WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

fsp: move TempRamInitExit and later APIs in stage2 

To avoid using Flash memory after TempRamInitExit. This protects against
malicious modification/injection of the flash after Cache-As-RAM is
disabled.
pull/530/head
Marco Oliverio 2024-09-11 17:00:31 +02:00 committed by Daniele Lacamera
parent 151de7fd0b
commit 834a712350
15 changed files with 144 additions and 236 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@ -315,7 +315,8 @@ $(LSCRIPT): $(LSCRIPT_IN) FORCE
sed -e "s/@WOLFBOOT_STAGE1_BASE_ADDR@/$(WOLFBOOT_STAGE1_BASE_ADDR)/g" | \
sed -e "s/@WOLFBOOT_LOAD_BASE@/$(WOLFBOOT_LOAD_BASE)/g" | \
sed -e "s/@BOOTLOADER_START@/$(BOOTLOADER_START)/g" | \
sed -e "s/@IMAGE_HEADER_SIZE@/$(IMAGE_HEADER_SIZE)/g" \
sed -e "s/@IMAGE_HEADER_SIZE@/$(IMAGE_HEADER_SIZE)/g" | \
sed -e "s/@FSP_S_LOAD_BASE@/$(FSP_S_LOAD_BASE)/g" \
> $@
hex: wolfboot.hex
@ -447,6 +448,9 @@ secondary: $(SECONDARY_PRIVATE_KEY)
@echo "\t[AS-$(ARCH)] $@"
$(Q)$(CC) $(CFLAGS) -c $(OUTPUT_FLAG) $@ $^
src/x86/fsp_s.o: $(FSP_S_BIN)
$(OBJCOPY) -I binary -O elf64-x86-64 -B i386 --rename-section .data=.fsp_s $^ $@
FORCE:
.PHONY: FORCE clean keytool_check

12
arch.mk
View File

@ -930,9 +930,7 @@ ifeq ($(filter $(TARGET),x86_fsp_qemu kontron_vx3060_s2),$(TARGET))
endif
ifeq ($(TARGET),x86_fsp_qemu)
ifeq ($(filter-out $(STAGE1),1),)
OBJS+=src/x86/qemu_fsp.o
endif
endif
# x86-64 FSP targets
@ -958,7 +956,6 @@ ifeq ("${FSP}", "1")
OBJS += src/boot_x86_fsp.o
OBJS += src/boot_x86_fsp_start.o
OBJS += src/fsp_m.o
OBJS += src/fsp_s.o
OBJS += src/fsp_t.o
OBJS += src/wolfboot_raw.o
OBJS += src/x86/common.o
@ -974,7 +971,6 @@ ifeq ("${FSP}", "1")
OBJS += src/image.o
OBJS += src/keystore.o
OBJS += src/sig_wolfboot_raw.o
OBJS += src/sig_fsp_s.o
ifeq ($(TARGET), kontron_vx3060_s2)
OBJS += hal/kontron_vx3060_s2_loader.o
endif
@ -983,6 +979,7 @@ ifeq ("${FSP}", "1")
endif
CFLAGS += -fno-stack-protector -m32 -fno-PIC -fno-pie -mno-mmx -mno-sse -DDEBUG_UART
CFLAGS += -DFSP_M_BASE=$(FSP_M_BASE)
ifeq ($(FSP_TGL), 1)
OBJS+=src/x86/tgl_fsp.o
OBJS+=src/ucode0.o
@ -1000,6 +997,7 @@ ifeq ("${FSP}", "1")
endif
LDFLAGS = --gc-sections --entry=main -T $(LSCRIPT) -Map=wolfboot.map
CFLAGS += -fno-stack-protector -fno-PIC -fno-pie -mno-mmx -mno-sse -Os -DDEBUG_UART
CFLAGS += -DFSP_M_BASE=$(FSP_M_BASE)
OBJS += hal/x86_fsp_tgl.o
OBJS += hal/x86_uart.o
OBJS += src/boot_x86_fsp_payload.o
@ -1015,6 +1013,7 @@ ifeq ("${FSP}", "1")
OBJS += src/x86/exceptions.o
OBJS += src/x86/gdt.o
OBJS += src/x86/fsp.o
OBJS += src/x86/fsp_s.o
UPDATE_OBJS := src/update_disk.o
CFLAGS+=-DWOLFBOOT_UPDATE_DISK
ifeq ($(64BIT),1)
@ -1023,7 +1022,10 @@ ifeq ("${FSP}", "1")
else
CFLAGS += -m32
LDFLAGS += -m elf_i386 --oformat elf32-i386
endif
endif
ifeq ($(FSP_TGL), 1)
OBJS+=src/x86/tgl_fsp.o
endif
endif
ifeq ($(64BIT),1)
OBJS += src/x86/paging.o

