Wire up the various modules and boilerplate configuration snippets
to implement signed capsule update for AMD Overdrive. Note that this
uses the insecure default key.
The secure firmware on this SoC does not implement warm reboot, so we
cannot support capsules that persist across reset. Instead, the capsule
may be installed using CapsuleApp (from MdeModulePkg), from the UEFI
Shell prompt.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
Platform/AMD/OverdriveBoard/OverdriveBoard.dsc | 27 ++++++-
Platform/AMD/OverdriveBoard/OverdriveBoard.fdf | 83 ++++++++++++++++++++
Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc | 80 +++++++++++++++++++
Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf | 46 +++++++++++
Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c | 68 ++++++++++++++++
Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini | 25 ++++++
6 files changed, 328 insertions(+), 1 deletion(-)
diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
index daa773172029..a15f96d2fba9 100644
--- a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
+++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc
@@ -123,7 +123,15 @@ DEFINE DO_FLASHER = FALSE
ResetSystemLib|ArmPkg/Library/ArmSmcPsciResetSystemLib/ArmSmcPsciResetSystemLib.inf
RealTimeClockLib|Silicon/AMD/Styx/Library/RealTimeClockLib/RealTimeClockLib.inf
- CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
+ CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
+ FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
+ IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf
+ PlatformFlashAccessLib|Silicon/AMD/Styx/Library/StyxPlatformFlashAccessLib/StyxPlatformFlashAccessLib.inf
+
UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
@@ -499,6 +507,15 @@ DEFINE DO_FLASHER = FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x0
+[PcdsDynamicExDefault.common.DEFAULT]
+ gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100
+
+ # 642e4fcf-2df7-4415-8b70-a03909c57b55
+ gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0xcf, 0x4f, 0x2e, 0x64, 0xf7, 0x2d, 0x15, 0x44, 0x8b, 0x70, 0xa0, 0x39, 0x09, 0xc5, 0x7b, 0x55}
+
+ # d34b3d29-0085-4ab3-8be8-84188cc50489
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x29, 0x3d, 0x4b, 0xd3, 0x85, 0x0, 0xb3, 0x4a, 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89}
+
[PcdsDynamicHii]
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5
@@ -745,3 +762,11 @@ DEFINE DO_FLASHER = FALSE
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
}
!endif
+
+ #
+ # Firmware update
+ #
+ MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
+ SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf
+ SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf
+ Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
index 23e57befcdd9..18f74b3c46fe 100644
--- a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
+++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf
@@ -249,6 +249,12 @@ READ_LOCK_STATUS = TRUE
#
INF Silicon/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf
+ #
+ # Firmware update
+ #
+ INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
+ INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf
+
[FV.STYX_EFI]
FvAlignment = 16
ERASE_POLARITY = 1
@@ -277,6 +283,8 @@ READ_LOCK_STATUS = TRUE
INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+ INF RuleOverride = FMP_IMAGE_DESC Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
+
FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE {
@@ -284,6 +292,73 @@ READ_LOCK_STATUS = TRUE
}
}
+[FV.CapsuleDispatchFv]
+FvAlignment = 16
+ERASE_POLARITY = 1
+MEMORY_MAPPED = TRUE
+STICKY_WRITE = TRUE
+LOCK_CAP = TRUE
+LOCK_STATUS = TRUE
+WRITE_DISABLED_CAP = TRUE
+WRITE_ENABLED_CAP = TRUE
+WRITE_STATUS = TRUE
+WRITE_LOCK_CAP = TRUE
+WRITE_LOCK_STATUS = TRUE
+READ_DISABLED_CAP = TRUE
+READ_ENABLED_CAP = TRUE
+READ_STATUS = TRUE
+READ_LOCK_CAP = TRUE
+READ_LOCK_STATUS = TRUE
+
+ INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf
+
+[FV.SystemFirmwareUpdateCargo]
+FvAlignment = 16
+ERASE_POLARITY = 1
+MEMORY_MAPPED = TRUE
+STICKY_WRITE = TRUE
+LOCK_CAP = TRUE
+LOCK_STATUS = TRUE
+WRITE_DISABLED_CAP = TRUE
+WRITE_ENABLED_CAP = TRUE
+WRITE_STATUS = TRUE
+WRITE_LOCK_CAP = TRUE
+WRITE_LOCK_STATUS = TRUE
+READ_DISABLED_CAP = TRUE
+READ_ENABLED_CAP = TRUE
+READ_STATUS = TRUE
+READ_LOCK_CAP = TRUE
+READ_LOCK_STATUS = TRUE
+
+ FILE RAW = 642e4fcf-2df7-4415-8b70-a03909c57b55 { # PcdEdkiiSystemFirmwareFileGuid
+ FV = STYX_EFI
+ }
+
+ FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # gEdkiiSystemFmpCapsuleDriverFvFileGuid
+ FV = CapsuleDispatchFv
+ }
+
+ FILE RAW = 812136D3-4D3A-433A-9418-29BB9BF78F6E { # gEdkiiSystemFmpCapsuleConfigFileGuid
+ Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini
+ }
+
+[FmpPayload.FmpPayloadSystemFirmwarePkcs7]
+IMAGE_HEADER_INIT_VERSION = 0x02
+IMAGE_TYPE_ID = d34b3d29-0085-4ab3-8be8-84188cc50489 # PcdSystemFmpCapsuleImageTypeIdGuid
+IMAGE_INDEX = 0x1
+HARDWARE_INSTANCE = 0x0
+MONOTONIC_COUNT = 0x1
+CERTIFICATE_GUID = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 # PKCS7
+
+ FV = SystemFirmwareUpdateCargo
+
+[Capsule.StyxFirmwareUpdateCapsuleFmpPkcs7]
+CAPSULE_GUID = 6dcbd5ed-e82d-4c44-bda1-7194199ad92a # gEfiFmpCapsuleGuid
+CAPSULE_HEADER_SIZE = 0x20
+CAPSULE_HEADER_INIT_VERSION = 0x1
+
+ FMP_PAYLOAD = FmpPayloadSystemFirmwarePkcs7
+
################################################################################
#
@@ -413,3 +488,11 @@ READ_LOCK_STATUS = TRUE
RAW ASL |.aml
}
+[Rule.Common.PEIM.FMP_IMAGE_DESC]
+ FILE PEIM = $(NAMED_GUID) {
+ RAW BIN |.acpi
+ PEI_DEPEX PEI_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
+ PE32 PE32 Align=4K $(INF_OUTPUT)/$(MODULE_NAME).efi
+ UI STRING="$(MODULE_NAME)" Optional
+ VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
+ }
diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc
new file mode 100644
index 000000000000..8737c02fa006
--- /dev/null
+++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc
@@ -0,0 +1,80 @@
+/** @file
+ System Firmware descriptor.
