From 6479b0e7fbcd10e2f9bff9d499584e48a201f472 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:49:20 -0700 Subject: [PATCH 01/29] Silicon/Ampere: Add PcdFirmwareVersionNumber for capsule updates Add a new PCD, PcdFirmwareVersionNumber, which is used to hold a decimal value for use in capsule builds. Signed-off-by: Rebecca Cran --- Silicon/Ampere/AmpereSiliconPkg/AmpereSiliconPkg.dec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Silicon/Ampere/AmpereSiliconPkg/AmpereSiliconPkg.dec b/Silicon/Ampere/AmpereSiliconPkg/AmpereSiliconPkg.dec index 28c1c1905e..c11c490f3b 100644 --- a/Silicon/Ampere/AmpereSiliconPkg/AmpereSiliconPkg.dec +++ b/Silicon/Ampere/AmpereSiliconPkg/AmpereSiliconPkg.dec @@ -90,6 +90,8 @@ gAmpereTokenSpaceGuid.PcdSmbiosTables0MajorVersion|0xFF|UINT8|0x00000005 gAmpereTokenSpaceGuid.PcdSmbiosTables0MinorVersion|0xFF|UINT8|0x00000006 + gAmpereTokenSpaceGuid.PcdFirmwareVersionNumber|0x00000000|UINT32|0x00000012 + # # I2C PCDs for SMBUS # From 14058054b4ce62c4b31e321f98bfbd4c5be6048b Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:49:26 -0700 Subject: [PATCH 02/29] Silicon/Ampere: Enable FMP capsule updates in AmpereAltraPkg.dsc.inc Signed-off-by: Rebecca Cran --- .../AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 47 ++++++++++++++----- 1 file changed, 36 insertions(+), 11 deletions(-) diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc index df5ebef689..32a7f88776 100644 --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc @@ -121,6 +121,12 @@ PlatformBootManagerLib|Silicon/Ampere/AmpereSiliconPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf +!if $(CAPSULE_ENABLE) == TRUE + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf +!else + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf +!endif + # # UEFI Shell libraries # @@ -143,26 +149,31 @@ SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf + # + # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree + # + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf +!else + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf +!endif + # # Capsule Update requirements # BmpSupportLib|MdeModulePkg/Library/BaseBmpSupportLib/BaseBmpSupportLib.inf DisplayUpdateProgressLib|MdeModulePkg/Library/DisplayUpdateProgressLibGraphics/DisplayUpdateProgressLibGraphics.inf - CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf - FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf + FmpAuthenticationLib|MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.inf + FmpDependencyLib|FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.inf + FmpDependencyCheckLib|FmpDevicePkg/Library/FmpDependencyCheckLibNull/FmpDependencyCheckLibNull.inf + FmpDependencyDeviceLib|FmpDevicePkg/Library/FmpDependencyDeviceLibNull/FmpDependencyDeviceLibNull.inf + FmpPayloadHeaderLib|FmpDevicePkg/Library/FmpPayloadHeaderLibV1/FmpPayloadHeaderLibV1.inf + CapsuleUpdatePolicyLib|FmpDevicePkg/Library/CapsuleUpdatePolicyLibNull/CapsuleUpdatePolicyLibNull.inf IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf PlatformFlashAccessLib|Silicon/Ampere/AmpereAltraPkg/Library/PlatformFlashAccessLib/PlatformFlashAccessLib.inf ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf - # - # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree - # - PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf -!else - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf -!endif VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf @@ -272,7 +283,11 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf +!if $(CAPSULE_ENABLE) == TRUE CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf +!else + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf +!endif ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf !if $(SECURE_BOOT_ENABLE) == TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -656,6 +671,8 @@ SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf !endif MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf + MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.inf + MdeModulePkg/Universal/CapsulePei/CapsulePei.inf MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf @@ -780,7 +797,15 @@ MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf - MdeModulePkg/Universal/BdsDxe/BdsDxe.inf + MdeModulePkg/Universal/BdsDxe/BdsDxe.inf { + +!if $(CAPSULE_ENABLE) == TRUE + FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf +!else + FmpAuthenticationLib|MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.inf +!endif + } + MdeModulePkg/Application/UiApp/UiApp.inf { NULL|MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.inf From 20368f395aea83c55e59c4c5e94d1ff57f9683c6 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:49:28 -0700 Subject: [PATCH 03/29] Silicon/Ampere: Increase max auth variable sizes Increase the maximum size of auth variables. This is needed to work with Secure Boot where variables can be up to around 10KB. Signed-off-by: Rebecca Cran --- Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc index 32a7f88776..493cdae6e4 100644 --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc @@ -416,8 +416,8 @@ gArmTokenSpaceGuid.PcdArmPrimaryCore|0x0 - gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 - gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x5000 + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x5000 gArmPlatformTokenSpaceGuid.PcdCPUCoresStackBase|0x91100000 gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x20000 From b908e27922cf5251cffa807d928f46c2a2b884c2 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:49:30 -0700 Subject: [PATCH 04/29] Platform/Ampere: Change BMC config file to bmc.conf Name the BMC configuration file bmc.conf instead of bmc.sh, since that makes more sense. Signed-off-by: Rebecca Cran --- Platform/Ampere/Tools/fwflash.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Platform/Ampere/Tools/fwflash.sh b/Platform/Ampere/Tools/fwflash.sh index 5c666de3a7..91568f8d14 100755 --- a/Platform/Ampere/Tools/fwflash.sh +++ b/Platform/Ampere/Tools/fwflash.sh @@ -5,7 +5,7 @@ set -e -BMC_ENV_FILE=bmc.sh +BMC_ENV_FILE=bmc.conf usage () { echo "Copies firmware to the BMC (running OpenBMC) and runs ampere_flash_bios.sh to flash the host." From 5f8d7d93b710db17b879f621c6e9ea18b2079129 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:49:32 -0700 Subject: [PATCH 05/29] Silicon/Ampere: Check that flash size is greater than NV storage size Instead of checking that the flash size is greater than *twice* the size of the NV storage, we only need to check that it's larger than it. Signed-off-by: Rebecca Cran --- Silicon/Ampere/AmpereAltraPkg/Drivers/FlashFvbDxe/FlashFvbDxe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Silicon/Ampere/AmpereAltraPkg/Drivers/FlashFvbDxe/FlashFvbDxe.c b/Silicon/Ampere/AmpereAltraPkg/Drivers/FlashFvbDxe/FlashFvbDxe.c index c9161f30bb..94ed9a0993 100644 --- a/Silicon/Ampere/AmpereAltraPkg/Drivers/FlashFvbDxe/FlashFvbDxe.c +++ b/Silicon/Ampere/AmpereAltraPkg/Drivers/FlashFvbDxe/FlashFvbDxe.c @@ -495,7 +495,7 @@ FlashFvbDxeInitialize ( return EFI_DEVICE_ERROR; } - if (mNvFlashSize >= (mNvStorageSize * 2)) { + if (mNvFlashSize > mNvStorageSize) { DEBUG ((DEBUG_INFO, "%a: NV store on Flash is valid\n", __func__)); } else { DEBUG ((DEBUG_ERROR, "%a: NV store on Flash is invalid\n", __func__)); From 9d63c12f225d28fd619dc95814e74af95e2ea1c1 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:49:34 -0700 Subject: [PATCH 06/29] Ampere: Add SHELL_ENABLE define (TRUE by default) Add a define, SHELL_ENABLE, which allows building the firmware without the shell, as recommended in https://lvfs.readthedocs.io/en/latest/claims.html#uefi-shell. To maintain existing behavior, it defaults to TRUE. Also, move the setting of PcdShellLibAutoInitialize to FALSE into the PCDs used when building just the shell and dynamic commands as the instructions in ShellPkg/ShellPkg.dec say to do. Signed-off-by: Rebecca Cran --- Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc | 8 +++++++- Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf | 2 ++ Platform/Ampere/JadePkg/Jade.dsc | 1 + Platform/Ampere/JadePkg/Jade.fdf | 2 ++ .../Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 14 ++++++-------- 5 files changed, 18 insertions(+), 9 deletions(-) diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc index 11ab759d2c..62a16ac9d2 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc @@ -58,6 +58,7 @@ DEFINE FIRMWARE_VER = 2024.01.01-01 DEFINE SECURE_BOOT_ENABLE = TRUE DEFINE TPM2_ENABLE = TRUE + DEFINE SHELL_ENABLE = TRUE DEFINE INCLUDE_TFTP_COMMAND = TRUE DEFINE PLATFORM_CONFIG_UUID = 0690C53C-01B5-40AD-A65B-5399AC0B1E9B @@ -416,7 +417,12 @@ !if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.inf MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTableDxe/FirmwarePerformanceDxe.inf - ShellPkg/DynamicCommand/DpDynamicCommand/DpDynamicCommand.inf +!if $(SHELL_ENABLE) == TRUE + ShellPkg/DynamicCommand/DpDynamicCommand/DpDynamicCommand.inf { + + gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE + } +!endif !endif # diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf index 7ff6570cfa..994b0cca36 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf @@ -367,6 +367,7 @@ APRIORI DXE { # # UEFI application (Shell Embedded Boot Loader) # +!if $(SHELL_ENABLE) == TRUE INF ShellPkg/Application/Shell/Shell.inf !if $(INCLUDE_TFTP_COMMAND) == TRUE INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf @@ -374,6 +375,7 @@ APRIORI DXE { !if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE INF ShellPkg/DynamicCommand/DpDynamicCommand/DpDynamicCommand.inf !endif +!endif !if $(TPM2_ENABLE) == TRUE INF Silicon/Ampere/AmpereAltraPkg/Drivers/Tcg2Dxe/Tcg2Dxe.inf diff --git a/Platform/Ampere/JadePkg/Jade.dsc b/Platform/Ampere/JadePkg/Jade.dsc index 8c6a72baa7..6bc8fd2d47 100644 --- a/Platform/Ampere/JadePkg/Jade.dsc +++ b/Platform/Ampere/JadePkg/Jade.dsc @@ -55,6 +55,7 @@ DEFINE FIRMWARE_VER = 0.01.001 DEFINE SECURE_BOOT_ENABLE = TRUE DEFINE TPM2_ENABLE = TRUE + DEFINE SHELL_ENABLE = TRUE DEFINE INCLUDE_TFTP_COMMAND = TRUE DEFINE PLATFORM_CONFIG_UUID = 84BC921F-9D4A-4D1D-A1A1-1AE13EDD07E5 diff --git a/Platform/Ampere/JadePkg/Jade.fdf b/Platform/Ampere/JadePkg/Jade.fdf index e16500a26e..723baecc1a 100644 --- a/Platform/Ampere/JadePkg/Jade.fdf +++ b/Platform/Ampere/JadePkg/Jade.fdf @@ -340,10 +340,12 @@ APRIORI DXE { # # UEFI application (Shell Embedded Boot Loader) # +!if $(SHELL_ENABLE) == TRUE INF ShellPkg/Application/Shell/Shell.inf !if $(INCLUDE_TFTP_COMMAND) == TRUE INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf !endif +!endif !if $(TPM2_ENABLE) == TRUE INF Silicon/Ampere/AmpereAltraPkg/Drivers/Tcg2Dxe/Tcg2Dxe.inf diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc index 493cdae6e4..5e14ae6cba 100644 --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc @@ -461,13 +461,6 @@ gArmPlatformTokenSpaceGuid.PcdSerialDbgRegisterBase|0x100002620000 gArmPlatformTokenSpaceGuid.PcdSerialDbgUartBaudRate|115200 - # - # We want to use the Shell Libraries but don't want it to initialise - # automatically. We initialise the libraries when the command is called by the - # Shell. - # - gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE - gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE # @@ -834,6 +827,7 @@ MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.inf !endif +!if $(SHELL_ENABLE) == TRUE # # UEFI application (Shell Embedded Boot Loader) # @@ -857,8 +851,12 @@ gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 } !ifdef $(INCLUDE_TFTP_COMMAND) - ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf { + + gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE + } !endif #$(INCLUDE_TFTP_COMMAND) +!endif #$(EDK2_SHELL_ENABLE) EmbeddedPkg/Drivers/MemoryAttributeManagerDxe/MemoryAttributeManagerDxe.inf Silicon/Ampere/AmpereSiliconPkg/Drivers/PlatformBootManagerDxe/PlatformBootManagerDxe.inf From 9f0b50663c5130dcd91527c4fe42d87f1e126dbd Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:49:36 -0700 Subject: [PATCH 07/29] Silicon/Ampere: Set PcdFdSize to 32MB Fix the SMBIOS BIOS Size field by setting gArmTokenSpaceGuid.PcdFdSize to 32MB. Signed-off-by: Rebecca Cran --- Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc index 5e14ae6cba..27812da2c4 100644 --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc @@ -534,6 +534,7 @@ gArmTokenSpaceGuid.PcdProcessorManufacturer|L"Ampere(R)" gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor|L"Ampere(R)" gArmTokenSpaceGuid.PcdProcessorAssetTag|L"Not Set" + gArmTokenSpaceGuid.PcdFdSize|0x2000000 # # Increasing the maximum size of capsule is to cover ARM Trusted Firmware binaries From b1502665f93f1a42de28495bb12454b4b29e4084 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:49:37 -0700 Subject: [PATCH 08/29] Silicon/Ampere: Reduce PcdPlatformBootTimeOut to 5s Waiting 10 seconds for the user to press a key to interrupt boot seems excessive. Reduce it to 5 seconds. Signed-off-by: Rebecca Cran --- Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc index 27812da2c4..651e4884aa 100644 --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc @@ -542,7 +542,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxSizeNonPopulateCapsule|0xE00000 [PcdsDynamicHii.common.DEFAULT] - gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|10 + gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5 # Possible values are: # 0: Connect Minimal Devices # 1: Connect Network Devices From 3f18cd2fbd39dcc83ff2b831371a72b5261a8fb7 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:49:39 -0700 Subject: [PATCH 09/29] Silicon/Ampere: Add the BGRT driver Add the BootGraphicsResourceTableDxe driver to allow the OS to display a splash screen if the build includes one. Signed-off-by: Rebecca Cran --- Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc index 651e4884aa..ccebcf926d 100644 --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc @@ -635,6 +635,7 @@ } MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf Silicon/Ampere/AmpereAltraPkg/Drivers/BootProgress/BootProgressDxe/BootProgressDxe.inf + MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf # # PCD From 1d9b97051554134d414c618ae759456228dcb606 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:49:43 -0700 Subject: [PATCH 10/29] Platform/ADLINK: Update SMBIOS Type17 to use JedecJep106Lib Update the SMBIOS Type17 code to use JedecJep106Lib instead of custom code to determine the manufacturer. Signed-off-by: Rebecca Cran --- Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc | 1 + .../SmbiosPlatformDxe/SmbiosPlatformDxe.inf | 1 + .../Type17/PlatformMemoryDeviceFunction.c | 483 +++++++----------- 3 files changed, 184 insertions(+), 301 deletions(-) diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc index 62a16ac9d2..06c62e2ff5 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc @@ -113,6 +113,7 @@ [LibraryClasses] OemMiscLib|Platform/ADLINK/ComHpcAltPkg/Library/OemMiscLib/OemMiscLib.inf + JedecJep106Lib|MdePkg/Library/JedecJep106Lib/JedecJep106Lib.inf # # ACPI Libraries diff --git a/Platform/ADLINK/ComHpcAltPkg/Drivers/SmbiosPlatformDxe/SmbiosPlatformDxe.inf b/Platform/ADLINK/ComHpcAltPkg/Drivers/SmbiosPlatformDxe/SmbiosPlatformDxe.inf index 96e678477a..e66ff74d81 100644 --- a/Platform/ADLINK/ComHpcAltPkg/Drivers/SmbiosPlatformDxe/SmbiosPlatformDxe.inf +++ b/Platform/ADLINK/ComHpcAltPkg/Drivers/SmbiosPlatformDxe/SmbiosPlatformDxe.inf @@ -51,6 +51,7 @@ BaseMemoryLib DebugLib HiiLib + JedecJep106Lib MemoryAllocationLib NVParamLib UefiBootServicesTableLib diff --git a/Platform/ADLINK/ComHpcAltPkg/Drivers/SmbiosPlatformDxe/Type17/PlatformMemoryDeviceFunction.c b/Platform/ADLINK/ComHpcAltPkg/Drivers/SmbiosPlatformDxe/Type17/PlatformMemoryDeviceFunction.c index eaf418bd2c..eb3ab747d4 100644 --- a/Platform/ADLINK/ComHpcAltPkg/Drivers/SmbiosPlatformDxe/Type17/PlatformMemoryDeviceFunction.c +++ b/Platform/ADLINK/ComHpcAltPkg/Drivers/SmbiosPlatformDxe/Type17/PlatformMemoryDeviceFunction.