS  = TRUE
> +READ_DISABLED_CAP  = TRUE
> +READ_ENABLED_CAP   = TRUE
> +READ_STATUS        = TRUE
> +READ_LOCK_CAP      = TRUE
> +READ_LOCK_STATUS   = TRUE
> +
> +  INF  SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf
> +
> +[FV.SystemFirmwareUpdateCargo]
> +FvAlignment        = 16
> +ERASE_POLARITY     = 1
> +MEMORY_MAPPED      = TRUE
> +STICKY_WRITE       = TRUE
> +LOCK_CAP           = TRUE
> +LOCK_STATUS        = TRUE
> +WRITE_DISABLED_CAP = TRUE
> +WRITE_ENABLED_CAP  = TRUE
> +WRITE_STATUS       = TRUE
> +WRITE_LOCK_CAP     = TRUE
> +WRITE_LOCK_STATUS  = TRUE
> +READ_DISABLED_CAP  = TRUE
> +READ_ENABLED_CAP   = TRUE
> +READ_STATUS        = TRUE
> +READ_LOCK_CAP      = TRUE
> +READ_LOCK_STATUS   = TRUE
> +
> +  FILE RAW = 642e4fcf-2df7-4415-8b70-a03909c57b55 { # PcdEdkiiSystemFirmwareFileGuid
> +    FV = STYX_EFI
> +  }
> +
> +  FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # gEdkiiSystemFmpCapsuleDriverFvFileGuid
> +    FV = CapsuleDispatchFv
> +  }
> +
> +  FILE RAW = 812136D3-4D3A-433A-9418-29BB9BF78F6E { # gEdkiiSystemFmpCapsuleConfigFileGuid
> +    Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini
> +  }
> +
> +[FmpPayload.FmpPayloadSystemFirmwarePkcs7]
> +IMAGE_HEADER_INIT_VERSION = 0x02
> +IMAGE_TYPE_ID             = d34b3d29-0085-4ab3-8be8-84188cc50489 # PcdSystemFmpCapsuleImageTypeIdGuid
> +IMAGE_INDEX               = 0x1
> +HARDWARE_INSTANCE         = 0x0
> +MONOTONIC_COUNT           = 0x1
> +CERTIFICATE_GUID          = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 # PKCS7
> +
> +  FV = SystemFirmwareUpdateCargo
> +
> +[Capsule.StyxFirmwareUpdateCapsuleFmpPkcs7]
> +CAPSULE_GUID                = 6dcbd5ed-e82d-4c44-bda1-7194199ad92a # gEfiFmpCapsuleGuid
> +CAPSULE_HEADER_SIZE         = 0x20
> +CAPSULE_HEADER_INIT_VERSION = 0x1
> +
> +  FMP_PAYLOAD = FmpPayloadSystemFirmwarePkcs7
> +
>  
>  ################################################################################
>  #
> @@ -413,3 +488,11 @@ READ_LOCK_STATUS   = TRUE
>      RAW ASL                |.aml
>    }
>  
> +[Rule.Common.PEIM.FMP_IMAGE_DESC]
> +  FILE PEIM = $(NAMED_GUID) {
> +     RAW BIN                  |.acpi
> +     PEI_DEPEX PEI_DEPEX Optional        $(INF_OUTPUT)/$(MODULE_NAME).depex
> +     PE32      PE32    Align=4K          $(INF_OUTPUT)/$(MODULE_NAME).efi
> +     UI       STRING="$(MODULE_NAME)" Optional
> +     VERSION  STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
> +  }
> diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc
> new file mode 100644
> index 000000000000..8737c02fa006
> --- /dev/null
> +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc
> @@ -0,0 +1,80 @@
> +/** @file
> +  System Firmware descriptor.