+
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2017, Linaro, Ltd. All rights reserved.<BR>
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiPei.h>
+#include <Protocol/FirmwareManagement.h>
+#include <Guid/EdkiiSystemFmpCapsule.h>
+
+#define PACKAGE_VERSION 0xFFFFFFFF
+#define PACKAGE_VERSION_STRING L"Unknown"
+
+#define CURRENT_FIRMWARE_VERSION 0x00000001
+#define CURRENT_FIRMWARE_VERSION_STRING L"0x00000001"
+#define LOWEST_SUPPORTED_FIRMWARE_VERSION 0x00000001
+
+#define IMAGE_ID SIGNATURE_64('O', 'V', 'R', 'D', 'R', 'I', 'V', 'E')
+#define IMAGE_ID_STRING L"AMD Seattle Overdrive UEFI"
+
+// PcdSystemFmpCapsuleImageTypeIdGuid
+#define IMAGE_TYPE_ID_GUID { 0xd34b3d29, 0x0085, 0x4ab3, { 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89 } }
+
+typedef struct {
+ EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR Descriptor;
+ // real string data
+ CHAR16 ImageIdNameStr[sizeof(IMAGE_ID_STRING)/sizeof(CHAR16)];
+ CHAR16 VersionNameStr[sizeof(CURRENT_FIRMWARE_VERSION_STRING)/sizeof(CHAR16)];
+ CHAR16 PackageVersionNameStr[sizeof(PACKAGE_VERSION_STRING)/sizeof(CHAR16)];
+} IMAGE_DESCRIPTOR;
+
+STATIC IMAGE_DESCRIPTOR mImageDescriptor =
+{
+ {
+ EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE,
+ sizeof(EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR),
+ sizeof(IMAGE_DESCRIPTOR),
+ PACKAGE_VERSION, // PackageVersion
+ OFFSET_OF (IMAGE_DESCRIPTOR, PackageVersionNameStr), // PackageVersionName
+ 1, // ImageIndex;
+ {0x0}, // Reserved
+ IMAGE_TYPE_ID_GUID, // ImageTypeId;
+ IMAGE_ID, // ImageId;
+ OFFSET_OF (IMAGE_DESCRIPTOR, ImageIdNameStr), // ImageIdName;
+ CURRENT_FIRMWARE_VERSION, // Version;
+ OFFSET_OF (IMAGE_DESCRIPTOR, VersionNameStr), // VersionName;
+ {0x0}, // Reserved2
+ FixedPcdGet32(PcdFdSize), // Size;
+ IMAGE_ATTRIBUTE_IMAGE_UPDATABLE |
+ IMAGE_ATTRIBUTE_RESET_REQUIRED |
+ IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED |
+ IMAGE_ATTRIBUTE_IN_USE, // AttributesSupported;
+ IMAGE_ATTRIBUTE_IMAGE_UPDATABLE |
+ IMAGE_ATTRIBUTE_RESET_REQUIRED |
+ IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED |
+ IMAGE_ATTRIBUTE_IN_USE, // AttributesSetting;
+ 0x0, // Compatibilities;
+ LOWEST_SUPPORTED_FIRMWARE_VERSION, // LowestSupportedImageVersion;
+ 0x00000000, // LastAttemptVersion;
+ 0, // LastAttemptStatus;
+ {0x0}, // Reserved3
+ 0, // HardwareInstance;
+ },
+ // real string data
+ IMAGE_ID_STRING,
+ CURRENT_FIRMWARE_VERSION_STRING,
+ PACKAGE_VERSION_STRING,
+};
+
+VOID* CONST ReferenceAcpiTable = &mImageDescriptor;
diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
new file mode 100644
index 000000000000..9d47d3b2923a
--- /dev/null
+++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf
@@ -0,0 +1,46 @@
+## @file
+# System Firmware descriptor.
