Some parts and versions of TLS require HMAC. This adds the missing HMAC
algorithms to the UEFI provider. One entry in the default signature
algorithms and one in the key management algorithms.
Source of these entries is the default OpenSSL provider, defltprov.c,
included in the OpenSSL library.
This change was required to connect to some TLS servers depending
on the used ciphers.
Signed-off-by: Sebastian Witt <sebastian.witt@siemens.com>
Currently, multiple dsc files within the OvmfPkg directory use the NULL
version of the CcProbeLib library. However, these packages have support
for confidential guests (usage of CcExitLib, MemEncrypt{Sev,Tdx}Lib, etc.)
and should be using the OvmfPkg version of the CcProbeLib.
The use of the NULL library causes the PCI option ROM to be enabled, which
can't be trusted as it originates from the hypervisor. The use of the NULL
library also causes a KVM hypervisor error when attempting to map/back the
option ROM region when running an SEV-SNP guest.
Update the various dsc files to reference the OvmfPkg version of the
CcProbeLib library and prevent usage of PCI option ROMs.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Since the tdx measurement APIs are implemented by
TdxMeasurementLib, the duplicate code are removed.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Add NULL instance of TdxMeasurementLib.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
When at last hob, the FV HOB check function should
exit from the loop
Signed-off-by: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
Update SecPrint() to use _vsnprintf_s() instead of
_vsnprintf() that is a safe function and allows the
defines _CRT_SECURE_NO_WARNINGS and _CRT_SECURE_NO_DEPRECATE
to be removed from WinHost builds.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Move local variable init to C statements to follow
coding standard and remove the use of field names in
structure initialization to maximize compiler compatibility.
This issue was introduced by PR #6185
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
SplitPage may return OUT_OF_RESOURCES if no memory resource to split
page entry. ConvertMemoryPageAttributes should also return
OUT_OF_RESOURCES instead of override the status to UNSUPPORTED.
Then EfiSetMemoryAttributes and EfiClearMemoryAttributes can return
correct status of OUT_OF_RESOURCES when requested attributes cannot
be applied due to lack of system resource.
Cc: Felix Polyudov <felixp@ami.com>
Cc: David Hsieh <davidhsieh@ami.com>
Cc: James Wang <jameswang@ami.com>
Signed-off-by: Crystal Lee <crystallee@ami.com>
Produce the protocol introduced in UEFI v2.10 that permits the caller to
manage mapping permissions in the page tables.
Cc: Felix Polyudov <felixp@ami.com>
Cc: David Hsieh <davidhsieh@ami.com>
Cc: James Wang <jameswang@ami.com>
Signed-off-by: Crystal Lee <crystallee@ami.com>
A compiler warning was detected that 'IntId' could be used uninitialized
in the `else` branch.
Since there are no consumers of this function, it was decided to remove
this function completely.
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
Mbedtls requires the use of strncpy(), but it is currently included in
DummyOpensslSupport.c, which is not part of Mbedtls SecCryptLib.
To resolve this, move strncpy() to CrtWrapper.c, as Mbedtls SecCryptLib
not depend on OpensslLib
Signed-off-by: Amy Chan <amy.chan@intel.com>
This patch is to implement default IsCpuSyncAlwaysNeeded definition
for SmmCpuPlatformHookLibQemu. This interface will determine whether the first
CPU Synchronization should be executed unconditionally when a SMI occurs.
If the function returns true, it indicates that there is no need to check the system
configuration and status, and the first CPU Synchronization should be executed
unconditionally.
If the function returns false, it indicates that the first CPU Synchronization is
not executed unconditionally, and the decision to synchronize should be based on
the system configuration and status.
Signed-off-by: Khor Swee Aun <swee.aun.khor@intel.com>
This patch adds the IsCpuSyncAlwaysNeeded interface to the SmmCpuPlatformHookLib.
This interface will determine whether the first CPU Synchronization should be
executed unconditionally when a SMI occurs.
If the function returns true, it indicates that there is no need to check the
system configuration and status, and the first CPU Synchronization should be
executed unconditionally.
If the function returns false, it indicates that the first CPU Synchronization is
not executed unconditionally, and the decision to synchronize should be based on
the system configuration and status.