1
config/examples/x86_fsp_qemu_seal.config
View File

@ -24,7 +24,6 @@ WOLFBOOT_SECTOR_SIZE?=0x1000
WOLFBOOT_DATA_ADDRESS=0x1000000
FSP_M_BASE=0xffe30000
FSP_S_BASE=0xffed6000
FSP_T_BASE=0xfffe0000
FSP_S_LOAD_BASE=0x0FED5F00
WOLFBOOT_ORIGIN=0xfff80000

2
hal/kontron_vx3060_s2.c
View File

@ -25,6 +25,7 @@
#include <printf.h>
#include <pci.h>
#include <x86/gdt.h>
#include <x86/fsp.h>
#include <x86/common.h>
#ifdef __WOLFBOOT
@ -88,6 +89,7 @@ void hal_init(void)
{
gdt_setup_table();
gdt_update_segments();
fsp_init_silicon();
}
void hal_prepare_boot(void)

2
hal/x86_fsp_qemu.c
View File

@ -29,12 +29,14 @@
#include <x86/ata.h>
#include <x86/gdt.h>
#include <x86/common.h>
#include <x86/fsp.h>
#include <pci.h>
void hal_init(void)
{
gdt_setup_table();
gdt_update_segments();
fsp_init_silicon();
}
void hal_prepare_boot(void)

13
hal/x86_fsp_qemu.ld.in
View File

@ -1,5 +1,6 @@
MEM_SIZE = 536870912;
WOLFBOOT_LOAD_BASE = @WOLFBOOT_LOAD_BASE@;
FSP_S_LOAD_BASE = @FSP_S_LOAD_BASE@;
MEMORY
{
@ -16,11 +17,15 @@ SECTIONS
*(.rodata*)
*(.keystore*)
*(.data*)
_start_fsp_s = .;
KEEP(*(.fsp_s))
_end_fsp_s = .;
. = ALIGN(4);
_end_text = .;
_end_wolfboot = .;
}
} > RAM
_fsp_size = _end_fsp_s - _start_fsp_s;
.bss WOLFBOOT_LOAD_BASE + SIZEOF(.text) (NOLOAD):
{
_start_bss = .;
@ -31,5 +36,11 @@ SECTIONS
_end_bss = .;
__bss_end__ = .;
_end_wb = .;
} > RAM
.fsp_s_base FSP_S_LOAD_BASE (NOLOAD) :
{
_fsp_s_base_start = .;
. += _fsp_size;
}
}

10
hal/x86_fsp_qemu_stage1.ld.in
View File

@ -5,7 +5,6 @@ RESETVECTOR_START = 0xffffffec;
KEYSTORE_START = 0xffffe000;
FSP_T_ORIGIN = @FSP_T_BASE@; /* default base:size 0xFFFFF000:0x3000 [0xfffff000:0x100002000] */
FSP_M_ORIGIN = @FSP_M_BASE@; /* default base:size 0xfffdd000:0x22000 [0xfffdd000:0xfffff000] */
FSP_S_ORIGIN = @FSP_S_BASE@; /* default base:size 0xfffc8000:0x15000 [0xfffdd000:0xfffdd000] */
WOLFBOOT_ORIGIN = @WOLFBOOT_ORIGIN@;
DATA_MEM_START = 0x800000; /* 8 MB */
MAX_POLICY_SIZE = 512;
@ -92,15 +91,6 @@ SECTIONS
KEEP(*(.fsp_t))
}
.fsp_s FSP_S_ORIGIN :
{
_fsp_s_hdr = .;
KEEP(*(.sig_fsp_s*))
_start_fsp_s = .;
KEEP(*(.fsp_s))
_end_fsp_s = .;
}
.fsp_m FSP_M_ORIGIN :
{
_start_fsp_m = .;

