BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3223
In the current design, memory protection is not available till CpuDxe
is loaded. To resolve this, introduce CpuArchLib to move the
CPU Architectural initialization to DxeCore.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Marvin Häuser <mhaeuser@posteo.de>
In case PlatformBootManagerLib does not have PciLib dependency,
we need to explicitly depend on UefiBootServicesTableLib.
Otherwise UefiBootServicesTableLib may not be constructed before
DxePciLibI440FxQ35, which uses a constructor-less PcdLib that directly
accesses gBS.
This can be viewed as a bug in the current implementation of BaseTools,
namely GetModuleLibInstances. This function drops all constructor-less
dependencies from the dependency resolution list to avoid dependency
cycles, which at the same time causes issues like above.
To properly fix the issue one should go over each library with
constructors and for each its dependency without constructors add all
the secondary dependencies that do have constructors. While doable,
it may cause considerable performance issues and is thus not done
in this patch.
Signed-off-by: Vitaly Cheptsov <cheptsov@ispras.ru>
To provide an example and test the code within edk2, this
adds stack cookie checking to OvmfIA32X64, doing no checking
for SEC and PEI_CORE modules, static cookies for PEIMs, and
dynamic cookies for all other module types.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
In order to use dynamic stack cookies, we need RDRAND support
from QEMU, so this updates the QEMU launching code for OvmfPkg
to include RDRAND support.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
This commit oves StackCheckLib from a NULL lib to an instance of
StackCheckLib. This requires every entry point to add a library
dependency on StackCheckLib. It also requires every SEC module
to have a dependency on StackCheckLib because there is no
standard SEC entry point.
It allows for greater flexibility for a platform to apply stack
cookies and simplifies DSC logic.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
GenericQemuLoadImageLib.c: In function 'QemuLoadKernelImage':
GenericQemuLoadImageLib.c:323:5: error: 'CommandLine' may be used
uninitialized in this function [-Werror=maybe-uninitialized]
UnicodeSPrintAsciiFormat (
^~~~~~~~~~~~~~~~~~~~~~~~~~
KernelLoadedImage->LoadOptions,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
KernelLoadedImage->LoadOptionsSize,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"%a%a",
~~~~~~~
(CommandLineSize == 0) ? "" : CommandLine,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(InitrdSize == 0) ? "" : " initrd=initrd"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
);
~
cc1: all warnings being treated as errors
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
The specification wasn't clear and even contradict itself regarding
the calculation of the disk size. This have been clarified by Xen
commit 221f2748e8da ("blkif: reconcile protocol specification with
in-use implementations").
https://xenbits.xenproject.org/gitweb/?p=xen.git;a=commit;h=221f2748e8dabe8361b8cdfcffbeab9102c4c899
The value from the xenstore node "sectors" must be multiplied by 512
to have the size of the disk.
Calculation of LastBlock is now the same for both CD-ROM case and
generic case.
Signed-off-by: Anthony PERARD <anthony.perard@vates.tech>
Commit 459f5ffa24ae ("OvmfPkg/QemuKernelLoaderFsDxe: rework direct
kernel boot filesystem") has a small change in behavior: In case
there is no data the file is not created and attempts to open file
return EFI_NOT_FOUND. Old behavior was to add a zero-length file
to the filesystem.
Fix GenericQemuLoadImageLib to handle EFI_NOT_FOUND correctly for
'initrd' and 'cmdline'.
Reported-by: Srikanth Aithal <sraithal@amd.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit d64d1e195ceb ("MdeModulePkg: PeiMain: Introduce implementation
of delayed dispatch") introduced a new usage of the TimerLib which
uses a dynamic PCD in OvmfXen platform. But PeiMain has only access to
a NULL version of PcdLib, so OvmfXen can't start.
Introduce PeiPcdLib for PEI_CORE so PeiMain can read dynamic PCDs.
Signed-off-by: Anthony PERARD <anthony.perard@vates.tech>
QEMU enables VIRTIO_VGA by default.
Libvirt falls back from virtio-gpu-pci to virtio-vga if made available by
QEMU.
