From patchwork Thu May 7 06:16:39 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 48074 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-la0-f69.google.com (mail-la0-f69.google.com [209.85.215.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id ED8F520553 for ; Thu, 7 May 2015 06:17:19 +0000 (UTC) Received: by laat2 with SMTP id t2sf10154188laa.2 for ; Wed, 06 May 2015 23:17:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:subject:precedence:reply-to:list-id:list-unsubscribe :list-archive:list-post:list-help:list-subscribe:mime-version :content-type:content-transfer-encoding:errors-to:x-original-sender :x-original-authentication-results:mailing-list; bh=tU6rxZbIx2gydvXyEB8VaJ0ggDFwHKf28HH1ChCtDgQ=; b=dArPx+8zyGs6HVYgI2q5geELPcp+4G9HDNqWJQdczYtBnUDaCeb7fLj4DRM+AmFUwo mcAvxYdFDxEfSvoC9PT3tjv2yMbAnhlHEzCPm6G7vAVqICmagkqWnjeElBmfhaRGot27 LqOqcTzvWZUxjADD/Uf8bTIDjP5kowLQpBxUVl/zCjFIBIKMA8PvcQEUcRRXQH4VVmdO ukAcs/8pW5sLGT8YAgmUfq68DgeMAAgImnxYp/B0stfPjNoLcb7LkbtR4ZFtP08FERMr 9YrTULIrJ9G/axRfoitb25NbyKmxdkXeezamGM6uQiKALefsWdh0qQcZw5KgFBTg+JNf oH5Q== X-Gm-Message-State: ALoCoQnv3QfGklfd1ZCj5xPwNwqllkWbxzVnwXd6s75A9V9avNwSvX7JmDyjDg2Iob0i8kgaWI5S X-Received: by 10.180.211.168 with SMTP id nd8mr1213430wic.4.1430979438410; Wed, 06 May 2015 23:17:18 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.1.134 with SMTP id 6ls151145lam.36.gmail; Wed, 06 May 2015 23:17:18 -0700 (PDT) X-Received: by 10.152.21.170 with SMTP id w10mr1726763lae.27.1430979438242; Wed, 06 May 2015 23:17:18 -0700 (PDT) Received: from mail-lb0-f180.google.com (mail-lb0-f180.google.com. [209.85.217.180]) by mx.google.com with ESMTPS id kp20si638738lbb.109.2015.05.06.23.17.17 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 May 2015 23:17:17 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.180 as permitted sender) client-ip=209.85.217.180; Received: by lbcga7 with SMTP id ga7so23560305lbc.1 for ; Wed, 06 May 2015 23:17:17 -0700 (PDT) X-Received: by 10.112.150.100 with SMTP id uh4mr1743715lbb.112.1430979437744; Wed, 06 May 2015 23:17:17 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.67.65 with SMTP id l1csp3252142lbt; Wed, 6 May 2015 23:17:16 -0700 (PDT) X-Received: by 10.50.73.198 with SMTP id n6mr12498248igv.32.1430979435562; Wed, 06 May 2015 23:17:15 -0700 (PDT) Received: from lists.sourceforge.net (lists.sourceforge.net. [216.34.181.88]) by mx.google.com with ESMTPS id u42si782958ioi.54.2015.05.06.23.17.14 (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 06 May 2015 23:17:15 -0700 (PDT) Received-SPF: pass (google.com: domain of edk2-devel-bounces@lists.sourceforge.net designates 216.34.181.88 as permitted sender) client-ip=216.34.181.88; Received: from localhost ([127.0.0.1] helo=sfs-ml-1.v29.ch3.sourceforge.com) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YqF7H-0007D6-1i; Thu, 07 May 2015 06:17:03 +0000 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YqF7G-0007Cz-9Q for edk2-devel@lists.sourceforge.net; Thu, 07 May 2015 06:17:02 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of linaro.org designates 209.85.212.174 as permitted sender) client-ip=209.85.212.174; envelope-from=ard.biesheuvel@linaro.org; helo=mail-wi0-f174.google.com; Received: from mail-wi0-f174.google.com ([209.85.212.174]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YqF7E-0000Bz-Pg for edk2-devel@lists.sourceforge.net; Thu, 07 May 2015 06:17:02 +0000 Received: by wizk4 with SMTP id k4so228958369wiz.1 for ; Wed, 06 May 2015 23:16:54 -0700 (PDT) X-Received: by 10.194.236.225 with SMTP id ux1mr4325718wjc.52.1430979414738; Wed, 06 May 2015 23:16:54 -0700 (PDT) Received: from localhost.localdomain (cag06-7-83-153-85-71.fbx.proxad.net. [83.153.85.71]) by mx.google.com with ESMTPSA id vy5sm1626296wjc.33.2015.05.06.23.16.52 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 06 May 2015 23:16:54 -0700 (PDT) From: Ard Biesheuvel To: edk2-devel@lists.sourceforge.net, olivier.martin@arm.com Date: Thu, 7 