Commit Graph

24073 Commits

Author SHA1 Message Date
Yunhua Feng 3378782691 BaseTools: Support DSC component !include PCD items
DSC format:
[Components]
  TestPkg/TestDriver.inf {
    <PcdsFixedAtBuild>
      !include TestPkg/Test.txt
  }

Test.txt content:
PcdToken.PcdCName | 0x123

Per spec we should support this usage.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yunhua Feng <yunhuax.feng@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-19 15:47:36 +08:00
Carsey, Jaben 25598f8bdb BaseTools: merge towards minimum PCD MAX <something> methods
we have 5 different max val or max byte for PCDs.
refactor and remove 2 methods.
we need 3, as one computes for VOID* PCDs.

Cc: Bob Feng <bob.feng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-18 22:15:36 +08:00
Carsey, Jaben 9eb87141ec BaseTools: refactor and remove un-needed use of .keys() on dictionaries
sometimes just delete it.
sometimes the loop needed .values() instead

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-18 22:15:36 +08:00
Carsey, Jaben 55c84777ee BaseTools: use predefined constants instead of local strings
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-18 22:15:35 +08:00
Carsey, Jaben 5a693b89a1 BaseTools: refactor and remove more keys() usage
this is no longer required to make dictionary objects iterable.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-18 22:15:35 +08:00
Carsey, Jaben d498274fcd BaseTools: Eot - Remove FvImage file
move the single used class from FvImage to Eot
delete the FvImage file
remove FvImage from makefile

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-18 22:15:34 +08:00
Carsey, Jaben 5f446994a2 BaseTools: Remove un-needed list comprehension
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-18 22:15:34 +08:00
Carsey, Jaben b96c7cf8ca BaseTools: remove duplicate function name
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-18 22:15:33 +08:00
Hao Wu 2551014719 FatPkg/EnhancedFatDxe: Ensure traverse of subtasks is delete-safe
Within function FatQueueTask(), the traverse of FAT subtasks for
executing the disk read/write is not delete-safe.

For the below case:

FatDiskIo(): When non-blocking access, creates subtasks and creates
event (FatOnAccessComplete, NOTIFY level) when subtasks finish.

FatQueueTask(): Traverses the subtasks and submits them one by one at
Tpl lower than NOTIFY.

Disk R/W completes really quick.

FatOnAccessComplete(): Removes the finished subtask, causing the
traverse in FatQueueTask() broken.

This commits will refine the subtask traverse in FatQueueTask() to be
delete-safe.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2018-04-18 15:08:14 +08:00
Liming Gao 104bbee55e IntelFrameworkModulePkg IsaSerialDxe: Update algorithm to calculate Divisor
To align the way in MdeModulePkg SerialPortLib and PciSioSerialDxe driver,
Divisor is added by one when the reminder is more than half (16 * BaudRate).

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2018-04-18 14:56:07 +08:00
Carsey, Jaben 9e508f3acc BaseTools: change DscBuildData functions without need for self to staticmethod
prepend functiosn with @staticmethod
change calls to use class name, not self

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 21:17:55 +08:00
Carsey, Jaben e1a76b4702 BaseTools: remove an unused file
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 21:02:06 +08:00
Carsey, Jaben 9fb9cbfb65 BaseTools: delete an unused file
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:54:15 +08:00
Carsey, Jaben 80bfbd3e83 BaseTools: FfsInfStatement - remove unused function
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:49:55 +08:00
Carsey, Jaben 227dbb1190 BaseTools: FdfParser - refactor functions to make static
make functions that doesn't use self into @staticmethod

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:49:54 +08:00
Carsey, Jaben cdc9b0c296 BaseTools: FdfParser refactor to remove a dictionary
__GetInfStatement() does not use the dict parameter, so remove it
from the API and from all callers.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:49:54 +08:00
Carsey, Jaben c3dc9d29d1 BaseTools: refactor DepexSection.GenSection
change default parameter value to None since the parameter isn't used.
remove temporary dictionary and just do the reaplce call.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:49:53 +08:00
Carsey, Jaben 888d7f196d BaseTools: use dictionary.get() when we have value if not found
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:49:53 +08:00
Carsey, Jaben fe1abb4beb BaseTools: move RegEx compile out of loops
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:49:53 +08:00
Carsey, Jaben a6c910e358 BaseTools: Remove unused functions from DscBuildData
3 functions were never called:
_dumpPcdInfo
__STRING2OCTList
__UNICODE2OCTList

