@@ -87,6 +87,8 @@ READ_LOCK_STATUS = TRUE
APRIORI DXE {
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
}
INF MdeModulePkg/Core/Dxe/DxeMain.inf
@@ -32,10 +32,6 @@
[Guids.common]
gArmPlatformTokenSpaceGuid = { 0x9c0aaed4, 0x74c5, 0x4043, { 0xb4, 0x17, 0xa3, 0x22, 0x38, 0x14, 0xce, 0x76 } }
- #
- # Following Guid must match FILE_GUID in MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
- #
- gVariableRuntimeDxeFileGuid = { 0xcbd2e4d5, 0x7068, 0x4ff5, { 0xb4, 0x62, 0x98, 0x22, 0xb4, 0xad, 0x8d, 0x60 } }
## Include/Guid/ArmGlobalVariableHob.h
gArmGlobalVariableGuid = { 0xc3253c90, 0xa24f, 0x4599, { 0xa6, 0x64, 0x1f, 0x88, 0x13, 0x77, 0x8f, 0xc9} }
@@ -143,6 +139,14 @@
gArmPlatformTokenSpaceGuid.PcdDefaultConInPaths|L""|VOID*|0x0000001B
gArmPlatformTokenSpaceGuid.PcdDefaultConOutPaths|L""|VOID*|0x0000001C
+ #
+ # The EFI variable GUID to use when initializing the non-volatile variable
+ # store at runtime. This defaults to the non-authenticated one, but should
+ # be set to use the authenticated version when using the authenticated
+ # variable runtime DXE
+ #
+ gArmPlatformTokenSpaceGuid.PcdVarStoreVariableGuid|{ 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }|VOID*|0x0000003B
+
[PcdsFixedAtBuild.common,PcdsDynamic.common]
## PL031 RealTimeClock
gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024
@@ -109,6 +109,10 @@ READ_STATUS = TRUE
READ_LOCK_CAP = TRUE
READ_LOCK_STATUS = TRUE
+ APRIORI DXE {
+ INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
+ }
INF MdeModulePkg/Core/Dxe/DxeMain.inf
#
@@ -110,6 +110,10 @@ READ_STATUS = TRUE
READ_LOCK_CAP = TRUE
READ_LOCK_STATUS = TRUE
+ APRIORI DXE {
+ INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
+ }
INF MdeModulePkg/Core/Dxe/DxeMain.inf
#
@@ -65,6 +65,10 @@ READ_STATUS = TRUE
READ_LOCK_CAP = TRUE
READ_LOCK_STATUS = TRUE
+ APRIORI DXE {
+ INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
+ }
INF MdeModulePkg/Core/Dxe/DxeMain.inf
#
@@ -138,6 +138,10 @@ READ_STATUS = TRUE
READ_LOCK_CAP = TRUE
READ_LOCK_STATUS = TRUE
+ APRIORI DXE {
+ INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
+ }
INF MdeModulePkg/Core/Dxe/DxeMain.inf
#
@@ -126,8 +126,9 @@ READ_LOCK_STATUS = TRUE
APRIORI DXE {
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
}
-
INF MdeModulePkg/Core/Dxe/DxeMain.inf
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
@@ -112,8 +112,9 @@ READ_LOCK_STATUS = TRUE
APRIORI DXE {
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
}
-
INF MdeModulePkg/Core/Dxe/DxeMain.inf
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
@@ -112,8 +112,9 @@ READ_LOCK_STATUS = TRUE
APRIORI DXE {
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
}
-
INF MdeModulePkg/Core/Dxe/DxeMain.inf
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
@@ -112,8 +112,9 @@ READ_LOCK_STATUS = TRUE
APRIORI DXE {
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
}
-
INF MdeModulePkg/Core/Dxe/DxeMain.inf
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
@@ -114,8 +114,9 @@ READ_LOCK_STATUS = TRUE
APRIORI DXE {
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
}
-
INF MdeModulePkg/Core/Dxe/DxeMain.inf
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
@@ -33,10 +33,6 @@
[Guids.common]
gArmVExpressTokenSpaceGuid = { 0x9c0aaed4, 0x74c5, 0x4043, { 0xb4, 0x17, 0xa3, 0x22, 0x38, 0x14, 0xce, 0x76 } }
- #
- # Following Guid must match FILE_GUID in MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
- #
- gVariableRuntimeDxeFileGuid = { 0xcbd2e4d5, 0x7068, 0x4ff5, { 0xb4, 0x62, 0x98, 0x22, 0xb4, 0xad, 0x8d, 0x60 } }
[PcdsFeatureFlag.common]
@@ -103,6 +103,8 @@ READ_LOCK_STATUS = TRUE
APRIORI DXE {
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