> +
> +  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +  Copyright (c) 2017, Linaro, Ltd. All rights reserved.<BR>
> +
> +  This program and the accompanying materials
> +  are licensed and made available under the terms and conditions of the BSD License
> +  which accompanies this distribution.  The full text of the license may be found at
> +  http://opensource.org/licenses/bsd-license.php
> +
> +  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include <PiPei.h>
> +#include <Protocol/FirmwareManagement.h>
> +#include <Guid/EdkiiSystemFmpCapsule.h>
> +
> +#define PACKAGE_VERSION                     0xFFFFFFFF
> +#define PACKAGE_VERSION_STRING              L"Unknown"
> +
> +#define CURRENT_FIRMWARE_VERSION            0x00000001
> +#define CURRENT_FIRMWARE_VERSION_STRING     L"0x00000001"
> +#define LOWEST_SUPPORTED_FIRMWARE_VERSION   0x00000001
> +
> +#define IMAGE_ID                            SIGNATURE_64('O', 'V', 'R', 'D', 'R', 'I', 'V', 'E')
> +#define IMAGE_ID_STRING                     L"AMD Seattle Overdrive UEFI"
> +
> +// PcdSystemFmpCapsuleImageTypeIdGuid
> +#define IMAGE_TYPE_ID_GUID                  { 0xd34b3d29, 0x0085, 0x4ab3, { 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89 } }
> +
> +typedef struct {
> +  EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR  Descriptor;
> +  // real string data
> +  CHAR16                                  ImageIdNameStr[sizeof(IMAGE_ID_STRING)/sizeof(CHAR16)];
> +  CHAR16                                  VersionNameStr[sizeof(CURRENT_FIRMWARE_VERSION_STRING)/sizeof(CHAR16)];
> +  CHAR16                                  PackageVersionNameStr[sizeof(PACKAGE_VERSION_STRING)/sizeof(CHAR16)];
> +} IMAGE_DESCRIPTOR;
> +
> +STATIC IMAGE_DESCRIPTOR mImageDescriptor =
> +{
> +  {
> +    EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE,
> +    sizeof(EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR),
> +    sizeof(IMAGE_DESCRIPTOR),
> +    PACKAGE_VERSION,                                       // PackageVersion
> +    OFFSET_OF (IMAGE_DESCRIPTOR, PackageVersionNameStr),   // PackageVersionName
> +    1,                                                     // ImageIndex;
> +    {0x0},                                                 // Reserved
> +    IMAGE_TYPE_ID_GUID,                                    // ImageTypeId;
> +    IMAGE_ID,                                              // ImageId;
> +    OFFSET_OF (IMAGE_DESCRIPTOR, ImageIdNameStr),          // ImageIdName;
> +    CURRENT_FIRMWARE_VERSION,                              // Version;
> +    OFFSET_OF (IMAGE_DESCRIPTOR, VersionNameStr),          // VersionName;
> +    {0x0},                                                 // Reserved2
> +    FixedPcdGet32(PcdFdSize),                              // Size;
> +    IMAGE_ATTRIBUTE_IMAGE_UPDATABLE |
> +      IMAGE_ATTRIBUTE_RESET_REQUIRED |
> +      IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED |
> +      IMAGE_ATTRIBUTE_IN_USE,                              // AttributesSupported;
> +    IMAGE_ATTRIBUTE_IMAGE_UPDATABLE |
> +      IMAGE_ATTRIBUTE_RESET_REQUIRED |
> +      IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED |
> +      IMAGE_ATTRIBUTE_IN_USE,                              // AttributesSetting;
> +    0x0,                                                   // Compatibilities;
> +    LOWEST_SUPPORTED_FIRMWARE_VERSION,                     // LowestSupportedImageVersion;
> +    0x00000000,                                            // LastAttemptVersion;
> +    0,                                                     // LastAttemptStatus;
> +    {0x0},                                                 // Reserved3
> +    0,                                                     // HardwareInstance;
> +  },
> +  // real string data
> +  IMAGE_ID_STRING,
> +  CURRENT_FIRMWARE_VERSION_STRING,
> +  PACKAGE_VERSION_STRING,
> +};
> +
> +VOID* CONST ReferenceAcpiTable = &mImageDescriptor;
> diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
> new file mode 100644
> index 000000000000..9d47d3b2923a
> --- /dev/null
> +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
> @@ -0,0 +1,46 @@
> +## @file
> +#  System Firmware descriptor.