+#
+# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x0001001A
+ BASE_NAME = SystemFirmwareDescriptor
+ FILE_GUID = 90B2B846-CA6D-4D6E-A8D3-C140A8E110AC
+ MODULE_TYPE = PEIM
+ VERSION_STRING = 1.0
+ ENTRY_POINT = SystemFirmwareDescriptorPeimEntry
+
+[Sources]
+ SystemFirmwareDescriptorPei.c
+ SystemFirmwareDescriptor.aslc
+
+[Packages]
+ ArmPkg/ArmPkg.dec
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SignedCapsulePkg/SignedCapsulePkg.dec
+
+[LibraryClasses]
+ PcdLib
+ PeiServicesLib
+ DebugLib
+ PeimEntryPoint
+
+[FixedPcd]
+ gArmTokenSpaceGuid.PcdFdSize
+
+[Pcd]
+ gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor
+
+[Depex]
+ TRUE
diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c
new file mode 100644
index 000000000000..8d40956726ab
--- /dev/null
+++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c
@@ -0,0 +1,68 @@
+/** @file
+ System Firmware descriptor producer.
+
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiPei.h>
+#include <Library/PcdLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/DebugLib.h>
+#include <Protocol/FirmwareManagement.h>
+#include <Guid/EdkiiSystemFmpCapsule.h>
+
+/**
+ Entrypoint for SystemFirmwareDescriptor PEIM.
+
+ @param[in] FileHandle Handle of the file being invoked.
+ @param[in] PeiServices Describes the list of possible PEI Services.
+
+ @retval EFI_SUCCESS PPI successfully installed.
+**/
+EFI_STATUS
+EFIAPI
+SystemFirmwareDescriptorPeimEntry (
+ IN EFI_PEI_FILE_HANDLE FileHandle,
+ IN CONST EFI_PEI_SERVICES **PeiServices
+ )
+{
+ EFI_STATUS Status;
+ EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *Descriptor;
+ UINTN Size;
+ UINTN Index;
+ UINT32 AuthenticationStatus;
+
+ //
+ // Search RAW section.
+ //
+ Index = 0;
+ while (TRUE) {
+ Status = PeiServicesFfsFindSectionData3(EFI_SECTION_RAW, Index, FileHandle,
+ (VOID **)&Descriptor, &AuthenticationStatus);
+ if (EFI_ERROR(Status)) {
+ // Should not happen, must something wrong in FDF.
+ ASSERT(FALSE);
+ return EFI_NOT_FOUND;
+ }
+ if (Descriptor->Signature == EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE) {
+ break;
+ }
+ Index++;
+ }
+
+ DEBUG((DEBUG_INFO, "EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR size - 0x%x\n",
+ Descriptor->Length));
+
+ Size = Descriptor->Length;
+ PcdSetPtrS (PcdEdkiiSystemFirmwareImageDescriptor, &Size, Descriptor);
+
+ return EFI_SUCCESS;
+}
diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini b/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini
new file mode 100644
index 000000000000..c89e95f60fba
--- /dev/null
+++ b/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini
@@ -0,0 +1,25 @@
+## @file
+#
+# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Head]
+NumOfUpdate = 1
+NumOfRecovery = 0
+Update0 = StyxFvMain
+
+[StyxFvMain]
+FirmwareType = 0 # SystemFirmware
+AddressType = 0 # 0 - relative address, 1 - absolute address.
+BaseAddress = 0x00200000 # Base address offset on flash
+Length = 0x00260000 # Length
+ImageOffset = 0x00000000 # Image offset of this SystemFirmware image
+FileGuid = 642e4fcf-2df7-4415-8b70-a03909c57b55 # PcdEdkiiSystemFirmwareFileGuid
--
2.11.0
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
On Sun, Oct 15, 2017 at 10:54:53AM +0100, Ard Biesheuvel wrote: > Wire up the various modules and boilerplate configuration snippets > to implement signed capsule update for AMD Overdrive. Note that this > uses the insecure default key. > > The secure firmware on this SoC does not implement warm reboot, so we > cannot support capsules that persist across reset. Instead, the capsule > may be installed using CapsuleApp (from MdeModulePkg), from the UEFI > Shell prompt. > > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> > --- > Platform/AMD/OverdriveBoard/OverdriveBoard.dsc | 27 ++++++- > Platform/AMD/OverdriveBoard/OverdriveBoard.fdf | 83 ++++++++++++++++++++ > Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc | 80 +++++++++++++++++++ > Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf | 46 +++++++++++ > Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c | 68 ++++++++++++++++ > Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini | 25 ++++++ > 6 files changed, 328 insertions(+), 1 deletion(-) > > diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc > index daa773172029..a15f96d2fba9 100644 > --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc > +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc > @@ -123,7 +123,15 @@ DEFINE DO_FLASHER = FALSE > ResetSystemLib|ArmPkg/Library/ArmSmcPsciResetSystemLib/ArmSmcPsciResetSystemLib.inf > RealTimeClockLib|Silicon/AMD/Styx/Library/RealTimeClockLib/RealTimeClockLib.inf > > - CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf > + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > + EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf > + FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf > + IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf > + PlatformFlashAccessLib|Silicon/AMD/Styx/Library/StyxPlatformFlashAccessLib/StyxPlatformFlashAccessLib.inf > + > UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf > PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf > BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf > @@ -499,6 +507,15 @@ DEFINE DO_FLASHER = FALSE > gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x0 > gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x0 > > +[PcdsDynamicExDefault.common.DEFAULT] > + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100 > + > + # 642e4fcf-2df7-4415-8b70-a03909c57b55 > + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0xcf, 0x4f, 0x2e, 0x64, 0xf7, 0x2d, 0x15, 0x44, 0x8b, 0x70, 0xa0, 0x39, 0x09, 0xc5, 0x7b, 0x55} > + > + # d34b3d29-0085-4ab3-8be8-84188cc50489 > + gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x29, 0x3d, 0x4b, 0xd3, 0x85, 0x0, 0xb3, 0x4a, 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89} > + > [PcdsDynamicHii] > gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5 > > @@ -745,3 +762,11 @@ DEFINE DO_FLASHER = FALSE > ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf > } > !endif > + > + # > + # Firmware update > + # > + MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf > + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf > + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf > + Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf > diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf > index 23e57befcdd9..18f74b3c46fe 100644 > --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf > +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf > @@ -249,6 +249,12 @@ READ_LOCK_STATUS = TRUE > # > INF Silicon/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf > > + # > + # Firmware update > + # > + INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf > + INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf > + > [FV.STYX_EFI] > FvAlignment = 16 > ERASE_POLARITY = 1 > @@ -277,6 +283,8 @@ READ_LOCK_STATUS = TRUE > INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf > INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf > INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > + INF RuleOverride = FMP_IMAGE_DESC Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf > + > > FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { > SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE { > @@ -284,6 +292,73 @@ READ_LOCK_STATUS = TRUE > } > } > > +[FV.CapsuleDispatchFv] > +FvAlignment = 16 > +ERASE_POLARITY = 1 > +MEMORY_MAPPED = TRUE > +STICKY_WRITE = TRUE > +LOCK_CAP = TRUE > +LOCK_STATUS = TRUE > +WRITE_DISABLED_CAP = TRUE > +WRITE_ENABLED_CAP = TRUE > +WRITE_STATUS = TRUE > +WRITE_LOCK_CAP = TRUE > +WRITE_LOCK_STATUS = TRUE > +READ_DISABLED_CAP = TRUE > +READ_ENABLED_CAP = TRUE > +READ_STATUS = TRUE > +READ_LOCK_CAP = TRUE > +READ_LOCK_STATUS = TRUE > + > + INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf > + > +[FV.SystemFirmwareUpdateCargo] > +FvAlignment = 16 > +ERASE_POLARITY = 1 > +MEMORY_MAPPED = TRUE > +STICKY_WRITE = TRUE > +LOCK_CAP = TRUE > +LOCK_STATUS = TRUE > +WRITE_DISABLED_CAP = TRUE > +WRITE_ENABLED_CAP = TRUE > +WRITE_STATUS = TRUE > +WRITE_LOCK_CAP = TRUE > +WRITE_LOCK_STATUS = TRUE > +READ_DISABLED_CAP = TRUE > +READ_ENABLED_CAP = TRUE > +READ_STATUS = TRUE > +READ_LOCK_CAP = TRUE > +READ_LOCK_STATUS = TRUE > + > + FILE RAW = 642e4fcf-2df7-4415-8b70-a03909c57b55 { # PcdEdkiiSystemFirmwareFileGuid > + FV = STYX_EFI > + } > + > + FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # gEdkiiSystemFmpCapsuleDriverFvFileGuid > + FV = CapsuleDispatchFv > + } > + > + FILE RAW = 812136D3-4D3A-433A-9418-29BB9BF78F6E { # gEdkiiSystemFmpCapsuleConfigFileGuid > + Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini > + } > + > +[FmpPayload.FmpPayloadSystemFirmwarePkcs7] > +IMAGE_HEADER_INIT_VERSION = 0x02 > +IMAGE_TYPE_ID = d34b3d29-0085-4ab3-8be8-84188cc50489 # PcdSystemFmpCapsuleImageTypeIdGuid > +IMAGE_INDEX = 0x1 > +HARDWARE_INSTANCE = 0x0 > +MONOTONIC_COUNT = 0x1 > +CERTIFICATE_GUID = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 # PKCS7 > + > + FV = SystemFirmwareUpdateCargo > + > +[Capsule.StyxFirmwareUpdateCapsuleFmpPkcs7] > +CAPSULE_GUID = 6dcbd5ed-e82d-4c44-bda1-7194199ad92a # gEfiFmpCapsuleGuid > +CAPSULE_HEADER_SIZE = 0x20 > +CAPSULE_HEADER_INIT_VERSION = 0x1 > + > + FMP_PAYLOAD = FmpPayloadSystemFirmwarePkcs7 > + > > ################################################################################ > # > @@ -413,3 +488,11 @@ READ_LOCK_STATUS = TRUE > RAW ASL |.aml > } > > +[Rule.Common.PEIM.FMP_IMAGE_DESC] > + FILE PEIM = $(NAMED_GUID) { > + RAW BIN |.acpi > + PEI_DEPEX PEI_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex > + PE32 PE32 Align=4K $(INF_OUTPUT)/$(MODULE_NAME).efi > + UI STRING="$(MODULE_NAME)" Optional > + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) > + } > diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc > new file mode 100644 > index 000000000000..8737c02fa006 > --- /dev/null > +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc > @@ -0,0 +1,80 @@ > +/** @file > + System Firmware descriptor. > + > + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> > + Copyright (c) 2017, Linaro, Ltd. All rights reserved.