Commit Graph

19 Commits

Author SHA1 Message Date
Stefan Berger c806b76865 ArmVirtPkg: Disable the TPM2 platform hierarchy
Disable the TPM2 platform hierarchy by directly calling
ConfigureTpmPlatformHierarchy().

Per the TCG firmware specification "TCG PC Client Platform Firmware Profile
Specification" the TPM 2 platform hierarchy needs to be disabled or a
random password set and discarded before the firmware passes control to the
next stage bootloader or kernel.

Current specs are here:
https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf

Section 11 states:
"Platform Firmware MUST protect access to the Platform Hierarchy
and prevent access to the platform hierarchy by non-manufacturer-
controlled components."

Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3510
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
2021-10-05 09:54:11 +00:00
Stefan Berger b3685956d2 ArmVirtPkg: Reference new TPM classes in the build system for compilation
We just added the same functionality to the OvmfPkg. However, on x86, we
could use the notification mechanism around
gEfiDxeSmmReadyToLockProtocolGuid to indirectly invoke
ConfigureTpmPlatformHierarchy(). Since ARM does not have an SMM mode, we
have to use direct invocation of this function at the same place in
PlatformBootManagerBeforeConsole() as it is called on x86.

Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3510
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
2021-10-05 09:54:11 +00:00
Ard Biesheuvel 364e0b4cda ArmVirtPkg/PlatformBootManagerLib: switch to separate QEMU loader
Drop the QEMU loader file system implementation inside this library,
and switch to the separate QemuLoadImageLib library and the associated
driver to expose the kernel and initrd passed via the QEMU command line.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2566
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2020-03-05 19:45:05 +00:00
Laszlo Ersek 7288ff4095 ArmVirtPkg/PlatformBootManagerLib: sync Timeout with PcdPlatformBootTimeOut
Set the Timeout global variable to the same value as
PcdPlatformBootTimeOut. This way the "setvar" command in the UEFI shell,
and the "efibootmgr" command in a Linux guest, can report the front page
timeout that was requested on the QEMU command line (see
GetFrontPageTimeoutFromQemu()).

A DEBUG_VERBOSE message is logged on success too, for our QE team's sake.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200304094413.19462-3-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
2020-03-05 08:55:21 +00:00
Michael D Kinney 9792fb0e65 ArmVirtPkg: Replace BSD License with BSD+Patent License
https://bugzilla.tianocore.org/show_bug.cgi?id=1373

Replace BSD 2-Clause License with BSD+Patent License.  This change is
based on the following emails:

  https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html
  https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html

RFCs with detailed process for the license change:

  V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html
  V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html
  V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2019-04-09 09:10:21 -07:00
Laszlo Ersek 1797f32e0a ArmVirtPkg/PlatformBootManagerLib: display boot option loading/starting
Consume PlatformBmPrintScLib, added earlier in this series. When
BdsDxe+UefiBootManagerLib report LoadImage() / StartImage() preparations
and return statuses, print the reports to the UEFI console. This allows
end-users better visibility into the boot process.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1515418
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2019-02-25 11:51:37 +01:00
Ard Biesheuvel 97399f2d6f ArmVirtPkg/PlatformBootManagerLib: add missing report status code call
Consumers of status code reports may rely on a status code to be
reported when the ReadyToBoot event is signalled. For instance,
FirmwarePerformanceDxe will fail to install the FPDT ACPI table
in this case. So add the missing call.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2018-05-29 10:43:42 +02:00
Laszlo Ersek c4add6b6e9 ArmVirtPkg/PlatformBootManagerLib: connect Virtio RNG devices again
Virtio RNG devices are never boot devices, so in commit ff1d0fbfba we
stopped connecting them. This is a problem because an OS boot loader may
depend on EFI_RNG_PROTOCOL to seed the OS's RNG.

Connect Virtio RNG devices again. And, while commit ff1d0fbfba removed
that from PlatformBootManagerAfterConsole(), reintroduce it now to
PlatformBootManagerBeforeConsole() -- this way Driver#### options launched
between both functions may access EFI_RNG_PROTOCOL too.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Fixes: ff1d0fbfba
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1579518
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2018-05-18 13:51:04 +02:00
Laszlo Ersek 9c4ed79c94 ArmVirtPkg/PlatformBootManagerLib: list "PlatformBm.h" in INF file
The header file declares TryRunningQemuKernel(), defined in "QemuKernel.c"
and called from "PlatformBm.c".

