diff options
author | jljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-03-09 17:38:35 +0000 |
---|---|---|
committer | jljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-03-09 17:38:35 +0000 |
commit | bdf93df85673c61e25e2b53b082c30aa87eec7a7 (patch) | |
tree | 095a09787269a88ea449e119e54613daaf83e7c0 /OvmfPkg/EmuVariableFvbRuntimeDxe | |
parent | e05061c59fea660fa64e63565cd970fcca33049c (diff) | |
download | edk2-bdf93df85673c61e25e2b53b082c30aa87eec7a7.tar.gz edk2-bdf93df85673c61e25e2b53b082c30aa87eec7a7.tar.bz2 edk2-bdf93df85673c61e25e2b53b082c30aa87eec7a7.zip |
OvmfPkg/EmuVariableFvbRuntimeDxe: Add support for PcdSecureBootEnable
When PcdSecureBootEnable is true, the authenticated variable
FV is created. Otherwise the standard FV is created.
Signed-off-by: lgrosenb
Reviewed-by: jljusten
Reviewed-by: mdkinney
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13092 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'OvmfPkg/EmuVariableFvbRuntimeDxe')
-rw-r--r-- | OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c | 79 | ||||
-rw-r--r-- | OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf | 3 |
2 files changed, 81 insertions, 1 deletions
diff --git a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c index ea9ffdcd61..c1f46a7d9d 100644 --- a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c +++ b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c @@ -34,6 +34,9 @@ #include <Library/PlatformFvbLib.h>
#include "Fvb.h"
+#define EFI_AUTHENTICATED_VARIABLE_GUID \
+{ 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
+
//
// Virtual Address Change Event
//
@@ -622,6 +625,9 @@ InitializeFvAndVariableStoreHeaders ( IN VOID *Ptr
)
{
+ //
+ // Templates for standard (non-authenticated) variable FV header
+ //
STATIC FVB_FV_HDR_AND_VARS_TEMPLATE FvAndVarTemplate = {
{ // EFI_FIRMWARE_VOLUME_HEADER FvHdr;
// UINT8 ZeroVector[16];
@@ -684,12 +690,83 @@ InitializeFvAndVariableStoreHeaders ( 0
}
};
+
+ //
+ // Templates for authenticated variable FV header
+ //
+ STATIC FVB_FV_HDR_AND_VARS_TEMPLATE FvAndAuthenticatedVarTemplate = {
+ { // EFI_FIRMWARE_VOLUME_HEADER FvHdr;
+ // UINT8 ZeroVector[16];
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
+
+ // EFI_GUID FileSystemGuid;
+ EFI_SYSTEM_NV_DATA_FV_GUID,
+
+ // UINT64 FvLength;
+ EMU_FVB_SIZE,
+
+ // UINT32 Signature;
+ EFI_FVH_SIGNATURE,
+
+ // EFI_FVB_ATTRIBUTES_2 Attributes;
+ 0x4feff,
+
+ // UINT16 HeaderLength;
+ EMU_FV_HEADER_LENGTH,
+
+ // UINT16 Checksum;
+ 0,
+
+ // UINT16 ExtHeaderOffset;
+ 0,
+
+ // UINT8 Reserved[1];
+ 0,
+
+ // UINT8 Revision;
+ EFI_FVH_REVISION,
+
+ // EFI_FV_BLOCK_MAP_ENTRY BlockMap[1];
+ { 2, // UINT32 NumBlocks;
+ EMU_FVB_BLOCK_SIZE // UINT32 Length;
+ }
+ },
+ // EFI_FV_BLOCK_MAP_ENTRY EndBlockMap;
+ { 0, 0 }, // End of block map
+ { // VARIABLE_STORE_HEADER VarHdr;
+ // EFI_GUID Signature; // need authenticated variables for secure boot
+ EFI_AUTHENTICATED_VARIABLE_GUID,
+
+ // UINT32 Size;
+ (
+ FixedPcdGet32 (PcdVariableStoreSize) -
+ OFFSET_OF (FVB_FV_HDR_AND_VARS_TEMPLATE, VarHdr)
+ ),
+
+ // UINT8 Format;
+ VARIABLE_STORE_FORMATTED,
+
+ // UINT8 State;
+ VARIABLE_STORE_HEALTHY,
+
+ // UINT16 Reserved;
+ 0,
+
+ // UINT32 Reserved1;
+ 0
+ }
+ };
+
EFI_FIRMWARE_VOLUME_HEADER *Fv;
//
// Copy the template structure into the location
//
- CopyMem (Ptr, (VOID*)&FvAndVarTemplate, sizeof (FvAndVarTemplate));
+ if (FeaturePcdGet (PcdSecureBootEnable) == FALSE) {
+ CopyMem (Ptr, (VOID*)&FvAndVarTemplate, sizeof (FvAndVarTemplate));
+ } else {
+ CopyMem (Ptr, (VOID*)&FvAndAuthenticatedVarTemplate, sizeof (FvAndAuthenticatedVarTemplate));
+ }
//
// Update the checksum for the FV header
diff --git a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf index 69b3c9972a..4d4827decb 100644 --- a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf +++ b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf @@ -68,6 +68,9 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
+[FeaturePcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable
+
[Depex]
TRUE
|