CryptoPkg/Driver: Add Crypto PEIM, DXE, and SMM modules
https://bugzilla.tianocore.org/show_bug.cgi?id=2420
Based on the following package with changes to merge into
CryptoPkg.
https://github.com/microsoft/mu_plus/tree/dev/201908/SharedCryptoPkg
Add the CryptoPei, CryptoDxe, and CryptoSmm modules that produce
EDK II Crypto Protocols/PPIs that provide the same services as
the BaseCryptLib class.
In order to optimize the size of CryptoPei, CryptoDxe, and
CryptoSmm modules for a specific platform, the FixedAtBuild
PCD gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable
is used to determine if a specific service is enabled or
disabled. If a service is enabled, then a call is made to
the BaseCryptLib service. If the service is disabled, then
a DEBUG() message and ASSERT() are performed and a default
return value is returned. This provides simple detection
of a service that is disabled but is used by another module
when DEBUG()/ASSERT() macros are enabled.
The use of a FixedAtBuild PCD is required so the compiler
and linker know each services enable/disable setting at
build time and allows disabled services to be optimized away.
CryptoPei supports both pre-mem and post-mem use cases.
If CryptoPei is initially dispatched pre-mmem, the the
register for shadow service is used so the Crypto PPI can
be reinstalled post-mem.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-11-21 18:24:41 +01:00
|
|
|
/** @file
|
|
|
|
|
Installs the EDK II Crypto PPI. If this PEIM is dispatched before memory is
|
|
|
|
|
discovered, the RegisterForShadow() feature is used to reload this PEIM into
|
|
|
|
|
memory after memory is discovered.
|
|
|
|
|
|
|
|
|
|
Copyright (C) Microsoft Corporation. All rights reserved.
|
|
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
|
|
#include <PiPei.h>
|
|
|
|
|
#include <Library/PeiServicesLib.h>
|
|
|
|
|
#include <Library/DebugLib.h>
|
|
|
|
|
#include <Ppi/Crypto.h>
|
|
|
|
|
|
|
|
|
|
extern CONST EDKII_CRYPTO_PROTOCOL mEdkiiCrypto;
|
|
|
|
|
|
|
|
|
|
CONST EFI_PEI_PPI_DESCRIPTOR mEdkiiCryptoPpiList = {
|
|
|
|
|
(EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
|
|
|
|
|
&gEdkiiCryptoPpiGuid,
|
2021-12-05 23:53:54 +01:00
|
|
|
(EDKII_CRYPTO_PPI *)&mEdkiiCrypto
|
CryptoPkg/Driver: Add Crypto PEIM, DXE, and SMM modules
https://bugzilla.tianocore.org/show_bug.cgi?id=2420
Based on the following package with changes to merge into
CryptoPkg.
https://github.com/microsoft/mu_plus/tree/dev/201908/SharedCryptoPkg
Add the CryptoPei, CryptoDxe, and CryptoSmm modules that produce
EDK II Crypto Protocols/PPIs that provide the same services as
the BaseCryptLib class.
In order to optimize the size of CryptoPei, CryptoDxe, and
CryptoSmm modules for a specific platform, the FixedAtBuild
PCD gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable
is used to determine if a specific service is enabled or
disabled. If a service is enabled, then a call is made to
the BaseCryptLib service. If the service is disabled, then
a DEBUG() message and ASSERT() are performed and a default
return value is returned. This provides simple detection
of a service that is disabled but is used by another module
when DEBUG()/ASSERT() macros are enabled.
The use of a FixedAtBuild PCD is required so the compiler
and linker know each services enable/disable setting at
build time and allows disabled services to be optimized away.
CryptoPei supports both pre-mem and post-mem use cases.
If CryptoPei is initially dispatched pre-mmem, the the
register for shadow service is used so the Crypto PPI can
be reinstalled post-mem.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-11-21 18:24:41 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
Entry to CryptoPeiEntry.
|
|
|
|
|
|
|
|
|
|
@param FileHandle The image handle.
|
|
|
|
|
@param PeiServices The PEI services table.
|
|
|
|
|
|
|
|
|
|
@retval Status From internal routine or boot object, should not fail
|
|
|
|
|
**/
|
|
|
|
|
EFI_STATUS
|
|
|
|
|
EFIAPI
|
|
|
|
|
CryptoPeiEntry (
|
|
|
|
|
IN EFI_PEI_FILE_HANDLE FileHandle,
|
|
|
|
|
IN CONST EFI_PEI_SERVICES **PeiServices
|
|
|
|
|
)
|
|
|
|
|
{
|
|
|
|
|
EFI_STATUS Status;
|
|
|
|
|
VOID *MemoryDiscoveredPpi;
|
|
|
|
|
EDKII_CRYPTO_PPI *EdkiiCryptoPpi;
|
|
|
|
|
EFI_PEI_PPI_DESCRIPTOR *EdkiiCryptoPpiDescriptor;
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Not all Open SSL services support XIP due to use of global variables.
|
|
|
|
|
// Use gEfiPeiMemoryDiscoveredPpiGuid to detect Pre-Mem and Post-Mem and
|
|
|
|
|
// always shadow this module in memory in Post-Mem.
|
|
|
|
|
//
|
|
|
|
|
Status = PeiServicesLocatePpi (
|
2021-12-05 23:53:54 +01:00
|
|
|
&gEfiPeiMemoryDiscoveredPpiGuid,
|
|
|
|
|
0,
|
|
|
|
|
NULL,
|
|
|
|
|
(VOID **)&MemoryDiscoveredPpi
|
|
|
|
|
);
|
CryptoPkg/Driver: Add Crypto PEIM, DXE, and SMM modules
https://bugzilla.tianocore.org/show_bug.cgi?id=2420
Based on the following package with changes to merge into
CryptoPkg.
https://github.com/microsoft/mu_plus/tree/dev/201908/SharedCryptoPkg
Add the CryptoPei, CryptoDxe, and CryptoSmm modules that produce
EDK II Crypto Protocols/PPIs that provide the same services as
the BaseCryptLib class.