Signed-off-by: Khor Swee Aun <swee.aun.khor@intel.com>
Today, StandaloneMmCore calls PeCoffLoaderRelocateImage() when loading
images, which calls PeCoffLoaderRelocateImageExtraAction(). On AARCH64,
this sets the image memory protections accordingly, RO + E on code
sections, RW + NX on data sections.
However, if an image fails to start (i.e. its entry point returns a
failure) StandaloneMmCore does not call the corresponding
PeCoffLoaderUnloadImage, which calls PeCoffLoaderUnloadImageExtraAction,
which on AARCH64 undoes the memory protections on the image, setting the
whole memory region back to RW + NX. The core then frees this memory
and the next allocation attempts to use it, which results in a data
abort if a read only memory region is attempted to be written to.
Theoretically, other instances of the PeCoffExtraActionLib could take
other actions and so regardless of architecture, the contract with the
PeCoffLoader should be maintained.
This patch calls PeCoffLoaderUnloadImage when an image's entry point
returns a failure, before freeing the image memory. This meets the
contract and follows the DXE core behavior.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
FindNextMemoryNodeReg prints "ignoring disabled memory node" for all
top-level disabled nodes in the tree, not just the ones with the
"device_type" property set to "memory". Rework the loop to only print
the message for the relevant nodes.
Signed-off-by: Oleksandr Tymoshenko <ovt@google.com>
If the Dispatcher fails to allocate memory for the driver that it is
trying to load then ASSERT, else the Dispatcher silently stops loading
subsequent drivers from the FV.
Signed-off-by: Girish Mahadevan <gmahadevan@nvidia.com>
Reviewed-by: Jeff Brasen <jbrasen@nvidia.com>
Refer to the docs of python, `os.path.normcase(path)` function:
"Normalize the case of a pathname. On Windows, convert all characters in
the pathname to lowercase, and also convert forward slashes to backward
slashes. On other operating systems, return the path unchanged."
`os.path.normpath(path)` also convert forward slashes to backward slashes.
So call `os.path.normcase` after `os.path.normpath` just convert path to
lowercase on Windows(only).
And Windows is case-insensitive but case-preserving.
So the usage of `os.path.normcase(os.path.normpath(path))` can be
simplified to `os.path.normpath(path)`. Then we can use case-preserving
paths rather than lowercase paths in compile_commands.json file
or build log.
But this patch continue to use `os.path.normcase`
when comparing/searching paths.
Signed-off-by: Yang Gang <yanggang@byosoft.com.cn>
UEFI 2.10A Specification has added a new error case to
EFI_ATA_PASS_THRU_PROTOCOL.GetNextDevice API which handles
port multiplier not being connected to the Port.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
UEFI 2.10A Specification has added a new error case to
EFI_ATA_PASS_THRU_PROTOCOL.GetNextDevice API which handles
port multiplier not being connected to the Port.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
Clarifed the return status of EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImage().
As intended in UEFI 2.10 Specification.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
Clarifed the return status of EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImage().
As intended in UEFI 2.10 Specification.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
Clarifed the return status of EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImage().
As intended in UEFI 2.10 Specification.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
Currently openssl has an Open Quantum Safe provider submodule with
directories like oqs-provider/oqs-template/oqsprov/oqsprov.c or
oqs-provider/oqs-template/oqsprov/oqsprov/oqsprov_capabilities.c
that are used as templates, but DebugMacroCheck tries to read them
as a file when recursively traversing the subdirectories.
Fail message:
File "/usr/lib/python3.10/pathlib.py", line 1119, in open
return self._accessor.open(self, mode, buffering, encoding, errors,
IsADirectoryError: [Errno 21] Is a directory: '/CryptoPkg/Library
/OpensslLib/openssl/oqs-provider/oqs-template/oqsprov/oqsprov.c'
Signed-off-by: Alexander Gryanko <xpahos@gmail.com>
Coverity is a static analysis tool. It detects the macro as an error
(case to incompatible type, cert_exp39_c_violation). The update resolves
the error and supports compliance with the static analysis tool.
