diff --git a/bbsr/config/BBSRStartup.nsh b/bbsr/config/BBSRStartup.nsh deleted file mode 100755 index e97f414..0000000 --- a/bbsr/config/BBSRStartup.nsh +++ /dev/null @@ -1,47 +0,0 @@ -echo -off - -for %i in 0 1 2 3 4 5 6 7 8 9 A B C D E F - if exist FS%i:\EFI\BOOT\bbr\SCT then - # - # Found EFI SCT harness - # - FS%i: - cd FS%i:\EFI\BOOT\bbr\SCT - echo Press any key to stop the EFI SCT running - stallforkey.efi 5 - if %lasterror% == 0 then - goto Done - endif - for %j in 0 1 2 3 4 5 6 7 8 9 A B C D E F then - if exists FS%j:\acs_results\ then - if exists FS%j:\acs_results\sct_results then - if exist FS%i:\EFI\BOOT\bbr\SCT\.passive.mode then - if exist FS%i:\EFI\BOOT\bbr\SCT\.verbose.mode then - Sct -c -p mnp -v - else - Sct -c -p mnp - endif - else - if exist FS%i:\EFI\BOOT\bbr\SCT\.verbose.mode then - Sct -c -v - else - Sct -c - endif - goto Done - endif - else - FS%j: - cd FS%j:\acs_results - mkdir sct_results - FS%i: - cd FS%i:\EFI\BOOT\bbr\SCT - Sct -s BBSR.seq - goto Done - endif - endif - endfor - endif -endfor - -:Done - diff --git a/bbsr/patches/0001-security-extension-update-edk2-test-to-integrate-sec.patch b/bbsr/patches/0001-security-extension-update-edk2-test-to-integrate-sec.patch deleted file mode 100644 index 8e54590..0000000 --- a/bbsr/patches/0001-security-extension-update-edk2-test-to-integrate-sec.patch +++ /dev/null @@ -1,229 +0,0 @@ -From d178d9b498e162d162f844df19b6c90f54f6083f Mon Sep 17 00:00:00 2001 -From: Stuart Yoder -Date: Fri, 24 Sep 2021 17:22:20 -0500 -Subject: [PATCH] security-extension: update edk2-test to integrate - security-extension tests - -The security-extension adds the following tests - RuntimeServices/SecureBoot - RuntimeServices/BBSRVariableSizeTest - Protocol/TCG2Protocol - -This patch adds the pieces in CommonGenFramework.sh, Category.ini, -and UEFI_SCT.dsc to integrate them. - -Signed-off-by: Stuart Yoder ---- - uefi-sct/SctPkg/CommonGenFramework.sh | 72 +++++++++++++++++++++++- - uefi-sct/SctPkg/Config/Data/Category.ini | 21 +++++++ - uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc | 9 ++- - 3 files changed, 100 insertions(+), 2 deletions(-) - -diff --git a/uefi-sct/SctPkg/CommonGenFramework.sh b/uefi-sct/SctPkg/CommonGenFramework.sh -index 779a6a44..42f7d92b 100755 ---- a/uefi-sct/SctPkg/CommonGenFramework.sh -+++ b/uefi-sct/SctPkg/CommonGenFramework.sh -@@ -94,6 +94,9 @@ CopyDependency() - ls -h $ProcessorType/$1_*.ini >> temp.txt 2>NUL - ls -h $ProcessorType/$1_*.cmp >> temp.txt 2>NUL - ls -h $ProcessorType/$1_*.ucmp >> temp.txt 2>NUL -+ ls -h $ProcessorType/$1_*.bin >> temp.txt 2>NUL -+ ls -h $ProcessorType/$1_*.der >> temp.txt 2>NUL -+ ls -h $ProcessorType/$1_*.auth >> temp.txt 2>NUL - - while read line - do -@@ -102,6 +105,49 @@ CopyDependency() - rm -f temp.txt >NUL - } - -+# ********************************************* -+# sign .efi executables for Secure Boot -+# -+# if the KEYS_DIR env variable is set then we -+# use keys supplied by the user, otherwise use -+# keys generated by the SecureBoot SCT test -+# ********************************************* -+SecureBootSign() -+{ -+if [ -n $KEYS_DIR ] -+then -+ TEST_DB1_KEY=$KEYS_DIR/TestDB1.key -+ TEST_DB1_CRT=$KEYS_DIR/TestDB1.crt -+else -+ TEST_DB1_KEY=$ProcessorType/SecureBoot_TestDB1.key -+ TEST_DB1_CRT=$ProcessorType/SecureBoot_TestDB1.crt -+fi -+ -+for f in $1/*.efi -+do -+ echo "sbsign --key $TEST_DB1_KEY --cert $TEST_DB1_CRT $f --output $f" -+ sbsign --key $TEST_DB1_KEY --cert $TEST_DB1_CRT $f --output $f -+done -+} -+ -+SecureBootSignDependency() -+{ -+if [ -n $KEYS_DIR ] -+then -+ TEST_DB1_KEY=$KEYS_DIR/TestDB1.key -+ TEST_DB1_CRT=$KEYS_DIR/TestDB1.crt -+else -+ TEST_DB1_KEY=$ProcessorType/SecureBoot_TestDB1.key -+ TEST_DB1_CRT=$ProcessorType/SecureBoot_TestDB1.crt -+fi -+ -+for f in $Framework/Dependency/$1BBTest/*.efi -+do -+ echo "sbsign --key $TEST_DB1_KEY --cert $TEST_DB1_CRT $f --output $f" -+ sbsign --key $TEST_DB1_KEY --cert $TEST_DB1_CRT $f --output $f -+done -+} -+ - # ********************************************* - # For UEFI SCT - # ********************************************* -@@ -132,6 +178,7 @@ then - cp $ProcessorType/MiscBootServicesBBTest.efi $Framework/Test/ > NUL - - cp $ProcessorType/VariableServicesBBTest.efi $Framework/Test/ > NUL -+ cp $ProcessorType/BBSRVariableSizeTest.efi $Framework/Test/ > NUL - cp $ProcessorType/TimeServicesBBTest.efi $Framework/Test/ > NUL - cp $ProcessorType/MiscRuntimeServicesBBTest.efi $Framework/Test/ > NUL - -@@ -210,6 +257,7 @@ then - cp $ProcessorType/DiskIo2BBTest.efi $Framework/Test/ > NUL - cp $ProcessorType/TimeStampBBTest.efi $Framework/Test/ > NUL - cp $ProcessorType/RandomNumberBBTest.efi $Framework/Test/ > NUL -+ cp $ProcessorType/TCG2ProtocolBBTest.efi $Framework/Test/ > NUL - cp $ProcessorType/Hash2BBTest.efi $Framework/Test/ > NUL - cp $ProcessorType/Pkcs7BBTest.efi $Framework/Test/ > NUL - cp $ProcessorType/ConfigKeywordHandlerBBTest.efi $Framework/Test/ > NUL -@@ -223,6 +271,8 @@ then - cp $ProcessorType/UFSDeviceConfigBBTest.efi $Framework/Test/ > NUL - cp $ProcessorType/ResetNotificationBBTest.efi $Framework/Test/ > NUL - -+ cp $ProcessorType/SecureBootBBTest.efi $Framework/Test/ > NUL -+ - # ********************************************* - # Copy ENTS binary - # ********************************************* -@@ -267,6 +317,27 @@ then - CopyDependency PciRootBridgeIo - CopyDependency PxeBaseCode - CopyDependency ConfigKeywordHandler -+ CopyDependency SecureBoot -+ -+ # ********************************************* -+ # Sign the .efi executables for use with Secure Boot -+ # ********************************************* -+ -+ SecureBootSign $Framework -+ SecureBootSign $Framework/Support -+ SecureBootSign SctPackage$ProcessorType -+ SecureBootSign $Framework/SCRT -+ SecureBootSign $Framework/Test -+ SecureBootSign $Framework/Ents/Support -+ SecureBootSign $Framework/Ents/Test -+ -+ SecureBootSignDependency LoadedImage -+ SecureBootSignDependency ImageServices -+ SecureBootSignDependency ProtocolHandlerServices -+ SecureBootSignDependency ConfigKeywordHandler -+ SecureBootSignDependency Ebc -+ SecureBootSignDependency PciIo -+ - fi - - # ********************************************* -@@ -338,4 +409,3 @@ then - CopyDependency Ebc - CopyDependency PxeBaseCode - fi -- -diff --git a/uefi-sct/SctPkg/Config/Data/Category.ini b/uefi-sct/SctPkg/Config/Data/Category.ini -index af27e362..91268f00 100644 ---- a/uefi-sct/SctPkg/Config/Data/Category.ini -+++ b/uefi-sct/SctPkg/Config/Data/Category.ini -@@ -137,6 +137,13 @@ InterfaceGuid = AFF115FB-387B-4C18-8C41-6AFC7F03BB90 - Name = RuntimeServicesTest - Description = - -+[Category Data] -+Revision = 0x00010000 -+CategoryGuid = CBADA58E-A1AA-45DF-BDDF-F9BA1292F887 -+InterfaceGuid = AFF115FB-387B-4C18-8C41-6AFC7F03BB90 -+Name = RuntimeServicesTest\SecureBootTest -+Description = -+ - [Category Data] - Revision = 0x00010000 - CategoryGuid = D6844631-0A1E-42D1-A594-60354847B676 -@@ -144,6 +151,13 @@ InterfaceGuid = AFF115FB-387B-4C18-8C41-6AFC7F03BB90 - Name = RuntimeServicesTest\VariableServicesTest - Description = - -+[Category Data] -+Revision = 0x00010000 -+CategoryGuid = d250c2ca-0fe7-4edf-9319-6eef4f6b0d12 -+InterfaceGuid = AFF115FB-387B-4C18-8C41-6AFC7F03BB90 -+Name = RuntimeServicesTest\BBSRVariableSizeTest -+Description = -+ - [Category Data] - Revision = 0x00010000 - CategoryGuid = 0C1D662C-EA60-48F5-9D77-22F853499C4A -@@ -1026,3 +1040,10 @@ InterfaceGuid = 8D59D32B-C655-4AE9-9B15-F25904992A43 - Name = IHV\ConsoleSupportTest\AbsolutePointerProtocolTest - Description = Absolute Pointer Protocol Test on IHV Drivers - -+[Category Data] -+Revision = 0x00010000 -+CategoryGuid = 607f766c-7455-42be-930b-e4d76db2720f -+InterfaceGuid = 607f766c-7455-42be-930b-e4d76db2720f -+Name = TCG2ProtocolTest -+Description = -+ -diff --git a/uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc b/uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc -index 2e97687b..07657989 100644 ---- a/uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc -+++ b/uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc -@@ -208,7 +208,9 @@ SctPkg/TestCase/UEFI/EFI/BootServices/ProtocolHandlerServices/BlackBoxTest/Proto - SctPkg/TestCase/UEFI/EFI/RuntimeServices/MiscRuntimeServices/BlackBoxTest/MiscRuntimeServicesBBTest.inf - SctPkg/TestCase/UEFI/EFI/RuntimeServices/TimeServices/BlackBoxTest/TimeServicesBBTest.inf - SctPkg/TestCase/UEFI/EFI/RuntimeServices/VariableServices/BlackBoxTest/VariableServicesBBTest.inf -+SctPkg/TestCase/UEFI/EFI/RuntimeServices/SecureBoot/BlackBoxTest/SecureBootBBTest.inf - -+SctPkg/TestCase/UEFI/EFI/RuntimeServices/BBSRVariableSizeTest/BlackBoxTest/BBSRVariableSizeBBTest.inf - SctPkg/TestCase/UEFI/EFI/Protocol/GraphicsOutput/BlackBoxTest/GraphicsOutputBBTest.inf - SctPkg/TestCase/UEFI/EFI/Protocol/Bis/BlackBoxTest/BisBBTest.inf - SctPkg/TestCase/UEFI/EFI/Protocol/BlockIo/BlackBoxTest/BlockIoBBTest.inf -@@ -274,6 +276,7 @@ SctPkg/TestCase/UEFI/EFI/Protocol/StorageSecurityCommand/BlackBoxTest/StorageSec - SctPkg/TestCase/UEFI/EFI/Protocol/AdapterInfo/BlackBoxTest/AdapterInfoProtocolBBTest.inf - SctPkg/TestCase/UEFI/EFI/Protocol/TimeStamp/BlackBoxTest/TimeStampProtocolBBTest.inf - SctPkg/TestCase/UEFI/EFI/Protocol/RandomNumber/BlackBoxTest/RandomNumberBBTest.inf -+SctPkg/TestCase/UEFI/EFI/Protocol/TCG2Protocol/BlackBoxTest/TCG2ProtocolBBTest.inf - - SctPkg/TestCase/UEFI/EFI/Protocol/Hash2/BlackBoxTest/Hash2BBTest.inf - SctPkg/TestCase/UEFI/EFI/Protocol/PKCS7Verify/BlackBoxTest/Pkcs7BBTest.inf -@@ -420,6 +423,10 @@ SctPkg/TestCase/UEFI/EFI/Protocol/PxeBaseCode/BlackBoxTest/Dependency/Config/Con - # Dependency files for Config Keyword Handler Protocol Test - # - SctPkg/TestCase/UEFI/EFI/Protocol/ConfigKeywordHandler/BlackBoxTest/Dependency/SampleDriver/DriverSampleDxe.inf -+# -+# Dependency files for Secure Boot Test -+# -+SctPkg/TestCase/UEFI/EFI/RuntimeServices/SecureBoot/BlackBoxTest/Dependency/Images/Images.inf - - # - # Support Files -@@ -483,4 +490,4 @@ SctPkg/TestCase/RIVL/Protocol/Http/Http/HttpENTSTest.inf - SctPkg/TestCase/RIVL/Protocol/Http/HttpServiceBinding/HttpServiceBindingENTSTest.inf - - [Components.IA32, Components.X64] --SctPkg/TestCase/UEFI/EFI/Generic/ExeMode/BlackBoxTest/ExeModeBBTest.inf -\ No newline at end of file -+SctPkg/TestCase/UEFI/EFI/Generic/ExeMode/BlackBoxTest/ExeModeBBTest.inf --- -2.17.1 - diff --git a/common/scripts/build-sct.sh b/common/scripts/build-sct.sh index 99db201..f77b435 100755 --- a/common/scripts/build-sct.sh +++ b/common/scripts/build-sct.sh @@ -79,9 +79,9 @@ if [ $BUILD_PLAT = SR ]; then BUILD_PLAT=ES fi -if ! [[ $BUILD_PLAT = IR ]] && ! [[ $BUILD_PLAT = ES ]] && ! [[ $BUILD_PLAT = SIE ]] ; then +if ! [[ $BUILD_PLAT = IR ]] && ! [[ $BUILD_PLAT = ES ]] ; then echo "Please provide a target." - echo "Usage build-sct.sh " + echo "Usage build-sct.sh " exit fi @@ -129,21 +129,20 @@ do_build() source $TOP_DIR/$UEFI_PATH/edksetup.sh