From patchwork Mon Oct 29 03:32:45 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Ming Huang <ming.huang@linaro.org>
X-Patchwork-Id: 149623
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp3598207ljp;
 Sun, 28 Oct 2018 20:33:31 -0700 (PDT)
X-Google-Smtp-Source: AJdET5fygOBhV+W6vEClwNeKttyBpbgGsCQdbc74+uEZHYV8lMawRFN7bySBlPxV6utDv0mWqNAp
X-Received: by 2002:aed:3422:: with SMTP id
 w31-v6mr9556722qtd.100.1540784011058; 
 Sun, 28 Oct 2018 20:33:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540784011; cv=none;
 d=google.com; s=arc-20160816;
 b=Fk2jNz3zPk7WkcN8hYKufta41F6oMDI3ijnC3vYKqmS0All9pub3j1z1MNH2CqE9lT
 pVEN6UbeBKnM7Y8/aHXOuOOh667SHRMPPVvIHOTfpqxke3WsrlE56ysWyp7d4Ksaaymd
 5BFlk1a9lext3EOorZ5J08uzat2vPNh2UnbYHBFbF6Msi+v090rOFkSUYkbzPvOCQa/0
 +z5P/3gAuWv4xZMNGI2rfE+2JSZMNliV3A5ZncfeBmGVGlXUu+CirMyDfEgQbR3cRbkz
 Eripywb+hPyVPshaRotqxOHSfvd0DCv2yiqStN7ZGISeWyH/Zvk85r/AFDZr+xzzjJXF
 GO/A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:cc:list-subscribe
 :list-help:list-post:list-archive:list-unsubscribe:list-id
 :precedence:subject:mime-version:references:in-reply-to:message-id
 :date:to:from:dkim-signature:delivered-to;
 bh=bVeCY5dLnmangu3KIg+JNwGcHZy4VfAongwdh4z9bnQ=;
 b=oEJMYCutfmwEAmxZFm//36GFuKy3hd18MZyOoZadhzHcStOjFZruDTu4LqG8zzJtWa
 Jg2vQZxxs5z1TnVNzBBEKM/uonRUsYXxJf/0RhXPu3+QFbCGuu96Zrx+uWSTtPpRskWo
 0npP/iwMLcId8fvjY6d10h2bhma++zkDwH/q4I2iqB/zqlUQy+ZF2qhgTu8Y5VZ/jGCS
 RC20ldxmuoV0kC9K9mPMrCPOGa2kUwhK88uPD4x5aqlcBLBFmEPlUm9lpw9MP0WeSQ3v
 DbIBpIX2i68cN44GfL+VTkwTVmJg1W+vUwh8q9l/P+Viz0zZ7SPiKou0RoNHQm8P5pQr
 NHdA==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=TmbmU62C; 
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org. [198.145.21.10])
 by mx.google.com with ESMTPS id
 m27-v6si523706qtg.248.2018.10.28.20.33.30
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 28 Oct 2018 20:33:31 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender) client-ip=198.145.21.10; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=TmbmU62C; 
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from [127.0.0.1] (localhost [IPv6:::1])
 by ml01.01.org (Postfix) with ESMTP id 0EF1621184AD1;
 Sun, 28 Oct 2018 20:33:26 -0700 (PDT)
X-Original-To: edk2-devel@lists.01.org
Delivered-To: edk2-devel@lists.01.org
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2607:f8b0:4864:20::541; helo=mail-pg1-x541.google.com;
 envelope-from=ming.huang@linaro.org; receiver=edk2-devel@lists.01.org 
Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com
 [IPv6:2607:f8b0:4864:20::541])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
 bits)) (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 0DE0B2117FD5E
 for <edk2-devel@lists.01.org>; Sun, 28 Oct 2018 20:33:25 -0700 (PDT)
Received: by mail-pg1-x541.google.com with SMTP id k1-v6so1773339pgq.1
 for <edk2-devel@lists.01.org>; Sun, 28 Oct 2018 20:33:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=AA98JXO+OUawNe1u11YZYyXS/sTerPOVa9LJCsx6hEc=;
 b=TmbmU62C1RnNDMnC0cVnVgHYGh9VgtDfkTzYu37wrz2xGNtt3FpmF6yrl7bA/gaFxA
 cdUqG0pBll1qerI2kkn5DeIJhxps8kUo77ei48e8BqMgSq/q/NObotuxkX5PHnwwHbGm
 HGPsHuWHmZODvfh4UTEggYY7+QoQb+JmcRTII=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=AA98JXO+OUawNe1u11YZYyXS/sTerPOVa9LJCsx6hEc=;
 b=GmDfVSCul4DOBbqUn8n9ag/KoZgmvRs7eHeHG3AOfVduXH11oj20tHcc++8XEFwkAc
 Wva9n0lMWrUleGXxeTbOz3Y4rR4JvI0waBkAQvpEFXkUGdPVNRIYUHVAikWPb0dEX8jg
 5tX4ZWnQ7qCfabFRG2PHJQNy/ikuKPTNeyLzOO0IY+gBHw4WlUz88TFUJR7v4MT9lwYb
 WjqeB5RGFxG/zWOfbb9bjb8y9qtfLIyC5nfvd6BJQgFqRzQa1/iRmR8MBVUvUX9oiRib
 L3cpXOFUDDcb+7+VBMYfGcewZJ8VFq68lDSWSEsyPFORTJ53sZSJBxSLy7sjjRD3qjg8
 +YFQ==
X-Gm-Message-State: AGRZ1gKJVqSXgfhFGbudrFsM62aF8Y8dtZ9CbFdUs9BERW4zWE5HtUsA
 D0P42LOBiq2mO4omXkPX7W8hfg==
X-Received: by 2002:a62:cd47:: with SMTP id
 o68-v6mr13428875pfg.12.1540784004617; 
 Sun, 28 Oct 2018 20:33:24 -0700 (PDT)
Received: from localhost.localdomain ([120.31.149.194])
 by smtp.gmail.com with ESMTPSA id
 j5-v6sm22318872pgm.79.2018.10.28.20.33.21
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Sun, 28 Oct 2018 20:33:23 -0700 (PDT)
From: Ming Huang <ming.huang@linaro.org>
To: leif.lindholm@linaro.org, linaro-uefi@lists.linaro.org,
 edk2-devel@lists.01.org, graeme.gregory@linaro.org
Date: Mon, 29 Oct 2018 11:32:45 +0800
Message-Id: <20181029033249.45363-9-ming.huang@linaro.org>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20181029033249.45363-1-ming.huang@linaro.org>
References: <20181029033249.45363-1-ming.huang@linaro.org>
MIME-Version: 1.0
Subject: [edk2] [PATCH edk2-platforms v1 08/12] Hisilicon/D06: Fix SBBR-SCT
 AuthVar issue
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: huangming23@huawei.com, xinliang.liu@linaro.org, john.garry@huawei.com, 
 zhangjinsong2@huawei.com, huangdaode@hisilicon.com,
 zhangfeng56@huawei.com, 
 michael.d.kinney@intel.com, lersek@redhat.com, wanghuiqiang@huawei.com
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>

