OvmfPkg/EmuVariableFvbRuntimeDxe: Add support for PcdSecureBootEnable

When PcdSecureBootEnable is true, the authenticated variable FV is created. Otherwise the standard FV is created. Signed-off-by: lgrosenb Reviewed-by: jljusten Reviewed-by: mdkinney git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13092 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-09 17:38:35 +00:00 · 2012-03-09 17:38:35 +00:00 · bdf93df856
parent e05061c59f
commit bdf93df856
2 changed files with 81 additions and 1 deletions
--- a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c
+++ b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c
@ -34,6 +34,9 @@
 #include <Library/PlatformFvbLib.h>
 #include "Fvb.h"

+#define EFI_AUTHENTICATED_VARIABLE_GUID \
+{ 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
+
 //
 // Virtual Address Change Event
 //
@ -622,6 +625,9 @@ InitializeFvAndVariableStoreHeaders (
  IN  VOID   *Ptr
  )
 {
+  //
+  // Templates for standard (non-authenticated) variable FV header
+  //
  STATIC FVB_FV_HDR_AND_VARS_TEMPLATE FvAndVarTemplate = {
    { // EFI_FIRMWARE_VOLUME_HEADER FvHdr;
      // UINT8                     ZeroVector[16];
@ -684,12 +690,83 @@ InitializeFvAndVariableStoreHeaders (
      0
    }
  };
+
+  //
+  // Templates for authenticated variable FV header
+  //
+  STATIC FVB_FV_HDR_AND_VARS_TEMPLATE FvAndAuthenticatedVarTemplate = {
+    { // EFI_FIRMWARE_VOLUME_HEADER FvHdr;
+      // UINT8                     ZeroVector[16];
+      { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
+
+      // EFI_GUID                  FileSystemGuid;
+      EFI_SYSTEM_NV_DATA_FV_GUID,
+
+      // UINT64                    FvLength;
+      EMU_FVB_SIZE,
+
+      // UINT32                    Signature;
+      EFI_FVH_SIGNATURE,
+
+      // EFI_FVB_ATTRIBUTES_2      Attributes;
+      0x4feff,
+
+      // UINT16                    HeaderLength;
+      EMU_FV_HEADER_LENGTH,
+
+      // UINT16                    Checksum;
+      0,
+
+      // UINT16                    ExtHeaderOffset;
+      0,
+
+      // UINT8                     Reserved[1];
+      0,
+
+      // UINT8                     Revision;
+      EFI_FVH_REVISION,
+
+      // EFI_FV_BLOCK_MAP_ENTRY    BlockMap[1];
+      { 2, // UINT32 NumBlocks;
+        EMU_FVB_BLOCK_SIZE  // UINT32 Length;
+      }
+    },
+    // EFI_FV_BLOCK_MAP_ENTRY     EndBlockMap;
+    { 0, 0 }, // End of block map
+    { // VARIABLE_STORE_HEADER      VarHdr;
+        // EFI_GUID  Signature;     // need authenticated variables for secure boot
+        EFI_AUTHENTICATED_VARIABLE_GUID,
+
+      // UINT32  Size;
+      (
+        FixedPcdGet32 (PcdVariableStoreSize) -
+        OFFSET_OF (FVB_FV_HDR_AND_VARS_TEMPLATE, VarHdr)
+      ),
+
+      // UINT8   Format;
+      VARIABLE_STORE_FORMATTED,
+
+      // UINT8   State;
+      VARIABLE_STORE_HEALTHY,
+
+      // UINT16  Reserved;
+      0,
+
+      // UINT32  Reserved1;
+      0
+    }
+  };
+
  EFI_FIRMWARE_VOLUME_HEADER  *Fv;

  //
  // Copy the template structure into the location
  //
-  CopyMem (Ptr, (VOID*)&FvAndVarTemplate, sizeof (FvAndVarTemplate));
+  if (FeaturePcdGet (PcdSecureBootEnable) == FALSE) {
+    CopyMem (Ptr, (VOID*)&FvAndVarTemplate, sizeof (FvAndVarTemplate));
+  } else {
+    CopyMem (Ptr, (VOID*)&FvAndAuthenticatedVarTemplate, sizeof (FvAndAuthenticatedVarTemplate));
+  }

  //
  // Update the checksum for the FV header
--- a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
+++ b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
@ -68,6 +68,9 @@
  gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase
  gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved

+[FeaturePcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable
+
 [Depex]
  TRUE