make -C $TOP_DIR/$UEFI_PATH/BaseTools #Copy over extra files needed for SBBR tests - if [[ $BUILD_PLAT != SIE ]] ; then - cp -r $SBBR_TEST_DIR/SbbrBootServices uefi-sct/SctPkg/TestCase/UEFI/EFI/BootServices/ - cp -r $SBBR_TEST_DIR/SbbrEfiSpecVerLvl $SBBR_TEST_DIR/SbbrRequiredUefiProtocols $SBBR_TEST_DIR/SbbrSysEnvConfig uefi-sct/SctPkg/TestCase/UEFI/EFI/Generic/ - cp -r $SBBR_TEST_DIR/SBBRRuntimeServices uefi-sct/SctPkg/TestCase/UEFI/EFI/RuntimeServices/ - cp $SBBR_TEST_DIR/BBR_SCT.dsc uefi-sct/SctPkg/UEFI/ - cp $SBBR_TEST_DIR/build_bbr.sh uefi-sct/SctPkg/ - - # copy SIE SCT tests to edk2-test - if [[ $BUILD_TYPE != S ]]; then - cp -r $BBSR_TEST_DIR/BBSRVariableSizeTest uefi-sct/SctPkg/TestCase/UEFI/EFI/RuntimeServices - cp -r $BBSR_TEST_DIR/SecureBoot uefi-sct/SctPkg/TestCase/UEFI/EFI/RuntimeServices - cp -r $BBSR_TEST_DIR/TCG2Protocol uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol - cp -r $BBSR_TEST_DIR/TCG2.h uefi-sct/SctPkg/UEFI/Protocol - fi + cp -r $SBBR_TEST_DIR/SbbrBootServices uefi-sct/SctPkg/TestCase/UEFI/EFI/BootServices/ + cp -r $SBBR_TEST_DIR/SbbrEfiSpecVerLvl $SBBR_TEST_DIR/SbbrRequiredUefiProtocols $SBBR_TEST_DIR/SbbrSysEnvConfig uefi-sct/SctPkg/TestCase/UEFI/EFI/Generic/ + cp -r $SBBR_TEST_DIR/SBBRRuntimeServices uefi-sct/SctPkg/TestCase/UEFI/EFI/RuntimeServices/ + cp $SBBR_TEST_DIR/BBR_SCT.dsc uefi-sct/SctPkg/UEFI/ + cp $SBBR_TEST_DIR/build_bbr.sh uefi-sct/SctPkg/ + + # copy SIE SCT tests to edk2-test + if [[ $BUILD_TYPE != S ]]; then + cp -r $BBSR_TEST_DIR/BBSRVariableSizeTest uefi-sct/SctPkg/TestCase/UEFI/EFI/RuntimeServices + cp -r $BBSR_TEST_DIR/SecureBoot uefi-sct/SctPkg/TestCase/UEFI/EFI/RuntimeServices + cp -r $BBSR_TEST_DIR/TCG2Protocol uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol + cp -r $BBSR_TEST_DIR/TCG2.h uefi-sct/SctPkg/UEFI/Protocol fi + #Startup/runtime files. mkdir -p uefi-sct/SctPkg/BBR if [ $BUILD_PLAT = IR ]; then @@ -167,35 +166,29 @@ do_build() cp $BBR_DIR/common/config/ScrtStartup.nsh uefi-sct/SctPkg/BBR/ cp $BBR_DIR/common/config/SCRT.conf uefi-sct/SctPkg/BBR/ - if [[ $BUILD_PLAT != SIE ]] ; then - if git apply --check $BBR_DIR/common/patches/edk2-test-bbr-build.patch; then - echo "Applying edk2-test BBR build patch..." - git apply --ignore-whitespace --ignore-space-change $BBR_DIR/common/patches/edk2-test-bbr-build.patch - else - echo "Error while applying edk2-test BBR build patch..." - fi - if git apply --check $BBR_DIR/common/patches/edk2-test-bbr.patch; then - echo "Applying edk2-test BBR patch..." - git apply --ignore-whitespace --ignore-space-change $BBR_DIR/common/patches/edk2-test-bbr.patch + if git apply --check $BBR_DIR/common/patches/edk2-test-bbr-build.patch; then + echo "Applying edk2-test