> +#
> +#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +#  This program and the accompanying materials
> +#  are licensed and made available under the terms and conditions of the BSD License
> +#  which accompanies this distribution.  The full text of the license may be found at
> +#  http://opensource.org/licenses/bsd-license.php
> +#
> +#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION                    = 0x0001001A
> +  BASE_NAME                      = SystemFirmwareDescriptor
> +  FILE_GUID                      = 90B2B846-CA6D-4D6E-A8D3-C140A8E110AC
> +  MODULE_TYPE                    = PEIM
> +  VERSION_STRING                 = 1.0
> +  ENTRY_POINT                    = SystemFirmwareDescriptorPeimEntry
> +
> +[Sources]
> +  SystemFirmwareDescriptorPei.c
> +  SystemFirmwareDescriptor.aslc
> +
> +[Packages]
> +  ArmPkg/ArmPkg.dec
> +  MdePkg/MdePkg.dec
> +  MdeModulePkg/MdeModulePkg.dec
> +  SignedCapsulePkg/SignedCapsulePkg.dec
> +
> +[LibraryClasses]
> +  PcdLib
> +  PeiServicesLib
> +  DebugLib
> +  PeimEntryPoint

Sort alphabetically in this file, please.

> +
> +[FixedPcd]
> +  gArmTokenSpaceGuid.PcdFdSize
> +
> +[Pcd]
> +  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor
> +
> +[Depex]
> +  TRUE
> diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c
> new file mode 100644
> index 000000000000..8d40956726ab
> --- /dev/null
> +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c
> @@ -0,0 +1,68 @@
> +/** @file
> +  System Firmware descriptor producer.
> +
> +  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +  This program and the accompanying materials
> +  are licensed and made available under the terms and conditions of the BSD License
> +  which accompanies this distribution.  The full text of the license may be found at
> +  http://opensource.org/licenses/bsd-license.php
> +
> +  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include <PiPei.h>
> +#include <Library/PcdLib.h>
> +#include <Library/PeiServicesLib.h>
> +#include <Library/DebugLib.h>

Sort please.

No further comments.
If you fold that in, for the series:
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>

Certainly, 1/5 can be pushed separately.

/
    Leif

> +#include <Protocol/FirmwareManagement.h>
> +#include <Guid/EdkiiSystemFmpCapsule.h>
> +
> +/**
> +  Entrypoint for SystemFirmwareDescriptor PEIM.
> +
> +  @param[in]  FileHandle  Handle of the file being invoked.
> +  @param[in]  PeiServices Describes the list of possible PEI Services.
> +
> +  @retval EFI_SUCCESS            PPI successfully installed.
> +**/
> +EFI_STATUS
> +EFIAPI
> +SystemFirmwareDescriptorPeimEntry (
> +  IN EFI_PEI_FILE_HANDLE     FileHandle,
> +  IN CONST EFI_PEI_SERVICES  **PeiServices
> +  )
> +{
> +  EFI_STATUS                              Status;
> +  EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR  *Descriptor;
> +  UINTN                                   Size;
> +  UINTN                                   Index;
> +  UINT32                                  AuthenticationStatus;
> +
> +  //
> +  // Search RAW section.
> +  //
> +  Index = 0;
> +  while (TRUE) {
> +    Status = PeiServicesFfsFindSectionData3(EFI_SECTION_RAW, Index, FileHandle,
> +               (VOID **)&Descriptor, &AuthenticationStatus);
> +    if (EFI_ERROR(Status)) {
> +      // Should not happen, must something wrong in FDF.
> +      ASSERT(FALSE);
> +      return EFI_NOT_FOUND;
> +    }
> +    if (Descriptor->Signature == EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE) {
> +      break;
> +    }
> +    Index++;
> +  }
> +
> +  DEBUG((DEBUG_INFO, "EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR size - 0x%x\n",
> +    Descriptor->Length));
> +
> +  Size = Descriptor->Length;
> +  PcdSetPtrS (PcdEdkiiSystemFirmwareImageDescriptor, &Size, Descriptor);
> +
> +  return EFI_SUCCESS;
> +}
> diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini b/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini
> new file mode 100644
> index 000000000000..c89e95f60fba
> --- /dev/null
> +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini
> @@ -0,0 +1,25 @@
> +## @file
> +#
> +#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +#  This program and the accompanying materials
> +#  are licensed and made available under the terms and conditions of the BSD License
> +#  which accompanies this distribution.  The full text of the license may be found at
> +#  http://opensource.org/licenses/bsd-license.php
> +#
> +#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +#
> +##
> +
> +[Head]
> +NumOfUpdate = 1
> +NumOfRecovery = 0
> +Update0 = StyxFvMain
> +
> +[StyxFvMain]
> +FirmwareType  = 0             # SystemFirmware
> +AddressType   = 0             # 0 - relative address, 1 - absolute address.