In order to optimize the size of CryptoPei, CryptoDxe, and
CryptoSmm modules for a specific platform, the FixedAtBuild
PCD gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable
is used to determine if a specific service is enabled or
disabled. If a service is enabled, then a call is made to
the BaseCryptLib service. If the service is disabled, then
a DEBUG() message and ASSERT() are performed and a default
return value is returned. This provides simple detection
of a service that is disabled but is used by another module
when DEBUG()/ASSERT() macros are enabled.
The use of a FixedAtBuild PCD is required so the compiler
and linker know each services enable/disable setting at
build time and allows disabled services to be optimized away.
CryptoPei supports both pre-mem and post-mem use cases.
If CryptoPei is initially dispatched pre-mmem, the the
register for shadow service is used so the Crypto PPI can
be reinstalled post-mem.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-11-21 18:24:41 +01:00
|
|
|
if (Status == EFI_NOT_FOUND) {
|
|
|
|
|
//
|
|
|
|
|
// CryptoPei is dispatched before gEfiPeiMemoryDiscoveredPpiGuid
|
|
|
|
|
//
|
|
|
|
|
Status = PeiServicesRegisterForShadow (FileHandle);
|
|
|
|
|
ASSERT_EFI_ERROR (Status);
|
|
|
|
|
if (!EFI_ERROR (Status)) {
|
|
|
|
|
//
|
|
|
|
|
// First CryptoPpi installation. CryptoPei could come from memory or flash
|
|
|
|
|
// it will be re-installed after gEfiPeiMemoryDiscoveredPpiGuid
|
|
|
|
|
//
|
|
|
|
|
DEBUG ((DEBUG_INFO, "CryptoPeiEntry: Install Pre-Memory Crypto PPI\n"));
|
|
|
|
|
Status = PeiServicesInstallPpi (&mEdkiiCryptoPpiList);
|
|
|
|
|
ASSERT_EFI_ERROR (Status);
|
|
|
|
|
}
|
|
|
|
|
} else if (Status == EFI_SUCCESS) {
|
|
|
|
|
//
|
|
|
|
|
// CryptoPei is dispatched after gEfiPeiMemoryDiscoveredPpiGuid
|
|
|
|
|
//
|
|
|
|
|
Status = PeiServicesLocatePpi (
|
|
|
|
|
&gEdkiiCryptoPpiGuid,
|
|
|
|
|
0,
|
|
|
|
|
&EdkiiCryptoPpiDescriptor,
|
|
|
|
|
(VOID **)&EdkiiCryptoPpi
|
|
|
|
|
);
|
|
|
|
|
if (!EFI_ERROR (Status)) {
|
|
|
|
|
//
|
|
|
|
|
// CryptoPei was also dispatched before gEfiPeiMemoryDiscoveredPpiGuid
|
|
|
|
|
//
|
2021-12-05 23:53:54 +01:00
|
|
|
DEBUG ((DEBUG_INFO, "CryptoPeiEntry: ReInstall Post-Memmory Crypto PPI\n"));
|
CryptoPkg/Driver: Add Crypto PEIM, DXE, and SMM modules
https://bugzilla.tianocore.org/show_bug.cgi?id=2420
Based on the following package with changes to merge into
CryptoPkg.
https://github.com/microsoft/mu_plus/tree/dev/201908/SharedCryptoPkg
Add the CryptoPei, CryptoDxe, and CryptoSmm modules that produce
EDK II Crypto Protocols/PPIs that provide the same services as
the BaseCryptLib class.
In order to optimize the size of CryptoPei, CryptoDxe, and
CryptoSmm modules for a specific platform, the FixedAtBuild
PCD gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable
is used to determine if a specific service is enabled or
disabled. If a service is enabled, then a call is made to
the BaseCryptLib service. If the service is disabled, then
a DEBUG() message and ASSERT() are performed and a default
return value is returned. This provides simple detection
of a service that is disabled but is used by another module
when DEBUG()/ASSERT() macros are enabled.
The use of a FixedAtBuild PCD is required so the compiler
and linker know each services enable/disable setting at
build time and allows disabled services to be optimized away.
CryptoPei supports both pre-mem and post-mem use cases.
If CryptoPei is initially dispatched pre-mmem, the the
register for shadow service is used so the Crypto PPI can
be reinstalled post-mem.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-11-21 18:24:41 +01:00
|
|
|
Status = PeiServicesReInstallPpi (
|
|
|
|
|
EdkiiCryptoPpiDescriptor,
|
|
|
|
|
&mEdkiiCryptoPpiList
|
|
|
|
|
);
|
|
|
|
|
ASSERT_EFI_ERROR (Status);
|
|
|
|
|
} else {
|
|
|
|
|
DEBUG ((DEBUG_INFO, "CryptoPeiEntry: Install Post-Memmory Crypto PPI\n"));
|
|
|
|
|
Status = PeiServicesInstallPpi (&mEdkiiCryptoPpiList);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
ASSERT_EFI_ERROR (Status);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