May 2015 08:16:39 +0200 Message-Id: <1430979400-24189-3-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1430979400-24189-1-git-send-email-ard.biesheuvel@linaro.org> References: <1430979400-24189-1-git-send-email-ard.biesheuvel@linaro.org> X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1YqF7E-0000Bz-Pg Subject: [edk2] [PATCH v3 2/3] ArmPlatformPkg: enable use of authenticated variables in NorFlashDxe X-BeenThere: edk2-devel@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: edk2-devel@lists.sourceforge.net List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.sourceforge.net X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: ard.biesheuvel@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.180 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 The NorFlashDxe uses an explicit 'BEFORE xxx' Depex declaration to ensure that it is dispatched before VariableRuntimeDxe, and uses the file GUID of the latter as 'xxx' explicitly to accomplish that. However, when enabling UEFI Secure Boot, this breaks down since the authenticated VariableRuntimeDxe is a completely separate driver, with a different GUID. Also, the hardcoded dependency on gEfiVariableGuid, which is not used under UEFI Secure Boot, needs to be factored out in order to allow this driver to be used. So clone NorFlashDxe.inf into NorFlashAuthenticatedDxe.inf, and fix up the dependencies so they refer to gEfiAuthenticatedVariableGuid and SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf instead. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- ArmPlatformPkg/ArmPlatformPkg.dec | 4 ++ ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec | 4 -- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf | 76 ++++++++++++++++++++ ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedVariableDep.c | 19 +++++ ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h | 2 + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf | 1 + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c | 4 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashVariableDep.c | 19 +++++ 8 files changed, 123 insertions(+), 6 deletions(-) diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec index 9364bb92c5f0..58328345bd06 100644 --- a/ArmPlatformPkg/ArmPlatformPkg.dec +++ b/ArmPlatformPkg/ArmPlatformPkg.dec @@ -36,6 +36,10 @@ # Following Guid must match FILE_GUID in MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf # gVariableRuntimeDxeFileGuid = { 0xcbd2e4d5, 0x7068, 0x4ff5, { 0xb4, 0x62, 0x98, 0x22, 0xb4, 0xad, 0x8d, 0x60 } } + # + # Following Guid must match FILE_GUID in SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf + # + gVariableAuthenticatedRuntimeDxeFileGuid = { 0x2226f30f, 0x3d5b, 0x402d, {0x99, 0x36, 0xa9, 0x71, 0x84, 0xEB, 0x45, 0x16 } } ## Include/Guid/ArmGlobalVariableHob.h gArmGlobalVariableGuid = { 0xc3253c90, 0xa24f, 0x4599, { 0xa6, 0x64, 0x1f, 0x88, 0x13, 0x77, 0x8f, 0xc9} } diff --git a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec index e8108bc34b56..fd59375d9baf 100644 --- a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec +++ b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec @@ -33,10 +33,6 @@ [Guids.common] gArmVExpressTokenSpaceGuid = { 0x9c0aaed4, 0x74c5, 0x4043, { 0xb4, 0x17, 0xa3, 0x22, 0x38, 0x14, 0xce, 0x76 } } - # - # Following Guid must match FILE_GUID in MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - # - gVariableRuntimeDxeFileGuid = { 0xcbd2e4d5, 0x7068, 0x4ff5, { 0xb4, 0x62, 0x98, 0x22, 0xb4, 0xad, 0x8d, 0x60 } } [PcdsFeatureFlag.common] diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf new file mode 100644 index 000000000000..ff8f048ecb21 --- /dev/null +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf @@ -0,0 +1,76 @@ +#/** @file +# +# Component description file for NorFlashAuthenticatedDxe module +# +# Copyright (c) 2011 - 2014, ARM Ltd. All rights reserved.
