!88 shim:add control switch to optimized exception handling.

From: @jinlun123123 Reviewed-by: @huangzq6, @HuaxinLuGitee Signed-off-by: @huangzq6, @HuaxinLuGitee
2023-06-19 06:31:34 +00:00 · 2023-06-19 06:31:34 +00:00 · 5f3bbbc69e
commit 5f3bbbc69e
parent 85899461ba 720b984dce
3 changed files with 137 additions and 4 deletions
--- a/Feature-add-control-switch-to-optimized-exception-handling.patch
+++ b/Feature-add-control-switch-to-optimized-exception-handling.patch
@ -0,0 +1,129 @@
+From 3d350d1496f7af631e1a38d36f539b82488f0d35 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Thu, 15 Jun 2023 21:17:00 +0800
+Subject: [PATCH] add control switch to optimized exception handling
+
+---
+ tpcm.c | 50 +++++++++++++++++++++++++++++++++++++-------------
+ tpcm.h |  5 +++--
+ 2 files changed, 40 insertions(+), 15 deletions(-)
+
+diff --git a/tpcm.c b/tpcm.c
+index ae8cb33..8a78bca 100644
+--- a/tpcm.c
+++ b/tpcm.c
+@@ -293,7 +293,7 @@ out:
+     return efi_status;
+ }
+ 
+-static BOOLEAN tpcm_get_switch(void)
+static void tpcm_get_switch(int *control_flag, int *measure_flag)
+ {
+     UINT8 response_length;
+     EFI_STATUS efi_status = EFI_SUCCESS;
+@@ -314,21 +314,38 @@ static BOOLEAN tpcm_get_switch(void)
+ 
+     if (!tpcm_ipmi->excute_ipmi_cmd) {
+         console_print(L"tpcm_ipmi->excute_ipmi_cmd is NULL, some error may occur below shim!\n");
+-        return FALSE;
+        *control_flag = 0;
+        *measure_flag = 0;
+        return;
+     }
+     efi_status = tpcm_ipmi->excute_ipmi_cmd(tpcm_ipmi, request, &get_tpcm_request_value, sizeof(get_tpcm_request_value),
+                                             &get_tpcm_response_value, &response_length, NULL);
+     if (efi_status != EFI_SUCCESS) {
+         console_print(L"ipmi get tpcm switch failed.\n");
+-        return FALSE;
+        *control_flag = 0;
+        *measure_flag = 0;
+        return;
+     }
+ 
+-    if (get_tpcm_response_value.ControlResult != IPMI_SWITCH_OPEN) {
+-        console_print(L"tpcm switch close, skip measure.\n");
+-        return FALSE;
+    switch (get_tpcm_response_value.ControlResult) {
+        case IPMI_SWITCH_MEASURE_ENABLE_CONTROL_ENABLE:
+            *control_flag = 1;
+            *measure_flag = 1;
+            break;
+        case IPMI_SWITCH_MEASURE_ENABLE_CONTROL_DISABLE:
+            *control_flag = 0;
+            *measure_flag = 1;
+            break;
+        case IPMI_SWITCH_CLOSE:
+        case IPMI_SWITCH_UNKNOW:
+        default:
+            console_print(L"tpcm switch close, skip measure.\n");
+            *control_flag = 0;
+            *measure_flag = 0;
+            break;
+     }
+ 
+-    return TRUE;
+    return;
+ }
+ 
+ static EFI_STATUS tpcm_check_ipmi(void)
+@@ -351,7 +368,7 @@ static EFI_STATUS tpcm_check_ipmi(void)
+ static EFI_STATUS tpcm_ipmi_measure(unsigned char *buf, size_t size, void *description, EFI_HANDLE image_handle)
+ {
+     EFI_STATUS efi_status;
+-    BOOLEAN switch_flag = FALSE;
+    int control_flag, measure_flag;
+ 
+     /* step1: check if the tpcm chips is existed. */
+     efi_status = tpcm_check_ipmi();
+@@ -360,14 +377,20 @@ static EFI_STATUS tpcm_ipmi_measure(unsigned char *buf, size_t size, void *descr
+     }
+ 
+     /* step2: check if the tpcm switch is on. */
+-    switch_flag = tpcm_get_switch();
+    efi_status = EFI_SUCCESS;
+    tpcm_get_switch(&control_flag, &measure_flag);
+ 
+     /* step3: do measure if the tpcm switch is on. */