<BR> > + > + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the BSD License > + which accompanies this distribution. The full text of the license may be found at > + http://opensource.org/licenses/bsd-license.php > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > + > +**/ > + > +#include <PiPei.h> > +#include <Protocol/FirmwareManagement.h> > +#include <Guid/EdkiiSystemFmpCapsule.h> > + > +#define PACKAGE_VERSION 0xFFFFFFFF > +#define PACKAGE_VERSION_STRING L"Unknown" > + > +#define CURRENT_FIRMWARE_VERSION 0x00000001 > +#define CURRENT_FIRMWARE_VERSION_STRING L"0x00000001" > +#define LOWEST_SUPPORTED_FIRMWARE_VERSION 0x00000001 > + > +#define IMAGE_ID SIGNATURE_64('O', 'V', 'R', 'D', 'R', 'I', 'V', 'E') > +#define IMAGE_ID_STRING L"AMD Seattle Overdrive UEFI" > + > +// PcdSystemFmpCapsuleImageTypeIdGuid > +#define IMAGE_TYPE_ID_GUID { 0xd34b3d29, 0x0085, 0x4ab3, { 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89 } } > + > +typedef struct { > + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR Descriptor; > + // real string data > + CHAR16 ImageIdNameStr[sizeof(IMAGE_ID_STRING)/sizeof(CHAR16)]; > + CHAR16 VersionNameStr[sizeof(CURRENT_FIRMWARE_VERSION_STRING)/sizeof(CHAR16)]; > + CHAR16 PackageVersionNameStr[sizeof(PACKAGE_VERSION_STRING)/sizeof(CHAR16)]; > +} IMAGE_DESCRIPTOR; > + > +STATIC IMAGE_DESCRIPTOR mImageDescriptor = > +{ > + { > + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE, > + sizeof(EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR), > + sizeof(IMAGE_DESCRIPTOR), > + PACKAGE_VERSION, // PackageVersion > + OFFSET_OF (IMAGE_DESCRIPTOR, PackageVersionNameStr), // PackageVersionName > + 1, // ImageIndex; > + {0x0}, // Reserved > + IMAGE_TYPE_ID_GUID, // ImageTypeId; > + IMAGE_ID, // ImageId; > + OFFSET_OF (IMAGE_DESCRIPTOR, ImageIdNameStr), // ImageIdName; > + CURRENT_FIRMWARE_VERSION, // Version; > + OFFSET_OF (IMAGE_DESCRIPTOR, VersionNameStr), // VersionName; > + {0x0}, // Reserved2 > + FixedPcdGet32(PcdFdSize), // Size; > + IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | > + IMAGE_ATTRIBUTE_RESET_REQUIRED | > + IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | > + IMAGE_ATTRIBUTE_IN_USE, // AttributesSupported; > + IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | > + IMAGE_ATTRIBUTE_RESET_REQUIRED | > + IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | > + IMAGE_ATTRIBUTE_IN_USE, // AttributesSetting; > + 0x0, // Compatibilities; > + LOWEST_SUPPORTED_FIRMWARE_VERSION, // LowestSupportedImageVersion; > + 0x00000000, // LastAttemptVersion; > + 0, // LastAttemptStatus; > + {0x0}, // Reserved3 > + 0, // HardwareInstance; > + }, > + // real string data > + IMAGE_ID_STRING, > + CURRENT_FIRMWARE_VERSION_STRING, > + PACKAGE_VERSION_STRING, > +}; > + > +VOID* CONST ReferenceAcpiTable = &mImageDescriptor; > diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf > new file mode 100644 > index 000000000000..9d47d3b2923a > --- /dev/null > +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf > @@ -0,0 +1,46 @@ > +## @file > +# System Firmware descriptor. > +# > +# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> > +# This program and the accompanying materials > +# are licensed and made available under the terms and conditions of the BSD License > +# which accompanies this distribution. The full text of the license may be found at > +# http://opensource.org/licenses/bsd-license.php > +# > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > +# > +## > + > +[Defines] > + INF_VERSION = 0x0001001A > + BASE_NAME = SystemFirmwareDescriptor > + FILE_GUID = 90B2B846-CA6D-4D6E-A8D3-C140A8E110AC > + MODULE_TYPE = PEIM > + VERSION_STRING = 1.0 > + ENTRY_POINT = SystemFirmwareDescriptorPeimEntry > + > +[Sources] > + SystemFirmwareDescriptorPei.c > + SystemFirmwareDescriptor.aslc > + > +[Packages] > + ArmPkg/ArmPkg.dec > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + SignedCapsulePkg/SignedCapsulePkg.dec > + > +[LibraryClasses] > + PcdLib > + PeiServicesLib > + DebugLib > + PeimEntryPoint Sort alphabetically in this file, please. > + > +[FixedPcd] > + gArmTokenSpaceGuid.PcdFdSize > + > +[Pcd] > + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor > + > +[Depex] > + TRUE > diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c > new file mode 100644 > index 000000000000..8d40956726ab > --- /dev/null > +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c > @@ -0,0 +1,68 @@ > +/** @file > + System Firmware descriptor producer. > + > + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> > + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the BSD License > + which accompanies this distribution. The full text of the license may be found at > + http://opensource.org/licenses/bsd-license.php > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > + > +**/ > + > +#include <PiPei.h> > +#include <Library/PcdLib.h> > +#include <Library/PeiServicesLib.h> > +#include <Library/DebugLib.h> Sort please. No further comments. If you fold that in, for the series: Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> Certainly, 1/5 can be pushed separately. / Leif > +#include <Protocol/FirmwareManagement.h> > +#include <Guid/EdkiiSystemFmpCapsule.h> > + > +/** > + Entrypoint for SystemFirmwareDescriptor PEIM. > + > + @param[in] FileHandle Handle of the file being invoked. > + @param[in] PeiServices Describes the list of possible PEI Services. > + > + @retval EFI_SUCCESS PPI