Fork: 0
ajax / AMI-Aptio-BIOS-Reversed
Transfer to URL with SHA Find file
Newer
Older
AMI-Aptio-BIOS-Reversed / AmiRedFishApi / README.md
@Ajax Dong Ajax Dong 2 days ago 3 KB Init
Raw Blame History

AmiRedFishApi

ModuleName: AmiRedFishApi
Index: 0061
Size: 7680 bytes (PE32+)
Phase: DXE (Driver eXecution Environment)
Arch: x86-64

Overview

AMI Redfish API DXE driver that installs the AmiRedfishProtocolGuid protocol interface for managing Secure Boot-related UEFI runtime variables (PK, KEK, db, dbx, dbt, dbr). The driver reads and writes Secure Boot signature databases using raw firmware volume (FV) section data extracted via the UEFI Loaded Image Protocol and FFS section parsing. It also detects the current Secure Boot mode (Setup, Audit, Deployed) and performs variable size consistency checks to guard against corruption.

The driver caches the HOB list from the system configuration table and reads debug level configuration from CMOS (index 0x4B). It provides a debug reporting protocol abstraction for trace output and assertion handling.

Key Functions

Function Description
AmiRedfishEntryPoint DXE driver entry point; caches UEFI system table pointers, initializes HOB list, installs protocol
AmiRedfishProcessAllVariables Iterates all Secure Boot variables (dbx, dbt, dbr, db), extracts default images from FV, and writes them to NVRAM
AmiRedfishSetVariable Writes a single Secure Boot variable with NV/BS/RT attributes and optional size-check guard
AmiRedfishProcessPK Platform Key (PK) management entry point
AmiRedfishGetSecureBootMode Reads SetupMode/AuditMode/DeployedMode variables to determine current Secure Boot state
AmiRedfishGetSecureBoot Reads the SecureBoot UEFI variable
AmiRedfishSetSecureBootSetup Sets the SecureBootSetup UEFI variable
AmiRedfishGetRawImage Extracts raw image/section data from a firmware volume by GUID using Loaded Image Protocol
AmiRedfishInitHobList Scans the system configuration table to locate and cache the HOB list pointer
AmiRedfishGetDebugLevel Reads the debug log level from CMOS index 0x4B
AmiRedfishDebugPrint Debug print via the debug reporting protocol
AmiRedfishAssert Assertion handler via the debug reporting protocol
AmiRedfishReadUnaligned64 Reads a 64-bit value from potentially unaligned memory
AmiRedfishWriteUnaligned64 Writes a 64-bit value to potentially unaligned memory

Protocols / Dependencies

  • AmiRedfishProtocol -- Installed on the image handle (version encoded as 0x01040001); the primary interface exposed by this driver
  • UEFI Loaded Image Protocol -- Used to traverse firmware volumes and extract embedded section data
  • FV Section Extraction Protocol -- Used to locate raw image data by GUID within firmware volumes
  • Debug Reporting Protocol -- Located via gEfiGenericVariableGuid; provides print and assertion service at known offsets
  • Secure Boot Variable Namespace -- Reads/writes: SetupMode, AuditMode, DeployedMode, SecureBoot, SecureBootSetup, dbx, dbt, dbr, db, PK, KEK
  • HOB List -- AMI Redfish HOB (gAmiRedfishHobGuid) for configuration data

Platform

HR650X (Purely-based platform), AMI BIOS. Uses AMI SecureBootDefault GUID for variable defaults. Debug level configurable via CMOS register 0x4B. Protocol version constant 17039617 (0x01040001) encodes version/attributes metadata.

Internal Data Tables

  • mSecureBootVarNames[] -- Names of the four signature databases (dbx, dbt, dbr, db)
  • mSecureBootDefaultNames[] -- Corresponding default-value variable names (dbxDefault, etc.)
  • mSecureBootImageGuids[] -- Image GUIDs for extracting each variable's default content from FV
  • gAmiRedfishProtocolGuid -- Protocol GUID installed by the entry point
  • gAmiSecureBootDefaultGuid -- GUID for Secure Boot default storage