INF ArmPlatformPkg/ArmVirtualizationPkg/VirtFdtDxe/VirtFdtDxe.inf
+ INF ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
}
INF MdeModulePkg/Core/Dxe/DxeMain.inf
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
@@ -46,7 +46,6 @@
[Guids]
gEfiSystemNvDataFvGuid
- gEfiVariableGuid
gEfiEventVirtualAddressChangeGuid
[Protocols]
@@ -64,9 +63,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
gArmPlatformTokenSpaceGuid.PcdNorFlashCheckBlockLocked
+ gArmPlatformTokenSpaceGuid.PcdVarStoreVariableGuid
[Depex]
- #
- # NorFlashDxe must be loaded before VariableRuntimeDxe in case empty flash needs populating with default values
- #
- BEFORE gVariableRuntimeDxeFileGuid
+ gEfiCpuArchProtocolGuid
@@ -111,7 +111,7 @@ InitializeFvAndVariableStoreHeaders (
// VARIABLE_STORE_HEADER
//
VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)Headers + FirmwareVolumeHeader->HeaderLength);
- CopyGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid);
+ CopyGuid (&VariableStoreHeader->Signature, FixedPcdGetPtr (PcdVarStoreVariableGuid));
VariableStoreHeader->Size = PcdGet32(PcdFlashNvStorageVariableSize) - FirmwareVolumeHeader->HeaderLength;
VariableStoreHeader->Format = VARIABLE_STORE_FORMATTED;
VariableStoreHeader->State = VARIABLE_STORE_HEALTHY;
@@ -178,7 +178,7 @@ ValidateFvHeader (
VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)FwVolHeader + FwVolHeader->HeaderLength);
// Check the Variable Store Guid
- if( CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) == FALSE ) {
+ if (CompareGuid (&VariableStoreHeader->Signature, FixedPcdGetPtr (PcdVarStoreVariableGuid)) == FALSE) {
DEBUG ((EFI_D_ERROR, "ValidateFvHeader: Variable Store Guid non-compatible\n"));
return EFI_NOT_FOUND;
}
The NorFlashDxe uses an explicit 'BEFORE xxx' Depex declaration to ensure that it is invoked before VariableRuntimeDxe, and uses the GUID of the latter as 'xxx' explicitly to accomplish that. However, when enabling UEFI Secure Boot, this breaks down since the authenticated VariableRuntimeDxe is a completely separate driver, with a different GUID. So instead, replace the Depex with a Depex on CpuDxe (which supplies the Arch CPU Protocol that this driver actually does depend on) and add both NorFlashDxe and CpuDxe to the APRIORI DXE section of the platforms that use this NOR flash driver. Also, store the EFI variable GUID in a PCD so that we can override it with the one needed for initializing the authenticated variable store. This way, there is no need to pull in any authenticated variable store headers or other dependencies. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> --- ArmPlatformPkg/ArmJunoPkg/ArmJuno.fdf | 2 ++ ArmPlatformPkg/ArmPlatformPkg.dec | 12 ++++++++---- ArmPlatformPkg/ArmRealViewEbPkg/ArmRealViewEb-RTSM-MPCore.fdf | 4 ++++ ArmPlatformPkg/ArmRealViewEbPkg/ArmRealViewEb-RTSM-UniCore.fdf | 4 ++++ ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-CTA15-A7.fdf | 4 ++++ ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-CTA9x4.fdf | 4 ++++ ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.fdf | 3 ++- ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A15.fdf | 3 ++- ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A15_MPCore.fdf | 3 ++- ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-A9x4.fdf | 3 ++- ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-RTSM-AEMv8Ax4.fdf | 3 ++- ArmPlatformPkg/ArmVExpressPkg/ArmVExpressPkg.dec | 4 ---- ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualizationQemu.fdf | 2 ++ ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf | 7 ++----- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c | 4 ++-- 15 files changed, 42 insertions(+), 20 deletions(-)