11
hal/x86_fsp_tgl.ld.in
View File

@ -1,5 +1,6 @@
MEM_SIZE = 536870912;
WOLFBOOT_LOAD_BASE = @WOLFBOOT_LOAD_BASE@;
FSP_S_LOAD_BASE = @FSP_S_LOAD_BASE@;
MEMORY
{
@ -16,11 +17,15 @@ SECTIONS
*(.rodata*)
*(.keystore*)
*(.data*)
_start_fsp_s = .;
KEEP(*(.fsp_s))
_end_fsp_s = .;
. = ALIGN(4);
_end_text = .;
_end_wolfboot = .;
}
_fsp_size = _end_fsp_s - _start_fsp_s;
.bss WOLFBOOT_LOAD_BASE + SIZEOF(.text) (NOLOAD):
{
_start_bss = .;
@ -32,4 +37,10 @@ SECTIONS
__bss_end__ = .;
_end_wb = .;
}
.fsp_s_base FSP_S_LOAD_BASE (NOLOAD) :
{
_fsp_s_base_start = .;
. = . + _fsp_size;
}
}

10
hal/x86_fsp_tgl_stage1.ld.in
View File

@ -2,7 +2,6 @@ FLASH_SIZE = @BOOTLOADER_PARTITION_SIZE@;
FLASH_START = 0x100000000 - @BOOTLOADER_PARTITION_SIZE@;
UCODE0_BASE = @UCODE0_BASE@;
FIT_TABLE = 0xffe00000;
FSP_S_ORIGIN = @FSP_S_BASE@;
WOLFBOOT_ORIGIN = @WOLFBOOT_ORIGIN@;
FSP_T_ORIGIN = @FSP_T_BASE@;
FSP_M_ORIGIN = @FSP_M_BASE@;
@ -52,15 +51,6 @@ SECTIONS
. = ALIGN(256*1024);
}
.fsp_s FSP_S_ORIGIN :
{
_fsp_s_hdr = .;
KEEP(*(.sig_fsp_s*))
_start_fsp_s = .;
KEEP(*(.fsp_s))
_end_fsp_s = .;
} > FLASH
.bootloader WOLFBOOT_ORIGIN :
{
KEEP(./tgl_fsp.o(.boot))

1
include/x86/fsp.h
View File

@ -27,5 +27,6 @@ int fsp_info_header_is_ok(struct fsp_info_header *hdr);
int fsp_get_image_revision(struct fsp_info_header *h, int *build,
int *rev, int *maj, int *min);
void print_fsp_image_revision(struct fsp_info_header *h);
void fsp_init_silicon(void);
#endif /* FSP_H */