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:49:52 +08:00
Carsey, Jaben 820a98a463 BaseTools: remove unused local variable.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:49:52 +08:00
Carsey, Jaben 128d435f5e BaseTools: fix None comparisons
when comparing a list/string against None and empty, just compare the object.
when comparing against None, dont use !=, ==, <>

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:49:32 +08:00
Carsey, Jaben 72fbe88d72 BaseTools: reduce list usage when not needed
remove not needed lists.  some were just counted and others
should be sets.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:48:53 +08:00
Carsey, Jaben 1563349a96 BaseTools: use set instead of list for a variable to be used with in
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:48:53 +08:00
Carsey, Jaben 066c71544e BaseTools: skip updating temporary variable.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:48:52 +08:00
Carsey, Jaben 1530ceda05 BaseTools: no need to save the data
It's never accessed.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:48:52 +08:00
Carsey, Jaben 4d3b9389e7 BaseTools: use existing shared variable
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-17 20:48:51 +08:00
Dandan Bi 7ac4250e87 BaseTool/VfrCompile: make delete[] match with new[]
Cc: Eric Dong <eric.dong@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2018-04-17 16:57:00 +08:00
Dandan Bi 2aa9a9f03e BaseTools/VfrCompile:Fix memory leak issues
Cc: Eric Dong <eric.dong@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2018-04-17 16:57:00 +08:00
Pete Batard 55f67014d7 MdePkg/Library/BaseCpuLib: Enable VS2017/ARM64 builds
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Pete Batard <pete@akeo.ie>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-04-17 14:54:35 +08:00
Pete Batard 37db86ae23 MdePkg/Library/BaseSynchronizationLib: Enable VS2017/ARM64 builds
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Pete Batard <pete@akeo.ie>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-04-17 14:54:28 +08:00
Laszlo Ersek 5e0e476a95 OvmfPkg/PlatformBootManagerLib: add USB keyboard to ConIn
PlatformInitializeConsole() (called by PlatformBootManagerBeforeConsole())
adds elements of "gPlatformConsole" to ConIn / ConOut / ErrOut (as
requested per element) if at boot at least one of ConIn and ConOut doesn't
exist. This typically applies to new VMs, and VMs with freshly recreated
varstores.

Add a USB keyboard wildcard to ConIn via "gPlatformConsole", so that we
not only bind the PS/2 keyboard. (The PS/2 keyboard is added in
PrepareLpcBridgeDevicePath()). Explicitly connecting the USB keyboard is
necessary after commit 245c643cc8.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2018-04-16 21:45:25 +02:00
Dandan Bi d4ee449d1d MdeModulePkg/FPDT: Add error message for unsupported case
We have updated performance infrastructure in previous commits:
between
73fef64f14
and
115eae650b
Update FPDT drivers to collect the performance data reported by
gEdkiiFpdtExtendedFirmwarePerformanceGuid.
The old implementation which collected performance data through
gEfiFirmwarePerformanceGuid is not supported now.
We should add error message to remind user for this unsupported
case in case anyone use it by mistake.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-04-16 14:37:59 +08:00
Star Zeng 665bfd41ac SignedCapsulePkg SystemFirmwareUpdateDxe: Fix failure caused by d69d922
d69d9227d0 caused system firmware update
failure. It is because FindMatchingFmpHandles() is expected to return
handles matched, but the function returns all handles found.

This patch is to fix the issue.
This patch also assigns mSystemFmpPrivate->Handle for "case 1:" path
in case the Handle is needed by other place in future.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
2018-04-16 13:55:00 +08:00
Long Qin b85b20fba4 CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h
(https://bugzilla.tianocore.org/show_bug.cgi?id=927)

(V2 Update:
    Removing the wrong "--remote" option from git submodule update
    command in this commit message. Thanks Laszlo's clarification
    to correct this)

Update OpenSSL version to 1.1.0h release (27-Mar-2018) to include the
fix for CVE-2018-0739 issue (Handling of crafted recursive ASN.1
structures can cause a stack overflow and resulting denial of service,
Refer to https://www.openssl.org/news/secadv/20180327.txt for more
information).