successfully installed. > +**/ > +EFI_STATUS > +EFIAPI > +SystemFirmwareDescriptorPeimEntry ( > + IN EFI_PEI_FILE_HANDLE FileHandle, > + IN CONST EFI_PEI_SERVICES **PeiServices > + ) > +{ > + EFI_STATUS Status; > + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *Descriptor; > + UINTN Size; > + UINTN Index; > + UINT32 AuthenticationStatus; > + > + // > + // Search RAW section. > + // > + Index = 0; > + while (TRUE) { > + Status = PeiServicesFfsFindSectionData3(EFI_SECTION_RAW, Index, FileHandle, > + (VOID **)&Descriptor, &AuthenticationStatus); > + if (EFI_ERROR(Status)) { > + // Should not happen, must something wrong in FDF. > + ASSERT(FALSE); > + return EFI_NOT_FOUND; > + } > + if (Descriptor->Signature == EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE) { > + break; > + } > + Index++; > + } > + > + DEBUG((DEBUG_INFO, "EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR size - 0x%x\n", > + Descriptor->Length)); > + > + Size = Descriptor->Length; > + PcdSetPtrS (PcdEdkiiSystemFirmwareImageDescriptor, &Size, Descriptor); > + > + return EFI_SUCCESS; > +} > diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini b/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini > new file mode 100644 > index 000000000000..c89e95f60fba > --- /dev/null > +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini > @@ -0,0 +1,25 @@ > +## @file > +# > +# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> > +# This program and the accompanying materials > +# are licensed and made available under the terms and conditions of the BSD License > +# which accompanies this distribution. The full text of the license may be found at > +# http://opensource.org/licenses/bsd-license.php > +# > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > +# > +## > + > +[Head] > +NumOfUpdate = 1 > +NumOfRecovery = 0 > +Update0 = StyxFvMain > + > +[StyxFvMain] > +FirmwareType = 0 # SystemFirmware > +AddressType = 0 # 0 - relative address, 1 - absolute address. > +BaseAddress = 0x00200000 # Base address offset on flash > +Length = 0x00260000 # Length > +ImageOffset = 0x00000000 # Image offset of this SystemFirmware image > +FileGuid = 642e4fcf-2df7-4415-8b70-a03909c57b55 # PcdEdkiiSystemFirmwareFileGuid > -- > 2.11.0 > _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
On 15 October 2017 at 20:10, Leif Lindholm <leif.lindholm@linaro.org> wrote: > On Sun, Oct 15, 2017 at 10:54:53AM +0100, Ard Biesheuvel wrote: >> Wire up the various modules and boilerplate configuration snippets >> to implement signed capsule update for AMD Overdrive. Note that this >> uses the insecure default key. >> >> The secure firmware on this SoC does not implement warm reboot, so we >> cannot support capsules that persist across reset. Instead, the capsule >> may be installed using CapsuleApp (from MdeModulePkg), from the UEFI >> Shell prompt. >> >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> >> --- >> Platform/AMD/OverdriveBoard/OverdriveBoard.dsc | 27 ++++++- >> Platform/AMD/OverdriveBoard/OverdriveBoard.fdf | 83 ++++++++++++++++++++ >> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc | 80 +++++++++++++++++++ >> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf | 46 +++++++++++ >> Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c | 68 ++++++++++++++++ >> Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini | 25 ++++++ >> 6 files changed, 328 insertions(+), 1 deletion(-) >> >> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc >> index daa773172029..a15f96d2fba9 100644 >> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc >> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.dsc >> @@ -123,7 +123,15 @@ DEFINE DO_FLASHER = FALSE >> ResetSystemLib|ArmPkg/Library/ArmSmcPsciResetSystemLib/ArmSmcPsciResetSystemLib.inf >> RealTimeClockLib|Silicon/AMD/Styx/Library/RealTimeClockLib/RealTimeClockLib.inf >> >> - CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf >> + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf >> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf >> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf >> + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf >> + EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf >> + FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf >> + IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf >> + PlatformFlashAccessLib|Silicon/AMD/Styx/Library/StyxPlatformFlashAccessLib/StyxPlatformFlashAccessLib.inf >> + >> UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf >> PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf >> BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf >> @@ -499,6 +507,15 @@ DEFINE DO_FLASHER = FALSE >> gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x0 >> gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x0 >> >> +[PcdsDynamicExDefault.common.DEFAULT] >> + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100 >> + >> + # 642e4fcf-2df7-4415-8b70-a03909c57b55 >> + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0xcf, 0x4f, 0x2e, 0x64, 0xf7, 0x2d, 0x15, 0x44, 0x8b, 0x70, 0xa0, 0x39, 0x09, 0xc5, 0x7b, 0x55} >> + >> + # d34b3d29-0085-4ab3-8be8-84188cc50489 >> + gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x29, 