Date
1 - 6 of 6
[edk2-platforms: PATCH v4] IntelSiliconPkg/SpiFvbServiceSmm: Rewrite VariableStore header.
|
Chiu, Chasel
When invalid VariableStore FV header detected, current SpiFvbService
will erase both FV and VariableStore headers from flash, however, it will only rewrite FV header back and cause invalid VariableStore header. This patch adding the support for rewriting both FV header and VariableStore header when VariableStore corruption happened. The Corrupted variable content should be taken care by FaultTolerantWrite driver later. Platform has to set PcdFlashVariableStoreType to inform SpiFvbService which VariableStoreType should be rewritten. Cc: Ashraf Ali S <ashraf.ali.s@...> Cc: Isaac Oram <isaac.w.oram@...> Cc: Rangasai V Chaganty <rangasai.v.chaganty@...> Cc: Ray Ni <ray.ni@...> Cc: Michael Kubacki <michael.kubacki@...> Signed-off-by: Chasel Chiu <chasel.chiu@...> --- Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiFvbServiceMm.= c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-= ---- Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiFvbServiceSmm= .inf | 3 +++ Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec = | 8 ++++++++ 3 files changed, 75 insertions(+), 5 deletions(-) diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiF= vbServiceMm.c b/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/S= piFvbServiceMm.c index 6b4bcdcfe3..052be97872 100644 --- a/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiFvbServi= ceMm.c +++ b/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiFvbServi= ceMm.c @@ -12,6 +12,7 @@ #include <Library/MmServicesTableLib.h>=0D #include <Library/UefiDriverEntryPoint.h>=0D #include <Protocol/SmmFirmwareVolumeBlock.h>=0D +#include <Guid/VariableFormat.h>=0D =0D /**=0D The function installs EFI_FIRMWARE_VOLUME_BLOCK protocol=0D @@ -113,7 +114,12 @@ FvbInitialize ( UINT32 MaxLbaSize;=0D UINT32 BytesWritten;=0D UINTN BytesErased;=0D + EFI_PHYSICAL_ADDRESS NvStorageBaseAddress;=0D UINT64 NvStorageFvSize;=0D + UINT32 ExpectedBytesWritten;=0D + VARIABLE_STORE_HEADER *VariableStoreHeader;=0D + UINT8 VariableStoreType;=0D + UINT8 *NvStoreBuffer;=0D =0D Status =3D GetVariableFlashNvStorageInfo (&BaseAddress, &NvStorageFvSize= );=0D if (EFI_ERROR (Status)) {=0D @@ -124,12 +130,14 @@ FvbInitialize ( =0D // Stay within the current UINT32 size assumptions in the variable stack= .=0D Status =3D SafeUint64ToUint32 (BaseAddress, &mPlatformFvBaseAddress[0].F= vBase);=0D + NvStorageBaseAddress =3D mPlatformFvBaseAddress[0].FvBase;=0D if (EFI_ERROR (Status)) {=0D ASSERT_EFI_ERROR (Status);=0D DEBUG ((DEBUG_ERROR, "[%a] - 64-bit variable storage base address not = supported.\n", __FUNCTION__));=0D return;=0D }=0D Status =3D SafeUint64ToUint32 (NvStorageFvSize, &mPlatformFvBaseAddress[= 0].FvSize);=0D + NvStorageFvSize =3D mPlatformFvBaseAddress[0].FvSize;=0D if (EFI_ERROR (Status)) {=0D ASSERT_EFI_ERROR (Status);=0D DEBUG ((DEBUG_ERROR, "[%a] - 64-bit variable storage size not supporte= d.\n", __FUNCTION__));=0D @@ -186,8 +194,59 @@ FvbInitialize ( }=0D continue;=0D }=0D - BytesWritten =3D FvHeader->HeaderLength;=0D - Status =3D SpiFlashWrite ((UINTN)BaseAddress, &BytesWritten, (UINT= 8*)FvHeader);=0D +=0D + BytesWritten =3D FvHeader->HeaderLength;=0D + ExpectedBytesWritten =3D BytesWritten;=0D + if (BaseAddress !=3D NvStorageBaseAddress) {=0D + Status =3D SpiFlashWrite ((UINTN)BaseAddress, &BytesWritten, (UI= NT8 *)FvHeader);=0D + } else {=0D + //=0D + // This is Variable Store, rewrite both EFI_FIRMWARE_VOLUME_HEAD= ER and VARIABLE_STORE_HEADER.