fsp: move TempRamInitExit and later APIs in stage2

To avoid using Flash memory after TempRamInitExit. This protects against malicious modification/injection of the flash after Cache-As-RAM is disabled.
wolfSSL · Dec 19, 2024 · 834a712 · 834a712
1 parent 151de7f
commit 834a712
Show file tree

Hide file tree

Showing 15 changed files with 144 additions and 236 deletions.
diff --git a/Makefile b/Makefile
@@ -315,7 +315,8 @@ $(LSCRIPT): $(LSCRIPT_IN) FORCE
 		sed -e "s/@WOLFBOOT_STAGE1_BASE_ADDR@/$(WOLFBOOT_STAGE1_BASE_ADDR)/g" | \
 		sed -e "s/@WOLFBOOT_LOAD_BASE@/$(WOLFBOOT_LOAD_BASE)/g" | \
 		sed -e "s/@BOOTLOADER_START@/$(BOOTLOADER_START)/g" | \
-		sed -e "s/@IMAGE_HEADER_SIZE@/$(IMAGE_HEADER_SIZE)/g" \
+		sed -e "s/@IMAGE_HEADER_SIZE@/$(IMAGE_HEADER_SIZE)/g" | \
+		sed -e "s/@FSP_S_LOAD_BASE@/$(FSP_S_LOAD_BASE)/g" \
 		> $@
 
 hex: wolfboot.hex
@@ -447,6 +448,9 @@ secondary: $(SECONDARY_PRIVATE_KEY)
 	@echo "\t[AS-$(ARCH)] $@"
 	$(Q)$(CC) $(CFLAGS) -c $(OUTPUT_FLAG) $@ $^
 
+src/x86/fsp_s.o: $(FSP_S_BIN)
+	$(OBJCOPY) -I binary -O elf64-x86-64 -B i386 --rename-section .data=.fsp_s $^ $@
+
 FORCE:
 
 .PHONY: FORCE clean keytool_check
diff --git a/arch.mk b/arch.mk
@@ -930,9 +930,7 @@ ifeq ($(filter $(TARGET),x86_fsp_qemu kontron_vx3060_s2),$(TARGET))
 endif
 
 ifeq ($(TARGET),x86_fsp_qemu)
-  ifeq ($(filter-out $(STAGE1),1),)
     OBJS+=src/x86/qemu_fsp.o
-  endif
 endif
 
 # x86-64 FSP targets
@@ -958,7 +956,6 @@ ifeq ("${FSP}", "1")
     OBJS += src/boot_x86_fsp.o
     OBJS += src/boot_x86_fsp_start.o
     OBJS += src/fsp_m.o
-    OBJS += src/fsp_s.o
     OBJS += src/fsp_t.o
     OBJS += src/wolfboot_raw.o
     OBJS += src/x86/common.o
@@ -974,7 +971,6 @@ ifeq ("${FSP}", "1")
       OBJS += src/image.o
       OBJS += src/keystore.o
       OBJS += src/sig_wolfboot_raw.o
-      OBJS += src/sig_fsp_s.o
       ifeq ($(TARGET), kontron_vx3060_s2)
         OBJS += hal/kontron_vx3060_s2_loader.o
       endif
@@ -983,6 +979,7 @@ ifeq ("${FSP}", "1")
     endif
 