0x3d, 0x4b, 0xd3, 0x85, 0x0, 0xb3, 0x4a, 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89} >> + >> [PcdsDynamicHii] >> gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5 >> >> @@ -745,3 +762,11 @@ DEFINE DO_FLASHER = FALSE >> ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf >> } >> !endif >> + >> + # >> + # Firmware update >> + # >> + MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf >> + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf >> + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf >> + Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf >> diff --git a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf >> index 23e57befcdd9..18f74b3c46fe 100644 >> --- a/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf >> +++ b/Platform/AMD/OverdriveBoard/OverdriveBoard.fdf >> @@ -249,6 +249,12 @@ READ_LOCK_STATUS = TRUE >> # >> INF Silicon/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf >> >> + # >> + # Firmware update >> + # >> + INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf >> + INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf >> + >> [FV.STYX_EFI] >> FvAlignment = 16 >> ERASE_POLARITY = 1 >> @@ -277,6 +283,8 @@ READ_LOCK_STATUS = TRUE >> INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf >> INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf >> INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf >> + INF RuleOverride = FMP_IMAGE_DESC Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf >> + >> >> FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { >> SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE { >> @@ -284,6 +292,73 @@ READ_LOCK_STATUS = TRUE >> } >> } >> >> +[FV.CapsuleDispatchFv] >> +FvAlignment = 16 >> +ERASE_POLARITY = 1 >> +MEMORY_MAPPED = TRUE >> +STICKY_WRITE = TRUE >> +LOCK_CAP = TRUE >> +LOCK_STATUS = TRUE >> +WRITE_DISABLED_CAP = TRUE >> +WRITE_ENABLED_CAP = TRUE >> +WRITE_STATUS = TRUE >> +WRITE_LOCK_CAP = TRUE >> +WRITE_LOCK_STATUS = TRUE >> +READ_DISABLED_CAP = TRUE >> +READ_ENABLED_CAP = TRUE >> +READ_STATUS = TRUE >> +READ_LOCK_CAP = TRUE >> +READ_LOCK_STATUS = TRUE >> + >> + INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf >> + >> +[FV.SystemFirmwareUpdateCargo] >> +FvAlignment = 16 >> +ERASE_POLARITY = 1 >> +MEMORY_MAPPED = TRUE >> +STICKY_WRITE = TRUE >> +LOCK_CAP = TRUE >> +LOCK_STATUS = TRUE >> +WRITE_DISABLED_CAP = TRUE >> +WRITE_ENABLED_CAP = TRUE >> +WRITE_STATUS = TRUE >> +WRITE_LOCK_CAP = TRUE >> +WRITE_LOCK_STATUS = TRUE >> +READ_DISABLED_CAP = TRUE >> +READ_ENABLED_CAP = TRUE >> +READ_STATUS = TRUE >> +READ_LOCK_CAP = TRUE >> +READ_LOCK_STATUS = TRUE >> + >> + FILE RAW = 642e4fcf-2df7-4415-8b70-a03909c57b55 { # PcdEdkiiSystemFirmwareFileGuid >> + FV = STYX_EFI >> + } >> + >> + FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # gEdkiiSystemFmpCapsuleDriverFvFileGuid >> + FV = CapsuleDispatchFv >> + } >> + >> + FILE RAW = 812136D3-4D3A-433A-9418-29BB9BF78F6E { # gEdkiiSystemFmpCapsuleConfigFileGuid >> + Platform/AMD/OverdriveBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini >> + } >> + >> +[FmpPayload.FmpPayloadSystemFirmwarePkcs7] >> +IMAGE_HEADER_INIT_VERSION = 0x02 >> +IMAGE_TYPE_ID = d34b3d29-0085-4ab3-8be8-84188cc50489 # PcdSystemFmpCapsuleImageTypeIdGuid >> +IMAGE_INDEX = 0x1 >> +HARDWARE_INSTANCE = 0x0 >> +MONOTONIC_COUNT = 0x1 >> +CERTIFICATE_GUID = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 # PKCS7 >> + >> + FV = SystemFirmwareUpdateCargo >> + >> +[Capsule.StyxFirmwareUpdateCapsuleFmpPkcs7] >> +CAPSULE_GUID = 6dcbd5ed-e82d-4c44-bda1-7194199ad92a # gEfiFmpCapsuleGuid >> +CAPSULE_HEADER_SIZE = 0x20 >> +CAPSULE_HEADER_INIT_VERSION = 0x1 >> + >> + FMP_PAYLOAD = FmpPayloadSystemFirmwarePkcs7 >> + >> >> ################################################################################ >> # >> @@ -413,3 +488,11 @@ READ_LOCK_STATUS = TRUE >> RAW ASL |.aml >> } >> >> +[Rule.Common.PEIM.FMP_IMAGE_DESC] >> + FILE PEIM = $(NAMED_GUID) { >> + RAW BIN |.acpi >> + PEI_DEPEX PEI_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex >> + PE32 PE32 Align=4K $(INF_OUTPUT)/$(MODULE_NAME).efi >> + UI STRING="$(MODULE_NAME)" Optional >> + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) >> + } >> diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc >> new file mode 100644 >> index 000000000000..8737c02fa006 >> --- /dev/null >> +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc >> @@ -0,0 +1,80 @@ >> +/** @file >> + System Firmware descriptor. >> + >> + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> >> + Copyright (c) 2017, Linaro, Ltd. All rights reserved.