> +BaseAddress   = 0x00200000    # Base address offset on flash
> +Length        = 0x00260000    # Length
> +ImageOffset   = 0x00000000    # Image offset of this SystemFirmware image
> +FileGuid      = 642e4fcf-2df7-4415-8b70-a03909c57b55  # PcdEdkiiSystemFirmwareFileGuid
> -- 
> 2.11.0
> 
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 5/5] Platforms/AMD/Overdrive: add signed capsule update support
Posted by Ard Biesheuvel 7 years, 2 months ago
On 15 October 2017 at 20:10, Leif Lindholm <leif.lindholm@linaro.org> wrote:
> On Sun, Oct 15, 2017 at 10:54:53AM +0100, Ard Biesheuvel wrote:
>> Wire up the various modules and boilerplate configuration snippets
>> to implement signed capsule update for AMD Overdrive. Note that this
>> uses the insecure default key.
>>
>> The secure firmware on this SoC does not implement warm reboot, so we
>> cannot support capsules that persist across reset. Instead, the capsule
>> may be installed using CapsuleApp (from MdeModulePkg), from the UEFI
>> Shell prompt.
>>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> ---
>>  Platform/AMD/OverdriveBoard/OverdriveBoard.dsc                                        | 27 ++++++-
>>  Platform/AMD/OverdriveBoard/OverdriveBoard.fdf                                        | 83 ++++++++++++++++++++
>>  Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc    | 80 +++++++++++++++++++
>>  Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf     | 46 +++++++++++
>>  Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c    | 68 ++++++++++++++++
>>  Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini | 25 ++++++
>>  6 files changed, 328 insertions(+), 1 deletion(-)
>>
>> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
>> index daa773172029..a15f96d2fba9 100644
>> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
>> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
>> @@ -123,7 +123,15 @@ DEFINE DO_FLASHER   = FALSE
>>    ResetSystemLib|ArmPkg/Library/ArmSmcPsciResetSystemLib/ArmSmcPsciResetSystemLib.inf
>>    RealTimeClockLib|Silicon/AMD/Styx/Library/RealTimeClockLib/RealTimeClockLib.inf
>>
>> -  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
>> +  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
>> +  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>> +  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
>> +  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
>> +  EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
>> +  FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
>> +  IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf
>> +  PlatformFlashAccessLib|Silicon/AMD/Styx/Library/StyxPlatformFlashAccessLib/StyxPlatformFlashAccessLib.inf
>> +
>>    UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
>>    PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
>>    BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
>> @@ -499,6 +507,15 @@ DEFINE DO_FLASHER   = FALSE
>>    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x0
>>    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x0
>>
>> +[PcdsDynamicExDefault.common.DEFAULT]
>> +  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100
>> +
>> +  # 642e4fcf-2df7-4415-8b70-a03909c57b55
>> +  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0xcf, 0x4f, 0x2e, 0x64, 0xf7, 0x2d, 0x15, 0x44, 0x8b, 0x70, 0xa0, 0x39, 0x09, 0xc5, 0x7b, 0x55}
>> +
>> +  # d34b3d29-0085-4ab3-8be8-84188cc50489
>> +  gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x29, 0x3d, 0x4b, 0xd3, 0x85, 0x0, 0xb3, 0x4a, 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89}
>> +
>>  [PcdsDynamicHii]
>>    gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5
>>
>> @@ -745,3 +762,11 @@ DEFINE DO_FLASHER   = FALSE
>>        ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
>>    }
>>  !endif
>> +
>> +  #
>> +  # Firmware update
>> +  #
>> +  MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
>> +  SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf
>> +  SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf
>> +  Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
>> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