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
The VirtIO spec states that "Upon receipt of a
VIRTIO_CONSOLE_CONSOLE_PORT message, the driver SHOULD treat the port in
a manner suitable for text console access and MUST respond with a
VIRTIO_CONSOLE_PORT_OPEN message, which MUST have value set to 1". See
https://docs.oasis-open.org/virtio/virtio/v1.3/virtio-v1.3.html#x1-3330002.
The current driver implementation, however, does not comply with that
and only sends PORT_OPEN messages upon receipt of PORT_OPEN messages.
This causes a problem in platforms like Apple's Virtualization
Framework, where PORT_OPEN messages are not sent back to the driver
after CONSOLE_PORT messages are received by the device, a behaviour that
is compliant with the VirtIO specification.
This patch addresses this issue by always responding CONSOLE_PORT
messages with PORT_OPEN messages.
Signed-off-by: Pedro Tôrres <t0rr3sp3dr0@gmail.com>
- For integer attribute, check and see if its value is between maximum
and minimum value defined by HII question.
- For string attribute, check and see if its string length is between
maximum string length and minimum string length defined by HII question.
Signed-off-by: Nickle Wang <nicklew@nvidia.com>
Adds a PrEval entry to the package's ci.yaml file which is used to
verify if the package uses a particular library instance when that
library instance file (INF) is updated.
When a library instance file (INF) is updated, PrEval will review each
package's DSC as described in the ci.yaml file to determine if the
package uses said library instance. If the package does use the library
instance, it will be built and tested to ensure the package is not
broken from the change.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
In BaseCryptLib sleep() function is defined,
apply the same sleep function to BaseCryptLibMbedTls
Signed-off-by: "Kalavakolanu, Hema Anmisha" <hema.anmisha.kalavakolanu@intel.com>
Merge the PCI root bridge with the same segment address within one.
PciSegment element.
UefiPayloadPkg/Library/PciSegmentInfoLibAcpiBoardInfo/PciSegmentInfoLibAcpiBoardInfo.c
Signed-off-by: Linus Liu <linus.liu@intel.com>
This is virtio based keyboard driver designed to be used on ARM platform.
The driver implements basic and extended text input interface.
UEFI shell requires only basic text input interface, but Grub needs
extended text input to work on.
Signed-off-by: Paweł Poławski <ppolawsk@redhat.com>
This commit adds:
- missing virtio subsystem ID for input device
- PrepareVirtioKeyboardDevicePath() handler to boot manager library
Signed-off-by: Paweł Poławski <ppolawsk@redhat.com>
Replaced direct assignment of 'Value = (EFI_HII_VALUE *)&Question->Value'
with the correct usage of HiiStatementValueToHiiValue function.
This resolves the issue where EFI_HII_VALUE and HII_STATEMENT_VALUE types
are incompatible, ensuring proper handling of Question->Value.
Signed-off-by: Igor Kulchytskyy <igork@ami.com>
In platform which support ACPI 2.0 only, the base address of ACPI region
is not page aligned. This unalinged base address leads to failure at
BuildMemoryAllocationHob when parsing ACPI node in FdtParserLib, before
building gUniversalPayloadAcpiTableGuid GUID HOB.
Align base address of ACPI region down to EFI_PAGE_SIZE to make sure
base address always aligned.
Signed-off-by: Ajan Zhong <ajan.zhong@newfw.com>
Save FspHobList pointer to HOB right after FspMemoryInit exits so that
FspHobList pointer is available when performing platform related reset
in CallFspWrapperResetSystem(). Some platforms may consume FSP HOBs
prior to performing platform related reset.
Signed-off-by: Du Lin <du.lin@intel.com>
Praveen K Paladugu
Longhaox Lee
Sebastian Witt
Tom Lendacky
Ceping Sun
Hongbin1 Zhang
Michael D Kinney
Crystal Lee
Mike Maslenkin
Amy Chan
Khor Swee Aun
Oliver Smith-Denny
Oleksandr Tymoshenko
Girish Mahadevan
Yang Gang
Sarah Walker
INDIA\sachinganesh
Alexander Gryanko
Phil Noh
Pedro Tôrres
Nickle Wang
Joey Vagedes
Kalavakolanu, Hema Anmisha
Bing Luo
Linus Liu
Paweł Poławski
Igor Kulchytskyy
Huang Yuqi
Ajan Zhong
Du Lin
Ashraf Ali