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Suggested-by: Michael Kinney <michael.d.kinney@intel.com>
Ref: http://mid.mail-archive.com/E92EE9817A31E24EB0585FDF735412F56327F7D3@ORSMSX113.amr.corp.intel.com
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
2018-03-13 14:29:12 +01:00
Ard Biesheuvel c81c2c0fc4 ArmVirtPkg/ArmVirtQemu: refer to Shell app via its declared GUID
Currently, the file GUID reference of the UEFI Shell app is indirected
via the PCD gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdShellFile,
which is set to a fixed value for our platforms.

So instead, use the new symbolic GUID added for this purpose, and drop
the reference to this PCD, and to the IntelFrameworkModulePkg package
entirely.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2017-03-22 15:34:59 +00:00
Ruiyu Ni e6c823994e ArmVirtPkg/PlatformBds: Do not call BootLogoEnableLogo
Prototype of BootLogoEnableLogo will change in following patches, so
do not call BootLogoEnableLogo to avoid build failure.

Contributed-under: TianoCore Contribution Agreement 1.0
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
2016-09-28 16:22:12 +08:00
Laszlo Ersek 0e2c6c5529 ArmVirtPkg/PlatformBootManagerLib: remove stale FvFile boot options
(This patch ports OvmfPkg commit 2eb3589860 to ArmVirtPkg. That
functionality was not added to QemuBootOrderLib, because it was (and is)
independent from QEMU and fw_cfg.)

Remove any boot options that point to binaries built into the firmware and
have become stale due to any of the following:
- FvMain's base address or size changed (historical -- see commit
  e191a3114f),
- FvMain's FvNameGuid changed,
- the FILE_GUID of the pointed-to binary changed,
- the referenced binary is no longer built into the firmware.

For example, multiple such "EFI Internal Shell" boot options can coexist.
They technically differ from each other, but may not describe any built-in
shell binary exactly. Such options can accumulate in a varstore over time,
and while they remain generally bootable (thanks to the efforts of
BmGetFileBufferByFvFilePath()), they look bad.

Filter out any stale options.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Fixes: https://github.com/tianocore/edk2/issues/107
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2016-07-13 22:44:34 +02:00
Laszlo Ersek 2c8805bc95 ArmVirtPkg/PlatformBootManagerLib: rebase boot logo display to BootLogoLib
In the course of porting ArmVirtPkg to the MdeModulePkg BDS, commit
1f73aef50c

  ArmVirtPkg/PlatformBootManagerLib: add EnableQuietBoot & DisableQuietBoot

open-coded the EnableQuietBoot() function (and its dependencies / friends)
from IntelFrameworkModulePkg BDS.

This code duplication can be avoided; the functionality is available from
the following three libraries in MdeModulePkg:

- BootLogoLib: provides the BootLogoEnableLogo() function. It does not
  provide the internal ConvertBmpToGopBlt() function -- that one is
  delegated to ImageDecoderLib (function DecodeImage()).

- ImageDecoderLib: a general library that registers decoder plugins for
  specific image formats, and provides the generic DecodeImage() on top.

- BmpImageDecoderLib: one of said decoder plugins, for handling BMP images
  (which is the format of our logo).

In this patch, we revert 1f73aef50c, and atomically incorporate the
above libraries. This is inspired by Nt32Pkg commit 859e75c4fc42:

  Nt32Pkg: Use BootLogoLib for logo and progress bar drawing.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2016-06-06 17:06:49 +02:00
Laszlo Ersek 1f73aef50c ArmVirtPkg/PlatformBootManagerLib: add EnableQuietBoot & DisableQuietBoot
UefiBootManagerLib does not provide these functions, we have to implement
them. (EnableQuietBoot() puts up the nice TianoCore logo.)

OvmfPkg commits 817fb3ac2a and 8e8fd30377 have extracted these
functions already,
- from "IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c"
- to "OvmfPkg/Library/PlatformBootManagerLib/QuietBoot.c".

Copy the latter file, with minimal changes.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Ruiyu Ni <ruiyu.ni@Intel.com>
2016-05-06 10:04:50 +02:00
Laszlo Ersek 793b3b5b81 ArmVirtPkg/PlatformBootManagerLib: register boot options and hot keys
Register the Enter key as the continue key (hot key to skip the boot
timeout). Map the F2 and ESC keys to the UI. Register the memory-mapped
Shell boot option.