>> index 23e57befcdd9..18f74b3c46fe 100644
>> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
>> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
>> @@ -249,6 +249,12 @@ READ_LOCK_STATUS   = TRUE
>>    #
>>    INF Silicon/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf
>>
>> +  #
>> +  # Firmware update
>> +  #
>> +  INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
>> +  INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf
>> +
>>  [FV.STYX_EFI]
>>  FvAlignment        = 16
>>  ERASE_POLARITY     = 1
>> @@ -277,6 +283,8 @@ READ_LOCK_STATUS   = TRUE
>>    INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
>>    INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
>>    INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> +  INF RuleOverride = FMP_IMAGE_DESC Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
>> +
>>
>>    FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
>>      SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE {
>> @@ -284,6 +292,73 @@ READ_LOCK_STATUS   = TRUE
>>      }
>>    }
>>
>> +[FV.CapsuleDispatchFv]
>> +FvAlignment        = 16
>> +ERASE_POLARITY     = 1
>> +MEMORY_MAPPED      = TRUE
>> +STICKY_WRITE       = TRUE
>> +LOCK_CAP           = TRUE
>> +LOCK_STATUS        = TRUE
>> +WRITE_DISABLED_CAP = TRUE
>> +WRITE_ENABLED_CAP  = TRUE
>> +WRITE_STATUS       = TRUE
>> +WRITE_LOCK_CAP     = TRUE
>> +WRITE_LOCK_STATUS  = TRUE
>> +READ_DISABLED_CAP  = TRUE
>> +READ_ENABLED_CAP   = TRUE
>> +READ_STATUS        = TRUE
>> +READ_LOCK_CAP      = TRUE
>> +READ_LOCK_STATUS   = TRUE
>> +
>> +  INF  SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf
>> +
>> +[FV.SystemFirmwareUpdateCargo]
>> +FvAlignment        = 16
>> +ERASE_POLARITY     = 1
>> +MEMORY_MAPPED      = TRUE
>> +STICKY_WRITE       = TRUE
>> +LOCK_CAP           = TRUE
>> +LOCK_STATUS        = TRUE
>> +WRITE_DISABLED_CAP = TRUE
>> +WRITE_ENABLED_CAP  = TRUE
>> +WRITE_STATUS       = TRUE
>> +WRITE_LOCK_CAP     = TRUE
>> +WRITE_LOCK_STATUS  = TRUE
>> +READ_DISABLED_CAP  = TRUE
>> +READ_ENABLED_CAP   = TRUE
>> +READ_STATUS        = TRUE
>> +READ_LOCK_CAP      = TRUE
>> +READ_LOCK_STATUS   = TRUE
>> +
>> +  FILE RAW = 642e4fcf-2df7-4415-8b70-a03909c57b55 { # PcdEdkiiSystemFirmwareFileGuid
>> +    FV = STYX_EFI
>> +  }
>> +
>> +  FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # gEdkiiSystemFmpCapsuleDriverFvFileGuid
>> +    FV = CapsuleDispatchFv
>> +  }
>> +
>> +  FILE RAW = 812136D3-4D3A-433A-9418-29BB9BF78F6E { # gEdkiiSystemFmpCapsuleConfigFileGuid
>> +    Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini
>> +  }
>> +
>> +[FmpPayload.FmpPayloadSystemFirmwarePkcs7]
>> +IMAGE_HEADER_INIT_VERSION = 0x02
>> +IMAGE_TYPE_ID             = d34b3d29-0085-4ab3-8be8-84188cc50489 # PcdSystemFmpCapsuleImageTypeIdGuid
>> +IMAGE_INDEX               = 0x1
>> +HARDWARE_INSTANCE         = 0x0
>> +MONOTONIC_COUNT           = 0x1
>> +CERTIFICATE_GUID          = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 # PKCS7
>> +
>> +  FV = SystemFirmwareUpdateCargo
>> +
>> +[Capsule.StyxFirmwareUpdateCapsuleFmpPkcs7]
>> +CAPSULE_GUID                = 6dcbd5ed-e82d-4c44-bda1-7194199ad92a # gEfiFmpCapsuleGuid
>> +CAPSULE_HEADER_SIZE         = 0x20
>> +CAPSULE_HEADER_INIT_VERSION = 0x1
>> +
>> +  FMP_PAYLOAD = FmpPayloadSystemFirmwarePkcs7
>> +
>>
>>  ################################################################################
>>  #
>> @@ -413,3 +488,11 @@ READ_LOCK_STATUS   = TRUE
>>      RAW ASL                |.aml
>>    }
>>
>> +[Rule.Common.PEIM.FMP_IMAGE_DESC]
>> +  FILE PEIM = $(NAMED_GUID) {
>> +     RAW BIN                  |.acpi
>> +     PEI_DEPEX PEI_DEPEX Optional        $(INF_OUTPUT)/$(MODULE_NAME).depex
>> +     PE32      PE32    Align=4K          $(INF_OUTPUT)/$(MODULE_NAME).efi
>> +     UI       STRING="$(MODULE_NAME)" Optional
>> +     VERSION  STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
>> +  }
>> diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc
>> new file mode 100644
>> index 000000000000..8737c02fa006
>> --- /dev/null
>> +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc
>> @@ -0,0 +1,80 @@
>> +/** @file
>> +  System Firmware descriptor.