     CFLAGS += -fno-stack-protector -m32 -fno-PIC -fno-pie -mno-mmx -mno-sse -DDEBUG_UART
+    CFLAGS += -DFSP_M_BASE=$(FSP_M_BASE)
     ifeq ($(FSP_TGL), 1)
       OBJS+=src/x86/tgl_fsp.o
       OBJS+=src/ucode0.o
@@ -1000,6 +997,7 @@ ifeq ("${FSP}", "1")
     endif
     LDFLAGS = --gc-sections --entry=main  -T $(LSCRIPT) -Map=wolfboot.map
     CFLAGS += -fno-stack-protector -fno-PIC -fno-pie -mno-mmx -mno-sse -Os -DDEBUG_UART
+    CFLAGS += -DFSP_M_BASE=$(FSP_M_BASE)
     OBJS += hal/x86_fsp_tgl.o
     OBJS += hal/x86_uart.o
     OBJS += src/boot_x86_fsp_payload.o
@@ -1015,6 +1013,7 @@ ifeq ("${FSP}", "1")
     OBJS += src/x86/exceptions.o
     OBJS += src/x86/gdt.o
     OBJS += src/x86/fsp.o
+    OBJS += src/x86/fsp_s.o
     UPDATE_OBJS := src/update_disk.o
     CFLAGS+=-DWOLFBOOT_UPDATE_DISK
     ifeq ($(64BIT),1)
@@ -1023,7 +1022,10 @@ ifeq ("${FSP}", "1")
     else
       CFLAGS += -m32
       LDFLAGS += -m elf_i386 --oformat elf32-i386
-     endif
+    endif
+    ifeq ($(FSP_TGL), 1)
+      OBJS+=src/x86/tgl_fsp.o
+    endif
   endif
   ifeq ($(64BIT),1)
     OBJS += src/x86/paging.o

diff --git a/config/examples/x86_fsp_qemu_seal.config b/config/examples/x86_fsp_qemu_seal.config
@@ -24,7 +24,6 @@ WOLFBOOT_SECTOR_SIZE?=0x1000
 WOLFBOOT_DATA_ADDRESS=0x1000000
 
 FSP_M_BASE=0xffe30000
-FSP_S_BASE=0xffed6000
 FSP_T_BASE=0xfffe0000
 FSP_S_LOAD_BASE=0x0FED5F00
 WOLFBOOT_ORIGIN=0xfff80000

diff --git a/hal/kontron_vx3060_s2.c b/hal/kontron_vx3060_s2.c
@@ -25,6 +25,7 @@
 #include <printf.h>
 #include <pci.h>
 #include <x86/gdt.h>
+#include <x86/fsp.h>
 #include <x86/common.h>
 
 #ifdef __WOLFBOOT
@@ -88,6 +89,7 @@ void hal_init(void)
 {
     gdt_setup_table();
     gdt_update_segments();
+    fsp_init_silicon();
 }
 
 void hal_prepare_boot(void)

diff --git a/hal/x86_fsp_qemu.c b/hal/x86_fsp_qemu.c
@@ -29,12 +29,14 @@
 #include <x86/ata.h>
 #include <x86/gdt.h>
 #include <x86/common.h>
+#include <x86/fsp.h>
 #include <pci.h>
 
 void hal_init(void)
 {
     gdt_setup_table();
     gdt_update_segments();
+    fsp_init_silicon();
 }
 
 void hal_prepare_boot(void)

diff --git a/hal/x86_fsp_qemu.ld.in b/hal/x86_fsp_qemu.ld.in
@@ -1,5 +1,6 @@
 MEM_SIZE = 536870912;
 WOLFBOOT_LOAD_BASE = @WOLFBOOT_LOAD_BASE@;
+FSP_S_LOAD_BASE = @FSP_S_LOAD_BASE@;
 
 MEMORY
 {
@@ -16,11 +17,15 @@ SECTIONS
        *(.rodata*)
        *(.keystore*)
        *(.data*)
+       _start_fsp_s = .;
+       KEEP(*(.fsp_s))
+       _end_fsp_s = .;
        . = ALIGN(4);
        _end_text = .;
        _end_wolfboot = .;
-    }
+    } > RAM
 
+     _fsp_size = _end_fsp_s - _start_fsp_s;
     .bss WOLFBOOT_LOAD_BASE + SIZEOF(.text) (NOLOAD):
     {
        _start_bss = .;
@@ -31,5 +36,11 @@ SECTIONS
        _end_bss = .;
        __bss_end__ = .;
        _end_wb = .;
+    } > RAM
+
+    .fsp_s_base FSP_S_LOAD_BASE (NOLOAD) :
+    {
+       _fsp_s_base_start = .;
+       . += _fsp_size;
     }
 }
diff --git a/hal/x86_fsp_qemu_stage1.ld.in b/hal/x86_fsp_qemu_stage1.ld.in
@@ -5,7 +5,6 @@ RESETVECTOR_START = 0xffffffec;
 KEYSTORE_START = 0xffffe000;
 FSP_T_ORIGIN = @FSP_T_BASE@; /* default base:size 0xFFFFF000:0x3000 [0xfffff000:0x100002000] */
 FSP_M_ORIGIN = @FSP_M_BASE@; /* default base:size 0xfffdd000:0x22000 [0xfffdd000:0xfffff000] */
-FSP_S_ORIGIN = @FSP_S_BASE@; /* default base:size 0xfffc8000:0x15000 [0xfffdd000:0xfffdd000] */
 WOLFBOOT_ORIGIN = @WOLFBOOT_ORIGIN@;
 DATA_MEM_START = 0x800000; /* 8 MB */
 MAX_POLICY_SIZE = 512;
@@ -92,15 +91,6 @@ SECTIONS
        KEEP(*(.fsp_t))
     }
 