We need to enable VGA support to get video output for EDK II in
virt-manager.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add the 'opt/org.tianocore/EnableLegacyLoader' FwCfg option to
enable/disable the insecure legacy linux kernel loader.
For now this is enabled by default. Probably the default will be
flipped to disabled at some point in the future.
Also print a warning to the screen in case the linux kernel secure
boot verification has failed.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Try load shim first. In case that succeeded update the command line to
list 'kernel' first so shim will fetch the kernel from the kernel loader
file system.
This allows to use direct kernel boot with distro kernels and secure
boot enabled. Usually distro kernels can only be verified by distro
shim using the distro keys compiled into the shim binary.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Try load shim first. In case that succeeded update the command line to
list 'kernel' first so shim will fetch the kernel from the kernel loader
file system.
This allows to use direct kernel boot with distro kernels and secure
boot enabled. Usually distro kernels can only be verified by distro
shim using the distro keys compiled into the shim binary.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Allows to use the qemu kernel loader pseudo file system for other
purposes than loading a linux kernel (or efi binary). Passing
startup.nsh for EFI shell is one example.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Triggers when trying to get root directory info.
Reproducer:
* Use qemu -kernel with something edk2 can not load.
* When dropped into the efi shell try inspect the file system.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
QEMU_FW_CFG_FNAME_SIZE is 56. 'etc/boot/' prefix is minus 9. Add one
for the terminating '\0'. Effective max size is 48.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Split KERNEL_BLOB struct into two:
* One (KERNEL_BLOB_ITEMS) static array describing how to load (unnamed)
blobs from fw_cfg.
* And one (KERNEL_BLOB) dynamically allocated linked list carrying the
data blobs for the pseudo filesystem.
Also add some debug logging. Prefix most functions with 'QemuKernel'
for consistency and easier log file grepping. Add some small helper
functions.
This refactoring prepares for loading blobs in other ways.
No (intentional) change in filesystem protocol behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Setting PcdSetupConOut* to zero turns on autodetection mode
for rows and cols, so the firmware setup application will use
the use complete available screen space.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set both PcdVideo*Resolution and PcdSetupVideo*Resolution PCDs.
This avoids pointless video mode changes when entering and leaving
the firmware setup application.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set both PcdVideo*Resolution and PcdSetupVideo*Resolution PCDs.
This avoids pointless video mode changes when entering and leaving
the firmware setup application.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set both PcdVideo*Resolution and PcdSetupVideo*Resolution PCDs.
This avoids pointless video mode changes when entering and leaving
the firmware setup application.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set both PcdVideo*Resolution and PcdSetupVideo*Resolution PCDs.
This avoids pointless video mode changes when entering and leaving
the firmware setup application.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This way we have the display configuration in a single place and
need to change one file only to update all build variants.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
While fixing https://github.com/tianocore/edk2/pull/6092 (the
fact that some OvmfPkg and ArmVirtPkg platforms included residual
NetworkPkg components even when compiled with -D NETWORK_ENABLE=0),
it was noted that OvmfPkg/Include/*/Shell*.inc files which apply
the required fix logic are available and already used in some
OvmfPkg platforms.
This commit applies these files consistently within OvmfPkg.
This has the side effect that some platforms now include one or
more of HttpDynamicCommand, VariablePolicyDynamicCommand and
LinuxInitrdDynamicShellCommand when they previously did not.
This fixes unintentional drift between platforms, and provides
additional shell commands which may be useful in some cases.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
This issue showed up when addressing
https://bugzilla.tianocore.org/show_bug.cgi?id=4829
in https://github.com/tianocore/edk2/pull/6087 .
Various OvmfPkg and ArmVirtPkg platforms include some residual NetworkPkg
components when compiled with -D NETWORK_ENABLE=0, even though they use
NetworkPkg includes intended to allow all NetworkPkg components to be
disabled on this flag.
For the OvmfPkg Intel platforms only, commit
d933ec115bdf9be1d8dfe6a818414a14973cc0d3 started
the change of not including these residual NetworkPkg
components, and commit
7f17a155640a2a9e1f7b0f3522628ee2c6f62624 completed it.
This commit rolls these changes out to the remaining OvmfPkg platforms
where they make sense in the same way.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