203
src/boot_x86_fsp.c
View File

@ -68,9 +68,6 @@ const uint8_t __attribute__((section(".sig_wolfboot_raw")))
#define FSP_M_UDP_MAX_SIZE 0x978
#endif
#ifndef FSP_S_PARAM_SIZE
#define FSP_S_PARAM_SIZE 0xee0
#endif
/* Amount of car memory to provide to FSP-M, machine dependent, find the value
* in the integration guide */
@ -86,22 +83,14 @@ const uint8_t __attribute__((section(".sig_wolfboot_raw")))
#define MEMORY_4GB (4ULL * 1024 * 1024 * 1024)
#define ENDLINE "\r\n"
#define PCI_DEVICE_CONTROLLER_TO_PEX 0x6
#define PCIE_TRAINING_TIMEOUT_MS (100)
/* compile time alignment checks */
#define ALIGN_CHECK(value, alignment) ((value) & ((alignment)-1)) == 0
#if !ALIGN_CHECK(FSP_S_LOAD_BASE - IMAGE_HEADER_SIZE, 16)
#error "FSP_S_LOAD_BASE must be aligned on a 16 bytes boundary"
#endif
#if !ALIGN_CHECK(WOLFBOOT_LOAD_BASE - IMAGE_HEADER_SIZE, 16)
#error "WOLFBOOT_LOAD_BASE must be aligned on a 16 bytes boundary"
#endif
typedef uint32_t (*memory_init_cb)(void *udp, struct efi_hob **HobList);
typedef uint32_t (*temp_ram_exit_cb)(void *udp);
typedef uint32_t (*silicon_init_cb)(void *udp);
typedef uint32_t (*notify_phase_cb)(NOTIFY_PHASE_PARAMS *p);
/* need to be implemented by machine dependent code */
int fsp_machine_update_m_parameters(uint8_t *default_m_params,
@ -114,9 +103,7 @@ int fsp_pre_silicon_init_cb(void);
/* from the linker */
extern uint8_t _start_fsp_t[];
extern uint8_t _start_fsp_m[];
extern uint8_t _fsp_s_hdr[];
extern uint8_t _end_fsp_m[];
extern uint8_t _end_fsp_s[];
extern uint8_t _wolfboot_flash_start[];
extern uint8_t _wolfboot_flash_end[];
extern uint8_t wb_end_bss[], wb_start_bss[];
@ -232,16 +219,6 @@ static void load_wolfboot(void)
wolfBoot_printf("load wolfboot end" ENDLINE);
}
static void load_fsp_s_to_ram(void)
{
size_t fsp_s_size;
uint32_t fsp_start;
fsp_start = FSP_S_LOAD_BASE - IMAGE_HEADER_SIZE;
fsp_s_size = _end_fsp_s - _fsp_s_hdr;
x86_log_memory_load(fsp_start, fsp_start + fsp_s_size, "FSPS");
memcpy((uint8_t*)fsp_start, _fsp_s_hdr, fsp_s_size);
}
#ifdef WOLFBOOT_64BIT
/*!
* \brief Jump into the WolfBoot bootloader.
@ -372,124 +349,6 @@ static int pci_get_capability(uint8_t bus, uint8_t dev, uint8_t fun,
return -1;
}
int pcie_retraining_link(uint8_t bus, uint8_t dev, uint8_t fun)
{
uint16_t link_status, link_control, vid;
uint8_t pcie_cap_off;
int ret, tries;
vid = pci_config_read16(bus, dev, 0, PCI_VENDOR_ID_OFFSET);
if (vid == 0xffff) {
return -1;
}
ret = pci_get_capability(bus, dev, fun, PCI_PCIE_CAP_ID, &pcie_cap_off);
if (ret != 0) {
return -1;
}
link_status = pci_config_read16(bus, dev, fun,
pcie_cap_off + PCIE_LINK_STATUS_OFF);
if (link_status & PCIE_LINK_STATUS_TRAINING) {
delay(PCIE_TRAINING_TIMEOUT_MS);
link_status = pci_config_read16(bus, dev, fun,
pcie_cap_off + PCIE_LINK_STATUS_OFF);
if (link_status & PCIE_LINK_STATUS_TRAINING) {
return -1;
}
}
link_control = pci_config_read16(bus, dev, fun,