Enable secure boot to fix AuthVar issue:
RT.SetVariable - Set Invalid Time Base Auth Variable – FAILURE;
RT.SetVariable - Create one Time Base Auth Variable, the expect return
status should be EFI_SUCCESS – FAILURE.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ming Huang <ming.huang@linaro.org>
---
 Silicon/Hisilicon/Hisilicon.dsc.inc | 16 ++++++++++++++++
 Platform/Hisilicon/D06/D06.dsc      |  2 +-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/Silicon/Hisilicon/Hisilicon.dsc.inc b/Silicon/Hisilicon/Hisilicon.dsc.inc
index 3ac8e20232..6515c0d703 100644
--- a/Silicon/Hisilicon/Hisilicon.dsc.inc
+++ b/Silicon/Hisilicon/Hisilicon.dsc.inc
@@ -89,8 +89,15 @@
 
   SemihostLib|ArmPkg/Library/SemihostLib/SemihostLib.inf
 
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+  AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
+  PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
+!else
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+!endif
 
   # BDS Libraries
   FdtLib|EmbeddedPkg/Library/FdtLib/FdtLib.inf
@@ -217,6 +224,9 @@
 !if $(TARGET) != RELEASE
   DebugLib|MdePkg/Library/DxeRuntimeDebugLibSerialPort/DxeRuntimeDebugLibSerialPort.inf
 !endif
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+!endif
 
 [LibraryClasses.AARCH64]
   ArmGenericTimerCounterLib|ArmPkg/Library/ArmGenericTimerPhyCounterLib/ArmGenericTimerPhyCounterLib.inf
@@ -326,6 +336,12 @@
   gEmbeddedTokenSpaceGuid.PcdTimerPeriod|10000
   gArmTokenSpaceGuid.PcdVFPEnabled|1
   gEfiMdePkgTokenSpaceGuid.PcdUartDefaultReceiveFifoDepth|32
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
+  gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04
+  gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04
+  gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04
+!endif
 
 [PcdsDynamicHii.common.DEFAULT]
   gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|10 # Variable: L"Timeout"
diff --git a/Platform/Hisilicon/D06/D06.dsc b/Platform/Hisilicon/D06/D06.dsc
index b6ef9fedf0..8ee20342b1 100644
--- a/Platform/Hisilicon/D06/D06.dsc
+++ b/Platform/Hisilicon/D06/D06.dsc
@@ -30,7 +30,7 @@
   FLASH_DEFINITION               = Platform/Hisilicon/$(PLATFORM_NAME)/$(PLATFORM_NAME).fdf
   DEFINE NETWORK_IP6_ENABLE      = FALSE
   DEFINE HTTP_BOOT_ENABLE        = FALSE
-  DEFINE SECURE_BOOT_ENABLE      = FALSE
+  DEFINE SECURE_BOOT_ENABLE      = TRUE
 
 !include Silicon/Hisilicon/Hisilicon.dsc.inc