gEdkiiCcPpi is designed to support CC measurement in PEI phase.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Following the UEFI Shell Specification revision 2.2,
add helper for the '-fwui' option of the reset command.
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
According to ACPI Specification, 64 bit physical address of the XSDT
provides indentical functionality to the RSDT but accommodates physical
address of description headers that are larger than 32 bits.
In this case physical address of XSDT table is 64 bit aligned, however
size of ACPI description tabled header is not 64 bit aligned. It leads
to the entry of other description headers are not 64 bit aligned. In
AARCH64 architecture, deference non-aligned 64 bit address to fetch
64-bit data will trigger Alignment fault. Use ReadUnaligned64 method
to fix this unaligned data access issue.
Signed-off-by: Ajan Zhong <ajan.zhong@newfw.com>
If alignment check is enabled in AARCH64 platform, FDT parser might
dereference non-aligned 64-bit address to fetch 64-bit data.
Use unaligned data read to avoid triggering unaligned data access.
Signed-off-by: Ajan Zhong <ajan.zhong@newfw.com>
While IScsiDxe certainly is a useful feature it is rarely used, and it
slows down firmware boot quite a bit. So disable it by default and only
load it in case this is explicitly requested via fw_cfg.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
UefiDriverEntryPointFwCfgOverrideLib will use
PcdEntryPointOverrideDefaultValue to decide what to do in case the
fw_cfg file specified via PcdEntryPointOverrideFwCfgVarName is not
present. Default is "yes".
This allows to disable drivers by default and only enable them when
requested via fw_cfg.
Also log a message with the config option applied and whenever the
default value or a fw_cfg option was used.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use UefiDriverEntryPointFwCfgOverrideLib for UsbMassStorageDxe so
the driver can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/UsbStorageSupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use UefiDriverEntryPointFwCfgOverrideLib for IScsiDxe so the driver
can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/ISCSISupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use UefiDriverEntryPointFwCfgOverrideLib for VirtioNetDxe so the driver
can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/VirtioNetSupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Currently, the only way to disable PXE boot options is to change the PCD
variables PcdIPv4PXESupport and PcdIPv6PXESupport in the source code or
use the "--pcd" option in the build script. Other boot options such
as HTTP or iSCSI can be disabled using the -D<option> flag.
NETWORK_PXE_BOOT_ENABLE will add a consistent way to disable PXE booting.
This is the third and final part of a series of patches to enable the
NETWORK_PXE_BOOT_ENABLE build flag. At this point, the flag will be able
to disable PXE functionality.
Signed-off-by: Alexander Gryanko <xpahos@gmail.com>
The second step is to add an option to the OvmfPkg module to disable
PXE booting using the NETWORK_PXE_BOOT_ENABLE flag. The patch is divided
into 3 parts. At the current stage the flag is not functional.
Signed-off-by: Alexander Gryanko <xpahos@gmail.com>
The first step is to add an option to disable PXE loading. The patch is
divided into 3 parts. This part adds the NETWORK_PXE_BOOT_ENABLE flag
to the ArmVirtPkg module. At the current stage the flag is not functional.
Signed-off-by: Alexander Gryanko <xpahos@gmail.com>
The GetRandomNumber functions in DxeRngLib can return success without
actually generating a random number. This occurs because there are code
paths through `GenerateRandomNumberViaNist800Algorithm` that do not
initialize the `Status` variable.
- Assume mFirstAlgo == MAX_UINTN (no secure algorithms available)
- Assume none of the secure algorithms have `Available` set.
- Assume PcdEnforceSecureRngAlgorithms is TRUE.
In this condition, the `Status` variable is never initialized, `Buffer`
data is never touched. It is fairly likely that Status is 0, so we can
return EFI_SUCCESS without writing anything to Buffer.
Fix is to set `Status = error_code` in this code path.
`EFI_SECURITY_VIOLATION` seems appropriate.
Signed-off-by: Doug Cook <idigdoug@gmail.com>
DebugLib PCDs are very important, but they're confusing and not
well-explained anywhere. Improve the documentation comments for them to
explain how they work and how they relate to each other.