>> +
>> +  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
>> +  Copyright (c) 2017, Linaro, Ltd. All rights reserved.<BR>
>> +
>> +  This program and the accompanying materials
>> +  are licensed and made available under the terms and conditions of the BSD License
>> +  which accompanies this distribution.  The full text of the license may be found at
>> +  http://opensource.org/licenses/bsd-license.php
>> +
>> +  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
>> +  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>> +
>> +**/
>> +
>> +#include <PiPei.h>
>> +#include <Protocol/FirmwareManagement.h>
>> +#include <Guid/EdkiiSystemFmpCapsule.h>
>> +
>> +#define PACKAGE_VERSION                     0xFFFFFFFF
>> +#define PACKAGE_VERSION_STRING              L"Unknown"
>> +
>> +#define CURRENT_FIRMWARE_VERSION            0x00000001
>> +#define CURRENT_FIRMWARE_VERSION_STRING     L"0x00000001"
>> +#define LOWEST_SUPPORTED_FIRMWARE_VERSION   0x00000001
>> +
>> +#define IMAGE_ID                            SIGNATURE_64('O', 'V', 'R', 'D', 'R', 'I', 'V', 'E')
>> +#define IMAGE_ID_STRING                     L"AMD Seattle Overdrive UEFI"
>> +
>> +// PcdSystemFmpCapsuleImageTypeIdGuid
>> +#define IMAGE_TYPE_ID_GUID                  { 0xd34b3d29, 0x0085, 0x4ab3, { 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89 } }
>> +
>> +typedef struct {
>> +  EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR  Descriptor;
>> +  // real string data
>> +  CHAR16                                  ImageIdNameStr[sizeof(IMAGE_ID_STRING)/sizeof(CHAR16)];
>> +  CHAR16                                  VersionNameStr[sizeof(CURRENT_FIRMWARE_VERSION_STRING)/sizeof(CHAR16)];
>> +  CHAR16                                  PackageVersionNameStr[sizeof(PACKAGE_VERSION_STRING)/sizeof(CHAR16)];
>> +} IMAGE_DESCRIPTOR;
>> +
>> +STATIC IMAGE_DESCRIPTOR mImageDescriptor =
>> +{
>> +  {
>> +    EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE,
>> +    sizeof(EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR),
>> +    sizeof(IMAGE_DESCRIPTOR),
>> +    PACKAGE_VERSION,                                       // PackageVersion
>> +    OFFSET_OF (IMAGE_DESCRIPTOR, PackageVersionNameStr),   // PackageVersionName
>> +    1,                                                     // ImageIndex;
>> +    {0x0},                                                 // Reserved
>> +    IMAGE_TYPE_ID_GUID,                                    // ImageTypeId;
>> +    IMAGE_ID,                                              // ImageId;
>> +    OFFSET_OF (IMAGE_DESCRIPTOR, ImageIdNameStr),          // ImageIdName;
>> +    CURRENT_FIRMWARE_VERSION,                              // Version;
>> +    OFFSET_OF (IMAGE_DESCRIPTOR, VersionNameStr),          // VersionName;
>> +    {0x0},                                                 // Reserved2
>> +    FixedPcdGet32(PcdFdSize),                              // Size;
>> +    IMAGE_ATTRIBUTE_IMAGE_UPDATABLE |
>> +      IMAGE_ATTRIBUTE_RESET_REQUIRED |
>> +      IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED |
>> +      IMAGE_ATTRIBUTE_IN_USE,                              // AttributesSupported;
>> +    IMAGE_ATTRIBUTE_IMAGE_UPDATABLE |
>> +      IMAGE_ATTRIBUTE_RESET_REQUIRED |
>> +      IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED |
>> +      IMAGE_ATTRIBUTE_IN_USE,                              // AttributesSetting;
>> +    0x0,                                                   // Compatibilities;
>> +    LOWEST_SUPPORTED_FIRMWARE_VERSION,                     // LowestSupportedImageVersion;
>> +    0x00000000,                                            // LastAttemptVersion;
>> +    0,                                                     // LastAttemptStatus;
>> +    {0x0},                                                 // Reserved3
>> +    0,                                                     // HardwareInstance;
>> +  },
>> +  // real string data
>> +  IMAGE_ID_STRING,
>> +  CURRENT_FIRMWARE_VERSION_STRING,
>> +  PACKAGE_VERSION_STRING,
>> +};
>> +
>> +VOID* CONST ReferenceAcpiTable = &mImageDescriptor;
>> diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
>> new file mode 100644
>> index 000000000000..9d47d3b2923a
>> --- /dev/null
>> +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
>> @@ -0,0 +1,46 @@
>> +## @file
>> +#  System Firmware descriptor.