-    .fsp_s FSP_S_ORIGIN :
-    {
-       _fsp_s_hdr = .;
-       KEEP(*(.sig_fsp_s*))
-       _start_fsp_s = .;
-       KEEP(*(.fsp_s))
-       _end_fsp_s = .;
-    }
-
     .fsp_m FSP_M_ORIGIN :
     {
        _start_fsp_m = .;

diff --git a/hal/x86_fsp_tgl.ld.in b/hal/x86_fsp_tgl.ld.in
@@ -1,5 +1,6 @@
 MEM_SIZE = 536870912;
 WOLFBOOT_LOAD_BASE = @WOLFBOOT_LOAD_BASE@;
+FSP_S_LOAD_BASE = @FSP_S_LOAD_BASE@;
 
 MEMORY
 {
@@ -16,11 +17,15 @@ SECTIONS
        *(.rodata*)
        *(.keystore*)
        *(.data*)
+       _start_fsp_s = .;
+       KEEP(*(.fsp_s))
+       _end_fsp_s = .;
        . = ALIGN(4);
        _end_text = .;
        _end_wolfboot = .;
     }
 
+    _fsp_size = _end_fsp_s - _start_fsp_s;
     .bss WOLFBOOT_LOAD_BASE + SIZEOF(.text) (NOLOAD):
     {
        _start_bss = .;
@@ -32,4 +37,10 @@ SECTIONS
        __bss_end__ = .;
        _end_wb = .;
     }
+
+    .fsp_s_base FSP_S_LOAD_BASE (NOLOAD) :
+    {
+       _fsp_s_base_start = .;
+       . = . + _fsp_size;
+    }
 }
diff --git a/hal/x86_fsp_tgl_stage1.ld.in b/hal/x86_fsp_tgl_stage1.ld.in
@@ -2,7 +2,6 @@ FLASH_SIZE = @BOOTLOADER_PARTITION_SIZE@;
 FLASH_START = 0x100000000 - @BOOTLOADER_PARTITION_SIZE@;
 UCODE0_BASE = @UCODE0_BASE@;
 FIT_TABLE = 0xffe00000;
-FSP_S_ORIGIN = @FSP_S_BASE@;
 WOLFBOOT_ORIGIN = @WOLFBOOT_ORIGIN@;
 FSP_T_ORIGIN = @FSP_T_BASE@;
 FSP_M_ORIGIN = @FSP_M_BASE@;
@@ -52,15 +51,6 @@ SECTIONS
         . = ALIGN(256*1024);
     }
 
-    .fsp_s FSP_S_ORIGIN :
-    {
-       _fsp_s_hdr = .;
-       KEEP(*(.sig_fsp_s*))
-       _start_fsp_s = .;
-       KEEP(*(.fsp_s))
-       _end_fsp_s = .;
-    } > FLASH
-
     .bootloader WOLFBOOT_ORIGIN :
     {
        KEEP(./tgl_fsp.o(.boot))

diff --git a/include/x86/fsp.h b/include/x86/fsp.h
@@ -27,5 +27,6 @@ int fsp_info_header_is_ok(struct fsp_info_header *hdr);
 int fsp_get_image_revision(struct fsp_info_header *h, int *build,
                                   int *rev, int *maj, int *min);
 void print_fsp_image_revision(struct fsp_info_header *h);
+void fsp_init_silicon(void);
 
 #endif /* FSP_H */