Signed-off-by: Doug Cook <idigdoug@gmail.com>
The scratch buffer (EfiBootServicesData) is assigned to extract DXE FVs
that are compressed. The matching decompression library returns the buffer
size as below. The buffer is no longer used after completing extraction.
Need to free the buffer to optimize memory allocation and usage.
BaseUefiDecompressLib : sizeof (SCRATCH_DATA)
LzmaCustomDecompressLib : SCRATCH_BUFFER_REQUEST_SIZE (64KB)
BrotliCustomDecompressLib : From EncodeData header (usually, xxMB checked)
In case of Brotli decompression, it is found that a big chunk of memory is
required, based on EncodeData header. (e.g. a 4MB compressed FV reports
about 39MB scratch size)
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
The issue with locating the expected interface and endpoint descriptors
arises because `configDesc` (USB_CONFIG_DESCRIPTOR) and `IfDesc`
(USB_INTERFACE_DESCRIPTOR) are incremented by structure size rather than
by actual descriptor length.
Specifically:
- `configDesc` should be incremented by its actual length.
- `IfDesc` should be incremented by its actual length.
This incorrect increment causes misalignment, preventing access to the
subsequent interface and endpoint descriptors.
[Suggested Solution]
Update the code to increment the pointers by the actual descriptor lengths,
ensuring proper access to all descriptors in the USB configuration.
Signed-off-by: Aniket Surekar <Aniket.Surekar@Dell.com>
According to UEFI spec 2.10 errata A section 7.4.6
"All events from the EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES and
EFI_EVENT_GROUP_EXIT_BOOT_SERVICES event notification groups as well
as events of type EVT_SIGNAL_EXIT_BOOT_SERVICES must be signaled
before ExitBootServices() returns EFI_SUCCESS. The events are only
signaled once even if ExitBootServices() is called multiple times."
So keep track of whether ExitBootServices() has been called, and signal
the event group EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES only the first
time around.
EFI_EVENT_GROUP_EXIT_BOOT_SERVICES will only be signalled if
ExitBootServices() is going to run to [successful] completion, after
which calling it a second time is not possible anyway. So for this case,
no special handling is needed.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
When booting at EL2, enable VHE if available so that the early ID map
can be enabled as well. This gets rid of any memory accesses (reads or
writes) before the MMU and caches are enabled.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
With mSecureHashAlgorithms being static this should not be
needed any more.
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
With mSecureHashAlgorithms being static this should not be
needed any more.
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Links from acpica.org are now redirected to the ACPICA overview page
on intel.com. Update the link so it goes to the 20200717 download page.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Check PcdConfidentialComputingGuestAttr instead of calling
MemEncryptSevIsEnabled() and MemEncryptTdxIsEnabled() to figure
whenever SEV or TDX is enabled.
This allows to remove the MemEncryptSevLib + MemEncryptTdxLib
dependencies.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Improve the formatting of the error message when GetVariable
fails: start the message with an upper-case character, and close the
quotes around the variable name.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
The Fedora 40 images uses gcc 14, includes libasan and
libubsan, clang, and some fixes and improvements.
See c98ff99762
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
The BDF format for PCI initiators in the SRAT table is incorrect.
The format is not a UINT16 but specific bytes.
PCI Bus Number (Bits 7:0 of Byte 2)
PCI Device Number (Bits 7:3 of Byte 3)
PCI Function Number (Bits 2:0 of Byte 3)
REF: https://uefi.org/specs/ACPI/6.5/05_ACPI_Software_Programming_Model.html#device-handle-pci
Signed-off-by: Jeff Brasen <jbrasen@nvidia.com>
Ceping Sun
John Chung
Pierre Gondois
Ajan Zhong
Gerd Hoffmann
Alexander Gryanko
Mike Maslenkin
Doug Cook (WINDOWS)
Rebecca Cran
Phil Noh
Aniket_Surekar
Ard Biesheuvel
Chao Li
Oliver Steffen
Ray Ni
Oliver Smith-Denny
Jeff Brasen