=0D + // The corrupted Variable content should be taken care by FaultT= olerantWrite driver later.=0D + //=0D + NvStoreBuffer =3D NULL;=0D + NvStoreBuffer =3D AllocateZeroPool (sizeof (VARIABLE_STORE_HEADE= R) + FvHeader->HeaderLength);=0D + if (NvStoreBuffer !=3D NULL) {=0D + //=0D + // Combine FV header and VariableStore header into the buffer.= =0D + //=0D + CopyMem (NvStoreBuffer, FvHeader, FvHeader->HeaderLength);=0D + VariableStoreHeader =3D (VARIABLE_STORE_HEADER *)(NvStoreBuffe= r + FvHeader->HeaderLength);=0D + VariableStoreType =3D PcdGet8 (PcdFlashVariableStoreType);=0D + switch (VariableStoreType) {=0D + case 0:=0D + DEBUG ((DEBUG_ERROR, "Type: gEfiVariableGuid\n"));=0D + CopyGuid (&VariableStoreHeader->Signature, &gEfiVariableGu= id);=0D + break;=0D + case 1:=0D + DEBUG ((DEBUG_ERROR, "Type: gEfiAuthenticatedVariableGuid\= n"));=0D + CopyGuid (&VariableStoreHeader->Signature, &gEfiAuthentica= tedVariableGuid);=0D + break;=0D + default:=0D + break;=0D + }=0D +=0D + //=0D + // Initialize common VariableStore header fields=0D + //=0D + VariableStoreHeader->Size =3D (UINT32) (NvStorageFvSize -= FvHeader->HeaderLength);=0D + VariableStoreHeader->Format =3D VARIABLE_STORE_FORMATTED;=0D + VariableStoreHeader->State =3D VARIABLE_STORE_HEALTHY;=0D + VariableStoreHeader->Reserved =3D 0;=0D + VariableStoreHeader->Reserved1 =3D 0;=0D +=0D + //=0D + // Write buffer to flash=0D + //=0D + BytesWritten =3D FvHeader->HeaderLength + sizeof (VARI= ABLE_STORE_HEADER);=0D + ExpectedBytesWritten =3D BytesWritten;=0D + Status =3D SpiFlashWrite ((UINTN)BaseAddress, &B= ytesWritten, NvStoreBuffer);=0D + FreePool (NvStoreBuffer);=0D + } else {=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + }=0D + }=0D +=0D if (EFI_ERROR (Status)) {=0D DEBUG ((DEBUG_WARN, "ERROR - SpiFlashWrite Error %r\n", Status)= );=0D if (FvHeader !=3D NULL) {=0D @@ -195,9 +254,9 @@ FvbInitialize ( }=0D continue;=0D }=0D - if (BytesWritten !=3D FvHeader->HeaderLength) {=0D - DEBUG ((DEBUG_WARN, "ERROR - BytesWritten !=3D HeaderLength\n"))= ;=0D - DEBUG ((DEBUG_INFO, " BytesWritten =3D 0x%X\n HeaderLength =3D 0= x%X\n", BytesWritten, FvHeader->HeaderLength));=0D + if (BytesWritten !=3D ExpectedBytesWritten) {=0D + DEBUG ((DEBUG_WARN, "ERROR - BytesWritten !=3D ExpectedBytesWrit= ten\n"));=0D + DEBUG ((DEBUG_INFO, " BytesWritten =3D 0x%X\n ExpectedBytesWritt= en =3D 0x%X\n", BytesWritten, ExpectedBytesWritten));=0D if (FvHeader !=3D NULL) {=0D FreePool (FvHeader);=0D }=0D diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiF= vbServiceSmm.inf b/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbServic= e/SpiFvbServiceSmm.inf index 0cfa3f909b..73049eceb2 100644 --- a/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiFvbServi= ceSmm.inf +++ b/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiFvbServi= ceSmm.inf @@ -45,6 +45,7 @@ [Pcd]=0D gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvBase ## CONSUM= ES=0D gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvSize ## CONSUM= ES=0D + gIntelSiliconPkgTokenSpaceGuid.PcdFlashVariableStoreType ## SOMETI= MES_CONSUMES=0D =0D [Sources]=0D FvbInfo.c=0D @@ -61,6 +62,8 @@ [Guids]=0D gEfiFirmwareFileSystem2Guid ## CONSUMES=0D gEfiSystemNvDataFvGuid ## CONSUMES=0D + gEfiVariableGuid ## SOMETIMES_CONSUMES=0D + gEfiAuthenticatedVariableGuid ## SOMETIMES_CONSUMES=0D =0D [Depex]=0D TRUE=0D diff --git a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec b/Silicon/In= tel/IntelSiliconPkg/IntelSiliconPkg.dec index 485cb3e80a..63dae756ad 100644 --- a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec +++ b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec @@ -186,3 +186,11 @@ # @Prompt VTd abort DMA mode support.