Please note "git pull" will not update the submodule repository.
use the following commend to make your existing submodule track this
update:
   $ git submodule update --recursive

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
2018-04-15 21:08:37 +08:00
Long Qin a701ea0fe1 CryptoPkg/OpensslLib: Fix the documentation about submodule update
This patch is to drop "--remote" option from the original suggested
submodule update command ("$ git submodule update --recursive
--remote") in HOWTO document.

"--remote" option will integrate changes from the upstream subproject
with the submodules's "current HEAD", instead of using the edk2
superproject's "recorded SHA-1".

It is important here for the edk2 consumers to updating the working
tree of the submodules to match the commit / release tag that the
superproject expects. So removing "--remote" option to fix this
documentation issue here.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2018-04-15 21:07:38 +08:00
Feng, YunhuaX e7df35b2bc BaseTools: Fix one or more multiply defined symbols found issue
self.Guids update with package Guids will generate multiply defined
GUID symbols in AutoGen file

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yunhua Feng <yunhuax.feng@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-04-15 08:39:31 +08:00
Laszlo Ersek 2167c7f7a5 CryptoPkg/TlsLib: rewrite TlsSetCipherList()
Rewrite the TlsSetCipherList() function in order to fix the following
issues:

- Any cipher identifier in CipherId that is not recognized by
  TlsGetCipherMapping() will cause the function to return EFI_UNSUPPORTED.

  This is a problem because CipherId is an ordered preference list, and a
  caller should not get EFI_UNSUPPORTED just because it has an elaborate
  CipherId preference list. Instead, we can filter out cipher identifiers
  that we don't recognize, as long as we keep the relative order intact.

- CipherString is allocated on the stack, with 500 bytes.

  While processing a large CipherId preference list, this room may not be
  enough. Although no buffer overflow is possible, CipherString exhaustion
  can lead to a failed TLS connection, because any cipher names that don't
  fit on CipherString cannot be negotiated.

  Compute CipherStringSize first, and allocate CipherString dynamically.

- Finally, the "@STRENGTH" pseudo cipher name is appended to CipherString.
  (Assuming there is enough room left in CipherString.) This causes
  OpenSSL to sort the cipher list "in order of encryption algorithm key
  length".

  This is a bad idea. The caller specifically passes an ordered preference
  list in CipherId. Therefore TlsSetCipherList() must not ask OpenSSL to
  reorder the list, for any reason. Drop "@STRENGTH".

While at it, fix and unify the documentation of the CipherId parameter.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Qin Long <qin.long@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2018-04-13 14:06:24 +02:00
Laszlo Ersek a347b08973 CryptoPkg/TlsLib: sanitize lib classes in internal header and INF
"InternalTlsLib.h" includes "BaseCryptLib.h", but the lib class is not
listed in the INF file.

The INF file lists a good number of lib classes, but none of the lib class
headers are included by "InternalTlsLib.h".

Synchronize & sort both lists, while removing those library classes that
aren't actually needed. (IntrinsicLib and OpensslLib have no edk2 class
headers.)

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Qin Long <qin.long@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2018-04-13 14:06:21 +02:00
Laszlo Ersek 96015d5fc5 CryptoPkg/TlsLib: pre-compute OpensslCipherLength in TlsCipherMappingTable
In the next patches, we'll need the lengths of the
TLS_CIPHER_MAPPING.OpensslCipher string fields. These lengths can be
computed at build time; add the new field "OpensslCipherLength", and
introduce the MAP() macro for populating it.

While at it, add some horizontal whitespace to "TlsCipherMappingTable",
and add a comma after the last element. This will come handy in a later
patch.

(The patch does not change the first two columns of
"TlsCipherMappingTable", which can be easily verified with "git show
--word-diff".)

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Qin Long <qin.long@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2018-04-13 14:06:19 +02:00
Laszlo Ersek 5eadb54e26 CryptoPkg/TlsLib: use binary search in the TlsGetCipherMapping() function
Improve the performance of the TlsGetCipherMapping() function by adopting
the binary search from DhcpFindOptionFormat()
[MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Option.c].