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include @@ -25,18 +26,6 @@ #define SPD_MEMORY_TYPE_OFFSET 0x02 #define SPD_CONTINUATION_CHARACTER 0x7F -#define DDR2_SPD_MANUFACTURER_MEMORY_TYPE 0x08 -#define DDR2_SPD_MANUFACTURER_ID_CODE_LENGTH 8 -#define DDR2_SPD_MANUFACTURER_ID_CODE_OFFSET 64 -#define DDR2_SPD_MANUFACTURER_PART_NUMBER_OFFSET 73 -#define DDR2_SPD_MANUFACTURER_SERIAL_NUMBER_OFFSET 95 - -#define DDR3_SPD_MANUFACTURER_MEMORY_TYPE 0x0B -#define DDR3_SPD_MANUFACTURER_ID_BANK_OFFSET 117 -#define DDR3_SPD_MANUFACTURER_ID_CODE_OFFSET 118 -#define DDR3_SPD_MANUFACTURER_PART_NUMBER_OFFSET 128 -#define DDR3_SPD_MANUFACTURER_SERIAL_NUMBER_OFFSET 122 - #define DDR4_SPD_MANUFACTURER_MEMORY_TYPE 0x0C #define DDR4_SPD_MANUFACTURER_ID_BANK_OFFSET 320 #define DDR4_SPD_MANUFACTURER_ID_CODE_OFFSET 321 @@ -56,183 +45,68 @@ typedef enum { PART_NUMBER_TOKEN_INDEX } MEMORY_DEVICE_TOKEN_INDEX; -#pragma pack(1) -typedef struct { - UINT8 VendorId; - CHAR16 *ManufacturerString; -} JEDEC_MF_ID; -#pragma pack() - -JEDEC_MF_ID Bank0Table[] = { - { 0x01, L"AMD\0" }, - { 0x04, L"Fujitsu\0" }, - { 0x07, L"Hitachi\0" }, - { 0x89, L"Intel\0" }, - { 0x10, L"NEC\0" }, - { 0x97, L"Texas Instrument\0" }, - { 0x98, L"Toshiba\0" }, - { 0x1C, L"Mitsubishi\0" }, - { 0x1F, L"Atmel\0" }, - { 0x20, L"STMicroelectronics\0" }, - { 0xA4, L"IBM\0" }, - { 0x2C, L"Micron Technology\0" }, - { 0xAD, L"SK Hynix\0" }, - { 0xB0, L"Sharp\0" }, - { 0xB3, L"IDT\0" }, - { 0x3E, L"Oracle\0" }, - { 0xBF, L"SST\0" }, - { 0x40, L"ProMos/Mosel\0" }, - { 0xC1, L"Infineon\0" }, - { 0xC2, L"Macronix\0" }, - { 0x45, L"SanDisk\0" }, - { 0xCE, L"Samsung\0" }, - { 0xDA, L"Winbond\0" }, - { 0xE0, L"LG Semi\0" }, - { 0x62, L"Sanyo\0" }, - { NULL_TERMINATED_ID, L"Undefined\0" } -}; - -JEDEC_MF_ID Bank1Table[] = { - { 0x98, L"Kingston\0" }, - { 0xBA, L"PNY\0" }, - { 0x4F, L"Transcend\0" }, - { 0x7A, L"Apacer\0" }, - { NULL_TERMINATED_ID, L"Undefined\0" } -}; - -JEDEC_MF_ID Bank2Table[] = { - { 0x9E, L"Corsair\0" }, - { 0xFE, L"Elpida\0" }, - { NULL_TERMINATED_ID, L"Undefined\0" } -}; - -JEDEC_MF_ID Bank3Table[] = { - { 0x0B, L"Nanya\0" }, - { 0x94, L"Mushkin\0" }, - { 0x25, L"Kingmax\0" }, - { NULL_TERMINATED_ID, L"Undefined\0" } -}; - -JEDEC_MF_ID Bank4Table[] = { - { 0xB0, L"OCZ\0" }, - { 0xCB, L"A-DATA\0" }, - { 0xCD, L"G Skill\0" }, - { 0xEF, L"Team\0" }, - { NULL_TERMINATED_ID, L"Undefined\0" } -}; - -JEDEC_MF_ID Bank5Table[] = { - { 0x02, L"Patriot\0" }, - { 0x9B, L"Crucial\0" }, - { 0x51, L"Qimonda\0" }, - { 0x57, L"AENEON\0" }, - { 0xF7, L"Avant\0" }, - { NULL_TERMINATED_ID, L"Undefined\0" } -}; - -JEDEC_MF_ID Bank6Table[] = { - { 0x34, L"Super Talent\0" }, - { 0xD3, L"Silicon Power\0" }, - { NULL_TERMINATED_ID, L"Undefined\0" } -}; - -JEDEC_MF_ID Bank7Table[] = { - { NULL_TERMINATED_ID, L"Undefined\0" } -}; - -JEDEC_MF_ID *ManufacturerJedecIdBankTable[] = { - Bank0Table, - Bank1Table, - Bank2Table, - Bank3Table, - Bank4Table, - Bank5Table, - Bank6Table, - Bank7Table -}; - VOID UpdateManufacturer ( - IN UINT8 *SpdData, - IN UINT16 ManufacturerToken + IN UINT8 *SpdData, + IN UINT16 ManufacturerToken ) { - UINTN Index; - UINT8 VendorId; - UINT8 MemType; - UINT8 NumberOfJedecIdBankTables; - JEDEC_MF_ID *IdTblPtr = NULL; + UINTN Index; + UINT8 VendorId; + UINT8 MemType; + CONST CHAR8 *ManufacturerString; + CHAR16 *UnicodeManufacturerString; + UINTN Length; MemType = SpdData[SPD_MEMORY_TYPE_OFFSET]; switch (MemType) { - case DDR2_SPD_MANUFACTURER_MEMORY_TYPE: - for (Index = 0; Index < DDR2_SPD_MANUFACTURER_ID_CODE_LENGTH; Index++) { - VendorId = SpdData[DDR2_SPD_MANUFACTURER_ID_CODE_OFFSET + Index]; - if (VendorId != SPD_CONTINUATION_CHARACTER) { - break; - } - } - - break; - - case DDR3_SPD_MANUFACTURER_MEMORY_TYPE: - Index = SpdData[DDR3_SPD_MANUFACTURER_ID_BANK_OFFSET] & (~SPD_PARITY_BIT_MASK); // Remove parity bit - VendorId = SpdData[DDR4_SPD_MANUFACTURER_ID_CODE_OFFSET]; - break; - - case DDR4_SPD_MANUFACTURER_MEMORY_TYPE: - Index = SpdData[DDR4_SPD_MANUFACTURER_ID_BANK_OFFSET] & (~SPD_PARITY_BIT_MASK); // Remove parity bit - VendorId = SpdData[DDR4_SPD_MANUFACTURER_ID_CODE_OFFSET]; - break; - - default: // Not supported - return; + case DDR4_SPD_MANUFACTURER_MEMORY_TYPE: + Index = SpdData[DDR4_SPD_MANUFACTURER_ID_BANK_OFFSET] & (~SPD_PARITY_BIT_MASK); // Remove parity bit + VendorId = SpdData[DDR4_SPD_MANUFACTURER_ID_CODE_OFFSET]; + break; + + default: // Not supported + DEBUG ((DEBUG_ERROR, "Unsupported/unknown DDR memory type encountered: %d\n", MemType)); + return; } - NumberOfJedecIdBankTables = ARRAY_SIZE (ManufacturerJedecIdBankTable) - 1; // Exclude NULL-terminated table - if (Index > NumberOfJedecIdBankTables) { - Index = NumberOfJedecIdBankTables; + ManufacturerString = Jep106GetManufacturerName (VendorId, Index); + if (ManufacturerString == NULL) { + DEBUG ((DEBUG_WARN, "Failed to get JEDEC JEP107 manufacturer from VendorID %d, Index %d\n", VendorId, Index)); + return; } - IdTblPtr = ManufacturerJedecIdBankTable[Index]; - - // Search in Manufacturer table and update vendor name accordingly in HII Database - while (IdTblPtr->VendorId != NULL_TERMINATED_ID) { - if (IdTblPtr->VendorId == VendorId) { - HiiSetString (mSmbiosPlatformDxeHiiHandle, ManufacturerToken, IdTblPtr->ManufacturerString, NULL); - break; - } - - IdTblPtr++; + Length = AsciiStrSize (ManufacturerString); + UnicodeManufacturerString = AllocateZeroPool (Length * sizeof (CHAR16)); + if (UnicodeManufacturerString == NULL) { + DEBUG ((DEBUG_WARN, "Failed to allocate memory for DDR manufacturer string.\n")); + return; } + + AsciiStrToUnicodeStrS (ManufacturerString, UnicodeManufacturerString, Length); + HiiSetString (mSmbiosPlatformDxeHiiHandle, ManufacturerToken, UnicodeManufacturerString, NULL); + FreePool (UnicodeManufacturerString); } VOID UpdateSerialNumber ( - IN UINT8 *SpdData, - IN UINT16 SerialNumberToken + IN UINT8 *SpdData, + IN UINT16 SerialNumberToken ) { - UINT8 MemType; - UINTN Offset; - CHAR16 SerialNumberStr[SMBIOS_UNICODE_STRING_MAX_LENGTH]; + UINT8 MemType; + UINTN Offset; + CHAR16 SerialNumberStr[SMBIOS_UNICODE_STRING_MAX_LENGTH]; MemType = SpdData[SPD_MEMORY_TYPE_OFFSET]; switch (MemType) { - case DDR2_SPD_MANUFACTURER_MEMORY_TYPE: - Offset = DDR2_SPD_MANUFACTURER_SERIAL_NUMBER_OFFSET; - break; - - case DDR3_SPD_MANUFACTURER_MEMORY_TYPE: - Offset = DDR3_SPD_MANUFACTURER_SERIAL_NUMBER_OFFSET; - break; - - case DDR4_SPD_MANUFACTURER_MEMORY_TYPE: - Offset = DDR4_SPD_MANUFACTURER_SERIAL_NUMBER_OFFSET; - break; + case DDR4_SPD_MANUFACTURER_MEMORY_TYPE: + Offset = DDR4_SPD_MANUFACTURER_SERIAL_NUMBER_OFFSET; + break; - default: // Not supported - return; + default: // Not supported + DEBUG ((DEBUG_ERROR, "Unsupported/unknown DDR memory type encountered: %d\n", MemType)); + return; } UnicodeSPrint ( @@ -249,30 +123,23 @@ UpdateSerialNumber ( VOID UpdatePartNumber ( - IN UINT8 *SpdData, - IN UINT16 PartNumberToken + IN UINT8 *SpdData, + IN UINT16 PartNumberToken ) { - UINT8 MemType; - UINTN Offset; - CHAR16 PartNumberStr[SMBIOS_UNICODE_STRING_MAX_LENGTH]; + UINT8 MemType; + UINTN Offset; + CHAR16 PartNumberStr[SMBIOS_UNICODE_STRING_MAX_LENGTH]; MemType = SpdData[SPD_MEMORY_TYPE_OFFSET]; switch (MemType) { - case DDR2_SPD_MANUFACTURER_MEMORY_TYPE: - Offset = DDR2_SPD_MANUFACTURER_PART_NUMBER_OFFSET; - break; - - case DDR3_SPD_MANUFACTURER_MEMORY_TYPE: - Offset = DDR3_SPD_MANUFACTURER_PART_NUMBER_OFFSET; - break; + case DDR4_SPD_MANUFACTURER_MEMORY_TYPE: + Offset = DDR4_SPD_MANUFACTURER_PART_NUMBER_OFFSET; + break; - case DDR4_SPD_MANUFACTURER_MEMORY_TYPE: - Offset = DDR4_SPD_MANUFACTURER_PART_NUMBER_OFFSET; - break; - - default: // Not supported - return; + default: // Not supported + DEBUG ((DEBUG_ERROR, "Unsupported/unknown DDR memory type encountered: %d\n", MemType)); + return; } UnicodeSPrint ( @@ -312,20 +179,20 @@ UpdatePartNumber ( **/ SMBIOS_PLATFORM_DXE_TABLE_FUNCTION (PlatformMemoryDevice) { - UINT8 Index; - UINT8 SlotIndex; - UINTN HandleCount; - UINTN MemorySize; - UINT16 *HandleArray; - CHAR16 UnicodeStr[SMBIOS_UNICODE_STRING_MAX_LENGTH]; - EFI_STATUS Status; - SMBIOS_HANDLE MemoryArrayHandle; - PLATFORM_DIMM *Dimm; - STR_TOKEN_INFO *InputStrToken; - PLATFORM_DIMM_LIST *DimmList; - PLATFORM_DRAM_INFO *DramInfo; - SMBIOS_TABLE_TYPE17 *InputData; - SMBIOS_TABLE_TYPE17 *Type17Record; + UINTN Index; + UINTN SlotIndex; + UINTN HandleCount; + UINTN MemorySize; + UINT16 *HandleArray; + CHAR16 UnicodeStr[SMBIOS_UNICODE_STRING_MAX_LENGTH]; + EFI_STATUS Status; + SMBIOS_HANDLE MemoryArrayHandle; + PLATFORM_DIMM *Dimm; + STR_TOKEN_INFO *InputStrToken; + PLATFORM_DIMM_LIST *DimmList; + PLATFORM_DRAM_INFO *DramInfo; + SMBIOS_TABLE_TYPE17 *InputData; + SMBIOS_TABLE_TYPE17 *Type17Record; HandleCount = 0; HandleArray = NULL; @@ -361,7 +228,7 @@ SMBIOS_PLATFORM_DXE_TABLE_FUNCTION (PlatformMemoryDevice) { return EFI_OUT_OF_RESOURCES; } - if (HandleCount != GetNumberOfSupportedSockets ()) { + if (HandleCount < 1) { DEBUG (( DEBUG_ERROR, "[%a]:[%dL] Failed to get Memory Array Handle\n", @@ -372,110 +239,124 @@ SMBIOS_PLATFORM_DXE_TABLE_FUNCTION (PlatformMemoryDevice) { return EFI_NOT_FOUND; } - for (Index = 0; Index < GetNumberOfSupportedSockets (); Index++) { - InputData = (SMBIOS_TABLE_TYPE17 *)RecordData; - InputStrToken = (STR_TOKEN_INFO *)StrToken; - MemoryArrayHandle = HandleArray[Index]; - - while (InputData->Hdr.Type != NULL_TERMINATED_TYPE) { - for (SlotIndex = 0; SlotIndex < DimmList->BoardDimmSlots; SlotIndex++) { - // - // Prepare additional strings for SMBIOS Table. - // - Dimm = &DimmList->Dimm[SlotIndex]; - if (Dimm->NodeId != Index) { - continue; - } - - Status = SmbiosPlatformDxeSaveHiiDefaultString (InputStrToken); - if (EFI_ERROR (Status)) { - FreePool (HandleArray); - return Status; - } - - if (Dimm->Info.DimmStatus == DIMM_INSTALLED_OPERATIONAL) { - UpdateManufacturer (Dimm->SpdData.Data, InputStrToken->TokenArray[MANUFACTURER_TOKEN_INDEX]); - UpdateSerialNumber (Dimm->SpdData.Data, InputStrToken->TokenArray[SERIAL_NUMBER_TOKEN_INDEX]); - UpdatePartNumber (Dimm->SpdData.Data, InputStrToken->TokenArray[PART_NUMBER_TOKEN_INDEX]); - } - - UnicodeSPrint (UnicodeStr, sizeof (UnicodeStr), L"Socket %d DIMM %d", Index, SlotIndex); - HiiSetString (mSmbiosPlatformDxeHiiHandle, InputStrToken->TokenArray[DEVICE_LOCATOR_TOKEN_INDEX], UnicodeStr, NULL); - UnicodeSPrint (UnicodeStr, sizeof (UnicodeStr), L"Bank %d", SlotIndex); - HiiSetString (mSmbiosPlatformDxeHiiHandle, InputStrToken->TokenArray[BANK_LOCATOR_TOKEN_INDEX], UnicodeStr, NULL); - UnicodeSPrint (UnicodeStr, sizeof (UnicodeStr), L"Array %d Asset Tag %d", Index, SlotIndex); - HiiSetString (mSmbiosPlatformDxeHiiHandle, InputStrToken->TokenArray[ASSET_TAG_TOKEN_INDEX], UnicodeStr, NULL); - - // - // Create Table and fill up information. - // - SmbiosPlatformDxeCreateTable ( - (VOID *)&Type17Record, - (VOID *)&InputData, - sizeof (SMBIOS_TABLE_TYPE17), - InputStrToken - ); - if (Type17Record == NULL) { - FreePool (HandleArray); - return EFI_OUT_OF_RESOURCES; - } - - if (Dimm->Info.DimmStatus == DIMM_INSTALLED_OPERATIONAL) { - MemorySize = Dimm->Info.DimmSize * 1024; - if (MemorySize >= 0x7FFF) { - Type17Record->Size = 0x7FFF; - Type17Record->ExtendedSize = MemorySize; - } else { - Type17Record->Size = (UINT16)MemorySize; - Type17Record->ExtendedSize = 0; - } - - Type17Record->MemoryType = 0x1A; // DDR4 - Type17Record->Speed = (UINT16)DramInfo->MaxSpeed; - Type17Record->ConfiguredMemoryClockSpeed = (UINT16)DramInfo->MaxSpeed; - Type17Record->Attributes = Dimm->Info.DimmNrRank & 0x0F; - Type17Record->ConfiguredVoltage = 1200; - Type17Record->MinimumVoltage = 1140; - Type17Record->MaximumVoltage = 1260; - Type17Record->DeviceSet = 0; // None - - if ((Dimm->Info.DimmType == UDIMM) || (Dimm->Info.DimmType == SODIMM)) { - Type17Record->TypeDetail.Unbuffered = 1; // BIT 14: unregistered - } else if ( (Dimm->Info.DimmType == RDIMM) - || (Dimm->Info.DimmType == LRDIMM) - || (Dimm->Info.DimmType == RSODIMM)) - { - Type17Record->TypeDetail.Registered = 1; // BIT 13: registered - } - - /* FIXME: Determine if need to set technology to NVDIMM-* when supported */ - Type17Record->MemoryTechnology = 0x3; // DRAM - } - - // Update Type 16 handle - Type17Record->MemoryArrayHandle = MemoryArrayHandle; - - // - // Add Table record and free pool. - // - Status = SmbiosPlatformDxeAddRecord ((UINT8 *)Type17Record, NULL); - if (EFI_ERROR (Status)) { - FreePool (HandleArray); - FreePool (Type17Record); - return Status; - } - - FreePool (Type17Record); - Status = SmbiosPlatformDxeRestoreHiiDefaultString (InputStrToken); - if (EFI_ERROR (Status)) { - FreePool (HandleArray); - return Status; - } + InputData = (SMBIOS_TABLE_TYPE17 *)RecordData; + InputStrToken = (STR_TOKEN_INFO *)StrToken; + MemoryArrayHandle = HandleArray[0]; + + SlotIndex = 0; + + // Divide the PLATFORM_DIMM_INFO_MAX_SLOT by 2 since we only have + // 1 socket on this platform. + for (Index = 0; Index < (PLATFORM_DIMM_INFO_MAX_SLOT / 2); Index++) { + + if (SlotIndex > 5) { + break; + } + + if ((Index == 6) || (Index == 7) || (Index >= 14) || (((Index + 1) % 2) == 0)) { + continue; + } + + // + // Prepare additional strings for SMBIOS Table. + // + Dimm = &DimmList->Dimm[Index]; + if (Dimm->NodeId != 0) { + continue; + } + + Status = SmbiosPlatformDxeSaveHiiDefaultString (InputStrToken); + if (EFI_ERROR (Status)) { + FreePool (HandleArray); + return Status; + } + if (Dimm->Info.DimmStatus == DIMM_INSTALLED_OPERATIONAL) { + UpdateManufacturer (Dimm->SpdData.Data, InputStrToken->TokenArray[MANUFACTURER_TOKEN_INDEX]); + UpdateSerialNumber (Dimm->SpdData.Data, InputStrToken->TokenArray[SERIAL_NUMBER_TOKEN_INDEX]); + UpdatePartNumber (Dimm->SpdData.Data, InputStrToken->TokenArray[PART_NUMBER_TOKEN_INDEX]); + } + UnicodeSPrint (UnicodeStr, sizeof (UnicodeStr), L"DIMM %d", SlotIndex + 1); + HiiSetString (mSmbiosPlatformDxeHiiHandle, InputStrToken->TokenArray[DEVICE_LOCATOR_TOKEN_INDEX], UnicodeStr, NULL); + + // + // Create Table and fill up information. + // + SmbiosPlatformDxeCreateTable ( + (VOID *)&Type17Record, + (VOID *)&InputData, + sizeof (SMBIOS_TABLE_TYPE17), + InputStrToken + ); + if (Type17Record == NULL) { + FreePool (HandleArray); + return EFI_OUT_OF_RESOURCES; + } + + if (Dimm->Info.DimmStatus != DIMM_NOT_INSTALLED) { + DEBUG ((DEBUG_INFO, "DIMM %d (Memory Controller %d Channel %d): \n", SlotIndex, Index / 2, (Index % 2))); + DEBUG ((DEBUG_INFO, "\tStatus (1=Installed-Operational, 2=Installed-NonOperational, 3=Installed-Failed): %d\n", Dimm->Info.DimmStatus)); + DEBUG ((DEBUG_INFO, "\tPart Number: %a\n", Dimm->Info.PartNumber)); + DEBUG ((DEBUG_INFO, "\tDimmSize: %llu\n", Dimm->Info.DimmSize)); + DEBUG ((DEBUG_INFO, "\tDimmMfcId: %d\n", Dimm->Info.DimmMfcId)); + DEBUG ((DEBUG_INFO, "\tDimmNrRank: %d\n", Dimm->Info.DimmNrRank)); + DEBUG ((DEBUG_INFO, "\tDimmType: %d\n", Dimm->Info.DimmType)); + DEBUG ((DEBUG_INFO, "\tDimmDevType: %d\n", Dimm->Info.DimmDevType)); + } else { + DEBUG ((DEBUG_INFO, "DIMM %d (Memory Controller %d Channel %d): not installed\n", SlotIndex, Index / 2, (Index % 2))); + } + + if (Dimm->Info.DimmStatus == DIMM_INSTALLED_OPERATIONAL) { + MemorySize = Dimm->Info.DimmSize * 1024; + + if (MemorySize >= 0x7FFF) { + Type17Record->Size = 0x7FFF; + Type17Record->ExtendedSize = MemorySize; + } else { + Type17Record->Size = (UINT16)MemorySize; + Type17Record->ExtendedSize = 0; + } + + Type17Record->MemoryType = MemoryTypeDdr4; + Type17Record->Speed = (UINT16)DramInfo->MaxSpeed; + Type17Record->ConfiguredMemoryClockSpeed = (UINT16)DramInfo->MaxSpeed; + Type17Record->Attributes = Dimm->Info.DimmNrRank & 0x0F; + Type17Record->ConfiguredVoltage = 1200; + Type17Record->MinimumVoltage = 1140; + Type17Record->MaximumVoltage = 1260; + Type17Record->DeviceSet = 0; // None + + if (Dimm->Info.DimmType == UDIMM || Dimm->Info.DimmType == SODIMM) { + Type17Record->TypeDetail.Unbuffered = 1; // BIT 14: unregistered + } else if (Dimm->Info.DimmType == RDIMM || + Dimm->Info.DimmType == LRDIMM || + Dimm->Info.DimmType == RSODIMM) + { + Type17Record->TypeDetail.Registered = 1; // BIT 13: registered } + /* FIXME: Determine if need to set technology to NVDIMM-* when supported */ + Type17Record->MemoryTechnology = MemoryTechnologyDram; + } + // Update Type 16 handle + Type17Record->MemoryArrayHandle = MemoryArrayHandle; + + // + // Add Table record and free pool. + // + Status = SmbiosPlatformDxeAddRecord ((UINT8 *)Type17Record, NULL); + if (EFI_ERROR (Status)) { + FreePool (HandleArray); + FreePool (Type17Record); + return Status; + } - InputData++; - InputStrToken++; + FreePool (Type17Record); + Status = SmbiosPlatformDxeRestoreHiiDefaultString (InputStrToken); + if (EFI_ERROR (Status)) { + FreePool (HandleArray); + return Status; } + + SlotIndex++; } FreePool (HandleArray); From 871f833b0231da56bbd64ffd0d4f9f2dfa54412a Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:49:45 -0700 Subject: [PATCH 11/29] Platform/{ADLINK,Ampere}: Rework capsule updates Rework capsule update support so that the capsules contain correct, up-to-date version information and can be applied from Linux using fwupmgr. Since there can only be a single FMP descriptor, drop support for SCP upgrades: those can still be done via the BMC. Signed-off-by: Rebecca Cran --- .../SystemFirmwareDescriptor.aslc | 22 ++--- .../SystemFirmwareDescriptor.inf | 2 - ...ig.ini => TfaUefiFirmwareUpdateConfig.ini} | 8 +- ...onfig.ini => UefiFirmwareUpdateConfig.ini} | 8 +- Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc | 86 +++++++++------- Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf | 22 +++-- .../ADLINK/ComHpcAltPkg/ComHpcAltCapsule.dsc | 5 +- .../ADLINK/ComHpcAltPkg/ComHpcAltCapsule.fdf | 97 ++++++------------- .../ADLINK/ComHpcAltPkg/firmware.metainfo.xml | 48 +++++++++ .../SystemFirmwareDescriptor.aslc | 16 +-- .../SystemFirmwareDescriptor.inf | 2 - .../SCPFirmwareUpdateConfig.ini | 20 ---- .../SystemFirmwareUpdateConfig.ini | 2 +- Platform/Ampere/JadePkg/Jade.dsc | 45 +++++++-- Platform/Ampere/JadePkg/Jade.fdf | 25 +++-- Platform/Ampere/JadePkg/JadeCapsule.dsc | 6 +- Platform/Ampere/JadePkg/JadeCapsule.fdf | 85 ++++------------ Platform/Ampere/Tools/fw_ver.sh | 8 +- Platform/Ampere/Tools/tools_def.txt.patch | 10 ++ Platform/Ampere/buildfw.sh | 16 ++- .../AmpereAltraLinuxBootPkg.dsc.inc | 4 +- .../AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 2 +- 22 files changed, 273 insertions(+), 266 deletions(-) rename Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/{SystemFirmwareUpdateConfig.ini => TfaUefiFirmwareUpdateConfig.ini} (70%) rename Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/{SCPFirmwareUpdateConfig.ini => UefiFirmwareUpdateConfig.ini} (77%) create mode 100644 Platform/ADLINK/ComHpcAltPkg/firmware.metainfo.xml delete mode 100644 Platform/Ampere/JadePkg/Capsule/SystemFirmwareUpdateConfig/SCPFirmwareUpdateConfig.ini create mode 100644 Platform/Ampere/Tools/tools_def.txt.patch diff --git a/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc b/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc index eb3ed7470b..8a650a700c 100644 --- a/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc +++ b/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc @@ -14,15 +14,13 @@ #include #include +#include "HostFwInfo.h" + #define PACKAGE_VERSION 0xFFFFFFFF #define PACKAGE_VERSION_STRING L"Unknown" -#define CURRENT_FIRMWARE_VERSION 0x7E841A00 // YearMonthDayBuild (0xYYYMDDBB) -#define CURRENT_FIRMWARE_VERSION_STRING L"2024.04.26.00" -#define LOWEST_SUPPORTED_FIRMWARE_VERSION 0x0204640C - #define IMAGE_ID SIGNATURE_64('A', 'A', 'D', 'P', '_', 'F', 'W', ' ') -#define IMAGE_ID_STRING L"ADLINK AADP System Firmware" +#define IMAGE_ID_STRING L"ADLINK AADP Host Firmware" // PcdSystemFmpCapsuleImageTypeIdGuid #define IMAGE_TYPE_ID_GUID { 0xcdcdd0b7, 0x8afb, 0x4883, { 0x85, 0x3a, 0xae, 0x93, 0x98, 0x07, 0x7a, 0x0e } } @@ -35,7 +33,7 @@ typedef struct { CHAR16 PackageVersionNameStr[sizeof(PACKAGE_VERSION_STRING)/sizeof(CHAR16)]; } IMAGE_DESCRIPTOR; -STATIC IMAGE_DESCRIPTOR mImageDescriptor = +STATIC IMAGE_DESCRIPTOR mHostImageDescriptor = { { EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE, @@ -43,7 +41,7 @@ STATIC IMAGE_DESCRIPTOR mImageDescriptor = sizeof(IMAGE_DESCRIPTOR), PACKAGE_VERSION, // PackageVersion OFFSET_OF (IMAGE_DESCRIPTOR, PackageVersionNameStr), // PackageVersionName - 1, // ImageIndex; + 0, // ImageIndex; {0x0}, // Reserved IMAGE_TYPE_ID_GUID, // ImageTypeId; IMAGE_ID, // ImageId; @@ -51,15 +49,17 @@ STATIC IMAGE_DESCRIPTOR mImageDescriptor = CURRENT_FIRMWARE_VERSION, // Version; OFFSET_OF (IMAGE_DESCRIPTOR, VersionNameStr), // VersionName; {0x0}, // Reserved2 - 0, // Size; + 0xA00000, // Size; IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | IMAGE_ATTRIBUTE_RESET_REQUIRED | IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | - IMAGE_ATTRIBUTE_IN_USE, // AttributesSupported; + IMAGE_ATTRIBUTE_IN_USE | + IMAGE_ATTRIBUTE_UEFI_IMAGE, // AttributesSupported; IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | IMAGE_ATTRIBUTE_RESET_REQUIRED | IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | - IMAGE_ATTRIBUTE_IN_USE, // AttributesSetting; + IMAGE_ATTRIBUTE_IN_USE | + IMAGE_ATTRIBUTE_UEFI_IMAGE, // AttributesSetting; 0x0, // Compatibilities; LOWEST_SUPPORTED_FIRMWARE_VERSION, // LowestSupportedImageVersion; 0x00000000, // LastAttemptVersion; @@ -73,4 +73,4 @@ STATIC IMAGE_DESCRIPTOR mImageDescriptor = PACKAGE_VERSION_STRING, }; -VOID* CONST ReferenceAcpiTable = &mImageDescriptor; +VOID* CONST ReferenceAcpiTable = &mHostImageDescriptor; diff --git a/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf b/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf index 792a28aaff..22faf63ba2 100644 --- a/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf +++ b/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf @@ -32,8 +32,6 @@ PeiServicesLib PeimEntryPoint -[FixedPcd] - [Pcd] gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor diff --git a/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini b/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/TfaUefiFirmwareUpdateConfig.ini similarity index 70% rename from Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini rename to Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/TfaUefiFirmwareUpdateConfig.ini index 721fbff455..1471fa729a 100644 --- a/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini +++ b/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/TfaUefiFirmwareUpdateConfig.ini @@ -10,12 +10,12 @@ [Head] NumOfUpdate = 1 NumOfRecovery = 0 -Update0 = AADP_UEFI_TFA +Update0 = AADP_TFA_UEFI -[AADP_UEFI_TFA] -FirmwareType = 2147483650 # SystemFirmware: 0x80000002 - OEM UEFI and ARM Trusted Firmware +[AADP_TFA_UEFI] +FirmwareType = 2147483650 # SystemFirmware: 0x80000002 - ARM Trusted Firmware and OEM UEFI AddressType = 1 # 0 - relative address, 1 - absolute address. BaseAddress = 0x00000000 # Base address offset on flash Length = 0x00D10000 # Length ImageOffset = 0x00000000 # Image offset of this SystemFirmware image -FileGuid = c07b0079-b3a2-448d-8c9c-46ba3c42b33e # PcdEdkiiSystemFirmwareFileGuid +FileGuid = 074c21e5-7d17-48e9-808d-f0c85e52a7db # PcdEdkiiSystemFirmwareFileGuid diff --git a/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/SCPFirmwareUpdateConfig.ini b/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/UefiFirmwareUpdateConfig.ini similarity index 77% rename from Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/SCPFirmwareUpdateConfig.ini rename to Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/UefiFirmwareUpdateConfig.ini index eeccd5be0d..0ff55feb4f 100644 --- a/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/SCPFirmwareUpdateConfig.ini +++ b/Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/UefiFirmwareUpdateConfig.ini @@ -10,12 +10,12 @@ [Head] NumOfUpdate = 1 NumOfRecovery = 0 -Update0 = AltraSCP +Update0 = AADP_UEFI -[AltraSCP] -FirmwareType = 2147483649 # 0x80000001: SMpro/PMpro Firmware +[AADP_UEFI] +FirmwareType = 2147483651 # SystemFirmware: 0x80000003 - OEM UEFI AddressType = 1 # 0 - relative address, 1 - absolute address. BaseAddress = 0x00000000 # Base address offset on flash -Length = 0x00050000 # Length +Length = 0x00A10000 # Length ImageOffset = 0x00000000 # Image offset of this SystemFirmware image FileGuid = c07b0079-b3a2-448d-8c9c-46ba3c42b33e # PcdEdkiiSystemFirmwareFileGuid diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc index 06c62e2ff5..e089b693d1 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc @@ -55,7 +55,10 @@ DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F !endif - DEFINE FIRMWARE_VER = 2024.01.01-01 + DEFINE FIRMWARE_VER = 00.01.01-00 + DEFINE FIRMWARE_VER_HEX = 0x00010100 + DEFINE CAPSULE_ENABLE = TRUE + DEFINE INCLUDE_TFA_FW = TRUE DEFINE SECURE_BOOT_ENABLE = TRUE DEFINE TPM2_ENABLE = TRUE DEFINE SHELL_ENABLE = TRUE @@ -74,31 +77,10 @@ DEFINE PERFORMANCE_MEASUREMENT_ENABLE = FALSE DEFINE HEAP_GUARD_ENABLE = FALSE -# How to enable Secure Boot support -# From https://github.com/edk2-porting/edk2-rk3588/issues/69 - -# In case you haven't seen how we do it on the Pi, this is relatively -# easy to add during the EDK2 build process. -# -# Basically you want to first get all the needed Secure Boot certificates -# and dbx, most of which can be downloaded directly: -# https://github.com/pftf/RPi4/blob/master/.github/workflows/linux_edk2.yml#L50-L58 -# -# Note that, because we sure don't want any third party (including -# ourselves) to have control over somebody else's machine when it comes -# to Secure Boot, we always generate a new PK as part of the build process and then discard the private key altogether. -# -# Then, at EDK2 build time, you just need to feed the -# -D SECURE_BOOT_ENABLE=TRUE option along with something like -# -D DEFAULT_KEYS=TRUE -D PK_DEFAULT_FILE=$WORKSPACE/keys/pk.cer -# -D KEK_DEFAULT_FILE1=$WORKSPACE/keys/ms_kek.cer -# -D DB_DEFAULT_FILE1=$WORKSPACE/keys/ms_db1.cer -# -D DB_DEFAULT_FILE2=$WORKSPACE/keys/ms_db2.cer -# -D DBX_DEFAULT_FILE1=$WORKSPACE/keys/arm64_dbx.bin: -# https://github.com/pftf/RPi4/blob/master/.github/workflows/linux_edk2.yml#L64-L65 -# -# And with this, you should have a UEFI firmware that both Windows and -# Linux are happy with when it comes to Secure Boot. +!if $(CAPSULE_ENABLE) == TRUE + DEFINE UEFI_IMAGE = Build/ComHpcAlt/comhpcalt_uefi.bin + DEFINE TFA_UEFI_IMAGE = Build/ComHpcAlt/comhpcalt_tfa_uefi.bin +!endif !include MdePkg/MdeLibs.dsc.inc @@ -171,6 +153,8 @@ # gAmpereTokenSpaceGuid.PcdPcieHotPlugPortMapTable.UseDefaultConfig|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdSupportUpdateCapsuleReset|TRUE + [PcdsFixedAtBuild] gAmpereTokenSpaceGuid.PcdPcieHotPlugGpioResetMap|0x3F @@ -200,6 +184,17 @@ gAmpereTokenSpaceGuid.PcdSmbusI2cBusSpeed|100000 + # We should support CoD in future, since it provides a nicer + # upgrade experience (e.g. a progress bar). + gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleOnDiskSupport|FALSE + +!if $(SECURE_BOOT_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0} + !include Platform/ADLINK/ComHpcAltPkg/root.cer.gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer.inc +!endif + + gAmpereTokenSpaceGuid.PcdFirmwareVersionNumber|$(FIRMWARE_VER_HEX) + gPostCodeDebugFeaturePkgTokenSpaceGuid.PcdStatusCodeUsePostCode|TRUE [PcdsFixedAtBuild.common] @@ -291,8 +286,8 @@ [PcdsDynamicExDefault.common.DEFAULT] gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100 - gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0xf6, 0xc8, 0x4a, 0x70, 0x39, 0xcb, 0xb7, 0x47, 0x8f, 0x26, 0x39, 0x6c, 0xe9, 0xdb, 0x69, 0x71} - gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0x79, 0x00, 0x7b, 0xc0, 0xa2, 0xb3, 0x8d, 0x44, 0x8c, 0x9c, 0x46, 0xba, 0x3c, 0x42, 0xb3, 0x3e} + gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{GUID("cdcdd0b7-8afb-4883-853a-ae9398077a0e")}|VOID*|0x10 + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{GUID("074c21e5-7d17-48e9-808d-f0c85e52a7db")}|VOID*|0x10 [PcdsPatchableInModule] # @@ -359,15 +354,6 @@ ManageabilityPkg/Universal/IpmiBlobTransferDxe/IpmiBlobTransferDxe.inf Features/ManageabilityPkg/Universal/IpmiProtocol/Dxe/IpmiProtocolDxe.inf - # - # Firmware Capsule Update - # - Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf - MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf - SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf - SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf - MdeModulePkg/Application/CapsuleApp/CapsuleApp.inf - # # HII # @@ -379,6 +365,32 @@ Silicon/Ampere/AmpereAltraPkg/Drivers/RootComplexConfigDxe/RootComplexConfigDxe.inf Silicon/Ampere/AmpereSiliconPkg/Drivers/BmcConfigDxe/BmcConfigDxe.inf + # + # Firmware Capsule Update + # +!if $(CAPSULE_ENABLE) == TRUE + Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf + MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf + MdeModulePkg/Universal/EsrtFmpDxe/EsrtFmpDxe.inf + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf { + + FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf + } + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf { + + FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf + } + MdeModulePkg/Application/CapsuleApp/CapsuleApp.inf { + + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + } + + # + # System Firmware Update + # + Silicon/Ampere/AmpereAltraPkg/Drivers/SystemFirmwareUpdateDxe/SystemFirmwareUpdateDxe.inf +!endif + # Redfish # !if $(NETWORK_ENABLE) == TRUE diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf index 994b0cca36..8ced18be07 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf @@ -160,6 +160,10 @@ APRIORI PEI { INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf } +!if $(CAPSULE_ENABLE) == TRUE + INF RuleOverride = FMP_IMAGE_DESC Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf +!endif + INF ArmPlatformPkg/Sec/Sec.inf INF MdeModulePkg/Core/Pei/PeiMain.inf INF UefiCpuPkg/CpuIoPei/CpuIoPei.inf @@ -175,6 +179,8 @@ APRIORI PEI { INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf INF MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf + INF MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.inf + INF MdeModulePkg/Universal/CapsulePei/CapsulePei.inf INF MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei.inf INF MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf INF Silicon/Ampere/AmpereAltraPkg/Drivers/PcieInitPei/PcieInitPei.inf @@ -192,8 +198,6 @@ APRIORI PEI { INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf - INF RuleOverride = FMP_IMAGE_DESC Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf - FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE { SECTION FV_IMAGE = FVMAIN @@ -414,21 +418,19 @@ APRIORI DXE { # SMBIOS # INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf - INF ArmPkg/Universal/Smbios/ProcessorSubClassDxe/ProcessorSubClassDxe.inf INF ArmPkg/Universal/Smbios/SmbiosMiscDxe/SmbiosMiscDxe.inf + INF ArmPkg/Universal/Smbios/ProcessorSubClassDxe/ProcessorSubClassDxe.inf INF Platform/ADLINK/ComHpcAltPkg/Drivers/SmbiosPlatformDxe/SmbiosPlatformDxe.inf INF ManageabilityPkg/Universal/IpmiBlobTransferDxe/IpmiBlobTransferDxe.inf # # Firmware Capsule Update # - INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf - INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf - - FILE FREEFORM = PCD(gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid) { - SECTION RAW = BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer - SECTION UI = "Pkcs7TestRoot" - } +!if $(CAPSULE_ENABLE) == TRUE + INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf + INF MdeModulePkg/Universal/EsrtFmpDxe/EsrtFmpDxe.inf + INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf +!endif # # HII diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAltCapsule.dsc b/Platform/ADLINK/ComHpcAltPkg/ComHpcAltCapsule.dsc index 6520c1e432..ea9d49f9eb 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAltCapsule.dsc +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAltCapsule.dsc @@ -26,5 +26,6 @@ # Defines for default states. These can be changed on the command line. # -D FLAG=VALUE # - DEFINE UEFI_TFA_IMAGE = Build/ComHpcAlt/comhpcalt_tfa_uefi.bin - DEFINE SCP_IMAGE = altra_scp_signed_2.10.20230517.slim + DEFINE INCLUDE_TFA_FW = TRUE + DEFINE UEFI_IMAGE = Build/ComHpcAlt/comhpcalt_uefi.bin + DEFINE TFA_UEFI_IMAGE = Build/ComHpcAlt/comhpcalt_tfa_uefi.bin diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAltCapsule.fdf b/Platform/ADLINK/ComHpcAltPkg/ComHpcAltCapsule.fdf index 39ed2b5583..65e44fdefd 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAltCapsule.fdf +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAltCapsule.fdf @@ -20,27 +20,25 @@ # ################################################################################ -[FD.ALTRA_SCP_FIRMWARE_CAPSULE] +[FD.COMHPCALT_HOST_FIRMWARE_CAPSULE] BaseAddress = 0x00000000 # The base address of the Firmware in NOR Flash. -Size = 0x00050000 # The size in bytes of the FLASH Device +!if $(INCLUDE_TFA_FW) == TRUE + Size = 0x00C10000 # The size in bytes of the FLASH Device +!else + Size = 0x00A10000 +!endif ErasePolarity = 1 0x00000000|0x00010000 FILE = $(WORKSPACE)/$(OUTPUT_DIRECTORY)/$(TARGET)_$(TOOL_CHAIN_TAG)/FV/SYSTEMFIRMWAREDESCRIPTOR.Fv -0x00010000|0x00040000 -FILE = $(SCP_IMAGE) - -[FD.COMHPCALT_UEFI_TFA_FIRMWARE_CAPSULE] -BaseAddress = 0x00000000 # The base address of the Firmware in NOR Flash. -Size = 0x00D10000 # The size in bytes of the FLASH Device -ErasePolarity = 1 - -0x00000000|0x00010000 -FILE = $(WORKSPACE)/$(OUTPUT_DIRECTORY)/$(TARGET)_$(TOOL_CHAIN_TAG)/FV/SYSTEMFIRMWAREDESCRIPTOR.Fv - -0x00010000|0x00D00000 -FILE = $(UEFI_TFA_IMAGE) +!if $(INCLUDE_TFA_FW) == TRUE + 0x00010000|0x00C00000 + FILE = $(TFA_UEFI_IMAGE) +!else + 0x00010000|0x00A00000 + FILE = $(UEFI_IMAGE) +!endif ################################################################################ # @@ -53,7 +51,7 @@ FILE = $(UEFI_TFA_IMAGE) # ################################################################################ -[FV.SystemScpFirmwareUpdateCargo] +[FV.HostFirmwareUpdateCargo] FvAlignment = 16 ERASE_POLARITY = 1 MEMORY_MAPPED = TRUE @@ -71,8 +69,8 @@ READ_STATUS = TRUE READ_LOCK_CAP = TRUE READ_LOCK_STATUS = TRUE -FILE RAW = c07b0079-b3a2-448d-8c9c-46ba3c42b33e { # PcdEdkiiSystemFirmwareFileGuid - FD = ALTRA_SCP_FIRMWARE_CAPSULE +FILE RAW = 074c21e5-7d17-48e9-808d-f0c85e52a7db { # PcdEdkiiSystemFirmwareFileGuid + FD = COMHPCALT_HOST_FIRMWARE_CAPSULE } FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # gEdkiiSystemFmpCapsuleDriverFvFileGuid @@ -80,69 +78,28 @@ FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # gEdkiiSystemFmpCapsuleDriver } FILE RAW = 812136D3-4D3A-433A-9418-29BB9BF78F6E { # gEdkiiSystemFmpCapsuleConfigFileGuid - Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/SCPFirmwareUpdateConfig.ini +!if $(INCLUDE_TFA_FW) + Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/TfaUefiFirmwareUpdateConfig.ini +!else + Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/UefiFirmwareUpdateConfig.ini +!endif } -[FmpPayload.FmpPayloadScpSystemFirmwarePkcs7] -IMAGE_HEADER_INIT_VERSION = 0x02 +[FmpPayload.FmpPayloadHostFirmwarePkcs7] +IMAGE_HEADER_INIT_VERSION = 0x03 IMAGE_TYPE_ID = cdcdd0b7-8afb-4883-853a-ae9398077a0e # PcdSystemFmpCapsuleImageTypeIdGuid IMAGE_INDEX = 0x1 HARDWARE_INSTANCE = 0x0 MONOTONIC_COUNT = 0x1 CERTIFICATE_GUID = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 # PKCS7 -FV = SystemScpFirmwareUpdateCargo +FV = HostFirmwareUpdateCargo -[Capsule.ComHpcAltScpFirmwareUpdateCapsuleFmpPkcs7] +[Capsule.ComHpcAltHostFirmware] CAPSULE_GUID = 6dcbd5ed-e82d-4c44-bda1-7194199ad92a # gEfiFmpCapsuleGuid CAPSULE_HEADER_SIZE = 0x20 CAPSULE_HEADER_INIT_VERSION = 0x1 +#CAPSULE_FLAGS = PersistAcrossReset,InitiateReset -FMP_PAYLOAD = FmpPayloadScpSystemFirmwarePkcs7 - -[FV.SystemFirmwareUpdateCargo] -FvAlignment = 16 -ERASE_POLARITY = 1 -MEMORY_MAPPED = TRUE -STICKY_WRITE = TRUE -LOCK_CAP = TRUE -LOCK_STATUS = TRUE -WRITE_DISABLED_CAP = TRUE -WRITE_ENABLED_CAP = TRUE -WRITE_STATUS = TRUE -WRITE_LOCK_CAP = TRUE -WRITE_LOCK_STATUS = TRUE -READ_DISABLED_CAP = TRUE -READ_ENABLED_CAP = TRUE -READ_STATUS = TRUE -READ_LOCK_CAP = TRUE -READ_LOCK_STATUS = TRUE - -FILE RAW = c07b0079-b3a2-448d-8c9c-46ba3c42b33e { # PcdEdkiiSystemFirmwareFileGuid - FD = COMHPCALT_UEFI_TFA_FIRMWARE_CAPSULE - } - -FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # gEdkiiSystemFmpCapsuleDriverFvFileGuid - $(WORKSPACE)/$(OUTPUT_DIRECTORY)/$(TARGET)_$(TOOL_CHAIN_TAG)/FV/CAPSULEDISPATCHFV.Fv - } - -FILE RAW = 812136D3-4D3A-433A-9418-29BB9BF78F6E { # gEdkiiSystemFmpCapsuleConfigFileGuid - Platform/ADLINK/ComHpcAltPkg/Capsule/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini - } - -[FmpPayload.FmpPayloadSystemFirmwarePkcs7] -IMAGE_HEADER_INIT_VERSION = 0x02 -IMAGE_TYPE_ID = cdcdd0b7-8afb-4883-853a-ae9398077a0e # PcdSystemFmpCapsuleImageTypeIdGuid -IMAGE_INDEX = 0x1 -HARDWARE_INSTANCE = 0x0 -MONOTONIC_COUNT = 0x1 -CERTIFICATE_GUID = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 # PKCS7 - -FV = SystemFirmwareUpdateCargo - -[Capsule.ComHpcAltUefiAtfFirmwareUpdateCapsuleFmpPkcs7] -CAPSULE_GUID = 6dcbd5ed-e82d-4c44-bda1-7194199ad92a # gEfiFmpCapsuleGuid -CAPSULE_HEADER_SIZE = 0x20 -CAPSULE_HEADER_INIT_VERSION = 0x1 +FMP_PAYLOAD = FmpPayloadHostFirmwarePkcs7 -FMP_PAYLOAD = FmpPayloadSystemFirmwarePkcs7 diff --git a/Platform/ADLINK/ComHpcAltPkg/firmware.metainfo.xml b/Platform/ADLINK/ComHpcAltPkg/firmware.metainfo.xml new file mode 100644 index 0000000000..cb66feb6fc --- /dev/null +++ b/Platform/ADLINK/ComHpcAltPkg/firmware.metainfo.xml @@ -0,0 +1,48 @@ + + + com.adlinktech.ComHpcAlt.firmware + + X-System + + COM-HPC-ALT + Ampere Altra Developer Platform/Dev Kit/AVA Developer Platform/Developer Rugged + Firmware for ADLINK Ampere Altra Boards + +

+ Updating the firmware on your Ampere Altra Developer Platform + improves performance and adds new features. +

+
+ + cdcdd0b7-8afb-4883-853a-ae9398077a0e + + https://www.adlinktech.com + BSD-2-Clause-Patent + BSD-2-Clause-Patent + + + + https://github.com/tianocore/edk2-platforms + + {RELEASE_NOTES} + + + + + + + + org.freedesktop.fwupd + + + + number + org.uefi.capsule + signed + + + + bios + +
diff --git a/Platform/Ampere/JadePkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc b/Platform/Ampere/JadePkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc index eb3a3c731b..c80bc31438 100644 --- a/Platform/Ampere/JadePkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc +++ b/Platform/Ampere/JadePkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.aslc @@ -12,15 +12,13 @@ #include #include +#include "HostFwInfo.h" + #define PACKAGE_VERSION 0xFFFFFFFF #define PACKAGE_VERSION_STRING L"Unknown" -#define CURRENT_FIRMWARE_VERSION 0x00000001 -#define CURRENT_FIRMWARE_VERSION_STRING L"0x00000001" -#define LOWEST_SUPPORTED_FIRMWARE_VERSION 0x00000001 - #define IMAGE_ID SIGNATURE_64('J', 'A', 'D', 'E', '_', 'F', 'W', ' ') -#define IMAGE_ID_STRING L"Jade System Firmware" +#define IMAGE_ID_STRING L"Jade Host Firmware" // PcdSystemFmpCapsuleImageTypeIdGuid #define IMAGE_TYPE_ID_GUID { 0xf08bca31, 0x542e, 0x4cea, { 0x8b, 0x48, 0x8e, 0x54, 0xf9, 0x42, 0x25, 0x94 } } @@ -49,15 +47,17 @@ STATIC IMAGE_DESCRIPTOR mImageDescriptor = CURRENT_FIRMWARE_VERSION, // Version; OFFSET_OF (IMAGE_DESCRIPTOR, VersionNameStr), // VersionName; {0x0}, // Reserved2 - 0, // Size; + 0xA00000, // Size; IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | IMAGE_ATTRIBUTE_RESET_REQUIRED | IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | - IMAGE_ATTRIBUTE_IN_USE, // AttributesSupported; + IMAGE_ATTRIBUTE_IN_USE | + IMAGE_ATTRIBUTE_UEFI_IMAGE, // AttributesSupported; IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | IMAGE_ATTRIBUTE_RESET_REQUIRED | IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | - IMAGE_ATTRIBUTE_IN_USE, // AttributesSetting; + IMAGE_ATTRIBUTE_IN_USE | + IMAGE_ATTRIBUTE_UEFI_IMAGE, // AttributesSetting; 0x0, // Compatibilities; LOWEST_SUPPORTED_FIRMWARE_VERSION, // LowestSupportedImageVersion; 0x00000000, // LastAttemptVersion; diff --git a/Platform/Ampere/JadePkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf b/Platform/Ampere/JadePkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf index 8d77cf4e26..4fa129da22 100644 --- a/Platform/Ampere/JadePkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf +++ b/Platform/Ampere/JadePkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf @@ -31,8 +31,6 @@ PeiServicesLib PeimEntryPoint -[FixedPcd] - [Pcd] gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor diff --git a/Platform/Ampere/JadePkg/Capsule/SystemFirmwareUpdateConfig/SCPFirmwareUpdateConfig.ini b/Platform/Ampere/JadePkg/Capsule/SystemFirmwareUpdateConfig/SCPFirmwareUpdateConfig.ini deleted file mode 100644 index 050463a46f..0000000000 --- a/Platform/Ampere/JadePkg/Capsule/SystemFirmwareUpdateConfig/SCPFirmwareUpdateConfig.ini +++ /dev/null @@ -1,20 +0,0 @@ -## @file -# -# Copyright (c) 2024, Ampere Computing LLC. All rights reserved.
-# -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Head] -NumOfUpdate = 1 -NumOfRecovery = 0 -Update0 = JadeSCP - -[JadeSCP] -FirmwareType = 2147483649 # 0x80000001: SMpro/PMpro Firmware -AddressType = 1 # 0 - relative address, 1 - absolute address. -BaseAddress = 0x00000000 # Base address offset on flash -Length = 0x00050000 # Length -ImageOffset = 0x00000000 # Image offset of this SystemFirmware image -FileGuid = 431c06ed-4fe2-438f-98a3-a9b1fd923019 # PcdEdkiiSystemFirmwareFileGuid diff --git a/Platform/Ampere/JadePkg/Capsule/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini b/Platform/Ampere/JadePkg/Capsule/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini index 253005d1b7..0972b5937c 100644 --- a/Platform/Ampere/JadePkg/Capsule/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini +++ b/Platform/Ampere/JadePkg/Capsule/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini @@ -15,6 +15,6 @@ Update0 = JadeUEFIATF FirmwareType = 2147483650 # SystemFirmware: 0x80000002 - OEM UEFI and ARM Trusted Firmware AddressType = 1 # 0 - relative address, 1 - absolute address. BaseAddress = 0x00000000 # Base address offset on flash -Length = 0x00D10000 # Length +Length = 0x00A10000 # Length ImageOffset = 0x00000000 # Image offset of this SystemFirmware image FileGuid = 431c06ed-4fe2-438f-98a3-a9b1fd923019 # PcdEdkiiSystemFirmwareFileGuid diff --git a/Platform/Ampere/JadePkg/Jade.dsc b/Platform/Ampere/JadePkg/Jade.dsc index 6bc8fd2d47..2c4fd5c3df 100644 --- a/Platform/Ampere/JadePkg/Jade.dsc +++ b/Platform/Ampere/JadePkg/Jade.dsc @@ -52,7 +52,10 @@ !else DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000000F !endif - DEFINE FIRMWARE_VER = 0.01.001 + DEFINE FIRMWARE_VER = 00.01.01-01 + DEFINE FIRMWARE_VER_HEX = 0x00010100 + DEFINE CAPSULE_ENABLE = TRUE + DEFINE INCLUDE_TFA_FW = TRUE DEFINE SECURE_BOOT_ENABLE = TRUE DEFINE TPM2_ENABLE = TRUE DEFINE SHELL_ENABLE = TRUE @@ -68,6 +71,11 @@ DEFINE NETWORK_TLS_ENABLE = TRUE DEFINE REDFISH_ENABLE = TRUE +!if $(CAPSULE_ENABLE) == TRUE + DEFINE UEFI_IMAGE = Build/Jade/jade_uefi.bin + DEFINE TFA_UEFI_IMAGE = BUild/Jade/jade_tfa_uefi.bin +!endif + !include MdePkg/MdeLibs.dsc.inc # Include default Ampere Platform DSC file @@ -124,6 +132,8 @@ # gAmpereTokenSpaceGuid.PcdPcieHotPlugPortMapTable.UseDefaultConfig|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdSupportUpdateCapsuleReset|TRUE + [PcdsFixedAtBuild] gAmpereTokenSpaceGuid.PcdPcieHotPlugGpioResetMap|0x3F @@ -186,6 +196,17 @@ gAmpereTokenSpaceGuid.PcdPcieHotPlugPortMapTable.PortMap[35]|{ 35, 1, 7, 6, 0, 0x24, 0x70, 0x4, 0, 11, 8 } # S1 RCB3.6 - SSD8 gAmpereTokenSpaceGuid.PcdPcieHotPlugPortMapTable.PortMap[36]|{ 0xFF, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF } # Require if no fully structure used + # We should support CoD in future, since it provides a nicer + # upgrade experience (e.g. a progress bar). + gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleOnDiskSupport|FALSE + +!if $(SECURE_BOOT_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0} + !include Platform/Ampere/JadePkg/root.cer.gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer.inc +!endif + + gAmpereTokenSpaceGuid.PcdFirmwareVersionNumber|$(FIRMWARE_VER_HEX) + [PcdsFixedAtBuild.common] # # Platform config UUID @@ -212,8 +233,8 @@ [PcdsDynamicExDefault.common.DEFAULT] gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor|{0x0}|VOID*|0x100 - gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x31, 0xca, 0x8b, 0xf0, 0x2e, 0x54, 0xea, 0x4c, 0x8b, 0x48, 0x8e, 0x54, 0xf9, 0x42, 0x25, 0x94} - gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{0xed, 0x06, 0x1c, 0x43, 0xe2, 0x4f, 0x8f, 0x43, 0x98, 0xa3, 0xa9, 0xb1, 0xfd, 0x92, 0x30, 0x19} + gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{GUID("f08bca31-542e-4cea-8b48-8e54f9422594")}|VOID*|0x10 + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{GUID("431c06ed-4fe2-438f-98a3-a9b1fd923019")}|VOID*|0x10 [PcdsPatchableInModule] # @@ -275,16 +296,28 @@ # # Firmware Capsule Update # +!if $(CAPSULE_ENABLE) == TRUE Platform/Ampere/JadePkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf - SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf - SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf - MdeModulePkg/Application/CapsuleApp/CapsuleApp.inf + MdeModulePkg/Universal/EsrtFmpDxe/EsrtFmpDxe.inf + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf { + + FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf + } + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf { + + FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf + } + MdeModulePkg/Application/CapsuleApp/CapsuleApp.inf { + + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + } # # System Firmware Update # Silicon/Ampere/AmpereAltraPkg/Drivers/SystemFirmwareUpdateDxe/SystemFirmwareUpdateDxe.inf +!endif # # In-band NVPARAM Access diff --git a/Platform/Ampere/JadePkg/Jade.fdf b/Platform/Ampere/JadePkg/Jade.fdf index 723baecc1a..b99437a7ca 100644 --- a/Platform/Ampere/JadePkg/Jade.fdf +++ b/Platform/Ampere/JadePkg/Jade.fdf @@ -153,6 +153,10 @@ APRIORI PEI { INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf } +!if $(CAPSULE_ENABLE) == TRUE + INF RuleOverride = FMP_IMAGE_DESC Platform/Ampere/JadePkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf +!endif + INF ArmPlatformPkg/Sec/Sec.inf INF MdeModulePkg/Core/Pei/PeiMain.inf INF UefiCpuPkg/CpuIoPei/CpuIoPei.inf @@ -165,6 +169,8 @@ APRIORI PEI { INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf INF MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf + INF MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.inf + INF MdeModulePkg/Universal/CapsulePei/CapsulePei.inf INF MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei.inf INF MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf INF Silicon/Ampere/AmpereAltraPkg/Drivers/PcieInitPei/PcieInitPei.inf @@ -182,8 +188,6 @@ APRIORI PEI { INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf - INF RuleOverride = FMP_IMAGE_DESC Platform/Ampere/JadePkg/Capsule/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf - FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE { SECTION FV_IMAGE = FVMAIN @@ -404,18 +408,11 @@ APRIORI DXE { # # Firmware Capsule Update # - INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf - INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf - - FILE FREEFORM = PCD(gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid) { - SECTION RAW = BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer - SECTION UI = "Pkcs7TestRoot" - } - - # - # System Firmware Update - # - INF Silicon/Ampere/AmpereAltraPkg/Drivers/SystemFirmwareUpdateDxe/SystemFirmwareUpdateDxe.inf +!if $(CAPSULE_ENABLE) == TRUE + INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf + INF MdeModulePkg/Universal/EsrtFmpDxe/EsrtFmpDxe.inf + INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf +!endif # # In-band NVPARAM Access diff --git a/Platform/Ampere/JadePkg/JadeCapsule.dsc b/Platform/Ampere/JadePkg/JadeCapsule.dsc index c79581c9e5..4e850010fb 100755 --- a/Platform/Ampere/JadePkg/JadeCapsule.dsc +++ b/Platform/Ampere/JadePkg/JadeCapsule.dsc @@ -26,5 +26,7 @@ # Defines for default states. These can be changed on the command line. # -D FLAG=VALUE # - DEFINE UEFI_ATF_IMAGE = Build/Jade/jade_tfa_uefi.bin - DEFINE SCP_IMAGE = Build/Jade/altra_scp.slim + DEFINE INCLUDE_TFA_FW = TRUE + DEFINE UEFI_IMAGE = Build/Jade/jade_uefi.bin + DEFINE TFA_UEFI_IMAGE = Build/Jade/jade_tfa_uefi.bin + diff --git a/Platform/Ampere/JadePkg/JadeCapsule.fdf b/Platform/Ampere/JadePkg/JadeCapsule.fdf index b9536b171b..6c26ef3ca4 100755 --- a/Platform/Ampere/JadePkg/JadeCapsule.fdf +++ b/Platform/Ampere/JadePkg/JadeCapsule.fdf @@ -20,27 +20,25 @@ # ################################################################################ -[FD.JADE_SCP_FIRMWARE_CAPSULE] +[FD.JADE_HOST_FIRMWARE_CAPSULE] BaseAddress = 0x00000000 # The base address of the Firmware in NOR Flash. -Size = 0x00050000 # The size in bytes of the FLASH Device +!if $(INCLUDE_TFA_FW) == TRUE + Size = 0x00C10000 +!else + Size = 0x00A10000 +!endif ErasePolarity = 1 0x00000000|0x00010000 FILE = $(WORKSPACE)/$(OUTPUT_DIRECTORY)/$(TARGET)_$(TOOL_CHAIN_TAG)/FV/SYSTEMFIRMWAREDESCRIPTOR.Fv -0x00010000|0x00040000 -FILE = $(SCP_IMAGE) - -[FD.JADE_UEFI_ATF_FIRMWARE_CAPSULE] -BaseAddress = 0x00000000 # The base address of the Firmware in NOR Flash. -Size = 0x00D10000 # The size in bytes of the FLASH Device -ErasePolarity = 1 - -0x00000000|0x00010000 -FILE = $(WORKSPACE)/$(OUTPUT_DIRECTORY)/$(TARGET)_$(TOOL_CHAIN_TAG)/FV/SYSTEMFIRMWAREDESCRIPTOR.Fv - -0x00010000|0x00D00000 -FILE = $(UEFI_ATF_IMAGE) +!if $(INCLUDE_TFA_FW) == TRUE + 0x00010000|0x00C00000 + FILE = $(TFA_UEFI_IMAGE) +!else + 0x00010000|0x00A00000 + FILE = $(UEFI_IMAGE) +!endif ################################################################################ # @@ -53,53 +51,6 @@ FILE = $(UEFI_ATF_IMAGE) # ################################################################################ -[FV.SystemScpFirmwareUpdateCargo] -FvAlignment = 16 -ERASE_POLARITY = 1 -MEMORY_MAPPED = TRUE -STICKY_WRITE = TRUE -LOCK_CAP = TRUE -LOCK_STATUS = TRUE -WRITE_DISABLED_CAP = TRUE -WRITE_ENABLED_CAP = TRUE -WRITE_STATUS = TRUE -WRITE_LOCK_CAP = TRUE -WRITE_LOCK_STATUS = TRUE -READ_DISABLED_CAP = TRUE -READ_ENABLED_CAP = TRUE -READ_STATUS = TRUE -READ_LOCK_CAP = TRUE -READ_LOCK_STATUS = TRUE - -FILE RAW = 431C06ED-4FE2-438F-98A3-A9B1FD923019 { # PcdEdkiiSystemFirmwareFileGuid - FD = JADE_SCP_FIRMWARE_CAPSULE - } - -FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # gEdkiiSystemFmpCapsuleDriverFvFileGuid - $(WORKSPACE)/$(OUTPUT_DIRECTORY)/$(TARGET)_$(TOOL_CHAIN_TAG)/FV/CAPSULEDISPATCHFV.Fv - } - -FILE RAW = 812136D3-4D3A-433A-9418-29BB9BF78F6E { # gEdkiiSystemFmpCapsuleConfigFileGuid - Platform/Ampere/JadePkg/Capsule/SystemFirmwareUpdateConfig/SCPFirmwareUpdateConfig.ini - } - -[FmpPayload.FmpPayloadScpSystemFirmwarePkcs7] -IMAGE_HEADER_INIT_VERSION = 0x02 -IMAGE_TYPE_ID = f08bca31-542e-4cea-8b48-8e54f9422594 # PcdSystemFmpCapsuleImageTypeIdGuid -IMAGE_INDEX = 0x1 -HARDWARE_INSTANCE = 0x0 -MONOTONIC_COUNT = 0x1 -CERTIFICATE_GUID = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 # PKCS7 - -FV = SystemScpFirmwareUpdateCargo - -[Capsule.JadeScpFirmwareUpdateCapsuleFmpPkcs7] -CAPSULE_GUID = 6dcbd5ed-e82d-4c44-bda1-7194199ad92a # gEfiFmpCapsuleGuid -CAPSULE_HEADER_SIZE = 0x20 -CAPSULE_HEADER_INIT_VERSION = 0x1 - -FMP_PAYLOAD = FmpPayloadScpSystemFirmwarePkcs7 - [FV.SystemFirmwareUpdateCargo] FvAlignment = 16 ERASE_POLARITY = 1 @@ -119,7 +70,7 @@ READ_LOCK_CAP = TRUE READ_LOCK_STATUS = TRUE FILE RAW = 431C06ED-4FE2-438F-98A3-A9B1FD923019 { # PcdEdkiiSystemFirmwareFileGuid - FD = JADE_UEFI_ATF_FIRMWARE_CAPSULE + FD = JADE_HOST_FIRMWARE_CAPSULE } FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # gEdkiiSystemFmpCapsuleDriverFvFileGuid @@ -130,8 +81,8 @@ FILE RAW = 812136D3-4D3A-433A-9418-29BB9BF78F6E { # gEdkiiSystemFmpCapsuleConfig Platform/Ampere/JadePkg/Capsule/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini } -[FmpPayload.FmpPayloadSystemFirmwarePkcs7] -IMAGE_HEADER_INIT_VERSION = 0x02 +[FmpPayload.FmpPayloadHostFirmwarePkcs7] +IMAGE_HEADER_INIT_VERSION = 0x03 IMAGE_TYPE_ID = f08bca31-542e-4cea-8b48-8e54f9422594 # PcdSystemFmpCapsuleImageTypeIdGuid IMAGE_INDEX = 0x1 HARDWARE_INSTANCE = 0x0 @@ -140,9 +91,9 @@ CERTIFICATE_GUID = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 # PKCS7 FV = SystemFirmwareUpdateCargo -[Capsule.JadeUefiAtfFirmwareUpdateCapsuleFmpPkcs7] +[Capsule.JadeHostFirmware] CAPSULE_GUID = 6dcbd5ed-e82d-4c44-bda1-7194199ad92a # gEfiFmpCapsuleGuid CAPSULE_HEADER_SIZE = 0x20 CAPSULE_HEADER_INIT_VERSION = 0x1 -FMP_PAYLOAD = FmpPayloadSystemFirmwarePkcs7 +FMP_PAYLOAD = FmpPayloadHostFirmwarePkcs7 diff --git a/Platform/Ampere/Tools/fw_ver.sh b/Platform/Ampere/Tools/fw_ver.sh index caf5dcbea5..1b09a56565 100644 --- a/Platform/Ampere/Tools/fw_ver.sh +++ b/Platform/Ampere/Tools/fw_ver.sh @@ -11,4 +11,10 @@ fi MAJOR_VER="$(date +%y)" MINOR_VER="$(date +%m)" -VER="$(date +%Y.%m.%d)" +MICRO_VER="$(date +%d)" +VER="${MAJOR_VER}.${MINOR_VER}.${MICRO_VER}-$(printf '%02d' ${BUILD})" +YHEX=$(printf '%03x' $(date +%y)) +MHEX=$(printf '%01x' $(date +%m)) +DHEX=$(printf '%02x' $(date +%e)) +BHEX=$(printf '%02x' ${BUILD}) +VER_HEX=0x${YHEX}${MHEX}${DHEX}${BHEX} diff --git a/Platform/Ampere/Tools/tools_def.txt.patch b/Platform/Ampere/Tools/tools_def.txt.patch new file mode 100644 index 0000000000..d4e77030b4 --- /dev/null +++ b/Platform/Ampere/Tools/tools_def.txt.patch @@ -0,0 +1,10 @@ +--- BaseTools/Conf/tools_def.template 2024-11-26 08:55:42.209038055 -0700 ++++ Conf/tools_def.txt 2024-11-26 08:56:30.666355277 -0700 +@@ -2414,6 +2414,7 @@ + ################## + *_*_*_PKCS7SIGN_PATH = Pkcs7Sign + *_*_*_PKCS7SIGN_GUID = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 ++*_*_*_PKCS7SIGN_FLAGS = --signer-private-cert ENV(SECUREBOOT_DIR)/certs/user.pem --other-public-cert ENV(SECUREBOOT_DIR)/certs/intermediate.pub.pem --trusted-public-cert ENV(SECUREBOOT_DIR)/certs/root.pub.pem + + ################## + # NASM tool definitions diff --git a/Platform/Ampere/buildfw.sh b/Platform/Ampere/buildfw.sh index 21eb864119..02495bba00 100755 --- a/Platform/Ampere/buildfw.sh +++ b/Platform/Ampere/buildfw.sh @@ -258,8 +258,20 @@ if [ -z "${LINUXBOOT}" ] && [ -f "${TFA_SLIM}" ] && [ -f "${SCP_SLIM}" ]; then -D SECURE_BOOT_ENABLE \ -p Platform/${MANUFACTURER}/${BOARD_NAME}Pkg/${BOARD_NAME}Capsule.dsc - cp -vf "Build/${BOARD_NAME}/${BLDTYPE}_${TOOLCHAIN}/FV/${BOARD_NAME^^}UEFIATFFIRMWAREUPDATECAPSULEFMPPKCS7.Cap" "${OUTPUT_BASENAME}.cap" - cp -vf "Build/${BOARD_NAME}/${BLDTYPE}_${TOOLCHAIN}/FV/${BOARD_NAME^^}SCPFIRMWAREUPDATECAPSULEFMPPKCS7.Cap" "${OUTPUT_BIN_DIR}/${BOARD_NAME,,}_scp_${SCP_VERSION}.cap" + cp -vf "Build/${BOARD_NAME}/${BLDTYPE}_${TOOLCHAIN}/FV/${BOARD_NAME^^}HOSTFIRMWARE.Cap" "Build/${BOARD_NAME}/${BOARD_NAME,,}_host_${BLDTYPE,,}_${VER}.cap" + cp -vf "Build/${BOARD_NAME}/${BLDTYPE}_${TOOLCHAIN}/AARCH64/CapsuleApp.efi" "Build/${BOARD_NAME}/" + mkdir Build/${BOARD_NAME}/Cab || true + rm -f Build/${BOARD_NAME}/Cab/* + METAINFO_FILE="Build/${BOARD_NAME}/Cab/firmware.metainfo.xml" + cp -vf "${WORKSPACE}/edk2-platforms/Platform/${MANUFACTURER}/${BOARD_NAME}Pkg/firmware.metainfo.xml" "${METAINFO_FILE}" + cp -vf "Build/${BOARD_NAME}/${BOARD_NAME,,}_host_${BLDTYPE,,}_${VER}.cap" "Build/${BOARD_NAME}/Cab/firmware.bin" + sed -i "s/{URGENCY}/high/g" "${METAINFO_FILE}" + sed -i "s/{FW_VERSION}/$(printf '%d' ${VER_HEX})/g" "${METAINFO_FILE}" + sed -i "s/{FW_DATE}/$(date +%Y-%m-%d)/g" "${METAINFO_FILE}" + sed -i "s/{RELEASE_NOTES}//g" "${METAINFO_FILE}" + pushd "Build/${BOARD_NAME}/Cab" + lcab -q ./* "../${BOARD_NAME,,}_host_${BLDTYPE,,}_${VER}.cab" + popd fi if [ "${BOARD_NAME}" = "ComHpcAlt" ] && [ ! -e "${WORKSPACE}/${UPD720202_ROM_FILE}" ]; then diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraLinuxBootPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraLinuxBootPkg.dsc.inc index 1585ff798b..4f4860ab70 100755 --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraLinuxBootPkg.dsc.inc +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraLinuxBootPkg.dsc.inc @@ -252,7 +252,7 @@ [PcdsFixedAtBuild.common] !ifdef $(FIRMWARE_VER) - gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString|L"$(FIRMWARE_VER)" + gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString|L"$(FIRMWARE_VER_FULL)" !endif gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|1000000 @@ -439,7 +439,7 @@ # # SMBIOS PCDs # - gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString|L"$(FIRMWARE_VER)" + gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString|L"$(FIRMWARE_VER_FULL)" gAmpereTokenSpaceGuid.PcdSmbiosTables0MajorVersion|$(MAJOR_VER) gAmpereTokenSpaceGuid.PcdSmbiosTables0MinorVersion|$(MINOR_VER) gArmTokenSpaceGuid.PcdProcessorManufacturer|L"Ampere(R)" diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc index ccebcf926d..df2e7eb2aa 100644 --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc @@ -528,7 +528,7 @@ # # SMBIOS PCDs # - gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString|L"$(FIRMWARE_VER)" + gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString|L"$(FIRMWARE_VER_FULL)" gAmpereTokenSpaceGuid.PcdSmbiosTables0MajorVersion|$(MAJOR_VER) gAmpereTokenSpaceGuid.PcdSmbiosTables0MinorVersion|$(MINOR_VER) gArmTokenSpaceGuid.PcdProcessorManufacturer|L"Ampere(R)" From 1495cad51fb1dd3592e1d44bb7296af5fd1bdf8f Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:49:49 -0700 Subject: [PATCH 12/29] Platform/Ampere: Rework buildfw.sh to support capsules and secure boot Signed-off-by: Rebecca Cran --- Platform/Ampere/buildfw.sh | 118 +++++++++++++++++++++++++++++++------ 1 file changed, 100 insertions(+), 18 deletions(-) diff --git a/Platform/Ampere/buildfw.sh b/Platform/Ampere/buildfw.sh index 02495bba00..7ae075155a 100755 --- a/Platform/Ampere/buildfw.sh +++ b/Platform/Ampere/buildfw.sh @@ -1,5 +1,15 @@ #!/usr/bin/env bash +## +# @file +# Build script for platforms with an Altra(R) CPU from Ampere(R). +# +# Copyright (c) 2024, Ampere Computing LLC. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + set -o errexit tfa_usage () { @@ -41,7 +51,15 @@ usage () { echo " Available platforms:" echo " ADLINK -> ComHpcAlt" echo " Ampere -> Jade" - echo " ASRockRack -> Altrad8ud2" + echo " ASRockRack -> Altra1L2Q" + echo " ASRockRack -> Altra1L2T" + echo "" + echo "Environment Variables:" + echo " SECUREBOOT_DIR - directory to store SecureBoot keys, certs etc." + echo " USE_EXISTING_SB_KEYS - use existing Secure Boot Platform and Update keys" + echo " DOWNLOAD_MS_SB_KEYS - force re-download of Microsoft Secure Boot KEK and DB certificates" + echo " CERT_PASSWORD - password to use when generating Platform and Update Keys and certificates" + echo " defaults to \"password\" if not specified." exit 1 } @@ -75,6 +93,11 @@ BUILD_THREADS=$(getconf _NPROCESSORS_ONLN) export PYTHON_COMMAND=python3 export WORKSPACE=$PWD +if [ -z "${SECUREBOOT_DIR}" ]; then + SECUREBOOT_DIR="${WORKSPACE}/secureboot_objects/" + export SECUREBOOT_DIR +fi + if [ "$(uname -o)" = "FreeBSD" ]; then MAKE_COMMAND=gmake GETOPT_COMMAND=/usr/local/bin/getopt @@ -173,6 +196,15 @@ ${MAKE_COMMAND} -C edk2/BaseTools -j ${BUILD_THREADS} . "${WORKSPACE}/edk2-platforms/Platform/Ampere/Tools/fw_ver.sh" UPDATE . edk2/edksetup.sh +if [ -e "${WORKSPACE}/build.conf" ]; then + . "${WORKSPACE}/build.conf" +fi + +pushd edk2 +cp -vf BaseTools/Conf/tools_def.template Conf/tools_def.txt +patch -p0 < "${WORKSPACE}/edk2-platforms/Platform/Ampere/Tools/tools_def.txt.patch" +popd + EDK2_SECURE_BOOT_ENABLE=${EDK2_SECURE_BOOT_ENABLE:-TRUE} EDK2_NETWORK_ENABLE=${EDK2_NETWORK_ENABLE:-TRUE} EDK2_INCLUDE_TFTP_COMMAND=${EDK2_INCLUDE_TFTP_COMMAND:-TRUE} @@ -180,13 +212,38 @@ EDK2_NETWORK_IP6_ENABLE=${EDK2_NETWORK_IP6_ENABLE:-TRUE} EDK2_NETWORK_ALLOW_HTTP_CONNECTIONS=${EDK2_NETWORK_ALLOW_HTTP_CONNECTIONS:-TRUE} EDK2_NETWORK_TLS_ENABLE=${EDK2_NETWORK_TLS_ENABLE:-TRUE} EDK2_REDFISH_ENABLE=${EDK2_REDFISH_ENABLE:-TRUE} -EDK2_PERFORMANCE_MEASUREMENT_ENABLE=${EDK2_PERFORMANCE_MEASUREMENT_ENABLE:-TRUE} +EDK2_PERFORMANCE_MEASUREMENT_ENABLE=${EDK2_PERFORMANCE_MEASUREMENT_ENABLE:-FALSE} EDK2_TPM2_ENABLE=${EDK2_TPM2_ENABLE:-TRUE} +EDK2_HEAP_GUARD_ENABLE=${EDK2_HEAP_GUARD_ENABLE:-FALSE} +EDK2_X86_EMULATOR_ENABLE=${EDK2_X86_EMULATOR_ENABLE:-TRUE} +EDK2_SHELL_ENABLE=${EDK2_SHELL_ENABLE:-TRUE} if [ "${BLDTYPE}" = "RELEASE" ]; then - EDK2_HEAP_GUARD_ENABLE=FALSE + EDK2_SHELL_ENABLE=${EDK2_SHELL_ENABLE:-FALSE} else - EDK2_HEAP_GUARD_ENABLE=TRUE + EDK2_SHELL_ENABLE=${EDK2_SHELL_ENABLE:-TRUE} +fi + +if [ "${EDK2_HEAP_GUARD_ENABLE}" = "TRUE" ] && [ "${EDK2_X86_EMULATOR_ENABLE}" = "TRUE" ]; then + echo "Error: HeapGuard and X86 emulator are incompatible. Only one may be enabled at a time." + exit 1 +fi + +if [ "${EDK2_SECURE_BOOT_ENABLE}" = "TRUE" ]; then + export MANUFACTURER + export BOARD_NAME + "${WORKSPACE}/edk2-platforms/Platform/Ampere/Tools/GenerateSecureBootKeys.sh" + + EXTRA_BUILD_FLAGS+=" -D DEFAULT_KEYS=TRUE" + EXTRA_BUILD_FLAGS+=" -D PK_DEFAULT_FILE=${SECUREBOOT_DIR}/certs/platform_key.der" + EXTRA_BUILD_FLAGS+=" -D KEK_DEFAULT_FILE1=${SECUREBOOT_DIR}/certs/ms_kek1.der" + EXTRA_BUILD_FLAGS+=" -D KEK_DEFAULT_FILE2=${SECUREBOOT_DIR}/certs/ms_kek2.der" + EXTRA_BUILD_FLAGS+=" -D DB_DEFAULT_FILE1=${SECUREBOOT_DIR}/certs/ms_db1.der" + EXTRA_BUILD_FLAGS+=" -D DB_DEFAULT_FILE2=${SECUREBOOT_DIR}/certs/ms_db2.der" + EXTRA_BUILD_FLAGS+=" -D DB_DEFAULT_FILE3=${SECUREBOOT_DIR}/certs/ms_db3.der" + EXTRA_BUILD_FLAGS+=" -D DB_DEFAULT_FILE4=${SECUREBOOT_DIR}/certs/ms_db4.der" + EXTRA_BUILD_FLAGS+=" -D DB_DEFAULT_FILE5=${SECUREBOOT_DIR}/certs/ms_db5.der" + EXTRA_BUILD_FLAGS+=" -D DBX_DEFAULT_FILE1=${SECUREBOOT_DIR}/certs/dummy_dbx.der" fi UPD720202_ROM_FILE="K2026090.mem" @@ -198,9 +255,25 @@ if [ -e "${WORKSPACE}/IntelUndiBin/Release/AARCH64/GigUndiDxe.efi" ]; then EXTRA_BUILD_FLAGS+=" -D INTEL_UNDI_BIN=TRUE" fi +echo "EXTRA_BUILD_FLAGS=${EXTRA_BUILD_FLAGS}" + +# YearMonthDayBuild (0xYYMMDDBB) +echo "#define CURRENT_FIRMWARE_VERSION ${VER_HEX}" > "${WORKSPACE}/edk2-platforms/Platform/${MANUFACTURER}/${BOARD_NAME}Pkg/Capsule/SystemFirmwareDescriptor/HostFwInfo.h" +echo "#define CURRENT_FIRMWARE_VERSION_STRING L\"${FW_STR}\"" >> "${WORKSPACE}/edk2-platforms/Platform/${MANUFACTURER}/${BOARD_NAME}Pkg/Capsule/SystemFirmwareDescriptor/HostFwInfo.h" +echo "#define LOWEST_SUPPORTED_FIRMWARE_VERSION 0x00000000" >> "${WORKSPACE}/edk2-platforms/Platform/${MANUFACTURER}/${BOARD_NAME}Pkg/Capsule/SystemFirmwareDescriptor/HostFwInfo.h" + +if [ -f "${SCP_SLIM}" ]; then + cp -vf "${SCP_SLIM}" "Build/${BOARD_NAME}/altra_scp.slim" +fi +if [ -f "${TFA_SLIM}" ]; then + cp -vf "${TFA_SLIM}" "Build/${BOARD_NAME}/altra_atf.slim" +fi + build -a AARCH64 -t ${TOOLCHAIN} -b ${BLDTYPE} -n ${BUILD_THREADS} \ - -D FIRMWARE_VER="${VER}-${BUILD} TF-A ${TFA_VERSION}" \ - -D MAJOR_VER=${MAJOR_VER} -D MINOR_VER=${MINOR_VER} \ + -D FIRMWARE_VER_FULL="${VER} TF-A ${TFA_VERSION}" \ + -D FIRMWARE_VER="${VER}" \ + -D FIRMWARE_VER_HEX="${VER_HEX}" \ + -D MAJOR_VER=${MAJOR_VER} -D MINOR_VER=${MINOR_VER} \ -D SECURE_BOOT_ENABLE=${EDK2_SECURE_BOOT_ENABLE} \ -D NETWORK_ENABLE=${EDK2_NETWORK_ENABLE} \ -D INCLUDE_TFTP_COMMAND=${EDK2_INCLUDE_TFTP_COMMAND} \ @@ -211,17 +284,20 @@ build -a AARCH64 -t ${TOOLCHAIN} -b ${BLDTYPE} -n ${BUILD_THREADS} \ -D PERFORMANCE_MEASUREMENT_ENABLE=${EDK2_PERFORMANCE_MEASUREMENT_ENABLE} \ -D TPM2_ENABLE=${EDK2_TPM2_ENABLE} \ -D HEAP_GUARD_ENABLE=${EDK2_HEAP_GUARD_ENABLE} \ - -Y COMPILE_INFO -y BuildReport.log \ + -D X86_EMULATOR_ENABLE=${EDK2_X86_EMULATOR_ENABLE} \ + -D SHELL_ENABLE=${EDK2_SHELL_ENABLE} \ + -Y COMPILE_INFO -y BuildReport.log \ -p Platform/${MANUFACTURER}/${BOARD_NAME}Pkg/${BOARD_NAME}${LINUXBOOT}.dsc \ ${EXTRA_BUILD_FLAGS} -OUTPUT_BASENAME=${OUTPUT_BIN_DIR}/${BOARD_NAME,,}_tfa_uefi_${BLDTYPE,,}_${VER}-${BUILD} +OUTPUT_BASENAME=${OUTPUT_BIN_DIR}/${BOARD_NAME,,}_tfa_uefi_${BLDTYPE,,}_${VER} -OUTPUT_UEFI_IMAGE=Build/${BOARD_NAME}/${BOARD_NAME,,}_uefi_${BLDTYPE,,}_${VER}-${BUILD}.bin -OUTPUT_TFA_UEFI_IMAGE=Build/${BOARD_NAME}/${BOARD_NAME,,}_tfa_uefi_${BLDTYPE,,}_${VER}-${BUILD}.bin -OUTPUT_SPINOR_IMAGE=Build/${BOARD_NAME}/${BOARD_NAME,,}_rom_${BLDTYPE,,}_${VER}-${BUILD}.bin +OUTPUT_UEFI_IMAGE=Build/${BOARD_NAME}/${BOARD_NAME,,}_uefi_${BLDTYPE,,}_${VER}.bin +OUTPUT_TFA_UEFI_IMAGE=Build/${BOARD_NAME}/${BOARD_NAME,,}_tfa_uefi_${BLDTYPE,,}_${VER}.bin +OUTPUT_SPINOR_IMAGE=Build/${BOARD_NAME}/${BOARD_NAME,,}_rom_${BLDTYPE,,}_${VER}.bin cp -v "Build/${BOARD_NAME}/${BLDTYPE}_${TOOLCHAIN}/FV/BL33_${BOARD_NAME^^}_UEFI.fd" "${OUTPUT_UEFI_IMAGE}" +cp -vf "${OUTPUT_UEFI_IMAGE}" "Build/${BOARD_NAME}/${BOARD_NAME,,}_uefi.bin" if [ -f "${TFA_SLIM}" ]; then # Create a 2MB file with 0xff @@ -245,18 +321,24 @@ if [ -f "${TFA_SLIM}" ]; then cp -vf "${OUTPUT_TFA_UEFI_IMAGE}" "Build/${BOARD_NAME}/${BOARD_NAME,,}_tfa_uefi.bin" fi +if [ -f "${TFA_SLIM}" ]; then + INCLUDE_TFA_FW=TRUE +else + INCLUDE_TFA_FW=FALSE +fi + # LinuxBoot doesn't support capsule updates if [ -z "${LINUXBOOT}" ] && [ -f "${TFA_SLIM}" ] && [ -f "${SCP_SLIM}" ]; then - cp -vf "${SCP_SLIM}" "Build/${BOARD_NAME}/altra_scp.slim" - cp -vf "${TFA_SLIM}" "Build/${BOARD_NAME}/altra_atf.slim" # Build the capsule (for upgrading from the UEFI Shell or Linux) build -a AARCH64 -t ${TOOLCHAIN} -b ${BLDTYPE} -n ${BUILD_THREADS} \ - -D FIRMWARE_VER="${VER}-${BUILD} TF-A ${TFA_VERSION}" \ - -D MAJOR_VER=${MAJOR_VER} \ - -D MINOR_VER=${MINOR_VER} \ - -D SECURE_BOOT_ENABLE \ - -p