[edk2-devel] [PATCH] BaseTools: Add authenticated variable store support

Chen Lin Z Thu, 04 Nov 2021 04:38:22 -0700

In order to support secure boot with authenticated type variable store
and non secure boot with normal type variable store, add one flag to
switch them.


User can append '-D VPD_AUTHENTICATED_VARIABLE_STORE' to build command
to enable authenticated type varaible store.

Also, user can add 'VPD_AUTHENTICATED_VARIABLE_STORE = TRUE/FALSE' to the
defines section of Dsc file to switch authenticated/normal type variable
store.

VPD_AUTHENTICATED_VARIABLE_STORE is a new reserved key word for this function.

Signed-off-by: Chen Lin Z <lin.z.c...@intel.com>
Cc: Bob Feng <bob.c.f...@intel.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
---
 BaseTools/Source/Python/AutoGen/GenVar.py     | 57 ++++++++++++++++++-
 BaseTools/Source/Python/Common/DataType.py    |  1 +
 .../Source/Python/Workspace/DscBuildData.py   |  4 ++
 3 files changed, 59 insertions(+), 3 deletions(-)

diff --git a/BaseTools/Source/Python/AutoGen/GenVar.py 
b/BaseTools/Source/Python/AutoGen/GenVar.py
index 591ef3df55..3f3dc69e90 100644
--- a/BaseTools/Source/Python/AutoGen/GenVar.py
+++ b/BaseTools/Source/Python/AutoGen/GenVar.py
@@ -15,6 +15,7 @@ from Common.VariableAttributes import VariableAttributes
 from Common.Misc import *
 import collections
 import Common.DataType as DataType
+import Common.GlobalData as GlobalData
 
 var_info = collections.namedtuple("uefi_var", 
"pcdindex,pcdname,defaultstoragename,skuname,var_name, var_guid, 
var_offset,var_attribute,pcd_default_value, default_value, 
data_type,PcdDscLine,StructurePcd")
 NvStorageHeaderSize = 28
@@ -173,11 +174,16 @@ class VariableMgr(object):
             offset += VariableHeaderSize + 
len(default_info.var_name.split(","))
             var_data_offset[default_info.pcdindex] = offset
             offset += data_size - len(default_info.var_name.split(","))
-
-            var_header_buffer = 
VariableMgr.PACK_VARIABLE_HEADER(var_attr_value, 
len(default_info.var_name.split(",")), len (default_data), vendorguid)
+            if 
GlobalData.gCommandLineDefines.get(TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE,"FALSE").upper()
 == "TRUE":
+                var_header_buffer = 
VariableMgr.PACK_AUTHENTICATED_VARIABLE_HEADER(var_attr_value, 
len(default_info.var_name.split(",")), len (default_data), vendorguid)
+            else:
+                var_header_buffer = 
VariableMgr.PACK_VARIABLE_HEADER(var_attr_value, 
len(default_info.var_name.split(",")), len (default_data), vendorguid)
             NvStoreDataBuffer += (var_header_buffer + DataBuffer)
 
-        variable_storage_header_buffer = 
VariableMgr.PACK_VARIABLE_STORE_HEADER(len(NvStoreDataBuffer) + 28)
+        if 
GlobalData.gCommandLineDefines.get(TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE,"FALSE").upper()
 == "TRUE":
+            variable_storage_header_buffer = 
VariableMgr.PACK_AUTHENTICATED_VARIABLE_STORE_HEADER(len(NvStoreDataBuffer) + 
28)
+        else:
+            variable_storage_header_buffer = 
VariableMgr.PACK_VARIABLE_STORE_HEADER(len(NvStoreDataBuffer) + 28)
 
         nv_default_part = 
VariableMgr.AlignData(VariableMgr.PACK_DEFAULT_DATA(0, 0, 
VariableMgr.unpack_data(variable_storage_header_buffer+NvStoreDataBuffer)), 8)
 
