Dasharo google celes/rel v0.1.0 next #265
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Michał Kopeć <[email protected]>
Project: https://github.com/9elements/converged-security-suite License: BSD-3 Tooling for Intel platform security features Change-Id: I7421b30eb38e64cf6b77b7e1c485c5700728997b Signed-off-by: Philipp Deppenwiese <[email protected]> Reviewed-on: https://review.coreboot.org/c/coreboot/+/45170 Reviewed-by: Angel Pons <[email protected]> Reviewed-by: Christian Walter <[email protected]> Tested-by: build bot (Jenkins) <[email protected]>
Signed-off-by: Krystian Hebel <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Michał Kopeć <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Michał Kopeć <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Piotr Król <[email protected]> Signed-off-by: Michał Kopeć <[email protected]>
Signed-off-by: Michał Kopeć <[email protected]>
Signed-off-by: Michał Kopeć <[email protected]>
Signed-off-by: Michał Kopeć <[email protected]>
…ccount Signed-off-by: Michał Kopeć <[email protected]>
Co-authored-by: Michał Żygowski <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
Add possibility to clone edk2-platforms repository. Some edk2 repositories may use modules from edk2-platforms which contain various feature packages for Intel platforms. Signed-off-by: Michał Żygowski <[email protected]> Change-Id: Iabd0793dfdcb95260046dc992ff30ef581159db9
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
Add the EDK2 variable format header in order to access the SPI flash variable store. Change-Id: Ibe44925555a7d1d2361dd48c0325b840bd68e0ca Signed-off-by: Patrick Rudolph <[email protected]>
Add a new set of errors that will be used by the introduced EFI non-volatile variable store in flash. Change-Id: I6baea9fb138d1a2755d22a3d587105793adb9c90 Signed-off-by: Patrick Rudolph <[email protected]>
Allow other drivers to use the SMMSTORE region device. Change-Id: I6316b703829590bd6f41c3d4013b4a4660b9cbab Signed-off-by: Patrick Rudolph <[email protected]>
Add a driver to read and write EFI variables stored in a region device. This is particullary useful for EDK2 as payload and allows to reuse existing EFI tools to set/get options used by the firmware. The write implementation is fault tolerant and doesn't corrupt the variable store. A faulting write might result in using the old value even though a 'newer' had been completely written. Implemented basic unit tests for header corruption, writing existing data and append new data into the store. Initial firmware region state: Initially the variable store region isn't formatted. Usually this is done in the EDK2 payload when no valid firmware volume could be found. It might be useful to do this offline or in coreboot to have a working option store on the first boot or when it was corrupted. Performance improvements: Right now the code always checks if the firmware volume header is valid. This could be optimised by caching the test result in heap. For write operations it would be good to cache the end of the variable store in the heap as well, instead of walking the whole store. Reclaiming memory: The EFI variable store is append write only. To update an existing variable, first a new is written to the end of the store and then the previous is marked invalid. This only works on PNOR flash that allow to clear set bits, but keep cleared bits state. This mechanisms allows a fault tolerant write, but it also requires to "clean" the variable store for time to time. This cleaning would remove variables that have been marked "deleted". Such cleaning mechanism in turn must be fault tolerant and thus must use a second parition in the SPI flash as backup/working region. For now to cleaning is done in coreboot. Fault checking: The driver should check if a previous write was successfull and if not mark variables as deleted on the next operation. Tested and working: - Could enumerate all existing variables - Could read variables - Could write variables Change-Id: I8079f71d29da5dc2db956fc68bef1486fe3906bb Signed-off-by: Patrick Rudolph <[email protected]>
Signed-off-by: Sergii Dmytruk <[email protected]>
…bindings Signed-off-by: Michał Kopeć <[email protected]>
…nder #if CONFIG(DRIVERS_EFI_VARIABLE_STORE) Co-authored-by: Michał Żygowski <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Michał Kopeć <[email protected]>
Signed-off-by: Krystian Hebel <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Michał Kopeć <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Michał Kopeć <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Piotr Król <[email protected]> Signed-off-by: Michał Kopeć <[email protected]>
Signed-off-by: Piotr Król <[email protected]>
Signed-off-by: Piotr Król <[email protected]>
Signed-off-by: Piotr Król <[email protected]>
Signed-off-by: Piotr Król <[email protected]>
Signed-off-by: Piotr Król <[email protected]>
…ro_google_celes/rel_v0.1.0-next Signed-off-by: Piotr Król <[email protected]>
Signed-off-by: Piotr Król <[email protected]>
|
Tested this code and it boots fine. So closing #228 in favor of this code. |
Add possibility to clone edk2-platforms repository. Some edk2 repositories may use modules from edk2-platforms which contains various feature packages for Intel platforms, e.g VT-d driver if DMA protection is enabled. Signed-off-by: Michał Żygowski <[email protected]> Change-Id: Iabd0793dfdcb95260046dc992ff30ef581159db9
Signed-off-by: Piotr Król <[email protected]>
miczyg1
reviewed
Nov 19, 2022
Co-authored-by: Michał Żygowski <[email protected]>
Signed-off-by: Piotr Król <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Rebase of MrChromebox-4.18.1 (
2022.10.24)Related to MrChromebox/firmware#293