Platform/${MANUFACTURER}/${BOARD_NAME}Pkg/${BOARD_NAME}Capsule.dsc + -D FIRMWARE_VER_FULL="${VER} TF-A ${TFA_VERSION}" \ + -D FIRMWARE_VER="${VER}" \ + -D FIRMWARE_VER_HEX="${VER_HEX}" \ + -D MAJOR_VER=${MAJOR_VER} \ + -D MINOR_VER=${MINOR_VER} \ + -D INCLUDE_TFA_FW=${INCLUDE_TFA_FW} \ + -p Platform/${MANUFACTURER}/${BOARD_NAME}Pkg/${BOARD_NAME}Capsule.dsc cp -vf "Build/${BOARD_NAME}/${BLDTYPE}_${TOOLCHAIN}/FV/${BOARD_NAME^^}HOSTFIRMWARE.Cap" "Build/${BOARD_NAME}/${BOARD_NAME,,}_host_${BLDTYPE,,}_${VER}.cap" cp -vf "Build/${BOARD_NAME}/${BLDTYPE}_${TOOLCHAIN}/AARCH64/CapsuleApp.efi" "Build/${BOARD_NAME}/" From f544deb125068067fe96918d64445554d9273215 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:47:11 -0700 Subject: [PATCH 13/29] Platform/Ampere: Use full space allocated for NVRAM Use the full space allocated in the flash layout map for NVRAM. Move the storage of the UUID to the end of that region. Signed-off-by: Rebecca Cran --- Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf | 37 +++++++++---------- Platform/Ampere/JadePkg/Jade.fdf | 32 ++++++++-------- .../Drivers/FlashPei/FlashPei.c | 30 ++++++++------- 3 files changed, 50 insertions(+), 49 deletions(-) diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf index 8ced18be07..ee5a54f52a 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf @@ -20,8 +20,11 @@ # ################################################################################ -# Note: We actually have 26MB (0x01A0'0000 bytes) for UEFI. -# A smaller size of 8MB is used to reduce time for flashing etc. +# Note: We have 10MB (0x00A0'0000 bytes) for UEFI. +# +# If this 10MB is ever changed, ComHpcAltCapsule.fdf and +# Capsule/HostFirmwareDescriptor/HostFirmwareDescriptor.aslc need +# updated too. [FD.BL33_COMHPCALT_UEFI] BaseAddress = 0x92000000|gArmTokenSpaceGuid.PcdFdBaseAddress # The base address of the Firmware in NOR Flash. @@ -51,18 +54,18 @@ NumBlocks = 0xA0 # # FV MAIN # Offset: 0x00000000 -# Size: 0x00970000 +# Size: 0x00900000 # -0x00000000|0x00970000 +0x00000000|0x00900000 gArmTokenSpaceGuid.PcdFvBaseAddress|gArmTokenSpaceGuid.PcdFvSize FV = FVMAIN_COMPACT # # NV Variables -# Offset: 0x00970000 -# Size: 0x00030000 +# Offset: 0x00900000 +# Size: 0x00100000 # -0x00970000|0x00030000 +0x00900000|0x00070000 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize DATA = { ## This is the EFI_FIRMWARE_VOLUME_HEADER @@ -80,8 +83,8 @@ DATA = { 0x5f, 0x46, 0x56, 0x48, 0xff, 0xfe, 0x04, 0x00, # HeaderLength # CheckSum # ExtHeaderOffset #Reserved #Revision 0x48, 0x00, 0x2D, 0x09, 0x00, 0x00, 0x00, 0x02, - # Blockmap[0]: 0x3 Blocks * 0x10000 Bytes / Block - 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, + # Blockmap[0]: 0x7 Blocks * 0x10000 Bytes / Block + 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, # Blockmap[1]: End 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ## This is the VARIABLE_STORE_HEADER @@ -91,15 +94,15 @@ DATA = { # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }} 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, - # Size: 0x30000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - - # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x2FFB8 + # Size: 0xB0000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - + # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xAFFB8 # This can speed up the Variable Dispatch a bit. - 0xB8, 0xFF, 0x02, 0x00, + 0xB8, 0xFF, 0x06, 0x00, # FORMATTED: 0x5A #HEALTHY: 0xFE #Reserved: UINT16 #Reserved1: UINT32 0x5A, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } -0x009A0000|0x00010000 +0x00970000|0x00020000 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize DATA = { # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEdkiiWorkingBlockSignatureGuid = @@ -109,16 +112,12 @@ DATA = { # Crc:UINT32 #WorkingBlockValid:1, WorkingBlockInvalid:1, Reserved 0x2c, 0xaf, 0x2c, 0x64, 0xFE, 0xFF, 0xFF, 0xFF, # WriteQueueSize: UINT64 Size: 0x10000 - 0x20 (FTW_WORKING_HEADER) = 0xFFE0 - 0xE0, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + 0xE0, 0xFF, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00 } -0x009B0000|0x00040000 +0x00990000|0x00070000 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize -# Leave 0x10000 (64KB) at the end for VPD data -# 0x009F0000|0x00010000 -# Absolute SPI-NOR flash address: 0xFF0000 - ################################################################################ # # FV Section diff --git a/Platform/Ampere/JadePkg/Jade.fdf b/Platform/Ampere/JadePkg/Jade.fdf index b99437a7ca..6865ad7f3a 100644 --- a/Platform/Ampere/JadePkg/Jade.fdf +++ b/Platform/Ampere/JadePkg/Jade.fdf @@ -22,12 +22,12 @@ [FD.BL33_JADE_UEFI] BaseAddress = 0x92000000|gArmTokenSpaceGuid.PcdFdBaseAddress # The base address of the Firmware in NOR Flash. -Size = 0x007C0000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the FLASH Device +Size = 0x00A00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the FLASH Device ErasePolarity = 1 # This one is tricky, it must be: BlockSize * NumBlocks = Size BlockSize = 0x10000|gAmpereTokenSpaceGuid.PcdFvBlockSize -NumBlocks = 0x7C +NumBlocks = 0xA0 ################################################################################ # @@ -48,18 +48,18 @@ NumBlocks = 0x7C # # FV MAIN # Offset: 0x00000000 -# Size: 0x00740000 +# Size: 0x00900000 # -0x00000000|0x00740000 +0x00000000|0x00900000 gArmTokenSpaceGuid.PcdFvBaseAddress|gArmTokenSpaceGuid.PcdFvSize FV = FVMAIN_COMPACT # # NV Variables -# Offset: 0x00740000 -# Size: 0x00080000 +# Offset: 0x00900000 +# Size: 0x00100000 # -0x00740000|0x00030000 +0x00900000|0x00070000 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize DATA = { ## This is the EFI_FIRMWARE_VOLUME_HEADER @@ -76,9 +76,9 @@ DATA = { # Signature "_FVH" # Attributes 0x5f, 0x46, 0x56, 0x48, 0xff, 0xfe, 0x04, 0x00, # HeaderLength # CheckSum # ExtHeaderOffset #Reserved #Revision - 0x48, 0x00, 0x2A, 0x09, 0x00, 0x00, 0x00, 0x02, - # Blockmap[0]: 0x8 Blocks * 0x10000 Bytes / Block - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, + 0x48, 0x00, 0x2D, 0x09, 0x00, 0x00, 0x00, 0x02, + # Blockmap[0]: 0x7 Blocks * 0x10000 Bytes / Block + 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, # Blockmap[1]: End 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ## This is the VARIABLE_STORE_HEADER @@ -88,15 +88,15 @@ DATA = { # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }} 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, - # Size: 0x30000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - - # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x2FFB8 + # Size: 0xB0000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - + # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xAFFB8 # This can speed up the Variable Dispatch a bit. - 0xB8, 0xFF, 0x02, 0x00, + 0xB8, 0xFF, 0x06, 0x00, # FORMATTED: 0x5A #HEALTHY: 0xFE #Reserved: UINT16 #Reserved1: UINT32 0x5A, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } -0x00770000|0x00010000 +0x00970000|0x00020000 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize DATA = { # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEdkiiWorkingBlockSignatureGuid = @@ -106,10 +106,10 @@ DATA = { # Crc:UINT32 #WorkingBlockValid:1, WorkingBlockInvalid:1, Reserved 0x2c, 0xaf, 0x2c, 0x64, 0xFE, 0xFF, 0xFF, 0xFF, # WriteQueueSize: UINT64 Size: 0x10000 - 0x20 (FTW_WORKING_HEADER) = 0xFFE0 - 0xE0, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + 0xE0, 0xFF, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00 } -0x00780000|0x00040000 +0x00990000|0x00070000 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize ################################################################################ diff --git a/Silicon/Ampere/AmpereAltraPkg/Drivers/FlashPei/FlashPei.c b/Silicon/Ampere/AmpereAltraPkg/Drivers/FlashPei/FlashPei.c index f96958bfc2..4cfb3ba605 100644 --- a/Silicon/Ampere/AmpereAltraPkg/Drivers/FlashPei/FlashPei.c +++ b/Silicon/Ampere/AmpereAltraPkg/Drivers/FlashPei/FlashPei.c @@ -111,6 +111,7 @@ FlashPeiEntryPoint ( UINT32 FWNvRamSize; UINTN NvRamAddress; UINT32 NvRamSize; + UINT32 UuidOffset; BOOLEAN ClearUserConfig; CopyMem ((VOID *)BuildUuid, PcdGetPtr (PcdPlatformConfigUuid), sizeof (BuildUuid)); @@ -134,35 +135,32 @@ FlashPeiEntryPoint ( return Status; } - if (FWNvRamSize < (NvRamSize * 2 + sizeof (BuildUuid))) { - // - // NVRAM size provided by FW is not enough - // - return EFI_INVALID_PARAMETER; - } - // - // We stored BUILD UUID build at the offset NVRAM_SIZE * 2 + // We stored BUILD UUID build just after the NVRAM // + UuidOffset = FWNvRamStartOffset + NvRamSize; + DEBUG ((DEBUG_INFO, "UUID Offset: %08x\n", UuidOffset)); Status = FlashReadCommand ( - FWNvRamStartOffset + NvRamSize * 2, + UuidOffset, (UINT8 *)StoredUuid, sizeof (StoredUuid) ); if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Failed to read UUID from flash: %r\n", __func__, Status)); return Status; } ClearUserConfig = IsIpmiClearCmosSet (); if (CompareMem ((VOID *)StoredUuid, (VOID *)BuildUuid, sizeof (BuildUuid)) != 0) { - DEBUG ((DEBUG_INFO, "BUILD UUID Changed, Update Storage with NVRAM FV\n")); + DEBUG ((DEBUG_INFO, "BUILD UUID changed: resetting NVRAM region.\n")); ClearUserConfig = TRUE; } if (ClearUserConfig) { - Status = FlashEraseCommand (FWNvRamStartOffset, NvRamSize * 2 + sizeof (BuildUuid)); + Status = FlashEraseCommand (FWNvRamStartOffset, NvRamSize); if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Failed to erase NVRAM area: %r\n", __func__, Status)); return Status; } @@ -172,23 +170,26 @@ FlashPeiEntryPoint ( NvRamSize ); if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Failed to write NVRAM area: %r\n", __func__, Status)); return Status; } // // Write new BUILD UUID to the Flash // - Status = FlashEraseCommand (FWNvRamStartOffset + (NvRamSize * 2), sizeof (BuildUuid)); + Status = FlashEraseCommand (UuidOffset, sizeof (BuildUuid)); if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Failed to erase UUID area: %r\n", __func__, Status)); return Status; } Status = FlashWriteCommand ( - FWNvRamStartOffset + NvRamSize * 2, + UuidOffset, (UINT8 *)BuildUuid, sizeof (BuildUuid) ); if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Failed to write UUID: %r\n", __func__, Status)); return Status; } @@ -200,7 +201,7 @@ FlashPeiEntryPoint ( ResetCold (); } } else { - DEBUG ((DEBUG_INFO, "Identical UUID, copy stored NVRAM to RAM\n")); + DEBUG ((DEBUG_INFO, "Identical UUID: copying stored NVRAM to RAM\n")); Status = FlashReadCommand ( FWNvRamStartOffset, @@ -208,6 +209,7 @@ FlashPeiEntryPoint ( NvRamSize ); if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Failed to read NVRAM from flash: %r\n", __func__, Status)); return Status; } } From 8b547802988c9af3756604336f4499361ae9e1ba Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:47:27 -0700 Subject: [PATCH 14/29] Platform/ADLINK: Minor cleanups of ComHpcAltBoardSetting.cfg - Improve comments in the file header. - Change NV_SI_RO_BOARD_S0_DIMM_AVAIL to 0xffff since the code which reads DIMM information shouldn't get a different array based on the platform. - Remove the notes of where changes from the default were made. - Add missing fields at the bottom. Signed-off-by: Rebecca Cran --- .../ComHpcAltPkg/ComHpcAltBoardSetting.cfg | 53 +++++++------------ 1 file changed, 18 insertions(+), 35 deletions(-) diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAltBoardSetting.cfg b/Platform/ADLINK/ComHpcAltPkg/ComHpcAltBoardSetting.cfg index 676beaf7eb..bb061cccc6 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAltBoardSetting.cfg +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAltBoardSetting.cfg @@ -1,27 +1,30 @@ +## +# @file # COM-HPC-ALT board setting # -# Settings between #(, #) are provided by EE team, -# DO NOT change without consault EE while upgrade to -# Ampere Altra reference design. +# BOARD_VENDOR 0x5F13 (24339) refers to "ADLINK TECHNOLOGY INC." in +# https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers # -# BOARD_VENDOR 0x5F13()=24339) is refer to "ADLINK TECHNOLOGY INC." of https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers # BOARD_TYPE is COM=1 # BOARD_REV=1 will go with HW. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + # # Name, offset (hex), value # value can be hex or decimal # -#( NV_SI_RO_BOARD_VENDOR, 0x0000, 0x00005F13 NV_SI_RO_BOARD_TYPE, 0x0008, 0x00000001 NV_SI_RO_BOARD_REV, 0x0010, 0x00000001 NV_SI_RO_BOARD_CFG, 0x0018, 0x00000000 -NV_SI_RO_BOARD_S0_DIMM_AVAIL, 0x0020, 0x00001515 +NV_SI_RO_BOARD_S0_DIMM_AVAIL, 0x0020, 0x0000ffff NV_SI_RO_BOARD_S1_DIMM_AVAIL, 0x0028, 0x00000000 NV_SI_RO_BOARD_SPI0CS0_FREQ_KHZ, 0x0030, 0x00004E20 NV_SI_RO_BOARD_SPI0CS1_FREQ_KHZ, 0x0038, 0x00004E20 -#) NV_SI_RO_BOARD_SPI1CS0_FREQ_KHZ, 0x0040, 0x00002710 NV_SI_RO_BOARD_SPI1CS1_FREQ_KHZ, 0x0048, 0x00002710 NV_SI_RO_BOARD_TPM_LOC, 0x0050, 0x00000000 @@ -30,24 +33,17 @@ NV_SI_RO_BOARD_I2C1_FREQ_KHZ, 0x0060, 0x00000190 NV_SI_RO_BOARD_I2C2_10_FREQ_KHZ, 0x0068, 0x00000190 NV_SI_RO_BOARD_I2C3_FREQ_KHZ, 0x0070, 0x00000190 NV_SI_RO_BOARD_I2C9_FREQ_KHZ, 0x0078, 0x00000190 -#( NV_SI_RO_BOARD_2P_CFG, 0x0080, 0xFFFFFF00 NV_SI_RO_BOARD_S0_RCA0_CFG, 0x0088, 0x00000004 NV_SI_RO_BOARD_S0_RCA1_CFG, 0x0090, 0x00000004 NV_SI_RO_BOARD_S0_RCA2_CFG, 0x0098, 0x00000000 -#) NV_SI_RO_BOARD_S0_RCA3_CFG, 0x00A0, 0x00000004 -#( -#x8 BCM575 = 0x00000003 +# x8 BCM575 = 0x00000003 NV_SI_RO_BOARD_S0_RCB0_LO_CFG, 0x00A8, 0x00000003 NV_SI_RO_BOARD_S0_RCB0_HI_CFG, 0x00B0, 0x00000003 -#) -#( NV_SI_RO_BOARD_S0_RCB1_LO_CFG, 0x00B8, 0x00000000 NV_SI_RO_BOARD_S0_RCB1_HI_CFG, 0x00C0, 0x00000000 -#) -#( -#x1:USB3 x1:VGA = 0x00020002 +# x1:USB3 x1:VGA = 0x00020002 NV_SI_RO_BOARD_S0_RCB2_LO_CFG, 0x00C8, 0x00020002 # x0:NULL x1:i210 = 0x00000002 NV_SI_RO_BOARD_S0_RCB2_HI_CFG, 0x00D0, 0x00000002 @@ -55,10 +51,8 @@ NV_SI_RO_BOARD_S0_RCB2_HI_CFG, 0x00D0, 0x00000002 NV_SI_RO_BOARD_S0_RCB3_LO_CFG, 0x00D8, 0x00020002 # x4:M2.1 x4:M2.2 = 0x00020002 NV_SI_RO_BOARD_S0_RCB3_HI_CFG, 0x00E0, 0x00020002 -#) NV_SI_RO_BOARD_S1_RCA0_CFG, 0x00E8, 0x00000000 NV_SI_RO_BOARD_S1_RCA1_CFG, 0x00F0, 0x00000000 -#( NV_SI_RO_BOARD_S1_RCA2_CFG, 0x00F8, 0x00000000 NV_SI_RO_BOARD_S1_RCA3_CFG, 0x0100, 0x00000000 NV_SI_RO_BOARD_S1_RCB0_LO_CFG, 0x0108, 0x00000000 @@ -69,7 +63,6 @@ NV_SI_RO_BOARD_S1_RCB2_LO_CFG, 0x0128, 0x00000000 NV_SI_RO_BOARD_S1_RCB2_HI_CFG, 0x0130, 0x00000000 NV_SI_RO_BOARD_S1_RCB3_LO_CFG, 0x0138, 0x00000000 NV_SI_RO_BOARD_S1_RCB3_HI_CFG, 0x0140, 0x00000000 -#) NV_SI_RO_BOARD_T_LTLM_DELTA_P0, 0x0148, 0x00000001 NV_SI_RO_BOARD_T_LTLM_DELTA_P1, 0x0150, 0x00000002 NV_SI_RO_BOARD_T_LTLM_DELTA_P2, 0x0158, 0x00000003 @@ -86,17 +79,11 @@ NV_SI_RO_BOARD_P_LM_EXP_SMOOTH_CONST, 0x01A8, 0x00000000 NV_SI_RO_BOARD_TPM_ALG_ID, 0x01B0, 0x00000002 NV_SI_RO_BOARD_DDR_SPEED_GRADE, 0x01B8, 0x00000C80 NV_SI_RO_BOARD_DDR_S0_RTT_WR, 0x01C0, 0x20020000 -#( NV_SI_RO_BOARD_DDR_S1_RTT_WR, 0x01C8, 0x00000000 -#) NV_SI_RO_BOARD_DDR_S0_RTT_NOM, 0x01D0, 0x31060177 -#( NV_SI_RO_BOARD_DDR_S1_RTT_NOM, 0x01D8, 0x00000000 -#) NV_SI_RO_BOARD_DDR_S0_RTT_PARK, 0x01E0, 0x30060070 -#( NV_SI_RO_BOARD_DDR_S1_RTT_PARK, 0x01E8, 0x00000000 -#) NV_SI_RO_BOARD_DDR_CS0_RDODT_MASK_1DPC, 0x01F0, 0x00000000 NV_SI_RO_BOARD_DDR_CS1_RDODT_MASK_1DPC, 0x01F8, 0x00000000 NV_SI_RO_BOARD_DDR_CS2_RDODT_MASK_1DPC, 0x0200, 0x00000000 @@ -135,22 +122,16 @@ NV_SI_RO_BOARD_DDR_PHY_VREF_ADJ, 0x0300, 0x00000000 NV_SI_RO_BOARD_DDR_DRAM_VREF_ADJ, 0x0308, 0x00000000 NV_SI_RO_BOARD_DDR_WR_PREAMBLE_CYCLE, 0x0310, 0x02010201 NV_SI_RO_BOARD_DDR_ADCMD_2T_MODE, 0x0318, 0x00000000 -#( NV_SI_RO_BOARD_I2C_VRD_CONFIG_INFO, 0x0320, 0x6A685860 -#) NV_SI_RO_BOARD_DDR_PHY_FEATURE_CTRL, 0x0328, 0x00000000 NV_SI_RO_BOARD_BMC_HANDSHAKE_SPI_ACCESS, 0x0330, 0x01050106 NV_SI_RO_BOARD_DIMM_TEMP_THRESHOLD, 0x0338, 0x000005F4 NV_SI_RO_BOARD_DIMM_SPD_COMPARE_DISABLE, 0x0340, 0x00000000 NV_SI_RO_BOARD_S0_PCIE_CLK_CFG, 0x0348, 0x00000000 -#( NV_SI_RO_BOARD_S0_RCA4_CFG, 0x0350, 0x00030003 NV_SI_RO_BOARD_S0_RCA5_CFG, 0x0358, 0x00000000 -#) NV_SI_RO_BOARD_S0_RCA6_CFG, 0x0360, 0x02020202 -#( NV_SI_RO_BOARD_S0_RCA7_CFG, 0x0368, 0x02020202 -#) NV_SI_RO_BOARD_S0_RCA0_TXRX_G3PRESET, 0x0370, 0x00000000 NV_SI_RO_BOARD_S0_RCA1_TXRX_G3PRESET, 0x0378, 0x00000000 NV_SI_RO_BOARD_S0_RCA2_TXRX_G3PRESET, 0x0380, 0x00000000 @@ -184,12 +165,10 @@ NV_SI_RO_BOARD_S0_RCA5_TXRX_G4PRESET, 0x0458, 0x57575757 NV_SI_RO_BOARD_S0_RCA6_TXRX_G4PRESET, 0x0460, 0x57575757 NV_SI_RO_BOARD_S0_RCA7_TXRX_G4PRESET, 0x0468, 0x57575757 NV_SI_RO_BOARD_S1_PCIE_CLK_CFG, 0x0470, 0x00000000 -#( NV_SI_RO_BOARD_S1_RCA4_CFG, 0x0478, 0x00000000 NV_SI_RO_BOARD_S1_RCA5_CFG, 0x0480, 0x00000000 NV_SI_RO_BOARD_S1_RCA6_CFG, 0x0488, 0x00000000 NV_SI_RO_BOARD_S1_RCA7_CFG, 0x0490, 0x00000000 -#) NV_SI_RO_BOARD_S1_RCA2_TXRX_G3PRESET, 0x0498, 0x00000000 NV_SI_RO_BOARD_S1_RCA3_TXRX_G3PRESET, 0x04A0, 0x00000000 NV_SI_RO_BOARD_S1_RCB0A_TXRX_G3PRESET, 0x04A8, 0x00000000 @@ -243,9 +222,7 @@ NV_SI_RO_BOARD_TPM_DISABLE, 0x0620, 0x00000000 NV_SI_RO_BOARD_MESH_S0_CXG_RC_STRONG_ORDERING_EN, 0x0628, 0x00000000 NV_SI_RO_BOARD_MESH_S1_CXG_RC_STRONG_ORDERING_EN, 0x0630, 0x00000000 NV_SI_RO_BOARD_GPIO_SW_WATCHDOG_EN, 0x0638, 0x00000000 -#( NV_SI_RO_BOARD_PCIE_HP_DISABLE, 0x0640, 0x00000001 -#) NV_SI_RO_BOARD_I2C_VRD_VOUT_FORMAT, 0x0648, 0x00000000 NV_SI_RO_BOARD_I2C_VRD_SMBUS_CMD_FLAGS, 0x0650, 0x00000000 NV_SI_RO_BOARD_CUST_SPM_LOCATION, 0x0658, 0x00000000 @@ -295,3 +272,9 @@ NV_SI_RO_BOARD_BMC_HANDSHAKE_SPI_TO1, 0x7B0, 0x00000000 NV_SI_RO_BOARD_BMC_HANDSHAKE_SPI_TO2, 0x7B8, 0x00000000 NV_SI_RO_BOARD_PCIE_AER_CE_THRESHOLD, 0x7C0, 0x00000001 NV_SI_RO_BOARD_PCIE_AER_CE_INTERVAL, 0x7C8, 0x00000000 +NV_SI_RO_BOARD_I2C_RCA_VRD_VOUT_FORMAT,0x7D0, 0x00000000 +NV_SI_RO_BOARD_CCIX_MODE_OVERWRITE, 0x7D8, 0x00000000 +NV_SI_RO_BOARD_DVFS_VOLT_READ_BACK_MARGIN_MV, 0x07E0, 0x00000000 +NV_SI_RO_BOARD_2P_DPLL, 0x7E8, 0x00000000 +NV_SI_RO_BOARD_RC_DOMAIN_CTRL, 0x7F0, 0x00000000 +NV_SI_RO_BOARD_PCIE_SRIS_MODE, 0x7F8, 0x00000000 From 6164bd4e387d91b9a4973d04a17010d4c9ab11d5 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:47:30 -0700 Subject: [PATCH 15/29] Silicon/Ampere: Don't use yoda conditions Update PlatformFlashAccessLib.c to avoid use of yoda conditions. Signed-off-by: Rebecca Cran --- .../Library/PlatformFlashAccessLib/PlatformFlashAccessLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Silicon/Ampere/AmpereAltraPkg/Library/PlatformFlashAccessLib/PlatformFlashAccessLib.c b/Silicon/Ampere/AmpereAltraPkg/Library/PlatformFlashAccessLib/PlatformFlashAccessLib.c index d279637be3..8e9ba69523 100644 --- a/Silicon/Ampere/AmpereAltraPkg/Library/PlatformFlashAccessLib/PlatformFlashAccessLib.c +++ b/Silicon/Ampere/AmpereAltraPkg/Library/PlatformFlashAccessLib/PlatformFlashAccessLib.c @@ -177,7 +177,7 @@ MmFlashUpdate ( // Return data in the first double word of payload MmFwuStatus = (EFI_MM_COMMUNICATE_FWU_RES *)mEfiMmSysFwuReq.PayLoad.Data; if (MmFwuStatus->Status == FWU_MM_RES_IN_PROGRESS) { - if (NULL != Progress) { + if (Progress != NULL) { Progress (ProgressUpdate); } From f8f1f4d69fd65f9d53476f1065138325667cac5d Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:47:32 -0700 Subject: [PATCH 16/29] Platform/ADLINK: Improve MmcLib I2C brd config Improve the error checking code when fetching the I2C board config info. Change the DEBUG print on success from DEBUG_ERROR to DEBUG_INFO and on error print a message and return A2. Signed-off-by: Rebecca Cran --- Platform/ADLINK/ComHpcAltPkg/Library/MmcLib/MmcLib.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Platform/ADLINK/ComHpcAltPkg/Library/MmcLib/MmcLib.c b/Platform/ADLINK/ComHpcAltPkg/Library/MmcLib/MmcLib.c index 8e0694c61c..ad944ed4d6 100644 --- a/Platform/ADLINK/ComHpcAltPkg/Library/MmcLib/MmcLib.c +++ b/Platform/ADLINK/ComHpcAltPkg/Library/MmcLib/MmcLib.c @@ -74,7 +74,10 @@ GetFirmwareMajorVersion ( Status = NVParamGet (NV_SI_RO_BOARD_I2C_VRD_CONFIG_INFO, ACLRd, &Val); if (!EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, " I2C brd config info 0x%X (%d)\n", Val, Val)); + DEBUG ((DEBUG_INFO, " I2C brd config info %r 0x%X (%d)\n", Status, Val, Val)); + } else { + DEBUG ((DEBUG_ERROR, "Failed to fetch I2C board config info. Defaulting to A2\n")); + return 0xA2; } if (Val == 0x6A685860) { From 80a85f211735055c941c55312559cc1e66bce9a8 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:47:35 -0700 Subject: [PATCH 17/29] Platform/ADLINK: Enable building with or without X86 emulator To provide flexibility, allow users to build with or without the X86 emulator. Signed-off-by: Rebecca Cran --- Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc | 2 ++ Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf | 2 ++ 2 files changed, 4 insertions(+) diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc index e089b693d1..4c1ad4352f 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc @@ -441,4 +441,6 @@ # # OpRom emulator # +!if $(X86_EMULATOR_ENABLE) == TRUE Emulator/X86EmulatorDxe/X86EmulatorDxe.inf +!endif diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf index ee5a54f52a..ea93ff05bb 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf @@ -445,7 +445,9 @@ APRIORI DXE { # # Emulator for x64 OpRoms, etc. # +!if $(X86_EMULATOR_ENABLE) == TRUE INF Emulator/X86EmulatorDxe/X86EmulatorDxe.inf +!endif # # set MMC power off type From 23d9b5136264f31660efdc058b7b45d246ee1479 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:47:37 -0700 Subject: [PATCH 18/29] Silicon/Ampere: Add LogoDxe to display logo during boot The LogoDxe allows OEMs to display their logo while waiting for the user to press a key to interrupt the boot. Add it to AmpereAltraPkg.dsc.inc and ComHpcAlt.fdf. Signed-off-by: Rebecca Cran --- Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf | 2 ++ Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 1 + 2 files changed, 3 insertions(+) diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf index ea93ff05bb..819962b739 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf @@ -442,6 +442,8 @@ APRIORI DXE { INF Silicon/Ampere/AmpereAltraPkg/Drivers/RootComplexConfigDxe/RootComplexConfigDxe.inf INF Silicon/Ampere/AmpereSiliconPkg/Drivers/BmcConfigDxe/BmcConfigDxe.inf + INF MdeModulePkg/Logo/LogoDxe.inf + # # Emulator for x64 OpRoms, etc. # diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc index df2e7eb2aa..dede15dda7 100644 --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc @@ -635,6 +635,7 @@ } MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf Silicon/Ampere/AmpereAltraPkg/Drivers/BootProgress/BootProgressDxe/BootProgressDxe.inf + MdeModulePkg/Logo/LogoDxe.inf MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf # From beaa7088297f07fb6e39adb1a22a3488f5b932f1 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:47:39 -0700 Subject: [PATCH 19/29] Silicon/Ampere: Add RemoveStaleFvFileOptions from OVMF Add RemoveStaleFvFileOptions from OVMF to PlatformBootManagerDxe. This removes stale boot options such as the UEFI Shell if the firmware has been built without it. Signed-off-by: Rebecca Cran --- .../PlatformBootManagerDxe.c | 150 ++++++++++++++++++ 1 file changed, 150 insertions(+) diff --git a/Silicon/Ampere/AmpereSiliconPkg/Drivers/PlatformBootManagerDxe/PlatformBootManagerDxe.c b/Silicon/Ampere/AmpereSiliconPkg/Drivers/PlatformBootManagerDxe/PlatformBootManagerDxe.c index 01abd52b0e..cf2a393b48 100644 --- a/Silicon/Ampere/AmpereSiliconPkg/Drivers/PlatformBootManagerDxe/PlatformBootManagerDxe.c +++ b/Silicon/Ampere/AmpereSiliconPkg/Drivers/PlatformBootManagerDxe/PlatformBootManagerDxe.c @@ -20,6 +20,7 @@ #include #include +#include #include #include #include @@ -79,6 +80,153 @@ CONST UINT16 UsbEnglishLang = 0x0409; extern EFI_GUID mBmAutoCreateBootOptionGuid; +/** + Remove all MemoryMapped(...)/FvFile(...) and Fv(...)/FvFile(...) boot options + whose device paths do not resolve exactly to an FvFile in the system. + + This removes any boot options that point to binaries built into the firmware + and have become stale due to any of the following: + - FvMain's base address or size changed (historical), + - FvMain's FvNameGuid changed, + - the FILE_GUID of the pointed-to binary changed, + - the referenced binary is no longer built into the firmware. + + EfiBootManagerFindLoadOption() used in PlatformRegisterFvBootOption() only + avoids exact duplicates. + + Copied from OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c +**/ +static +VOID +RemoveStaleFvFileOptions ( + VOID + ) +{ + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; + UINTN BootOptionCount; + UINTN Index; + + BootOptions = EfiBootManagerGetLoadOptions ( + &BootOptionCount, + LoadOptionTypeBoot + ); + + for (Index = 0; Index < BootOptionCount; ++Index) { + EFI_DEVICE_PATH_PROTOCOL *Node1, *Node2, *SearchNode; + EFI_STATUS Status; + EFI_HANDLE FvHandle; + + // + // If the device path starts with neither MemoryMapped(...) nor Fv(...), + // then keep the boot option. + // + Node1 = BootOptions[Index].FilePath; + if (!((DevicePathType (Node1) == HARDWARE_DEVICE_PATH) && + (DevicePathSubType (Node1) == HW_MEMMAP_DP)) && + !((DevicePathType (Node1) == MEDIA_DEVICE_PATH) && + (DevicePathSubType (Node1) == MEDIA_PIWG_FW_VOL_DP))) + { + continue; + } + + // + // If the second device path node is not FvFile(...), then keep the boot + // option. + // + Node2 = NextDevicePathNode (Node1); + if ((DevicePathType (Node2) != MEDIA_DEVICE_PATH) || + (DevicePathSubType (Node2) != MEDIA_PIWG_FW_FILE_DP)) + { + continue; + } + + // + // Locate the Firmware Volume2 protocol instance that is denoted by the + // boot option. If this lookup fails (i.e., the boot option references a + // firmware volume that doesn't exist), then we'll proceed to delete the + // boot option. + // + SearchNode = Node1; + Status = gBS->LocateDevicePath ( + &gEfiFirmwareVolume2ProtocolGuid, + &SearchNode, + &FvHandle + ); + + if (!EFI_ERROR (Status)) { + // + // The firmware volume was found; now let's see if it contains the FvFile + // identified by GUID. + // + EFI_FIRMWARE_VOLUME2_PROTOCOL *FvProtocol; + MEDIA_FW_VOL_FILEPATH_DEVICE_PATH *FvFileNode; + UINTN BufferSize; + EFI_FV_FILETYPE FoundType; + EFI_FV_FILE_ATTRIBUTES FileAttributes; + UINT32 AuthenticationStatus; + + Status = gBS->HandleProtocol ( + FvHandle, + &gEfiFirmwareVolume2ProtocolGuid, + (VOID **)&FvProtocol + ); + ASSERT_EFI_ERROR (Status); + + FvFileNode = (MEDIA_FW_VOL_FILEPATH_DEVICE_PATH *)Node2; + // + // Buffer==NULL means we request metadata only: BufferSize, FoundType, + // FileAttributes. + // + Status = FvProtocol->ReadFile ( + FvProtocol, + &FvFileNode->FvFileName, // NameGuid + NULL, // Buffer + &BufferSize, + &FoundType, + &FileAttributes, + &AuthenticationStatus + ); + if (!EFI_ERROR (Status)) { + // + // The FvFile was found. Keep the boot option. + // + continue; + } + } + + // + // Delete the boot option. + // + Status = EfiBootManagerDeleteLoadOptionVariable ( + BootOptions[Index].OptionNumber, + LoadOptionTypeBoot + ); + DEBUG_CODE_BEGIN (); + CHAR16 *DevicePathString; + + DevicePathString = ConvertDevicePathToText ( + BootOptions[Index].FilePath, + FALSE, + FALSE + ); + DEBUG (( + EFI_ERROR (Status) ? DEBUG_WARN : DEBUG_VERBOSE, + "%a: removing stale Boot#%04x %s: %r\n", + __func__, + (UINT32)BootOptions[Index].OptionNumber, + DevicePathString == NULL ? L"" : DevicePathString, + Status + )); + if (DevicePathString != NULL) { + FreePool (DevicePathString); + } + + DEBUG_CODE_END (); + } + + EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); +} + /** Append a Boot Option to a Boot Options list. If the description and the device path are null, this function will copy data from @@ -894,6 +1042,8 @@ RefreshAllBootOptions ( BootOptionTemp[Index].OptionalDataSize = sizeof (EFI_GUID); } + RemoveStaleFvFileOptions (); + return Status; } From 3125d87a81ffe5b01f44585c9cab43a8a2082d86 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:47:41 -0700 Subject: [PATCH 20/29] Silicon/Ampere: Add checks around PerformanceLib Add checks around adding non-NULL PerformanceLib instances, only adding them if PERFORMANCE_MEASUREMENT_ENABLE is TRUE. Signed-off-by: Rebecca Cran --- .../AmpereAltraPkg/AmpereAltraLinuxBootPkg.dsc.inc | 14 ++++++++++++++ .../Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraLinuxBootPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraLinuxBootPkg.dsc.inc index 4f4860ab70..2d9ef70503 100755 --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraLinuxBootPkg.dsc.inc +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraLinuxBootPkg.dsc.inc @@ -129,7 +129,9 @@ MemoryAllocationLib|EmbeddedPkg/Library/PrePiMemoryAllocationLib/PrePiMemoryAllocationLib.inf HobLib|EmbeddedPkg/Library/PrePiHobLib/PrePiHobLib.inf PrePiHobListPointerLib|ArmPlatformPkg/Library/PrePiHobListPointerLib/PrePiHobListPointerLib.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/PeiPerformanceLib/PeiPerformanceLib.inf +!endif ArmGicArchLib|ArmPkg/Library/ArmGicArchSecLib/ArmGicArchSecLib.inf # ARM platforms have SEC modules with standard entry points, so we can generically link StackCheckLib @@ -140,7 +142,9 @@ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf PeiCoreEntryPoint|MdePkg/Library/PeiCoreEntryPoint/PeiCoreEntryPoint.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/PeiPerformanceLib/PeiPerformanceLib.inf +!endif ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf ExtractGuidedSectionLib|MdePkg/Library/PeiExtractGuidedSectionLib/PeiExtractGuidedSectionLib.inf @@ -155,7 +159,9 @@ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/PeiPerformanceLib/PeiPerformanceLib.inf +!endif ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf PeiResourcePublicationLib|MdePkg/Library/PeiResourcePublicationLib/PeiResourcePublicationLib.inf @@ -178,23 +184,31 @@ DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/DxeCorePerformanceLib/DxeCorePerformanceLib.inf +!endif [LibraryClasses.common.DXE_DRIVER] DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf +!endif MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf [LibraryClasses.common.UEFI_APPLICATION] UefiDecompressLib|MdePkg/Library/BaseUefiDecompressLib/BaseUefiTianoCustomDecompressLib.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf +!endif MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf [LibraryClasses.common.UEFI_DRIVER] ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf +!endif DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc index dede15dda7..6b35848417 100644 --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc @@ -206,7 +206,9 @@ MemoryAllocationLib|EmbeddedPkg/Library/PrePiMemoryAllocationLib/PrePiMemoryAllocationLib.inf HobLib|EmbeddedPkg/Library/PrePiHobLib/PrePiHobLib.inf PrePiHobListPointerLib|ArmPlatformPkg/Library/PrePiHobListPointerLib/PrePiHobListPointerLib.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/PeiPerformanceLib/PeiPerformanceLib.inf +!endif ArmGicArchLib|ArmPkg/Library/ArmGicArchSecLib/ArmGicArchSecLib.inf [LibraryClasses.common.PEI_CORE] @@ -214,7 +216,9 @@ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf PeiCoreEntryPoint|MdePkg/Library/PeiCoreEntryPoint/PeiCoreEntryPoint.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/PeiPerformanceLib/PeiPerformanceLib.inf +!endif ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf ExtractGuidedSectionLib|MdePkg/Library/PeiExtractGuidedSectionLib/PeiExtractGuidedSectionLib.inf @@ -229,7 +233,9 @@ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/PeiPerformanceLib/PeiPerformanceLib.inf +!endif ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf PeiResourcePublicationLib|MdePkg/Library/PeiResourcePublicationLib/PeiResourcePublicationLib.inf @@ -256,26 +262,34 @@ DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/DxeCorePerformanceLib/DxeCorePerformanceLib.inf +!endif [LibraryClasses.common.DXE_DRIVER] DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf +!endif MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf PciHostBridgeLib|Silicon/Ampere/AmpereAltraPkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf PciSegmentLib|Silicon/Ampere/AmpereAltraPkg/Library/PciSegmentLibPci/PciSegmentLibPci.inf [LibraryClasses.common.UEFI_APPLICATION] UefiDecompressLib|MdePkg/Library/BaseUefiDecompressLib/BaseUefiTianoCustomDecompressLib.