+-    if (switch_flag == TRUE) {
+-        return tpcm_do_measure(buf, size, description, image_handle);
+    if (measure_flag) {
+        efi_status = tpcm_do_measure(buf, size, description, image_handle);
+    }
+    // If the control switch is not turned on, the communication failure does not affect the startup.
+    if (!control_flag && EFI_ERROR(efi_status)) {
+        console_print(L"WORNING: control switch disable, The tpcm_do_measure() fail doesn't affect the startup.\n");
+        efi_status = EFI_SUCCESS;
+     }
+ 
+-    return EFI_SUCCESS;
+    return efi_status;
+ }
+ 
+ EFI_STATUS
+@@ -384,4 +407,5 @@ tpcm_measure_grub(void *context, unsigned char *buf, size_t size, EFI_HANDLE ima
+     }
+ 
+     return tpcm_ipmi_measure(buf, size, context, image_handle);
+-}
+\ No newline at end of file
+}
+
+diff --git a/tpcm.h b/tpcm.h
+index b0679f0..c1df010 100644
+--- a/tpcm.h
+++ b/tpcm.h
+@@ -154,8 +154,9 @@ typedef enum {
+ 
+ typedef enum {
+     IPMI_SWITCH_UNKNOW,
+-    IPMI_SWITCH_OPEN,
+-    IPMI_SWITCH_CLOSE
+    IPMI_SWITCH_MEASURE_ENABLE_CONTROL_ENABLE,
+    IPMI_SWITCH_CLOSE,
+    IPMI_SWITCH_MEASURE_ENABLE_CONTROL_DISABLE
+ } shim_ipmi_get_switch_result_type;
+ 
+ typedef union {
+-- 
+2.27.0
+
--- a/fix-the-bug-for-fb-and-mok-do-some-clean-code.patch
+++ b/fix-the-bug-for-fb-and-mok-do-some-clean-code.patch
@ -197,7 +197,7 @@ index 55f939c..24beac1 100644
 +    OEM_BMC_MEASURE_REQUSET request_data;
 +    OEM_BMC_MEASURE_RESPONSE response_data;
 +    UINT8 response_length = sizeof(OEM_BMC_MEASURE_RESPONSE);
-+    UINT32 cmd_len = sizeof(extern_simple_bmeasure_req_st);
+    UINT8 cmd_len = sizeof(extern_simple_bmeasure_req_st);
 +
 +    memset(&request_data, 0, sizeof(request_data));
 +    memset(&response_data, 0, sizeof(response_data));
@ -617,7 +617,7 @@ index 55f939c..24beac1 100644
 +EFI_STATUS
 +tpcm_measure_grub(void *context, unsigned char *buf, size_t size, EFI_HANDLE image_handle)
 +{
-+    if (context == NULL || buf == NULL || size <= 0) {
+    if (context == NULL || buf == NULL || size == 0) {
 +        perror(L"the parameter passed to tpcm_measure_grub is error!\n");
 +        return EFI_INVALID_PARAMETER;
 +    }
@ -695,7 +695,7 @@ index 8e23a84..60e1979 100644
 +#define FIRMWARE_VERSION_SIZE 32
 +#define FIRMWARE_HASH_CONYENT_SIZE 32
 +#define FIRMWARE_NAME_SIZE 32
-+#define SHIM_IPMI_TIMEOUT_MS 7000
+#define SHIM_IPMI_TIMEOUT_MS 2000
 +
 +#define IPMI_BMC_LUN 0x00
 +/* Net Function Definition */
--- a/shim.spec
+++ b/shim.spec
@ -22,7 +22,7 @@

 Name:		shim
 Version:	15
-Release:        30
+Release:        31
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:  x86_64 aarch64
 License:	BSD
@ -58,6 +58,7 @@ Patch22:        backport-CVE-2023-0286.patch
 # Feature
 Patch9000:	Feature-add-tpcm-support-with-ipmi-channel.patch
 Patch9001:      fix-the-bug-for-fb-and-mok-do-some-clean-code.patch
+Patch9002:      Feature-add-control-switch-to-optimized-exception-handling.patch

 BuildRequires:	elfutils-libelf-devel openssl-devel openssl git pesign gnu-efi gnu-efi-devel gcc
 Requires:       dbxtool efi-filesystem mokutil
@ -156,6 +157,9 @@ cd ..
 /usr/src/debug/%{name}-%{version}-%{release}/*

 %changelog
+* Wed Jun 14 2023 jinlun <jinlun@huawei.com> - 15-31
+- add control switch to optimized exception handling.
+
 * Sat May 27 2023 jinlun <jinlun@huawei.com> - 15-30
 - fix the response_length is modified.