pcie_cap_off + PCIE_LINK_CONTROL_OFF);
link_control |= PCIE_LINK_CONTROL_RETRAINING;
pci_config_write16(bus, dev, fun, pcie_cap_off + PCIE_LINK_CONTROL_OFF,
link_control);
tries = PCIE_TRAINING_TIMEOUT_MS / 10;
do {
link_status = pci_config_read16(bus, dev, fun,
pcie_cap_off + PCIE_LINK_STATUS_OFF);
if (!(link_status & PCIE_LINK_STATUS_TRAINING))
break;
delay(10);
} while(tries--);
if ((link_status & PCIE_LINK_STATUS_TRAINING)) {
return -1;
}
return 0;
}
/*!
* \brief Staging of FSP_S after verification
*
* Setpu the parameters and call FSP Silicon Initialization.
*
* \param fsp_info FSP information header
* \param fsp_s_base the area in RAM where FSP_S has been loaded and verified
* \return EFI_SUCCESS in case of success, -1 otherwise
*/
static int fsp_silicon_init(struct fsp_info_header *fsp_info, uint8_t *fsp_s_base)
{
uint8_t silicon_init_parameter[FSP_S_PARAM_SIZE];
silicon_init_cb SiliconInit;
notify_phase_cb notifyPhase;
NOTIFY_PHASE_PARAMS param;
uint32_t status;
unsigned int i;
int ret;
memcpy(silicon_init_parameter, fsp_s_base + fsp_info->CfgRegionOffset,
FSP_S_PARAM_SIZE);
status = fsp_machine_update_s_parameters(silicon_init_parameter);
if (status != 0)
panic();
SiliconInit = (silicon_init_cb)(fsp_s_base + fsp_info->FspSiliconInitEntryOffset);
#if defined(WOLFBOOT_DUMP_FSP_UPD)
wolfBoot_printf("Dumping fsps upd (%d bytes)" ENDLINE, (int)fsp_info->CfgRegionSize);
wolfBoot_print_hexstr(silicon_init_parameter, fsp_info->CfgRegionSize, 16);
#endif
status = fsp_pre_silicon_init_cb();
if (status != 0) {
wolfBoot_printf("pre silicon init cb returns %d", status);
panic();
}
wolfBoot_printf("call silicon..." ENDLINE);
status = SiliconInit(silicon_init_parameter);
if (status != EFI_SUCCESS) {
wolfBoot_printf("failed %x\n", status);
return -1;
}
wolfBoot_printf("success" ENDLINE);
status = pcie_retraining_link(0, PCI_DEVICE_CONTROLLER_TO_PEX, 0);
if (status != 0)
wolfBoot_printf("pcie retraining failed %x\n", status);
pci_enum_do();
pci_dump_config_space();
notifyPhase = (notify_phase_cb)(fsp_s_base +
fsp_info->NotifyPhaseEntryOffset);
param.Phase = EnumInitPhaseAfterPciEnumeration;
status = notifyPhase(&param);
if (status != EFI_SUCCESS) {
wolfBoot_printf("failed %d: %x\n", __LINE__, status);
return -1;
}
param.Phase = EnumInitPhaseReadyToBoot;
status = notifyPhase(&param);
if (status != EFI_SUCCESS) {
wolfBoot_printf("failed %d: %x\n", __LINE__, status);
return -1;
}
param.Phase = EnumInitPhaseEndOfFirmware;
status = notifyPhase(&param);
if (status != EFI_SUCCESS) {
wolfBoot_printf("failed %d: %x\n", __LINE__, status);
return -1;
}
return EFI_SUCCESS;
}
#if defined(TARGET_x86_fsp_qemu) && defined(WOLFBOOT_MEASURED_BOOT)
/*!
@ -536,31 +395,16 @@ static int self_extend_pcr(void)
* memory initialization is completed and the stack has been remapped.
*
*/
static void memory_ready_entry(void)
static void memory_ready_entry(uint32_t new_stack)