=0D gIntelSiliconPkgTokenSpaceGuid.PcdVTdSupportAbortDmaMode|FALSE|BOOLEAN|0= x0000000C=0D =0D + ## Define Flash Variable Store type.<BR><BR>=0D + # When Flash Variable Store corruption happened, the SpiFvbService will= recreate Variable Store=0D + # with valid header information provided by this PCD value.<BR>=0D + # 0: Variable Store is gEfiVariableGuid type.<BR>=0D + # 1: Variable Store is gEfiAuthenticatedVariableGuid type.<BR>=0D + # Other value: reserved for future use.<BR>=0D + # @Prompt Flash Variable Store type.=0D + gIntelSiliconPkgTokenSpaceGuid.PcdFlashVariableStoreType|0x00|UINT8|0x00= 00000E=0D --=20 2.35.0.windows.1 |
|
|
|
Michael Kubacki
Reviewed-by: Michael Kubacki <michael.kubacki@...>
toggle quoted message
Show quoted text
On the following lines, I recommend moving the assignment until after the if block. It seems unnecessary to assign a potentially invalid value to a local variable before checking the validation result. Status = SafeUint64ToUint32 (BaseAddress, &mPlatformFvBaseAddress[0].FvBase); NvStorageBaseAddress = mPlatformFvBaseAddress[0].FvBase; if (EFI_ERROR (Status)) { ASSERT_EFI_ERROR (Status); DEBUG ((DEBUG_ERROR, "[%a] - 64-bit variable storage base address not supported.\n", __FUNCTION__)); return; } --- (similar for NvStorageFvSize) Thanks, Michael On 2/8/2023 5:17 PM, Chiu, Chasel wrote:
When invalid VariableStore FV header detected, current SpiFvbService |
|
|
|
Chiu, Chasel
Thanks Michael! I will apply the change during merging!
toggle quoted message
Show quoted text
-----Original Message----- |
|
|
|
Isaac Oram
Reviewed-by: Isaac Oram <isaac.w.oram@...>
toggle quoted message
Show quoted text
At some point, we should work to comment the related flows better so that code is clear on the different responsibilities for the different paths through first boots, normal scenarios, reclaims, and error remediation. For now though, this is fine. Regards, Isaac -----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael Kubacki Sent: Wednesday, February 8, 2023 4:41 PM To: devel@edk2.groups.io; Chiu, Chasel <chasel.chiu@...> Cc: S, Ashraf Ali <ashraf.ali.s@...>; Oram, Isaac W <isaac.w.oram@...>; Chaganty, Rangasai V <rangasai.v.chaganty@...>; Ni, Ray <ray.ni@...>; Kubacki, Michael <michael.kubacki@...> Subject: Re: [edk2-devel] [edk2-platforms: PATCH v4] IntelSiliconPkg/SpiFvbServiceSmm: Rewrite VariableStore header. Reviewed-by: Michael Kubacki <michael.kubacki@...> On the following lines, I recommend moving the assignment until after the if block. It seems unnecessary to assign a potentially invalid value to a local variable before checking the validation result. Status = SafeUint64ToUint32 (BaseAddress, &mPlatformFvBaseAddress[0].FvBase); NvStorageBaseAddress = mPlatformFvBaseAddress[0].FvBase; if (EFI_ERROR (Status)) { ASSERT_EFI_ERROR (Status); DEBUG ((DEBUG_ERROR, "[%a] - 64-bit variable storage base address not supported.\n", __FUNCTION__)); return; } --- (similar for NvStorageFvSize) Thanks, Michael On 2/8/2023 5:17 PM, Chiu, Chasel wrote: When invalid VariableStore FV header detected, current SpiFvbService |
|
|
|
Chiu, Chasel
Thanks Isaac!
toggle quoted message
Show quoted text
-----Original Message----- |
|
|
|
Chiu, Chasel
Bug fix patch has been merged: https://github.com/tianocore/edk2-platforms/commit/e95c7988994c73918ffa282e2d2f5af11f8addc4
toggle quoted message
Show quoted text
Thanks, Chasel -----Original Message----- |
|
|