ArmVirtPkg: Disable the TPM2 platform hierarchy Disable the TPM2 platform hierarchy by directly calling ConfigureTpmPlatformHierarchy(). Per the TCG firmware specification "TCG PC Client Platform Firmware Profile Specification" the TPM 2 platform hierarchy needs to be disabled or a random password set and discarded before the firmware passes control to the next stage bootloader or kernel. Current specs are here: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf Section 11 states: "Platform Firmware MUST protect access to the Platform Hierarchy and prevent access to the platform hierarchy by non-manufacturer- controlled components." Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3510 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
ArmVirtPkg: Reference new TPM classes in the build system for compilation We just added the same functionality to the OvmfPkg. However, on x86, we could use the notification mechanism around gEfiDxeSmmReadyToLockProtocolGuid to indirectly invoke ConfigureTpmPlatformHierarchy(). Since ARM does not have an SMM mode, we have to use direct invocation of this function at the same place in PlatformBootManagerBeforeConsole() as it is called on x86. Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3510 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
ArmVirtPkg/PlatformBootManagerLib: switch to separate QEMU loader Drop the QEMU loader file system implementation inside this library, and switch to the separate QemuLoadImageLib library and the associated driver to expose the kernel and initrd passed via the QEMU command line. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2566 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
ArmVirtPkg/PlatformBootManagerLib: sync Timeout with PcdPlatformBootTimeOut Set the Timeout global variable to the same value as PcdPlatformBootTimeOut. This way the "setvar" command in the UEFI shell, and the "efibootmgr" command in a Linux guest, can report the front page timeout that was requested on the QEMU command line (see GetFrontPageTimeoutFromQemu()). A DEBUG_VERBOSE message is logged on success too, for our QE team's sake. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200304094413.19462-3-lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
ArmVirtPkg: Replace BSD License with BSD+Patent License https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
ArmVirtPkg/PlatformBootManagerLib: display boot option loading/starting Consume PlatformBmPrintScLib, added earlier in this series. When BdsDxe+UefiBootManagerLib report LoadImage() / StartImage() preparations and return statuses, print the reports to the UEFI console. This allows end-users better visibility into the boot process. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1515418 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
ArmVirtPkg/PlatformBootManagerLib: add missing report status code call Consumers of status code reports may rely on a status code to be reported when the ReadyToBoot event is signalled. For instance, FirmwarePerformanceDxe will fail to install the FPDT ACPI table in this case. So add the missing call. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
ArmVirtPkg/PlatformBootManagerLib: connect Virtio RNG devices again Virtio RNG devices are never boot devices, so in commit ff1d0fbfbaec we stopped connecting them. This is a problem because an OS boot loader may depend on EFI_RNG_PROTOCOL to seed the OS's RNG. Connect Virtio RNG devices again. And, while commit ff1d0fbfbaec removed that from PlatformBootManagerAfterConsole(), reintroduce it now to PlatformBootManagerBeforeConsole() -- this way Driver#### options launched between both functions may access EFI_RNG_PROTOCOL too. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Fixes: ff1d0fbfbaec55038ccf888759588fa4e21516f4 Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1579518 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
ArmVirtPkg/PlatformBootManagerLib: list "PlatformBm.h" in INF file The header file declares TryRunningQemuKernel(), defined in "QemuKernel.c" and called from "PlatformBm.c". Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Suggested-by: Michael Kinney <michael.d.kinney@intel.com> Ref: http://mid.mail-archive.com/E92EE9817A31E24EB0585FDF735412F56327F7D3@ORSMSX113.amr.corp.intel.com Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
ArmVirtPkg/ArmVirtQemu: refer to Shell app via its declared GUID Currently, the file GUID reference of the UEFI Shell app is indirected via the PCD gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdShellFile, which is set to a fixed value for our platforms. So instead, use the new symbolic GUID added for this purpose, and drop the reference to this PCD, and to the IntelFrameworkModulePkg package entirely. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
ArmVirtPkg/PlatformBds: Do not call BootLogoEnableLogo Prototype of BootLogoEnableLogo will change in following patches, so do not call BootLogoEnableLogo to avoid build failure. Contributed-under: TianoCore Contribution Agreement 1.0 Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
ArmVirtPkg/PlatformBootManagerLib: remove stale FvFile boot options (This patch ports OvmfPkg commit 2eb358986052 to ArmVirtPkg. That functionality was not added to QemuBootOrderLib, because it was (and is) independent from QEMU and fw_cfg.) Remove any boot options that point to binaries built into the firmware and have become stale due to any of the following: - FvMain's base address or size changed (historical -- see commit e191a3114f4c), - FvMain's FvNameGuid changed, - the FILE_GUID of the pointed-to binary changed, - the referenced binary is no longer built into the firmware. For example, multiple such "EFI Internal Shell" boot options can coexist. They technically differ from each other, but may not describe any built-in shell binary exactly. Such options can accumulate in a varstore over time, and while they remain generally bootable (thanks to the efforts of BmGetFileBufferByFvFilePath()), they look bad. Filter out any stale options. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Fixes: https://github.com/tianocore/edk2/issues/107 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