{
struct fsp_info_header *fsp_info;
temp_ram_exit_cb TempRamExit;
uint8_t *fsp_s_base;
uint8_t *fsp_m_base;
uint32_t cpu_info[4];
uint32_t status;
int ret;
/* FSP_M is located in flash */
fsp_m_base = _start_fsp_m;
/* fsp_s is loaded to RAM for validation */
fsp_s_base = (uint8_t *)(FSP_S_LOAD_BASE);
fsp_info =
(struct fsp_info_header *)(fsp_m_base + FSP_INFO_HEADER_OFFSET);
TempRamExit = (temp_ram_exit_cb)(fsp_m_base +
fsp_info->TempRamExitEntryOffset);
status = TempRamExit(NULL);
if (status != EFI_SUCCESS) {
wolfBoot_printf("temp ram exit failed" ENDLINE);
panic();
}
/* Confirmed memory initialization complete.
* TempRamExit was successful.
*
* Copy .data section to RAM and initialize .bss
*/
@ -588,35 +432,6 @@ static void memory_ready_entry(void)
wolfBoot_printf("fail to extend PCR" ENDLINE);
#endif
/* Load FSP_S to RAM */
load_fsp_s_to_ram();
#ifdef STAGE1_AUTH
/* Verify FSP_S */
wolfBoot_printf("Authenticating FSP_S at %x..." ENDLINE,
fsp_s_base - IMAGE_HEADER_SIZE);
if (verify_payload(fsp_s_base - IMAGE_HEADER_SIZE) == 0)
wolfBoot_printf("FSP_S: verified OK." ENDLINE);
else {
panic();
}
#endif
#if defined(WOLFBOOT_MEASURED_BOOT)
ret = wolfBoot_image_measure((uint8_t*)fsp_s_base - IMAGE_HEADER_SIZE);
if (ret != 0) {
wolfBoot_printf("Fail to measure FSP_S image\r\n");
panic();
}
#endif /* WOLFBOOT_MEASURED_BOOT */
/* Call FSP_S initialization */
fsp_info =
(struct fsp_info_header *)(fsp_s_base + FSP_INFO_HEADER_OFFSET);
wolfBoot_printf("FSP-S:");
print_fsp_image_revision((struct fsp_info_header *)fsp_info);
if (fsp_silicon_init(fsp_info, fsp_s_base) != EFI_SUCCESS)
panic();
/* Get CPUID */
cpuid(0, &cpu_info[0], &cpu_info[1], &cpu_info[2], NULL);
wolfBoot_printf("CPUID(0):%x %x %x\r\n", cpu_info[0], cpu_info[1], cpu_info[2]);
@ -646,8 +461,12 @@ static void memory_ready_entry(void)
(defined(STAGE1_AUTH) && defined (WOLFBOOT_TPM) && defined(WOLFBOOT_TPM_VERIFY))
wolfBoot_tpm2_deinit();
#endif
/* Finalize staging to stage2 */
jump_into_wolfboot();
/* change_stack_and_invoke() never returns.
*
* Execution here is eventually transferred to jump_into_wolfboot, that
* will transfer the execution to stage2 after the stack has been remapped.
*/
change_stack_and_invoke(new_stack, jump_into_wolfboot);
}
static void print_ucode_revision(void)
@ -831,15 +650,9 @@ void start(uint32_t stack_base, uint32_t stack_top, uint64_t timestamp,
stage2_set_parameters(stage2_params, mem_stage2_holder);
wolfBoot_printf("TOLUM: 0x%x\r\n", stage2_params->tolum);
/* change_stack_and_invoke() never returns.
*
* Execution here is eventually transferred to memory_ready_entry
* after the stack has been remapped.
*/
change_stack_and_invoke(new_stack, memory_ready_entry);
memory_ready_entry(new_stack);
/* Returning from change_stack_and_invoke() implies a fatal error
* while attempting to remap the stack.
*/
wolfBoot_printf("FAIL" ENDLINE);
panic();

90
src/x86/fsp.c
View File

@ -23,6 +23,7 @@
#include <x86/common.h>
#include <pci.h>
#include <printf.h>
#include <string.h>
#define FSP_INFO_HEADER_OFFSET 0x94
#define EFI_SUCCESS 0x0
@ -33,6 +34,9 @@
#define PCI_DEVICE_CONTROLLER_TO_PEX 0x6
static uint8_t *_start_fsp_m = (uint8_t*)FSP_M_BASE;
extern uint8_t _start_fsp_s[], _end_fsp_s[];
extern uint8_t _fsp_s_base_start[];
int fsp_machine_update_s_parameters(uint8_t *default_s_params);
int fsp_pre_silicon_init_cb(void);
@ -94,3 +98,89 @@ void print_fsp_image_revision(struct fsp_info_header *h)
}
wolfBoot_printf("%x.%x.%x build %x\r\n", maj, min, rev, build);
}
void fsp_init_silicon(void)
{
uint8_t silicon_init_parameter[FSP_S_PARAM_SIZE];
struct fsp_info_header *fsp_m_hdr;
struct fsp_info_header *fsp_s_hdr;
NOTIFY_PHASE_PARAMS param;
uint32_t tmp_ram_exit_off;
uint32_t silicon_init_off;
uint32_t notify_phase_off;
uint8_t *tmp_ram_exit;
uint8_t *silicon_init;
uint8_t *notify_phase;
uint32_t status;
fsp_m_hdr = (struct fsp_info_header*)(_start_fsp_m + FSP_INFO_HEADER_OFFSET);
if (!fsp_info_header_is_ok(fsp_m_hdr)) {
wolfBoot_printf("invalid FSP_INFO_HEADER");
panic();
}
tmp_ram_exit_off = fsp_m_hdr->TempRamExitEntryOffset;
if (tmp_ram_exit_off == 0) {
wolfBoot_printf("temp ram offset wrong");
panic();
}
tmp_ram_exit = _start_fsp_m + tmp_ram_exit_off;
wolfBoot_printf("call temp ram exit...");
status = x86_run_fsp_32bit(tmp_ram_exit, NULL);
if (status != EFI_SUCCESS) {
wolfBoot_printf("temp ram exit failed");
panic();
}
wolfBoot_printf("success");
memcpy(_fsp_s_base_start, _start_fsp_s, _end_fsp_s - _start_fsp_s);
fsp_s_hdr = (struct fsp_info_header*)(_fsp_s_base_start + FSP_INFO_HEADER_OFFSET);
silicon_init_off = fsp_s_hdr->FspSiliconInitEntryOffset;
if (silicon_init_off == 0) {
wolfBoot_printf("temp ram offset wrong");
panic();
}
memcpy(silicon_init_parameter, _fsp_s_base_start + fsp_s_hdr->CfgRegionOffset,
FSP_S_PARAM_SIZE);
status = fsp_machine_update_s_parameters(silicon_init_parameter);
if (status != 0)
panic();
status = fsp_pre_silicon_init_cb();
if (status != 0) {
wolfBoot_printf("Pre silicon init cb returns %d", status);
panic();
}
print_fsp_image_revision((struct fsp_info_header *)fsp_s_hdr);
wolfBoot_printf("call silicon...");
silicon_init = _fsp_s_base_start + silicon_init_off;
status = x86_run_fsp_32bit(silicon_init, silicon_init_parameter);
if (status != EFI_SUCCESS) {
wolfBoot_printf("silicon init failed returned %d\n", status);
panic();
}
wolfBoot_printf("success");
pci_enum_do();
pci_dump_config_space();
notify_phase_off = fsp_s_hdr->NotifyPhaseEntryOffset;
if (notify_phase_off == 0) {
wolfBoot_printf("notify_phase offset wrong");
panic();
}
notify_phase = _start_fsp_s + notify_phase_off;
param.Phase = EnumInitPhaseAfterPciEnumeration;
status = x86_run_fsp_32bit(notify_phase, &param);
if (status != EFI_SUCCESS) {
wolfBoot_printf("notify phase failed %d\n", status);
panic();
}
param.Phase = EnumInitPhaseReadyToBoot;
status = x86_run_fsp_32bit(notify_phase, &param);
if (status != EFI_SUCCESS) {
wolfBoot_printf("notify phase failed %d\n", status);
panic();
}
param.Phase = EnumInitPhaseEndOfFirmware;
status = x86_run_fsp_32bit(notify_phase, &param);
if (status != EFI_SUCCESS) {
wolfBoot_printf("notify phase failed %d\n", status);
panic();
}
}