<BR> >> + >> + This program and the accompanying materials >> + are licensed and made available under the terms and conditions of the BSD License >> + which accompanies this distribution. The full text of the license may be found at >> + http://opensource.org/licenses/bsd-license.php >> + >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. >> + >> +**/ >> + >> +#include <PiPei.h> >> +#include <Protocol/FirmwareManagement.h> >> +#include <Guid/EdkiiSystemFmpCapsule.h> >> + >> +#define PACKAGE_VERSION 0xFFFFFFFF >> +#define PACKAGE_VERSION_STRING L"Unknown" >> + >> +#define CURRENT_FIRMWARE_VERSION 0x00000001 >> +#define CURRENT_FIRMWARE_VERSION_STRING L"0x00000001" >> +#define LOWEST_SUPPORTED_FIRMWARE_VERSION 0x00000001 >> + >> +#define IMAGE_ID SIGNATURE_64('O', 'V', 'R', 'D', 'R', 'I', 'V', 'E') >> +#define IMAGE_ID_STRING L"AMD Seattle Overdrive UEFI" >> + >> +// PcdSystemFmpCapsuleImageTypeIdGuid >> +#define IMAGE_TYPE_ID_GUID { 0xd34b3d29, 0x0085, 0x4ab3, { 0x8b, 0xe8, 0x84, 0x18, 0x8c, 0xc5, 0x04, 0x89 } } >> + >> +typedef struct { >> + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR Descriptor; >> + // real string data >> + CHAR16 ImageIdNameStr[sizeof(IMAGE_ID_STRING)/sizeof(CHAR16)]; >> + CHAR16 VersionNameStr[sizeof(CURRENT_FIRMWARE_VERSION_STRING)/sizeof(CHAR16)]; >> + CHAR16 PackageVersionNameStr[sizeof(PACKAGE_VERSION_STRING)/sizeof(CHAR16)]; >> +} IMAGE_DESCRIPTOR; >> + >> +STATIC IMAGE_DESCRIPTOR mImageDescriptor = >> +{ >> + { >> + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE, >> + sizeof(EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR), >> + sizeof(IMAGE_DESCRIPTOR), >> + PACKAGE_VERSION, // PackageVersion >> + OFFSET_OF (IMAGE_DESCRIPTOR, PackageVersionNameStr), // PackageVersionName >> + 1, // ImageIndex; >> + {0x0}, // Reserved >> + IMAGE_TYPE_ID_GUID, // ImageTypeId; >> + IMAGE_ID, // ImageId; >> + OFFSET_OF (IMAGE_DESCRIPTOR, ImageIdNameStr), // ImageIdName; >> + CURRENT_FIRMWARE_VERSION, // Version; >> + OFFSET_OF (IMAGE_DESCRIPTOR, VersionNameStr), // VersionName; >> + {0x0}, // Reserved2 >> + FixedPcdGet32(PcdFdSize), // Size; >> + IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | >> + IMAGE_ATTRIBUTE_RESET_REQUIRED | >> + IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | >> + IMAGE_ATTRIBUTE_IN_USE, // AttributesSupported; >> + IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | >> + IMAGE_ATTRIBUTE_RESET_REQUIRED | >> + IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | >> + IMAGE_ATTRIBUTE_IN_USE, // AttributesSetting; >> + 0x0, // Compatibilities; >> + LOWEST_SUPPORTED_FIRMWARE_VERSION, // LowestSupportedImageVersion; >> + 0x00000000, // LastAttemptVersion; >> + 0, // LastAttemptStatus; >> + {0x0}, // Reserved3 >> + 0, // HardwareInstance; >> + }, >> + // real string data >> + IMAGE_ID_STRING, >> + CURRENT_FIRMWARE_VERSION_STRING, >> + PACKAGE_VERSION_STRING, >> +}; >> + >> +VOID* CONST ReferenceAcpiTable = &mImageDescriptor; >> diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf >> new file mode 100644 >> index 000000000000..9d47d3b2923a >> --- /dev/null >> +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf >> @@ -0,0 +1,46 @@ >> +## @file >> +# System Firmware descriptor. >> +# >> +# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> >> +# This program and the accompanying materials >> +# are licensed and made available under the terms and conditions of the BSD License >> +# which accompanies this distribution. The full text of the license may be found at >> +# http://opensource.org/licenses/bsd-license.php >> +# >> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. >> +# >> +## >> + >> +[Defines] >> + INF_VERSION = 0x0001001A >> + BASE_NAME = SystemFirmwareDescriptor >> + FILE_GUID = 90B2B846-CA6D-4D6E-A8D3-C140A8E110AC >> + MODULE_TYPE = PEIM >> + VERSION_STRING = 1.0 >> + ENTRY_POINT = SystemFirmwareDescriptorPeimEntry >> + >> +[Sources] >> + SystemFirmwareDescriptorPei.c >> + SystemFirmwareDescriptor.aslc >> + >> +[Packages] >> + ArmPkg/ArmPkg.dec >> + MdePkg/MdePkg.dec >> + MdeModulePkg/MdeModulePkg.dec >> + SignedCapsulePkg/SignedCapsulePkg.dec >> + >> +[LibraryClasses] >> + PcdLib >> + PeiServicesLib >> + DebugLib >> + PeimEntryPoint > > Sort alphabetically in this file, please. > >> + >> +[FixedPcd] >> + gArmTokenSpaceGuid.PcdFdSize >> + >> +[Pcd] >> + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor >> + >> +[Depex] >> + TRUE >> diff --git a/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c >> new file mode 100644 >> index 000000000000..8d40956726ab >> --- /dev/null >> +++ b/Platform/AMD/OverdriveBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c >> @@ -0,0 +1,68 @@ >> +/** @file >> + System Firmware descriptor producer. >> + >> + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> >> + This program and the accompanying materials >> + are licensed and made available under the terms and conditions of the BSD License >> + which accompanies this distribution. The full text of the license may be found at >> + http://opensource.org/licenses/bsd-license.php >> + >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. >> + >> +**/ >> + >> +#include <PiPei.h> >> +#include <Library/PcdLib.h> >> +#include <Library/PeiServicesLib.h> >> +#include <Library/DebugLib.h> > > Sort please. > > No further comments. > If you fold that in, for the series: > Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> > > Certainly, 1/5 can be pushed separately. > Thanks. Pushed as a3877da646af Platform/AMD/Overdrive: remove StatusCodeLib references 4b75f2a85e1b Silicon/AMD/Styx: update SMMU id to MMU-401 dae45a713641 Silicon/Amd/Styx: fix flasher support 7cb9786ee99b Silicon/AMD/Styx: add PlatformFlashAccessLib implementation a54cdba5b641 Platforms/AMD/Overdrive: add signed capsule update support _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.