1. Edk2 | Devel
  2. Topics

[PATCH v1 2/6] UefiPayloadPkg: Add secureboot information HOBs

Subash Lakkimsetti
 

From: Subash Lakkimsetti <subash.lakkimsetti@...>

This patch add the HOB fpr secure and measured boot
information. This is populated by bootloader phase
and uefipayload pkg uses this info to sync the TPM
info PCDs.

Cc: Guo Dong <guo.dong@...>
Cc: Ray Ni <ray.ni@...>
Cc: Sean Rhodes <sean@...>
Cc: James Lu <james.lu@...>
Cc: Gua Guo <gua.guo@...>
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@...>
---
UefiPayloadPkg/BlSupportDxe/BlSupportDxe.c | 77 +++++++++++++++++++-
UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf | 13 +++-
UefiPayloadPkg/UefiPayloadPkg.dec | 4 +-
UefiPayloadPkg/UefiPayloadPkg.dsc | 2 +
4 files changed, 92 insertions(+), 4 deletions(-)

diff --git a/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.c b/UefiPayloadPkg/Bl=
SupportDxe/BlSupportDxe.c
index 2e70c4533c..7415507ec6 100644
--- a/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.c
+++ b/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.c
@@ -2,11 +2,14 @@
This driver will report some MMIO/IO resources to dxe core, extract smbi=
os and acpi=0D
tables from bootloader.=0D
=0D
- Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved.<BR>=0D
+ Copyright (c) 2014 - 2023, Intel Corporation. All rights reserved.<BR>=0D
SPDX-License-Identifier: BSD-2-Clause-Patent=0D
=0D
**/=0D
#include "BlSupportDxe.h"=0D
+#include <Library/DebugLib.h>=0D
+#include <Library/PcdLib.h>=0D
+#include <Include/UniversalPayload/SecureBootInfoGuid.h>=0D
=0D
/**=0D
Reserve MMIO/IO resource in GCD=0D
@@ -86,6 +89,73 @@ ReserveResourceInGcd (
return Status;=0D
}=0D
=0D
+/**=0D
+Sync the Secure boot hob info and TPM PCD as per the information passed fr=
om Bootloader.=0D
+**/=0D
+EFI_STATUS=0D
+BlSupportSecurityPcdSync (=0D
+ VOID=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ EFI_HOB_GUID_TYPE *GuidHob;=0D
+ UNIVERSAL_SECURE_BOOT_INFO *SecurebootInfoHob;=0D
+ UINTN Size;=0D
+=0D
+ GuidHob =3D GetFirstGuidHob (&gUniversalPayloadSecureBootInfoGuid);=0D
+ if (GuidHob =3D=3D NULL) {=0D
+ DEBUG ((DEBUG_ERROR, "gUniversalPayloadSecureBootInfoGuid Not Found!\n=
"));=0D
+ return EFI_UNSUPPORTED;=0D
+ }=0D
+=0D
+ SecurebootInfoHob =3D (UNIVERSAL_SECURE_BOOT_INFO *)GET_GUID_HOB_DATA (G=
uidHob);=0D
+=0D
+ // Sync the Hash mask for TPM 2.0 as per active PCR banks.=0D
+ // Make sure that the current PCR allocations, the TPM supported PCRs,=0D
+ // and the PcdTpm2HashMask are all in agreement.=0D
+ Status =3D PcdSet32S (PcdTpm2HashMask, SecurebootInfoHob->TpmPcrActivePc=
rBanks);=0D
+ ASSERT_EFI_ERROR (Status);=0D
+ DEBUG ((DEBUG_INFO, "TpmPcrActivePcrBanks 0x%x \n", SecurebootInfoHob->T=
pmPcrActivePcrBanks));=0D
+=0D
+ // Set the Firmware debugger PCD=0D
+ Status =3D PcdSetBoolS (PcdFirmwareDebuggerInitialized, SecurebootInfoHo=
b->FirmwareDebuggerInitialized);=0D
+ ASSERT_EFI_ERROR (Status);=0D
+ DEBUG ((DEBUG_INFO, " FirmwareDebugger Initialized 0x%x \n", SecurebootI=
nfoHob->FirmwareDebuggerInitialized));=0D
+=0D
+ // Set the TPM Type instance GUID=0D
+ if (SecurebootInfoHob->MeasuredBootEnabled) {=0D
+ if (SecurebootInfoHob->TpmType =3D=3D TPM_TYPE_20) {=0D
+ DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));=0D
+ Size =3D sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);=0D
+ Status =3D PcdSetPtrS (=0D
+ PcdTpmInstanceGuid,=0D
+ &Size,=0D
+ &gEfiTpmDeviceInstanceTpm20DtpmGuid=0D
+ );=0D
+ } else if (SecurebootInfoHob->TpmType =3D=3D TPM_TYPE_12) {=0D
+ DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__));=0D
+ Size =3D sizeof (gEfiTpmDeviceInstanceTpm12Guid);=0D
+ Status =3D PcdSetPtrS (=0D
+ PcdTpmInstanceGuid,=0D
+ &Size,=0D
+ &gEfiTpmDeviceInstanceTpm12Guid=0D
+ );=0D
+ } else {=0D
+ DEBUG ((DEBUG_INFO, "%a: No TPM detected\n", __FUNCTION__));=0D
+ Size =3D sizeof (gEfiTpmDeviceInstanceNoneGuid);=0D