@@ -252,6 +258,20 @@ class VariableMgr(object):
 
         return GuidBuffer + SizeBuffer + FormatBuffer + StateBuffer + 
reservedBuffer
 
+    def PACK_AUTHENTICATED_VARIABLE_STORE_HEADER(size):
+        #Signature: gEfiAuthenticatedVariableGuid
+        Guid = "{ 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 
0xc3, 0x77, 0x92 }}"
+        Guid = GuidStructureStringToGuidString(Guid)
+        GuidBuffer = PackGUID(Guid.split('-'))
+
+        SizeBuffer = pack('=L', size)
+        FormatBuffer = pack('=B', 0x5A)
+        StateBuffer = pack('=B', 0xFE)
+        reservedBuffer = pack('=H', 0)
+        reservedBuffer += pack('=L', 0)
+
+        return GuidBuffer + SizeBuffer + FormatBuffer + StateBuffer + 
reservedBuffer
+
     @staticmethod
     def PACK_NV_STORE_DEFAULT_HEADER(size, maxsize):
         Signature = pack('=B', ord('N'))
@@ -279,6 +299,37 @@ class VariableMgr(object):
 
         return Buffer
 
+    @staticmethod
+    def PACK_AUTHENTICATED_VARIABLE_HEADER(attribute, namesize, datasize, 
vendorguid):
+
+        Buffer = pack('=H', 0x55AA)    # pack StartID
+        Buffer += pack('=B', 0x3F)     # pack State
+        Buffer += pack('=B', 0)        # pack reserved
+
+        Buffer += pack('=L', attribute)
+
+        Buffer += pack('=Q', 0)        # pack MonotonicCount
+        Buffer += pack('=HBBBBBBLhBB', # pack TimeStamp
+                         0,            # UINT16 Year
+                         0,            # UINT8  Month
+                         0,            # UINT8  Day
+                         0,            # UINT8  Hour
+                         0,            # UINT8  Minute
+                         0,            # UINT8  Second
+                         0,            # UINT8  Pad1
+                         0,            # UINT32 Nanosecond
+                         0,            # INT16  TimeZone
+                         0,            # UINT8  Daylight
+                         0)            # UINT8  Pad2
+        Buffer += pack('=L', 0)        # pack PubKeyIndex
+
+        Buffer += pack('=L', namesize)
+        Buffer += pack('=L', datasize)
+
+        Buffer += PackGUID(vendorguid)
+
+        return Buffer
+
     @staticmethod
     def PACK_VARIABLES_DATA(var_value,data_type, tail = None):
         Buffer = bytearray()
diff --git a/BaseTools/Source/Python/Common/DataType.py 
b/BaseTools/Source/Python/Common/DataType.py
index 4e9c9e34af..dc49623333 100644
--- a/BaseTools/Source/Python/Common/DataType.py
+++ b/BaseTools/Source/Python/Common/DataType.py
@@ -406,6 +406,7 @@ TAB_DSC_DEFINES_SKUID_IDENTIFIER = 'SKUID_IDENTIFIER'
 TAB_DSC_DEFINES_PCD_INFO_GENERATION = 'PCD_INFO_GENERATION'
 TAB_DSC_DEFINES_PCD_DYNAMIC_AS_DYNAMICEX = 'PCD_DYNAMIC_AS_DYNAMICEX'
 TAB_DSC_DEFINES_PCD_VAR_CHECK_GENERATION = 'PCD_VAR_CHECK_GENERATION'
+TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE = 
'VPD_AUTHENTICATED_VARIABLE_STORE'
 TAB_DSC_DEFINES_FLASH_DEFINITION = 'FLASH_DEFINITION'
 TAB_DSC_DEFINES_BUILD_NUMBER = 'BUILD_NUMBER'
 TAB_DSC_DEFINES_MAKEFILE_NAME = 'MAKEFILE_NAME'
diff --git a/BaseTools/Source/Python/Workspace/DscBuildData.py 
b/BaseTools/Source/Python/Workspace/DscBuildData.py
index d1ee0ccaea..35ec5b37ff 100644
--- a/BaseTools/Source/Python/Workspace/DscBuildData.py
+++ b/BaseTools/Source/Python/Workspace/DscBuildData.py
@@ -387,6 +387,10 @@ class DscBuildData(PlatformBuildClassObject):
                 for i in range(0, len(LanguageCodes), 3):
                     LanguageList.append(LanguageCodes[i:i + 3])
                 self._ISOLanguages = LanguageList
+            elif Name == TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE:
+                if TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE not in 
gCommandLineDefines:
+                    
gCommandLineDefines[TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE] = 
Record[2].strip()
+
             elif Name == TAB_DSC_DEFINES_VPD_TOOL_GUID:
                 #
                 # try to convert GUID to a real UUID value to see whether the 
GUID is format
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#83329): https://edk2.groups.io/g/devel/message/83329
Mute This Topic: https://groups.io/mt/86813506/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH] BaseTools: Add authenticated variable store support

Reply via email to