>> +#
>> +#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
>> +#  This program and the accompanying materials
>> +#  are licensed and made available under the terms and conditions of the BSD License
>> +#  which accompanies this distribution.  The full text of the license may be found at
>> +#  http://opensource.org/licenses/bsd-license.php
>> +#
>> +#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
>> +#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>> +#
>> +##
>> +
>> +[Defines]
>> +  INF_VERSION                    = 0x0001001A
>> +  BASE_NAME                      = SystemFirmwareDescriptor
>> +  FILE_GUID                      = 90B2B846-CA6D-4D6E-A8D3-C140A8E110AC
>> +  MODULE_TYPE                    = PEIM
>> +  VERSION_STRING                 = 1.0
>> +  ENTRY_POINT                    = SystemFirmwareDescriptorPeimEntry
>> +
>> +[Sources]
>> +  SystemFirmwareDescriptorPei.c
>> +  SystemFirmwareDescriptor.aslc
>> +
>> +[Packages]
>> +  ArmPkg/ArmPkg.dec
>> +  MdePkg/MdePkg.dec
>> +  MdeModulePkg/MdeModulePkg.dec
>> +  SignedCapsulePkg/SignedCapsulePkg.dec
>> +
>> +[LibraryClasses]
>> +  PcdLib
>> +  PeiServicesLib
>> +  DebugLib
>> +  PeimEntryPoint
>
> Sort alphabetically in this file, please.
>
>> +
>> +[FixedPcd]
>> +  gArmTokenSpaceGuid.PcdFdSize
>> +
>> +[Pcd]
>> +  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor
>> +
>> +[Depex]
>> +  TRUE
>> diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c
>> new file mode 100644
>> index 000000000000..8d40956726ab
>> --- /dev/null
>> +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c
>> @@ -0,0 +1,68 @@
>> +/** @file
>> +  System Firmware descriptor producer.
>> +
>> +  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
>> +  This program and the accompanying materials
>> +  are licensed and made available under the terms and conditions of the BSD License
>> +  which accompanies this distribution.  The full text of the license may be found at
>> +  http://opensource.org/licenses/bsd-license.php
>> +
>> +  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
>> +  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>> +
>> +**/
>> +
>> +#include <PiPei.h>
>> +#include <Library/PcdLib.h>
>> +#include <Library/PeiServicesLib.h>
>> +#include <Library/DebugLib.h>
>
> Sort please.
>
> No further comments.
> If you fold that in, for the series:
> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
>
> Certainly, 1/5 can be pushed separately.
>

Thanks. Pushed as

a3877da646af Platform/AMD/Overdrive: remove StatusCodeLib references
4b75f2a85e1b Silicon/AMD/Styx: update SMMU id to MMU-401
dae45a713641 Silicon/Amd/Styx: fix flasher support
7cb9786ee99b Silicon/AMD/Styx: add PlatformFlashAccessLib implementation
a54cdba5b641 Platforms/AMD/Overdrive: add signed capsule update support
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel