From 6cf1269d9577a50834683f9b0a90197c0dfa1a78 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Thu, 7 May 2015 15:18:14 +0000 Subject: [PATCH] ArmPlatformPkg: enable use of authenticated variables in NorFlashDxe The NorFlashDxe uses an explicit 'BEFORE xxx' Depex declaration to ensure that it is dispatched before VariableRuntimeDxe, and uses the file GUID of the latter as 'xxx' explicitly to accomplish that. However, when enabling UEFI Secure Boot, this breaks down since the authenticated VariableRuntimeDxe is a completely separate driver, with a different GUID. Also, the hardcoded dependency on gEfiVariableGuid, which is not used under UEFI Secure Boot, needs to be factored out in order to allow this driver to be used. So clone NorFlashDxe.inf into NorFlashAuthenticatedDxe.inf, and fix up the dependencies so they refer to gEfiAuthenticatedVariableGuid and SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf instead. Contributed-under: TianoCore Contribution Agreement 1.0 Reviewed-by: Olivier Martin Reviewed-by: Laszlo Ersek Signed-off-by: Ard Biesheuvel git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17355 6f19259b-4bc3-4df7-8a09-765794883524 --- ArmPlatformPkg/ArmPlatformPkg.dec | 4 + .../ArmVExpressPkg/ArmVExpressPkg.dec | 4 - .../NorFlashDxe/NorFlashAuthenticatedDxe.inf | 76 +++++++++++++++++++ .../NorFlashAuthenticatedVariableDep.c | 19 +++++ .../Drivers/NorFlashDxe/NorFlashDxe.h | 2 + .../Drivers/NorFlashDxe/NorFlashDxe.inf | 1 + .../Drivers/NorFlashDxe/NorFlashFvbDxe.c | 4 +- .../Drivers/NorFlashDxe/NorFlashVariableDep.c | 19 +++++ 8 files changed, 123 insertions(+), 6 deletions(-) create mode 100644 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf create mode 100644 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedVariableDep.c create mode 100644 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashVariableDep.c diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec index 9364bb92c5..58328345bd 100644 --- a/ArmPlatformPkg/ArmPlatformPkg.dec +++ b/ArmPlatformPkg/ArmPlatformPkg.dec @@ -36,6 +36,10 @@ # Following Guid must match FILE_GUID in MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf # gVariableRuntimeDxeFileGuid = { 0xcbd2e4d5, 0x7068, 0x4ff5, { 0xb4, 0x62, 0x98, 0x22, 0xb4, 0xad, 0x8d, 0x60 } } + # + # Following Guid must match FILE_GUID in SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf + # + gVariableAuthenticatedRuntimeDxeFileGuid = { 0x2226f30f, 0x3d5b, 0x402d, {0x99, 0x36, 0xa9, 0x71, 0x84, 0xEB, 0x45, 0x16 } } ## Include/Guid/ArmGlobalVariableHob.h gArmGlobalVariableGuid = { 0xc3253c90, 0xa24f, 0x4599, { 0xa6, 0x64, 0x1f, 0x88, 0x13, 0x77, 0x8f, 0xc9} } diff --git a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec index e8108bc34b..fd59375d9b 100644 --- a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec +++ b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec @@ -33,10 +33,6 @@ [Guids.common] gArmVExpressTokenSpaceGuid = { 0x9c0aaed4, 0x74c5, 0x4043, { 0xb4, 0x17, 0xa3, 0x22, 0x38, 0x14, 0xce, 0x76 } } - # - # Following Guid must match FILE_GUID in MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - # - gVariableRuntimeDxeFileGuid = { 0xcbd2e4d5, 0x7068, 0x4ff5, { 0xb4, 0x62, 0x98, 0x22, 0xb4, 0xad, 0x8d, 0x60 } } [PcdsFeatureFlag.common] diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf new file mode 100644 index 0000000000..ff8f048ecb --- /dev/null +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf @@ -0,0 +1,76 @@ +#/** @file +# +# Component description file for NorFlashAuthenticatedDxe module +# +# Copyright (c) 2011 - 2014, ARM Ltd. All rights reserved.