+ Status =3D PcdSetPtrS (=0D
+ PcdTpmInstanceGuid,=0D
+ &Size,=0D
+ &gEfiTpmDeviceInstanceNoneGuid=0D
+ );=0D
+ }=0D
+=0D
+ ASSERT_EFI_ERROR (Status);=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
/**=0D
Main entry for the bootloader support DXE module.=0D
=0D
@@ -144,5 +214,10 @@ BlDxeEntryPoint (
ASSERT_EFI_ERROR (Status);=0D
}=0D
=0D
+ //=0D
+ // Sync Bootloader info for TPM=0D
+ //=0D
+ BlSupportSecurityPcdSync ();=0D
+=0D
return EFI_SUCCESS;=0D
}=0D
diff --git a/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf b/UefiPayloadPkg/=
BlSupportDxe/BlSupportDxe.inf
index 96d85d2b1d..162167e6bb 100644
--- a/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf
+++ b/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf
@@ -3,7 +3,7 @@
#=0D
# Report some MMIO/IO resources to dxe core, extract smbios and acpi table=
s=0D
#=0D
-# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved.<BR>=
=0D
+# Copyright (c) 2014 - 2023, Intel Corporation. All rights reserved.<BR>=
=0D
#=0D
# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
#=0D
@@ -30,6 +30,7 @@
[Packages]=0D
MdePkg/MdePkg.dec=0D
MdeModulePkg/MdeModulePkg.dec=0D
+ SecurityPkg/SecurityPkg.dec=0D
UefiPayloadPkg/UefiPayloadPkg.dec=0D
=0D
[LibraryClasses]=0D
@@ -44,6 +45,10 @@
[Guids]=0D
gUefiAcpiBoardInfoGuid=0D
gEfiGraphicsInfoHobGuid=0D
+ gUniversalPayloadSecureBootInfoGuid=0D
+ gEfiTpmDeviceInstanceTpm20DtpmGuid=0D
+ gEfiTpmDeviceInstanceTpm12Guid=0D
+ gEfiTpmDeviceInstanceNoneGuid=0D
=0D
[Pcd]=0D
gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution=0D
@@ -52,6 +57,10 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution=0D
gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress=0D
gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseSize=0D
-=0D
+ ## SOMETIMES_CONSUMES=0D
+ ## SOMETIMES_PRODUCES=0D
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask=0D
+ gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized=0D
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid=0D
[Depex]=0D
TRUE=0D
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dec b/UefiPayloadPkg/UefiPayload=
Pkg.dec
index 7d61d6eeae..20981af295 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dec
+++ b/UefiPayloadPkg/UefiPayloadPkg.dec
@@ -3,7 +3,7 @@
#=0D
# Provides drivers and definitions to create uefi payload for bootloaders.=
=0D
#=0D
-# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved.<BR>=0D
+# Copyright (c) 2014 - 2023, Intel Corporation. All rights reserved.<BR>=0D
# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
#=0D
##=0D
@@ -42,6 +42,8 @@
gSpiFlashInfoGuid =3D { 0x2d4aac1b, 0x91a5, 0x4cd5, { 0x9b, 0x5c,=
0xb4, 0x0f, 0x5d, 0x28, 0x51, 0xa1 } }=0D
gSmmRegisterInfoGuid =3D { 0xaa9bd7a7, 0xcafb, 0x4499, { 0xa4, 0xa9,=
0xb, 0x34, 0x6b, 0x40, 0xa6, 0x22 } }=0D
gS3CommunicationGuid =3D { 0x88e31ba1, 0x1856, 0x4b8b, { 0xbb, 0xdf,=
0xf8, 0x16, 0xdd, 0x94, 0xa, 0xef } }=0D
+ gUniversalPayloadSecureBootInfoGuid =3D { 0xd970f847, 0x07dd, 0x4b2=
4, { 0x9e, 0x1e, 0xae, 0x6c, 0x80, 0x9b, 0x1d, 0x38 } }=0D
+=0D
=0D
[Ppis]=0D
gEfiPayLoadHobBasePpiGuid =3D { 0xdbe23aa1, 0xa342, 0x4b97, {0x85, 0xb6,=
0xb2, 0x26, 0xf1, 0x61, 0x73, 0x89} }=0D
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayload=
Pkg.dsc
index bca5d3f335..2f5c70ec9c 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -579,6 +579,8 @@
=0D
gPcAtChipsetPkgTokenSpaceGuid.PcdRtcIndexRegister|$(RTC_INDEX_REGISTER)=
=0D
gPcAtChipsetPkgTokenSpaceGuid.PcdRtcTargetRegister|$(RTC_TARGET_REGISTER=
)=0D
+ gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized|FALSE=0D
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x5a, 0xf2, 0x6b, 0x28=
, 0xc3, 0xc2, 0x8c, 0x40, 0xb3, 0xb4, 0x25, 0xe6, 0x75, 0x8b, 0x73, 0x17}=0D
=0D
##########################################################################=
######=0D
#=0D
--=20
2.39.1.windows.1

1 - 1 of 1