BaseTools: Add authenticated variable store support

In order to support secure boot with authenticated type variable store and non secure boot with normal type variable store, add one flag to switch them. User can append '-D VPD_AUTHENTICATED_VARIABLE_STORE' to build command to enable authenticated type varaible store. Also, user can add 'VPD_AUTHENTICATED_VARIABLE_STORE = TRUE/FALSE' to the defines section of Dsc file to switch authenticated/normal type variable store. VPD_AUTHENTICATED_VARIABLE_STORE is a new reserved key word for this function. Signed-off-by: Chen Lin Z <lin.z.chen@intel.com> Cc: Bob Feng <bob.c.feng@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Bob Feng <bob.c.feng@intel.com>
2021-11-04 19:28:53 +08:00 · 2021-11-04 19:28:53 +08:00 · 22c3b5a865
parent 8c8867c5da
commit 22c3b5a865
3 changed files with 59 additions and 3 deletions
--- a/BaseTools/Source/Python/AutoGen/GenVar.py
+++ b/BaseTools/Source/Python/AutoGen/GenVar.py
@ -15,6 +15,7 @@ from Common.VariableAttributes import VariableAttributes
 from Common.Misc import *
 import collections
 import Common.DataType as DataType
+import Common.GlobalData as GlobalData

 var_info = collections.namedtuple("uefi_var", "pcdindex,pcdname,defaultstoragename,skuname,var_name, var_guid, var_offset,var_attribute,pcd_default_value, default_value, data_type,PcdDscLine,StructurePcd")
 NvStorageHeaderSize = 28
@ -173,11 +174,16 @@ class VariableMgr(object):
            offset += VariableHeaderSize + len(default_info.var_name.split(","))
            var_data_offset[default_info.pcdindex] = offset
            offset += data_size - len(default_info.var_name.split(","))
-
-            var_header_buffer = VariableMgr.PACK_VARIABLE_HEADER(var_attr_value, len(default_info.var_name.split(",")), len (default_data), vendorguid)
+            if GlobalData.gCommandLineDefines.get(TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE,"FALSE").upper() == "TRUE":
+                var_header_buffer = VariableMgr.PACK_AUTHENTICATED_VARIABLE_HEADER(var_attr_value, len(default_info.var_name.split(",")), len (default_data), vendorguid)
+            else:
+                var_header_buffer = VariableMgr.PACK_VARIABLE_HEADER(var_attr_value, len(default_info.var_name.split(",")), len (default_data), vendorguid)
            NvStoreDataBuffer += (var_header_buffer + DataBuffer)

-        variable_storage_header_buffer = VariableMgr.PACK_VARIABLE_STORE_HEADER(len(NvStoreDataBuffer) + 28)
+        if GlobalData.gCommandLineDefines.get(TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE,"FALSE").upper() == "TRUE":
+            variable_storage_header_buffer = VariableMgr.PACK_AUTHENTICATED_VARIABLE_STORE_HEADER(len(NvStoreDataBuffer) + 28)
+        else:
+            variable_storage_header_buffer = VariableMgr.PACK_VARIABLE_STORE_HEADER(len(NvStoreDataBuffer) + 28)

        nv_default_part = VariableMgr.AlignData(VariableMgr.PACK_DEFAULT_DATA(0, 0, VariableMgr.unpack_data(variable_storage_header_buffer+NvStoreDataBuffer)), 8)

@ -252,6 +258,20 @@ class VariableMgr(object):

        return GuidBuffer + SizeBuffer + FormatBuffer + StateBuffer + reservedBuffer

+    def PACK_AUTHENTICATED_VARIABLE_STORE_HEADER(size):
+        #Signature: gEfiAuthenticatedVariableGuid
+        Guid = "{ 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}"
+        Guid = GuidStructureStringToGuidString(Guid)
+        GuidBuffer = PackGUID(Guid.split('-'))
+
+        SizeBuffer = pack('=L', size)
+        FormatBuffer = pack('=B', 0x5A)
+        StateBuffer = pack('=B', 0xFE)
+        reservedBuffer = pack('=H', 0)
+        reservedBuffer += pack('=L', 0)
+
+        return GuidBuffer + SizeBuffer + FormatBuffer + StateBuffer + reservedBuffer
+
    @staticmethod
    def PACK_NV_STORE_DEFAULT_HEADER(size, maxsize):
        Signature = pack('=B', ord('N'))
@ -279,6 +299,37 @@ class VariableMgr(object):

        return Buffer

+    @staticmethod
+    def PACK_AUTHENTICATED_VARIABLE_HEADER(attribute, namesize, datasize, vendorguid):
+
+        Buffer = pack('=H', 0x55AA)    # pack StartID
+        Buffer += pack('=B', 0x3F)     # pack State
+        Buffer += pack('=B', 0)        # pack reserved
+
+        Buffer += pack('=L', attribute)
+
+        Buffer += pack('=Q', 0)        # pack MonotonicCount
+        Buffer += pack('=HBBBBBBLhBB', # pack TimeStamp
+                         0,            # UINT16 Year
+                         0,            # UINT8  Month
+                         0,            # UINT8  Day
+                         0,            # UINT8  Hour
+                         0,            # UINT8  Minute
+                         0,            # UINT8  Second
+                         0,            # UINT8  Pad1
+                         0,            # UINT32 Nanosecond
+                         0,            # INT16  TimeZone
+                         0,            # UINT8  Daylight
+                         0)            # UINT8  Pad2
+        Buffer += pack('=L', 0)        # pack PubKeyIndex
+
+        Buffer += pack('=L', namesize)
+        Buffer += pack('=L', datasize)
+
+        Buffer += PackGUID(vendorguid)
+
+        return Buffer
+
    @staticmethod
    def PACK_VARIABLES_DATA(var_value,data_type, tail = None):
        Buffer = bytearray()
--- a/BaseTools/Source/Python/Common/DataType.py
+++ b/BaseTools/Source/Python/Common/DataType.py
@ -406,6 +406,7 @@ TAB_DSC_DEFINES_SKUID_IDENTIFIER = 'SKUID_IDENTIFIER'
 TAB_DSC_DEFINES_PCD_INFO_GENERATION = 'PCD_INFO_GENERATION'
 TAB_DSC_DEFINES_PCD_DYNAMIC_AS_DYNAMICEX = 'PCD_DYNAMIC_AS_DYNAMICEX'
 TAB_DSC_DEFINES_PCD_VAR_CHECK_GENERATION = 'PCD_VAR_CHECK_GENERATION'
+TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE = 'VPD_AUTHENTICATED_VARIABLE_STORE'
 TAB_DSC_DEFINES_FLASH_DEFINITION = 'FLASH_DEFINITION'
 TAB_DSC_DEFINES_BUILD_NUMBER = 'BUILD_NUMBER'
 TAB_DSC_DEFINES_MAKEFILE_NAME = 'MAKEFILE_NAME'
--- a/BaseTools/Source/Python/Workspace/DscBuildData.py
+++ b/BaseTools/Source/Python/Workspace/DscBuildData.py
@ -387,6 +387,10 @@ class DscBuildData(PlatformBuildClassObject):
                for i in range(0, len(LanguageCodes), 3):
                    LanguageList.append(LanguageCodes[i:i + 3])
                self._ISOLanguages = LanguageList
+            elif Name == TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE:
+                if TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE not in gCommandLineDefines:
+                    gCommandLineDefines[TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE] = Record[2].strip()
+
            elif Name == TAB_DSC_DEFINES_VPD_TOOL_GUID:
                #
                # try to convert GUID to a real UUID value to see whether the GUID is format