BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3223
In the current design, memory protection is not available till CpuDxe
is loaded. To resolve this, introduce CpuArchLib to move the
CPU Architectural initialization to DxeCore.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Marvin Häuser <mhaeuser@posteo.de>
In case PlatformBootManagerLib does not have PciLib dependency,
we need to explicitly depend on UefiBootServicesTableLib.
Otherwise UefiBootServicesTableLib may not be constructed before
DxePciLibI440FxQ35, which uses a constructor-less PcdLib that directly
accesses gBS.
This can be viewed as a bug in the current implementation of BaseTools,
namely GetModuleLibInstances. This function drops all constructor-less
dependencies from the dependency resolution list to avoid dependency
cycles, which at the same time causes issues like above.
To properly fix the issue one should go over each library with
constructors and for each its dependency without constructors add all
the secondary dependencies that do have constructors. While doable,
it may cause considerable performance issues and is thus not done
in this patch.
Signed-off-by: Vitaly Cheptsov <cheptsov@ispras.ru>
To provide an example and test the code within edk2, this
adds stack cookie checking to OvmfIA32X64, doing no checking
for SEC and PEI_CORE modules, static cookies for PEIMs, and
dynamic cookies for all other module types.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
In order to use dynamic stack cookies, we need RDRAND support
from QEMU, so this updates the QEMU launching code for OvmfPkg
to include RDRAND support.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
This commit oves StackCheckLib from a NULL lib to an instance of
StackCheckLib. This requires every entry point to add a library
dependency on StackCheckLib. It also requires every SEC module
to have a dependency on StackCheckLib because there is no
standard SEC entry point.
It allows for greater flexibility for a platform to apply stack
cookies and simplifies DSC logic.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
GenericQemuLoadImageLib.c: In function 'QemuLoadKernelImage':
GenericQemuLoadImageLib.c:323:5: error: 'CommandLine' may be used
uninitialized in this function [-Werror=maybe-uninitialized]
UnicodeSPrintAsciiFormat (
^~~~~~~~~~~~~~~~~~~~~~~~~~
KernelLoadedImage->LoadOptions,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
KernelLoadedImage->LoadOptionsSize,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"%a%a",
~~~~~~~
(CommandLineSize == 0) ? "" : CommandLine,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(InitrdSize == 0) ? "" : " initrd=initrd"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
);
~
cc1: all warnings being treated as errors
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
The specification wasn't clear and even contradict itself regarding
the calculation of the disk size. This have been clarified by Xen
commit 221f2748e8da ("blkif: reconcile protocol specification with
in-use implementations").
https://xenbits.xenproject.org/gitweb/?p=xen.git;a=commit;h=221f2748e8dabe8361b8cdfcffbeab9102c4c899
The value from the xenstore node "sectors" must be multiplied by 512
to have the size of the disk.
Calculation of LastBlock is now the same for both CD-ROM case and
generic case.
Signed-off-by: Anthony PERARD <anthony.perard@vates.tech>
Commit 459f5ffa24ae ("OvmfPkg/QemuKernelLoaderFsDxe: rework direct
kernel boot filesystem") has a small change in behavior: In case
there is no data the file is not created and attempts to open file
return EFI_NOT_FOUND. Old behavior was to add a zero-length file
to the filesystem.
Fix GenericQemuLoadImageLib to handle EFI_NOT_FOUND correctly for
'initrd' and 'cmdline'.
Reported-by: Srikanth Aithal <sraithal@amd.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit d64d1e195ceb ("MdeModulePkg: PeiMain: Introduce implementation
of delayed dispatch") introduced a new usage of the TimerLib which
uses a dynamic PCD in OvmfXen platform. But PeiMain has only access to
a NULL version of PcdLib, so OvmfXen can't start.
Introduce PeiPcdLib for PEI_CORE so PeiMain can read dynamic PCDs.
Signed-off-by: Anthony PERARD <anthony.perard@vates.tech>
QEMU enables VIRTIO_VGA by default.
Libvirt falls back from virtio-gpu-pci to virtio-vga if made available by
QEMU.
We need to enable VGA support to get video output for EDK II in
virt-manager.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add the 'opt/org.tianocore/EnableLegacyLoader' FwCfg option to
enable/disable the insecure legacy linux kernel loader.
For now this is enabled by default. Probably the default will be
flipped to disabled at some point in the future.
Also print a warning to the screen in case the linux kernel secure
boot verification has failed.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Try load shim first. In case that succeeded update the command line to
list 'kernel' first so shim will fetch the kernel from the kernel loader
file system.
This allows to use direct kernel boot with distro kernels and secure
boot enabled. Usually distro kernels can only be verified by distro
shim using the distro keys compiled into the shim binary.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Try load shim first. In case that succeeded update the command line to
list 'kernel' first so shim will fetch the kernel from the kernel loader
file system.
This allows to use direct kernel boot with distro kernels and secure
boot enabled. Usually distro kernels can only be verified by distro
shim using the distro keys compiled into the shim binary.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
