PK can be cleared in runtime. However SecureBootMode variable is not updated accordingly. Add code in variable init to make them consistent.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17401 6f19259b-4bc3-4df7-8a09-765794883524
BaseSortLib is the library instance name not the class name.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17398 6f19259b-4bc3-4df7-8a09-765794883524
The old implementation was to allocate EfiBootServicesData memory first,
and then update the MemoryType of memory allocation hob to
EfiReservedMemoryType.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17395 6f19259b-4bc3-4df7-8a09-765794883524
This library will co-work with UefiBootManagerLib and BdsDxe driver in MdeModulePkg.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17391 6f19259b-4bc3-4df7-8a09-765794883524
When the Q35 machine type(s) of QEMU are used with libvirt, libvirt tends
to place some devices behind PCI bridges. This is then reflected in the
"bootorder" fw_cfg file. For example:
/pci@i0cf8/pci-bridge@1e/pci-bridge@1/scsi@5/disk@0,0
/pci@i0cf8/pci-bridge@1e/pci-bridge@1/scsi@3/channel@0/disk@0,0
As yet QemuBootOrderLib doesn't support such OFW device paths.
Add code that translates a sequence of pci-bridge nodes.
In practice libvirt seems to insert two such nodes (*), hence increment
EXAMINED_OFW_NODES with the same number.
(* Background, paraphrasing Laine Stump's words:
When the machine type is Q35, we create a dmi-to-pci bridge coming off of
the pcie root controller, and a pci-to-pci bridge coming off of that, then
attach most devices to the pci-to-pci bridge. This is done because you
can't hotplug into pcie-root, can't (or at least shouldn't) plug a
pci-to-pci bridge into pcie-root (so the next one has to be
dmi-to-pci-bridge), and can't hotplug into dmi-to-pci-bridge (so you need
to have a pci-to-pci bridge).)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17385 6f19259b-4bc3-4df7-8a09-765794883524
Since ArmVExpressSysConfigLib cannot be supported at runtime, restrict
its use to the types of modules that are currently using it legally.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Olivier Martin <olivier.martin@arm.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17382 6f19259b-4bc3-4df7-8a09-765794883524
The ArmVExpressSysConfigLib library does not (and cannot) runtime
remap its MMIO registers, so use a NULL implementation of the
ArmPlatformSysConfigLib library class for DXE_RUNTIME_DRIVER
type modules.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Olivier Martin <olivier.martin@arm.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17381 6f19259b-4bc3-4df7-8a09-765794883524
Since the default EfiResetSystemLib for VExpress cannot be used at
runtime (due to the fact that its MMIO registers need to be owned
by the OS and so cannot be runtime remapped), instead use PSCI calls
into EL3 at runtime.
Contributed-under: TianoCore Contribution Agreement 1.0
Reviewed-by: Olivier Martin <olivier.martin@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17380 6f19259b-4bc3-4df7-8a09-765794883524
Declares some extern EFI_GUID variables which correspond to
guid macros in SmartCardEdge.h for C code use.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17379 6f19259b-4bc3-4df7-8a09-765794883524
Declares some extern EFI_GUID variables which correspond to
guid macros in BlockIoCrypto.h for C code use.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17378 6f19259b-4bc3-4df7-8a09-765794883524
Change the code to listen EFI_SW_DXE_BS_PC_LEGACY_BOOT_EVENT instead of the Legacy Boot event to provide more precise performance data.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Ruyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17377 6f19259b-4bc3-4df7-8a09-765794883524
It's to follow the PI spec 1.4.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jie Lin <jie.lin@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17367 6f19259b-4bc3-4df7-8a09-765794883524
Because Hash2 need CryptoLib/Openssl, while latter does not support EBC build.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17365 6f19259b-4bc3-4df7-8a09-765794883524
Support fTPM feature, and update the BiosID to 0.80.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Tim He <tim.he@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17362 6f19259b-4bc3-4df7-8a09-765794883524
Use pragma to disable warning 4200 for all VS* and DDK* tool chains to support
data structure declarations where the last field of the data structure is a
flexible array member.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: lhauch <larry.hauch@intel.com>
Tested-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17361 6f19259b-4bc3-4df7-8a09-765794883524
If DTB_DIR=<path> is set during the build, incorporate DTBs from
that path for all AArch64 FVP platform variants so that they can
be loaded straight from the firmware image instead of from a file
system. This relieves a user of having to keep a DTB file with the
right name in the working directory of the model.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Olivier Martin <olivier.martin@arm.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17360 6f19259b-4bc3-4df7-8a09-765794883524
This adds support to the ArmVExpressPkg platforms to load their
device tree binary from a Firmware Volume if one is found that
matches the current platform. If none is found, the existing
logic to find a FDT by name from a file system is retained as
a fallback.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Olivier Martin <olivier.martin@arm.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17359 6f19259b-4bc3-4df7-8a09-765794883524
Instead of using open coded GUIDs, define them only once, and refer
to them by name everywhere else.
Contributed-under: TianoCore Contribution Agreement 1.0
Reviewed-by: Olivier Martin <olivier.martin@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17358 6f19259b-4bc3-4df7-8a09-765794883524
The EFI_FIRMWARE_VOLUME2_PROTOCOL::EFI_FV_READ_SECTION prototype
takes a pointer to a pointer to an output buffer, so we should
not dereference Image (which is a pointer to pointer type itself)
but pass its value directly.
Contributed-under: TianoCore Contribution Agreement 1.0
Reviewed-by: Olivier Martin <olivier.martin@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17357 6f19259b-4bc3-4df7-8a09-765794883524
This adds all the required modules and library dependencies so that
the ArmVirtualizationQemu platform can be built with support for
UEFI Secure Boot. This support consists of the OpenSSL crypto
library (whose source needs to be downloaded separately), the
authenticated variable store, and authentication of executables
before launching them.
Contributed-under: TianoCore Contribution Agreement 1.0
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Olivier Martin <olivier.martin@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17356 6f19259b-4bc3-4df7-8a09-765794883524
The NorFlashDxe uses an explicit 'BEFORE xxx' Depex declaration to
ensure that it is dispatched before VariableRuntimeDxe, and uses the
file GUID of the latter as 'xxx' explicitly to accomplish that.
However, when enabling UEFI Secure Boot, this breaks down since the
authenticated VariableRuntimeDxe is a completely separate driver, with
a different GUID. Also, the hardcoded dependency on gEfiVariableGuid,
which is not used under UEFI Secure Boot, needs to be factored out in
order to allow this driver to be used.
So clone NorFlashDxe.inf into NorFlashAuthenticatedDxe.inf, and fix
up the dependencies so they refer to gEfiAuthenticatedVariableGuid and
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
instead.
Contributed-under: TianoCore Contribution Agreement 1.0
Reviewed-by: Olivier Martin <olivier.martin@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17355 6f19259b-4bc3-4df7-8a09-765794883524