+# Copyright (c) 2015, Linaro Ltd. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +#**/ + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = NorFlashAuthenticatedDxe + FILE_GUID = 10B86CEA-F2FE-456A-B1C7-4F506CA46005 + MODULE_TYPE = DXE_RUNTIME_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = NorFlashInitialise + +[Sources.common] + NorFlashDxe.c + NorFlashFvbDxe.c + NorFlashBlockIoDxe.c + NorFlashAuthenticatedVariableDep.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + ArmPlatformPkg/ArmPlatformPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + IoLib + BaseLib + DebugLib + HobLib + NorFlashPlatformLib + UefiLib + UefiDriverEntryPoint + UefiBootServicesTableLib + UefiRuntimeLib + DxeServicesTableLib + +[Guids] + gEfiSystemNvDataFvGuid + gEfiAuthenticatedVariableGuid + gEfiEventVirtualAddressChangeGuid + +[Protocols] + gEfiBlockIoProtocolGuid + gEfiDevicePathProtocolGuid + gEfiFirmwareVolumeBlockProtocolGuid + gEfiDiskIoProtocolGuid + +[Pcd.common] + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize + + gArmPlatformTokenSpaceGuid.PcdNorFlashCheckBlockLocked + +[Depex] + # + # NorFlashAuthenticatedDxe must be loaded before VariableAuthenticatedRuntimeDxe + # in case empty flash needs populating with default values + # + BEFORE gVariableAuthenticatedRuntimeDxeFileGuid diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedVariableDep.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedVariableDep.c new file mode 100644 index 0000000000..2ea8ead85d --- /dev/null +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedVariableDep.c @@ -0,0 +1,19 @@ +/** @file NorFlashAuthenticatedVariableDep.c + + Copyright (c) 2015, Linaro Ltd. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include + +CONST EFI_GUID* CONST mNorFlashVariableGuid = &gEfiAuthenticatedVariableGuid; diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h index c24680098f..d0b5c5b12f 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h @@ -152,6 +152,8 @@ struct _NOR_FLASH_INSTANCE { NOR_FLASH_DEVICE_PATH DevicePath; }; +extern CONST EFI_GUID* CONST mNorFlashVariableGuid; + EFI_STATUS NorFlashReadCfiData ( IN UINTN DeviceBaseAddress, diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf index a161c0399e..563d7573e7 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf @@ -26,6 +26,7 @@ NorFlashDxe.c NorFlashFvbDxe.c NorFlashBlockIoDxe.c + NorFlashVariableDep.c [Packages] MdePkg/MdePkg.dec diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c index 4f56bae330..3ed3bb945f 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c @@ -111,7 +111,7 @@ InitializeFvAndVariableStoreHeaders ( // VARIABLE_STORE_HEADER // VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)Headers + FirmwareVolumeHeader->HeaderLength); - CopyGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid); + CopyGuid (&VariableStoreHeader->Signature, mNorFlashVariableGuid); VariableStoreHeader->Size = PcdGet32(PcdFlashNvStorageVariableSize) - FirmwareVolumeHeader->HeaderLength; VariableStoreHeader->Format = VARIABLE_STORE_FORMATTED; VariableStoreHeader->State = VARIABLE_STORE_HEALTHY; @@ -178,7 +178,7 @@ ValidateFvHeader ( VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)FwVolHeader + FwVolHeader->HeaderLength); // Check the Variable Store Guid - if( CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) == FALSE ) { + if (!CompareGuid (&VariableStoreHeader->Signature, mNorFlashVariableGuid)) { DEBUG ((EFI_D_ERROR, "ValidateFvHeader: Variable Store Guid non-compatible\n")); return EFI_NOT_FOUND; } diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashVariableDep.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashVariableDep.c new file mode 100644 index 0000000000..4d52296ce1 --- /dev/null +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashVariableDep.c @@ -0,0 +1,19 @@ +/** @file NorFlashVariableDep.c + + Copyright (c) 2015, Linaro Ltd. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include + +CONST EFI_GUID* CONST mNorFlashVariableGuid = &gEfiVariableGuid; -- 2.39.2