+# Copyright (c) 2015, Linaro Ltd. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +#**/ + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = NorFlashAuthenticatedDxe + FILE_GUID = 10B86CEA-F2FE-456A-B1C7-4F506CA46005 + MODULE_TYPE = DXE_RUNTIME_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = NorFlashInitialise + +[Sources.common] + NorFlashDxe.c + NorFlashFvbDxe.c + NorFlashBlockIoDxe.c + NorFlashAuthenticatedVariableDep.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + ArmPlatformPkg/ArmPlatformPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + IoLib + BaseLib + DebugLib + HobLib + NorFlashPlatformLib + UefiLib + UefiDriverEntryPoint + UefiBootServicesTableLib + UefiRuntimeLib + DxeServicesTableLib + +[Guids] + gEfiSystemNvDataFvGuid + gEfiAuthenticatedVariableGuid + gEfiEventVirtualAddressChangeGuid + +[Protocols] + gEfiBlockIoProtocolGuid + gEfiDevicePathProtocolGuid + gEfiFirmwareVolumeBlockProtocolGuid + gEfiDiskIoProtocolGuid + +[Pcd.common] + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize + + gArmPlatformTokenSpaceGuid.PcdNorFlashCheckBlockLocked + +[Depex] + # + # NorFlashAuthenticatedDxe must be loaded before VariableAuthenticatedRuntimeDxe + # in case empty flash needs populating with default values + # + BEFORE gVariableAuthenticatedRuntimeDxeFileGuid diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedVariableDep.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedVariableDep.c new file mode 100644 index 000000000000..2ea8ead85d9b --- /dev/null +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedVariableDep.c @@ -0,0 +1,19 @@ +/** @file NorFlashAuthenticatedVariableDep.c + + Copyright (c) 2015, Linaro Ltd. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include + +CONST EFI_GUID* CONST mNorFlashVariableGuid = &gEfiAuthenticatedVariableGuid; diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h index c24680098f62..9b76bfa1df23 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h @@ -152,6 +152,8 @@ struct _NOR_FLASH_INSTANCE { NOR_FLASH_DEVICE_PATH DevicePath; }; +CONST EFI_GUID* CONST mNorFlashVariableGuid; + EFI_STATUS NorFlashReadCfiData ( IN UINTN DeviceBaseAddress, diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf index a161c0399e52..563d7573e7a2 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf @@ -26,6 +26,7 @@ NorFlashDxe.c NorFlashFvbDxe.c NorFlashBlockIoDxe.c + NorFlashVariableDep.c [Packages] MdePkg/MdePkg.dec diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c index 4f56bae33022..3ed3bb945ff6 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c @@ -111,7 +111,7 @@ InitializeFvAndVariableStoreHeaders ( // VARIABLE_STORE_HEADER // VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)Headers + FirmwareVolumeHeader->HeaderLength); - CopyGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid); + CopyGuid (&VariableStoreHeader->Signature, mNorFlashVariableGuid); VariableStoreHeader->Size = PcdGet32(PcdFlashNvStorageVariableSize) - FirmwareVolumeHeader->HeaderLength; VariableStoreHeader->Format = VARIABLE_STORE_FORMATTED; VariableStoreHeader->State = VARIABLE_STORE_HEALTHY; @@ -178,7 +178,7 @@ ValidateFvHeader ( VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)FwVolHeader + FwVolHeader->HeaderLength); // Check the Variable Store Guid - if( CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) == FALSE ) { + if (!CompareGuid (&VariableStoreHeader->Signature, mNorFlashVariableGuid)) { DEBUG ((EFI_D_ERROR, "ValidateFvHeader: Variable Store Guid non-compatible\n")); return EFI_NOT_FOUND; } diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashVariableDep.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashVariableDep.c new file mode 100644 index 000000000000..4d52296ce1a0 --- /dev/null +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashVariableDep.c @@ -0,0 +1,19 @@ +/** @file NorFlashVariableDep.c + + Copyright (c) 2015, Linaro Ltd. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include + +CONST EFI_GUID* CONST mNorFlashVariableGuid = &gEfiVariableGuid;