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf +!endif MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf [LibraryClasses.common.UEFI_DRIVER] ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf +!endif DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf From 07400a60e7fdf20f3e2608929a976152c174a535 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:47:43 -0700 Subject: [PATCH 21/29] Silicon/Ampere: Add extra 3MB for FPDT boot records Since we set PcdPerformanceLibraryPropertyMask to 1, extra memory is needed to hold the FPDT boot records. Through testing, increase it from the default of 192KB to 3MB. Signed-off-by: Rebecca Cran --- Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc index 6b35848417..31394bd483 100644 --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc @@ -363,6 +363,10 @@ gEfiMdePkgTokenSpaceGuid.PcdPostCodePropertyMask|0 gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|320 + # With PcdPerformanceLibraryPropertyMask set to 1, we need to + # increase the memory allocated for the FPDT boot records. + gEfiMdeModulePkgTokenSpaceGuid.PcdExtFpdtBootRecordPadSize|0x300000 + # DEBUG_ASSERT_ENABLED 0x01 # DEBUG_PRINT_ENABLED 0x02 # DEBUG_CODE_ENABLED 0x04 From 15f64d94c522a18cbb397812eb88953d174ac1a3 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:47:54 -0700 Subject: [PATCH 22/29] Platform/ADLINK: Add BGRT driver Add the BGRT driver to ComHpcAlt.fdf to allow the OS to display the OEM logo while booting. Signed-off-by: Rebecca Cran --- Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf | 1 + 1 file changed, 1 insertion(+) diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf index 819962b739..899ba161d6 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf @@ -409,6 +409,7 @@ APRIORI DXE { # INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf INF Platform/Ampere/JadePkg/Drivers/AcpiPlatformDxe/AcpiPlatformDxe.inf + INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf INF RuleOverride=ACPITABLE Silicon/Ampere/AmpereAltraPkg/AcpiCommonTables/AcpiCommonTables.inf INF RuleOverride=ACPITABLE Platform/ADLINK/ComHpcAltPkg/Ac01AcpiTables/Ac01AcpiTables.inf INF RuleOverride=ACPITABLE Platform/ADLINK/ComHpcAltPkg/Ac02AcpiTables/Ac02AcpiTables.inf From 7fe368e45e312aedc9748b1da49102aad9302d2b Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:47:56 -0700 Subject: [PATCH 23/29] Platform/ADLINK: Move FirmwarePerformancePei earlier Move the FirmwarePerformancePei driver earlier in the boot process. Signed-off-by: Rebecca Cran --- Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf index 899ba161d6..c1ab7cc5d0 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf @@ -166,13 +166,13 @@ APRIORI PEI { INF ArmPlatformPkg/Sec/Sec.inf INF MdeModulePkg/Core/Pei/PeiMain.inf INF UefiCpuPkg/CpuIoPei/CpuIoPei.inf +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE + INF MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.inf +!endif INF ArmPlatformPkg/PlatformPei/PlatformPeim.inf INF Silicon/Ampere/AmpereAltraPkg/Drivers/ATFHobPei/ATFHobPeim.inf INF ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf INF Silicon/Ampere/AmpereAltraPkg/Drivers/FlashPei/FlashPei.inf -!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE - INF MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.inf -!endif INF Silicon/Ampere/AmpereAltraPkg/Drivers/BootProgress/BootProgressPeim/BootProgressPeim.inf INF ArmPkg/Drivers/CpuPei/CpuPei.inf INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf From 9babb4d35453f27f4787a0864d5a854ee88910cf Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:47:58 -0700 Subject: [PATCH 24/29] Platform/ADLINK: Add SecureBoot keys Include the file which sets the Secure Boot keys. Signed-off-by: Rebecca Cran --- Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf index c1ab7cc5d0..61137913e7 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf @@ -253,6 +253,8 @@ APRIORI DXE { !if $(SECURE_BOOT_ENABLE) == TRUE INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf + + !include ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc !endif INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf From 53cd0525d68637af5b67be9821f28df20dd3c0fa Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:48:00 -0700 Subject: [PATCH 25/29] Platform/ADLINK: Add boot manager drivers Add boot manager drivers which were missing. Signed-off-by: Rebecca Cran --- Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf index 61137913e7..cfecffec67 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.fdf @@ -398,6 +398,9 @@ APRIORI DXE { INF MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf INF MdeModulePkg/Application/UiApp/UiApp.inf + INF MdeModulePkg/Universal/BootManagerPolicyDxe/BootManagerPolicyDxe.inf + INF Silicon/Ampere/AmpereSiliconPkg/Drivers/PlatformBootManagerDxe/PlatformBootManagerDxe.inf + INF Silicon/Ampere/AmpereSiliconPkg/Drivers/IpmiBootDxe/IpmiBootDxe.inf # # Networking stack From 715e5cd88b8335a9f0a91e62372d5a47d40d0ede Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:48:02 -0700 Subject: [PATCH 26/29] Platform/ADLINK: configure video resolution to max Override the video configuration PCDs to use the maximum available resolution. Copied from Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc Signed-off-by: Rebecca Cran --- Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc index 4c1ad4352f..82485e277b 100644 --- a/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc +++ b/Platform/ADLINK/ComHpcAltPkg/ComHpcAlt.dsc @@ -289,6 +289,17 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{GUID("cdcdd0b7-8afb-4883-853a-ae9398077a0e")}|VOID*|0x10 gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid|{GUID("074c21e5-7d17-48e9-808d-f0c85e52a7db")}|VOID*|0x10 + # Default Video Resolution + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|0 # 0 - Maximum + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|0 # 0 - Maximum + gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn|0 # 0 - Maximum + gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow|0 # 0 - Maximum + # Setup Video Resolution + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution|0 # 0 - Maximum + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution|0 # 0 - Maximum + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutColumn|0 # 0 - Maximum + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutRow|0 # 0 - Maximum + [PcdsPatchableInModule] # # Console Resolution (HD mode) From c8fd8e146d00f700bc706c5c8026641347371885 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 11:48:05 -0700 Subject: [PATCH 27/29] Platform/Ampere: Add SecureBoot tools Add a script to generate Secure Boot keys and certificates. Also, add a default openssl.cnf file which will be copied to the secureboot_objects directory where users can customize it. Signed-off-by: Rebecca Cran --- .../Ampere/Tools/GenerateSecureBootKeys.sh | 119 ++++++++++++++++ Platform/Ampere/Tools/openssl.cnf | 130 ++++++++++++++++++ 2 files changed, 249 insertions(+) create mode 100755 Platform/Ampere/Tools/GenerateSecureBootKeys.sh create mode 100644 Platform/Ampere/Tools/openssl.cnf diff --git a/Platform/Ampere/Tools/GenerateSecureBootKeys.sh b/Platform/Ampere/Tools/GenerateSecureBootKeys.sh new file mode 100755 index 0000000000..2485063399 --- /dev/null +++ b/Platform/Ampere/Tools/GenerateSecureBootKeys.sh @@ -0,0 +1,119 @@ +#!/usr/bin/env bash + +## +# @file +# Script to download and generate keys/certificates/information +# for Secure Boot. +# +# Copyright (c) 2024, Rebecca Cran . All rights reserved.
+# Copyright (c) 2024, Ampere Computing LLC. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +set -o errexit + +cleanup () { + rm keys/dbx.priv >/dev/null 2>&1 || true + rm keys/intermediate.priv >/dev/null 2>&1 || true + rm keys/user.priv >/dev/null 2>&1 || true + rm certs/??.pem >/dev/null 2>&1 || true + rm certs/user.pfx >/dev/null 2>&1 || true + rm certs/root.crt >/dev/null 2>&1 || true + rm certs/intermediate.csr >/dev/null 2>&1 || true + rm certs/intermediate.crt >/dev/null 2>&1 || true + rm certs/user.csr >/dev/null 2>&1 || true + rm certs/user.crt >/dev/null 2>&1 || true + rm serial serial.* index.* >/dev/null 2>&1 || true +} + +if [ -z "${CERT_PASSWORD}" ]; then + CERT_PASSWORD=password +fi + +if [ -z "${SECUREBOOT_DIR}" ]; then + SECUREBOOT_DIR="${PWD}/secureboot_objects/" +fi + +if [ ! -d "${SECUREBOOT_DIR}" ]; then + mkdir "${SECUREBOOT_DIR}" +fi + +pushd "${SECUREBOOT_DIR}" || exit 1 + +if [ -z "${USE_EXISTING_SB_KEYS}" ]; then + mkdir keys || true + mkdir certs || true + cleanup + + if [ ! -f "openssl.cnf" ]; then + cp -vf "${WORKSPACE}/edk2-platforms/Platform/Ampere/Tools/openssl.cnf" . + fi + + echo "unique_subject = no" > index.txt.attr + openssl req -config openssl.cnf -new -x509 -newkey rsa:2048 -subj "/CN=${BOARD_NAME} Platform Key/" -keyout keys/platform_key.priv -outform DER -out certs/platform_key.der -days 7300 -nodes -sha256 + openssl req -config openssl.cnf -new -x509 -newkey rsa:2048 -subj "/CN=${BOARD_NAME} Update Key/" -keyout keys/update_key.priv -outform DER -out certs/update_key.cer -days 7300 -nodes -sha256 + + # Root Certificate + openssl req -config openssl.cnf -batch -new -x509 -days 3650 -key keys/update_key.priv -out certs/root.crt + openssl x509 -in certs/root.crt -out certs/root.der -outform DER + openssl x509 -inform DER -in certs/root.der -outform PEM -out certs/root.pub.pem + + # Intermediate Certificate + openssl genrsa -aes256 -out keys/intermediate.priv -passout pass:"${CERT_PASSWORD}" 2048 + openssl req -config openssl.cnf -batch -new -key keys/intermediate.priv -out certs/intermediate.csr -passin pass:"${CERT_PASSWORD}" -passout pass:"${CERT_PASSWORD}" + + truncate -s0 index.txt + echo 01 > serial + + openssl ca -config openssl.cnf -batch -extensions v3_ca -in certs/intermediate.csr -days 3650 -out certs/intermediate.crt -cert certs/root.crt -keyfile keys/update_key.priv + openssl x509 -in certs/intermediate.crt -out certs/intermediate.der -outform DER + openssl x509 -inform DER -in certs/intermediate.der -outform PEM -out certs/intermediate.pub.pem + + # User Certificate + openssl genrsa -aes256 -out keys/user.priv -passout pass:"${CERT_PASSWORD}" 2048 + openssl req -config openssl.cnf -batch -new -key keys/user.priv -out certs/user.csr -passin pass:"${CERT_PASSWORD}" -passout pass:"${CERT_PASSWORD}" + openssl ca -config openssl.cnf -batch -in certs/user.csr -days 3650 -out certs/user.crt -cert certs/intermediate.crt -keyfile keys/intermediate.priv -passin pass:"${CERT_PASSWORD}" + openssl x509 -in certs/user.crt -out certs/user.der -outform DER + openssl x509 -inform DER -in certs/user.der -outform PEM -out certs/user.pub.pem + + openssl pkcs12 -export -out certs/user.pfx -inkey keys/user.priv -in certs/user.crt -passin pass:"${CERT_PASSWORD}" -passout pass:"${CERT_PASSWORD}" + openssl pkcs12 -in certs/user.pfx -nodes -out certs/user.pem -passin pass:"${CERT_PASSWORD}" +fi + +python3 ${WORKSPACE}/edk2/BaseTools/Scripts/BinToPcd.py -i certs/root.der -p gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer -o ${WORKSPACE}/edk2-platforms/Platform/${MANUFACTURER}/${BOARD_NAME}Pkg/root.cer.gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer.inc + +pushd certs +if [ ! -f "ms_kek1.der" ] || [ -n "${DOWNLOAD_MS_SB_KEYS}" ]; then + curl -L "https://go.microsoft.com/fwlink/?LinkId=321185" -o ms_kek1.der +fi +if [ ! -f "ms_kek2.der" ] || [ -n "${DOWNLOAD_MS_SB_KEYS}" ]; then + curl -L "https://go.microsoft.com/fwlink/?linkid=2239775" -o ms_kek2.der +fi +if [ ! -f "ms_db1.der" ] || [ -n "${DOWNLOAD_MS_SB_KEYS}" ]; then + curl -L "https://go.microsoft.com/fwlink/?linkid=321192" -o ms_db1.der +fi +if [ ! -f "ms_db2.der" ] || [ -n "${DOWNLOAD_MS_SB_KEYS}" ]; then + curl -L "https://go.microsoft.com/fwlink/?linkid=321194" -o ms_db2.der +fi +if [ ! -f "ms_db3.der" ] || [ -n "${DOWNLOAD_MS_SB_KEYS}" ]; then + curl -L "https://go.microsoft.com/fwlink/?linkid=2239776" -o ms_db3.der +fi +if [ ! -f "ms_db4.der" ] || [ -n "${DOWNLOAD_MS_SB_KEYS}" ]; then + curl -L "https://go.microsoft.com/fwlink/?linkid=2239872" -o ms_db4.der +fi +if [ ! -f "ms_db5.der" ] || [ -n "${DOWNLOAD_MS_SB_KEYS}" ]; then + curl -L "https://go.microsoft.com/fwlink/?linkid=2284009" -o ms_db5.der +fi +popd || exit 1 + +if [ ! -f "certs/dummy_dbx.der" ]; then + # Generate a random certificate to place in the DBX. Otherwise, Linux won't try and update + # the dbx variable when running `fwupgmgr`. + openssl req -config openssl.cnf -new -x509 -newkey rsa:2048 -subj "/CN=Dummy DBX/" -keyout keys/dbx.priv -outform DER -out certs/dummy_dbx.der -days 7300 -nodes -sha256 +fi + +cleanup + +popd || exit 1 \ No newline at end of file diff --git a/Platform/Ampere/Tools/openssl.cnf b/Platform/Ampere/Tools/openssl.cnf new file mode 100644 index 0000000000..92e2a7aa81 --- /dev/null +++ b/Platform/Ampere/Tools/openssl.cnf @@ -0,0 +1,130 @@ +HOME = . +openssl_conf = openssl_init +config_diagnostics = 1 +oid_section = new_oids + +[ new_oids ] +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +[openssl_init] +providers = provider_sect +ssl_conf = ssl_module + +[ evp_properties ] +[provider_sect] +default = default_sect + +[default_sect] +activate = 1 + +[ ssl_module ] +system_default = crypto_policy + +[ crypto_policy ] +.include = /etc/crypto-policies/back-ends/opensslcnf.config + +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +dir = . # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/certs # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem # The private key + +x509_extensions = codesign_reqext # The extensions to add to the cert + +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +policy = policy_match + +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +default_bits = 2048 +default_md = sha256 +utf8 = yes +string_mask = utf8only +default_keyfile = privkey.pem +distinguished_name = codesign_dn +x509_extensions = v3_ca # The extensions to add to the self signed cert +req_extensions = codesign_reqext +attributes = req_attributes + +# Passwords for private keys if not present they will be prompted for +input_password = secret +output_password = secret + +[ codesign_dn ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = California + +localityName = San Jose + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Example Corp + +organizationalUnitName = Organizational Unit Name (eg, section) + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_default = example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ codesign_reqext ] +keyUsage = critical,digitalSignature +extendedKeyUsage = critical,codeSigning +subjectKeyIdentifier = hash + +[ v3_ca ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer +basicConstraints = critical,CA:true From 918efe0308735e3dd89b03e0d443848a681d9f50 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Mon, 16 Dec 2024 20:09:01 -0700 Subject: [PATCH 28/29] Silicon/Ampere: Use DxeRuntimeDebugLibSerialPort in RELEASE builds Use the DxeRuntimeDebugLibSerialPort driver in RELEASE builds to avoid a crash if a driver tries to output text at Runtime. Signed-off-by: Rebecca Cran --- Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 2 -- 1 file changed, 2 deletions(-) diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc index 31394bd483..66cb096857 100644 --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc @@ -306,9 +306,7 @@ !if $(SECURE_BOOT_ENABLE) == TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf !endif -!if $(TARGET) != RELEASE DebugLib|MdePkg/Library/DxeRuntimeDebugLibSerialPort/DxeRuntimeDebugLibSerialPort.inf -!endif VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf ArmSmcLib|ArmPkg/Library/ArmSmcLib/ArmSmcLib.inf From 76edd24007db9fe1079862caa85996aaa4e39968 Mon Sep 17 00:00:00 2001 From: Rebecca Cran Date: Tue, 17 Dec 2024 18:35:44 -0700 Subject: [PATCH 29/29] Platform/Ampere: Add macOS support to buildfw.sh buildfw.sh depends on features of the GNU getopt implementation such as long options. Require users to install the gnu-getopt homebrew package on macOS. Signed-off-by: Rebecca Cran --- Platform/Ampere/buildfw.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Platform/Ampere/buildfw.sh b/Platform/Ampere/buildfw.sh index 7ae075155a..ed0d0b7a81 100755 --- a/Platform/Ampere/buildfw.sh +++ b/Platform/Ampere/buildfw.sh @@ -112,6 +112,13 @@ if [ "$(uname -o)" = "FreeBSD" ]; then mkdir bin || true ln -sfv /usr/local/bin/gmake bin/make export PATH=$PWD/bin:$PATH +elif [ "$(uname -o)" = "Darwin" ]; then + MAKE_COMMAND=gmake + GETOPT_COMMAND=/opt/homebrew/opt/gnu-getopt/bin/getopt + if ! command -v ${GETOPT_COMMAND} >/dev/null 2>&1; then + echo "GNU getopt is required. Please install the gnu-getopt homebrew package." + exit 1 + fi else MAKE_COMMAND=make GETOPT_COMMAND=getopt