ArmVirtPkg/PlatformBootManagerLib: rebase boot logo display to BootLogoLib In the course of porting ArmVirtPkg to the MdeModulePkg BDS, commit 1f73aef50c5e ArmVirtPkg/PlatformBootManagerLib: add EnableQuietBoot & DisableQuietBoot open-coded the EnableQuietBoot() function (and its dependencies / friends) from IntelFrameworkModulePkg BDS. This code duplication can be avoided; the functionality is available from the following three libraries in MdeModulePkg: - BootLogoLib: provides the BootLogoEnableLogo() function. It does not provide the internal ConvertBmpToGopBlt() function -- that one is delegated to ImageDecoderLib (function DecodeImage()). - ImageDecoderLib: a general library that registers decoder plugins for specific image formats, and provides the generic DecodeImage() on top. - BmpImageDecoderLib: one of said decoder plugins, for handling BMP images (which is the format of our logo). In this patch, we revert 1f73aef50c5e, and atomically incorporate the above libraries. This is inspired by Nt32Pkg commit 859e75c4fc42: Nt32Pkg: Use BootLogoLib for logo and progress bar drawing. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Leif Lindholm <leif.lindholm@linaro.org> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
ArmVirtPkg/PlatformBootManagerLib: add EnableQuietBoot & DisableQuietBoot UefiBootManagerLib does not provide these functions, we have to implement them. (EnableQuietBoot() puts up the nice TianoCore logo.) OvmfPkg commits 817fb3ac2a78 and 8e8fd3037788 have extracted these functions already, - from "IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c" - to "OvmfPkg/Library/PlatformBootManagerLib/QuietBoot.c". Copy the latter file, with minimal changes. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Ruiyu Ni <ruiyu.ni@Intel.com>
ArmVirtPkg/PlatformBootManagerLib: register boot options and hot keys Register the Enter key as the continue key (hot key to skip the boot timeout). Map the F2 and ESC keys to the UI. Register the memory-mapped Shell boot option. The patch parallels OvmfPkg commit 07dd96e82032. The PlatformRegisterFvBootOption() and PlatformRegisterOptionsAndKeys() functions are copied almost verbatim. The only changes are: internal linkage for these functions (i.e., STATIC), and mentioning the ESC key in the comments. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Ruiyu Ni <ruiyu.ni@Intel.com>
ArmVirtPkg/PlatformBootManagerLib: don't launch the Boot Manager Menu MdeModulePkg/BDS doesn't launch the UI (Boot Manager Menu) from the platform side. The platform is expected to store the boot timeout only, in PcdPlatformBootTimeOut. This is usually done in PlatformBootManagerBeforeConsole(). (ArmVirtXen is not modified, as it uses PlatformIntelBdsLib from ArmPlatformPkg, not ArmVirtPkg.) The patch parallels OvmfPkg commit 8dc0f0a6aab0. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Ruiyu Ni <ruiyu.ni@Intel.com>
ArmVirtPkg/PlatformBootManagerLib: link against UefiBootManagerLib The general BDS helper functions are now provided by MdeModulePkg's UefiBootManagerLib, and no longer by IntelFrameworkModulePkg's GenericBdsLib. This patch parallels OvmfPkg commit 2b23b8d45b62. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Ruiyu Ni <ruiyu.ni@Intel.com>
ArmVirtPkg/PlatformBootManagerLib: follow PlatformBootManagerLib interfaces "IntelFrameworkModulePkg/Include/Library/PlatformBdsLib.h" declares the following interfaces: - PlatformBdsInit - PlatformBdsPolicyBehavior - PlatformBdsBootFail - PlatformBdsBootSuccess - PlatformBdsLockNonUpdatableFlash - LockKeyboards From these, we've been using PlatformBdsInit() and PlatformBdsPolicyBehavior(). "MdeModulePkg/Include/Library/PlatformBootManagerLib.h" declares the three interfaces below: - PlatformBootManagerBeforeConsole - PlatformBootManagerAfterConsole - PlatformBootManagerWaitCallback Comparing the BdsEntry() functions between - "IntelFrameworkModulePkg/Universal/BdsDxe/BdsEntry.c" and - "MdeModulePkg/Universal/BdsDxe/BdsEntry.c", we can establish the following mapping: IntelFrameworkModulePkg MdeModulePkg BdsEntry() BdsEntry() PlatformBdsInit() <--------------> PlatformBootManagerBeforeConsole() dispatch Driver#### <--------------> dispatch Driver#### connect consoles PlatformBdsPolicyBehavior() <------> PlatformBootManagerAfterConsole() The difference in connecting the consoles will be addressed in a later patch, now we just rename the functions according to the mapping above, and copy the call site comments from MdeModulePkg's BdsEntry(). For the third interface, PlatformBootManagerWaitCallback(), add an empty implementation (and copy the comment from the library class header). Platform BDS can use this callback to draw a progress bar, for example. This patch parallels OvmfPkg commit a7566234e92c. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Ruiyu Ni <ruiyu.ni@Intel.com>
ArmVirtPkg: duplicate PlatformIntelBdsLib to PlatformBootManagerLib Create a copy of PlatformIntelBdsLib under the name PlatformBootManagerLib, with the following initial changes: - replace PlatformBdsLib references with PlatformBootManagerLib in comments, - replace "IntelBdsPlatform" with "PlatformBm" in file names and their references, - generate a new FILE_GUID. PlatformBootManagerLib will be linked into the BDS driver from MdeModulePkg. This patch parallels OvmfPkg commit 305418818959. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Ruiyu Ni <ruiyu.ni@Intel.com>