BBR build patch..." + git apply --ignore-whitespace --ignore-space-change $BBR_DIR/common/patches/edk2-test-bbr-build.patch + else + echo "Error while applying edk2-test BBR build patch..." + fi + if git apply --check $BBR_DIR/common/patches/edk2-test-bbr.patch; then + echo "Applying edk2-test BBR patch..." + git apply --ignore-whitespace --ignore-space-change $BBR_DIR/common/patches/edk2-test-bbr.patch + else + echo "Error while applying edk2-test BBR patch..." + fi + if [[ $BUILD_TYPE != S ]]; then + if git apply --check $BBR_DIR/bbsr/patches/0001-SIE-Patch-for-UEFI-SCT-Build.patch; then + echo "Applying SIE SCT patch..." + git apply --ignore-whitespace --ignore-space-change $BBR_DIR/bbsr/patches/0001-SIE-Patch-for-UEFI-SCT-Build.patch else - echo "Error while applying edk2-test BBR patch..." - fi - if [[ $BUILD_TYPE != S ]]; then - if git apply --check $BBR_DIR/bbsr/patches/0001-SIE-Patch-for-UEFI-SCT-Build.patch; then - echo "Applying SIE SCT patch..." - git apply --ignore-whitespace --ignore-space-change $BBR_DIR/bbsr/patches/0001-SIE-Patch-for-UEFI-SCT-Build.patch - else - echo "Error while applying SIE SCT patch..." - fi + echo "Error while applying SIE SCT patch..." fi fi pushd uefi-sct - if [[ $BUILD_PLAT = SIE ]] ; then - ./SctPkg/build.sh $TARGET_ARCH GCC $UEFI_BUILD_MODE -n $PARALLELISM - else - ./SctPkg/build_bbr.sh $TARGET_ARCH GCC $UEFI_BUILD_MODE -n $PARALLELISM - fi + ./SctPkg/build_bbr.sh $TARGET_ARCH GCC $UEFI_BUILD_MODE -n $PARALLELISM popd } @@ -275,13 +268,6 @@ do_package () cp SctPkg/BBR/EfiCompliant_SBBR.ini ${TARGET_ARCH}_SCT/SCT/Dependency/EfiCompliantBBTest/EfiCompliant.ini cp SctPkg/BBR/SBBR_manual.seq ${TARGET_ARCH}_SCT/SCT/Sequence/SBBR_manual.seq cp SctPkg/BBR/SBBR_extd_run.seq ${TARGET_ARCH}_SCT/SCT/Sequence/SBBR_extd_run.seq - - - elif [ $BUILD_PLAT = SIE ]; then - cp -r Build/UefiSct/${UEFI_BUILD_MODE}_${UEFI_TOOLCHAIN}/SctPackage${TARGET_ARCH}/${TARGET_ARCH}/* ${TARGET_ARCH}_SCT/SCT/ - cp $BBR_DIR/bbsr/config/BBSRStartup.nsh ${TARGET_ARCH}_SCT/SctStartup.nsh - cp $BBR_DIR/bbsr/config/BBSR.seq ${TARGET_ARCH}_SCT/SCT/Sequence - else echo "Error: unexpected platform type" exit diff --git a/common/scripts/build-uefi-apps.sh b/common/scripts/build-uefi-apps.sh index 1c0b2c0..0b6a231 100755 --- a/common/scripts/build-uefi-apps.sh +++ b/common/scripts/build-uefi-apps.sh @@ -75,9 +75,9 @@ if [ $BUILD_PLAT = SR ]; then fi #Currently the BUILD_PLAT flag is not used. For future use -if ! [[ $BUILD_PLAT = IR ]] && ! [[ $BUILD_PLAT = ES ]] && ! [[ $BUILD_PLAT = SIE ]]; then +if ! [[ $BUILD_PLAT = IR ]] && ! [[ $BUILD_PLAT = ES ]]; then echo "Please provide a target." - echo "Usage $0 " + echo "Usage $0 " echo "S->Standalone BBR,F->Full systemready" exit fi