7
src/x86/tgl_fsp.c
View File

@ -158,6 +158,7 @@ SI_PCH_DEVICE_INTERRUPT_CONFIG mPchHDevIntConfig[] = {
{30, 0, SiPchIntA, 16},
};
#if defined(BUILD_LOADER_STAGE1)
#define FIT_NUM_ENTRIES 2
__attribute__((__section__(".boot"))) const struct fit_table_entry fit_table[FIT_NUM_ENTRIES] =
{
@ -462,6 +463,7 @@ static int fsp_set_memory_cfg(FSPM_UPD *udp)
mem_cfg->PcieRefPllSsc = 0;
return 0;
}
#endif /* BUILD_LOADER_STAGE1 */
static int disable_watchdog_tco()
{
@ -935,7 +937,8 @@ int fsp_machine_update_s_parameters(uint8_t *default_s_params)
upd->MicrocodeRegionBase = 0x0;
upd->MicrocodeRegionSize = 0x0;
upd->DevIntConfigPtr = (uint32_t)mPchHDevIntConfig;
/* we can assume that is under 4gb */
upd->DevIntConfigPtr = (uint32_t)(uintptr_t)mPchHDevIntConfig;
upd->NumOfDevIntConfig = sizeof(mPchHDevIntConfig)/sizeof(mPchHDevIntConfig[0]);
upd->SataEnable = 1;
upd->SataMode = 0;
@ -1641,6 +1644,7 @@ int post_temp_ram_init_cb(void)
return 0;
}
#if defined(BUILD_LOADER_STAGE1)
/**
* @brief Update M parameters in FSPM_UPD structure.
*
@ -1683,6 +1687,7 @@ int fsp_pre_mem_init_cb(void)
return 0;
}
#endif /* BUILD_LOADER_STAGE1 */
int fsp_pre_silicon_init_cb(void)
{

8
stage1/x86_fsp.mk
View File

@ -24,8 +24,6 @@ fsp_t.o: ../$(FSP_T_BIN)
fsp_m.o: ../$(FSP_M_BIN)
$(OBJCOPY) -I binary -O elf32-i386 -B i386 --rename-section .data=.fsp_m $^ $@
fsp_s.o: ../$(FSP_S_BIN)
$(OBJCOPY) -I binary -O elf32-i386 -B i386 --rename-section .data=.fsp_s $^ $@
wolfboot_raw.bin: ../wolfboot.elf
$(Q)$(OBJCOPY) -j .text -O binary $^ $@
@ -33,12 +31,6 @@ wolfboot_raw.bin: ../wolfboot.elf
wolfboot_raw.o: wolfboot_raw.bin
$(OBJCOPY) -I binary -O elf32-i386 -B i386 --rename-section .data=.wolfboot $^ $@
sig_fsp_s.o: fsp_s.o $(SIGN_KEY) ../$(FSP_S_BIN)
$(SIGN_TOOL) $(SIGN_OPTIONS) ../$(FSP_S_BIN) $(SIGN_KEY) 1
@dd if=$(X86FSP_PATH)/fsp_s_v1_signed.bin of=$(X86FSP_PATH)/fsp_s_signature.bin bs=$(IMAGE_HEADER_SIZE) count=1
$(OBJCOPY) -I binary -O elf32-i386 -B i386 --rename-section .data=.sig_fsp_s $(X86FSP_PATH)/fsp_s_signature.bin sig_fsp_s.o
@rm -f $(X86FSP_PATH)/fsp_s_signature.bin
sig_wolfboot_raw.o: wolfboot_raw.bin $(SIGN_KEY)
$(SIGN_TOOL) $(SIGN_OPTIONS) wolfboot_raw.bin $(SIGN_KEY) 1
@dd if=wolfboot_raw_v1_signed.bin of=wolfboot_raw_signature.bin bs=$(IMAGE_HEADER_SIZE) count=1

4
tools/scripts/x86_fsp/compute_pcr.py
View File

@ -109,10 +109,6 @@ if __name__ == '__main__':
print(f"stage1 auth is {'enabled' if is_stage1_auth_enabled else 'disabled'}")
if is_stage1_auth_enabled:
fsp_s_hash = get_sha256_hash_of_wolfboot_image("src/x86/fsp_s_v1_signed.bin")
pcr0 = pcr_extend(pcr0, fsp_s_hash)
print(f"PCR0 after FSP_S: {pcr0.hex()}")
wb_hash = get_sha256_hash_of_wolfboot_image('stage1/wolfboot_raw_v1_signed.bin')
pcr0 = pcr_extend(pcr0, wb_hash)
print(f"PCR0 after wolfboot: {pcr0.hex()}")