From fb1a4e361e9b6ef15142000fc3a79f5f31777de7 Mon Sep 17 00:00:00 2001 From: Shifei Lu Date: Thu, 11 Jun 2015 02:17:06 +0000 Subject: [PATCH 1/1] Add code to protect the whole BIOS region on SPI flash, except UEFI Variable region. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Shifei Lu Reviewed-by: David Wei git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17618 6f19259b-4bc3-4df7-8a09-765794883524 --- Vlv2TbltDevicePkg/PlatformDxe/Platform.c | 42 ++++++++++++++++--- Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf | 7 ++++ 2 files changed, 43 insertions(+), 6 deletions(-) diff --git a/Vlv2TbltDevicePkg/PlatformDxe/Platform.c b/Vlv2TbltDevicePkg/PlatformDxe/Platform.c index 760b8b00b4..dba84fb659 100644 --- a/Vlv2TbltDevicePkg/PlatformDxe/Platform.c +++ b/Vlv2TbltDevicePkg/PlatformDxe/Platform.c @@ -353,12 +353,23 @@ SpiBiosProtectionFunction( { UINTN mPciD31F0RegBase; - UINTN BiosFlaLower = 0; - UINTN BiosFlaLimit = 0x7fffff; - - BiosFlaLower = PcdGet32(PcdFlashMicroCodeAddress)-PcdGet32(PcdFlashAreaBaseAddress); + UINTN BiosFlaLower0; + UINTN BiosFlaLimit0; + UINTN BiosFlaLower1; + UINTN BiosFlaLimit1; + + BiosFlaLower0 = PcdGet32(PcdFlashMicroCodeAddress)-PcdGet32(PcdFlashAreaBaseAddress); + BiosFlaLimit0 = PcdGet32(PcdFlashMicroCodeSize)-1; + #ifdef MINNOW2_FSP_BUILD + BiosFlaLower1 = PcdGet32(PcdFlashFvFspBase)-PcdGet32(PcdFlashAreaBaseAddress); + BiosFlaLimit1 = (PcdGet32(PcdFlashFvRecoveryBase)-PcdGet32(PcdFlashFvFspBase)+PcdGet32(PcdFlashFvRecoverySize))-1; + #else + BiosFlaLower1 = PcdGet32(PcdFlashFvMainBase)-PcdGet32(PcdFlashAreaBaseAddress); + BiosFlaLimit1 = (PcdGet32(PcdFlashFvRecoveryBase)-PcdGet32(PcdFlashFvMainBase)+PcdGet32(PcdFlashFvRecoverySize))-1; + #endif + mPciD31F0RegBase = MmPciAddress (0, DEFAULT_PCI_BUS_NUMBER_PCH, PCI_DEVICE_NUMBER_PCH_LPC, @@ -391,7 +402,7 @@ SpiBiosProtectionFunction( // MmioOr32((UINTN)(SpiBase + R_PCH_SPI_PR0), B_PCH_SPI_PR0_RPE|B_PCH_SPI_PR0_WPE|\ - (B_PCH_SPI_PR0_PRB_MASK&(BiosFlaLower>>12))|(B_PCH_SPI_PR0_PRL_MASK&(BiosFlaLimit>>12)<<16)); + (B_PCH_SPI_PR0_PRB_MASK&(BiosFlaLower0>>12))|(B_PCH_SPI_PR0_PRL_MASK&(BiosFlaLimit0>>12)<<16)); // //Lock down PR0 @@ -405,6 +416,25 @@ SpiBiosProtectionFunction( DEBUG((EFI_D_ERROR, "Failed to lock down PR0.\n")); } + // + //Set PR1 + // + + MmioOr32((UINTN)(SpiBase + R_PCH_SPI_PR1), + B_PCH_SPI_PR1_RPE|B_PCH_SPI_PR1_WPE|\ + (B_PCH_SPI_PR1_PRB_MASK&(BiosFlaLower1>>12))|(B_PCH_SPI_PR1_PRL_MASK&(BiosFlaLimit1>>12)<<16)); + + // + //Lock down PR1 + // + MmioOr16 ((UINTN) (SpiBase + R_PCH_SPI_HSFS), (UINT16) (B_PCH_SPI_HSFS_FLOCKDN)); + + // + // Verify if it's really locked. + // + if ((MmioRead16 (SpiBase + R_PCH_SPI_HSFS) & B_PCH_SPI_HSFS_FLOCKDN) == 0) { + DEBUG((EFI_D_ERROR, "Failed to lock down PR1.\n")); + } return; } @@ -690,7 +720,7 @@ InitializePlatform ( &mReadyToBootEvent ); // - // Create a ReadyToBoot Event to run enable PR0 and lock down + // Create a ReadyToBoot Event to run enable PR0/PR1 and lock down,unlock variable region // if(mSystemConfiguration.SpiRwProtect==1) { Status = EfiCreateEventReadyToBootEx ( diff --git a/Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf b/Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf index daf6d70184..27216b7879 100644 --- a/Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf +++ b/Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf @@ -62,6 +62,7 @@ Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec SecurityPkg/SecurityPkg.dec CryptoPkg/CryptoPkg.dec + IntelFspWrapperPkg/IntelFspWrapperPkg.dec [LibraryClasses] BaseLib @@ -133,7 +134,13 @@ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress gPlatformModuleTokenSpaceGuid.PcdFlashAreaBaseAddress gPlatformModuleTokenSpaceGuid.PcdFlashMicroCodeAddress + gPlatformModuleTokenSpaceGuid.PcdFlashMicroCodeSize gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdFastPS2Detection + gPlatformModuleTokenSpaceGuid.PcdFlashFvMainBase + gPlatformModuleTokenSpaceGuid.PcdFlashFvRecoveryBase + gPlatformModuleTokenSpaceGuid.PcdFlashFvRecoverySize + gFspWrapperTokenSpaceGuid.PcdFlashFvFspBase + [Depex] gEfiPciRootBridgeIoProtocolGuid AND -- 2.39.2