The patch parallels OvmfPkg commit 07dd96e820. The
PlatformRegisterFvBootOption() and PlatformRegisterOptionsAndKeys()
functions are copied almost verbatim. The only changes are: internal
linkage for these functions (i.e., STATIC), and mentioning the ESC key in
the comments.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Ruiyu Ni <ruiyu.ni@Intel.com>
2016-05-06 10:04:50 +02:00
Laszlo Ersek 48799ab2d9 ArmVirtPkg/PlatformBootManagerLib: don't launch the Boot Manager Menu
MdeModulePkg/BDS doesn't launch the UI (Boot Manager Menu) from the
platform side. The platform is expected to store the boot timeout only, in
PcdPlatformBootTimeOut. This is usually done in
PlatformBootManagerBeforeConsole().

(ArmVirtXen is not modified, as it uses PlatformIntelBdsLib from
ArmPlatformPkg, not ArmVirtPkg.)

The patch parallels OvmfPkg commit 8dc0f0a6aa.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Ruiyu Ni <ruiyu.ni@Intel.com>
2016-05-06 10:04:49 +02:00
Laszlo Ersek 2c5c33cd29 ArmVirtPkg/PlatformBootManagerLib: link against UefiBootManagerLib
The general BDS helper functions are now provided by MdeModulePkg's
UefiBootManagerLib, and no longer by IntelFrameworkModulePkg's
GenericBdsLib.

This patch parallels OvmfPkg commit 2b23b8d45b.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Ruiyu Ni <ruiyu.ni@Intel.com>
2016-05-06 10:04:49 +02:00
Laszlo Ersek e3fe3c0ff9 ArmVirtPkg/PlatformBootManagerLib: follow PlatformBootManagerLib interfaces
"IntelFrameworkModulePkg/Include/Library/PlatformBdsLib.h" declares the
following interfaces:

- PlatformBdsInit
- PlatformBdsPolicyBehavior
- PlatformBdsBootFail
- PlatformBdsBootSuccess
- PlatformBdsLockNonUpdatableFlash
- LockKeyboards

From these, we've been using PlatformBdsInit() and
PlatformBdsPolicyBehavior().

"MdeModulePkg/Include/Library/PlatformBootManagerLib.h" declares the three
interfaces below:

- PlatformBootManagerBeforeConsole
- PlatformBootManagerAfterConsole
- PlatformBootManagerWaitCallback

Comparing the BdsEntry() functions between
- "IntelFrameworkModulePkg/Universal/BdsDxe/BdsEntry.c" and
- "MdeModulePkg/Universal/BdsDxe/BdsEntry.c",
we can establish the following mapping:

IntelFrameworkModulePkg              MdeModulePkg
  BdsEntry()                           BdsEntry()
    PlatformBdsInit()   <--------------> PlatformBootManagerBeforeConsole()
    dispatch Driver#### <--------------> dispatch Driver####
                                         connect consoles
    PlatformBdsPolicyBehavior() <------> PlatformBootManagerAfterConsole()

The difference in connecting the consoles will be addressed in a later
patch, now we just rename the functions according to the mapping above,
and copy the call site comments from MdeModulePkg's BdsEntry().

For the third interface, PlatformBootManagerWaitCallback(), add an empty
implementation (and copy the comment from the library class header).
Platform BDS can use this callback to draw a progress bar, for example.

This patch parallels OvmfPkg commit a7566234e9.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Ruiyu Ni <ruiyu.ni@Intel.com>
2016-05-06 10:04:49 +02:00
Laszlo Ersek 8d6203223a ArmVirtPkg: duplicate PlatformIntelBdsLib to PlatformBootManagerLib
Create a copy of PlatformIntelBdsLib under the name
PlatformBootManagerLib, with the following initial changes:
- replace PlatformBdsLib references with PlatformBootManagerLib in
  comments,
- replace "IntelBdsPlatform" with "PlatformBm" in file names and their
  references,
- generate a new FILE_GUID.

PlatformBootManagerLib will be linked into the BDS driver from
MdeModulePkg.

This patch parallels OvmfPkg commit 3054188189.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Ruiyu Ni <ruiyu.ni@Intel.com>
2016-05-06 10:04:49 +02:00