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Qin Long <qin.long@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2018-04-13 14:06:16 +02:00
Laszlo Ersek ecfd37ba1b CryptoPkg/TlsLib: replace TlsGetCipherString() with TlsGetCipherMapping()
In the following patches it will be useful if the IANA CipherId lookup
returns a pointer to the whole matching IANA-to-OpenSSL mapping structure,
not just the OpenSSL cipher suite name. Rename TLS_CIPHER_PAIR and
TlsGetCipherString() to TLS_CIPHER_MAPPING and TlsGetCipherMapping()
respectively, and make the function return a pointer to
TLS_CIPHER_MAPPING.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Qin Long <qin.long@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2018-04-13 14:06:14 +02:00
Laszlo Ersek b1c81b6ec3 NetworkPkg/TlsDxe: clean up byte order conversion for EfiTlsCipherList
Fix the following style issues:

- "Data" is accessed through a pointer to UINT16 rather than to a pointer
  to EFI_TLS_CIPHER. While technically correct, UINT16 is harder to
  interpret against the UEFI spec.

- Array subscripting is written with weird *(Pointer + Offset)
  expressions, rather than with Pointer[Offset].

- The byte order is converted with HTONS(), while it should be NTOHS().
  Either way, use the Data1 and Data2 fields of EFI_TLS_CIPHER instead.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2018-04-13 14:06:12 +02:00
Laszlo Ersek 44eb974081 NetworkPkg/TlsDxe: verify DataSize for EfiTlsCipherList
TlsSetSessionData() shouldn't just ignore an incomplete EFI_TLS_CIPHER
element at the end of "Data":

- Generally speaking, malformed input for a security API is best rejected
  explicitly.

- Specifically speaking, the size of EFI_TLS_CIPHER is 2 bytes. If
  DataSize is 1 on input, then the initial check for (DataSize == 0) will
  fail, but then TlsSetCipherList() will be called with CipherNum=0.

Return EFI_INVALID_PARAMETER from TlsSetSessionData() if "Data" doesn't
contain a whole number of EFI_TLS_CIPHER elements. While at it, introduce
the dedicated variable CipherCount.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2018-04-13 14:06:09 +02:00
Laszlo Ersek 344d057a2b MdePkg/Include/Protocol/Tls.h: pack structures from the TLS RFC
The structures defined in RFC 5246 are not to have any padding between
fields or at the end; use the "pack" pragma as necessary.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2018-04-13 14:06:06 +02:00
Laszlo Ersek ba9c8a8ccb OvmfPkg/TlsAuthConfigLib: configure trusted cipher suites for HTTPS boot
Read the list of trusted cipher suites from fw_cfg and to store it to
EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE.

The fw_cfg file will be formatted by the "update-crypto-policies" utility
on the host side, so that the host settings take effect in guest HTTPS
boot as well. QEMU forwards the file intact to the firmware. The contents
are forwarded by NetworkPkg/HttpDxe (in TlsConfigCipherList()) to
NetworkPkg/TlsDxe (TlsSetSessionData()) and TlsLib (TlsSetCipherList()).

Note: the development of the "update-crypto-policies" feature is underway
at this time. Meanwhile the following script can be used to generate the
binary file for fw_cfg:

  export LC_ALL=C
  openssl ciphers -V \
  | sed -r -n \
      -e 's/^ *0x([0-9A-F]{2}),0x([0-9A-F]{2}) - .*$/\\\\x\1 \\\\x\2/p' \
  | xargs -r -- printf -- '%b' > ciphers.bin

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Ching-Pang Lin <glin@suse.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Gary Lin <glin@suse.com>
Tested-by: Gary Lin <glin@suse.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
[lersek@redhat.com: update commit msg and add script as requested by Gary]
[lersek@redhat.com: update commit msg as requested by Jiaxin]
2018-04-13 14:05:10 +02:00
Jian J Wang 54ec85dd29 MdeModulePkg/PiSmmIpl: fix non-executable SMM RAM
This patch fixes an issue introduced by commit

  5b91bf82c6

and

  0c9f2cb10b

This issue will only happen if PcdDxeNxMemoryProtectionPolicy is
enabled for reserved memory, which will mark SMM RAM as NX (non-
executable) during DXE core initialization. SMM IPL driver will
unset the NX attribute for SMM RAM to allow loading and running
SMM core/drivers.

But above commit will fail the unset operation of the NX attribute
due to a fact that SMM RAM has zero cache attribute (MRC code always
sets 0 attribute to reserved memory), which will cause GCD internal
method ConverToCpuArchAttributes() to return 0 attribute, which is
taken as invalid CPU paging attribute and skip the calling of
gCpu->SetMemoryAttributes().

The solution is to make use of existing functionality in PiSmmIpl
to make sure one cache attribute is set for SMM RAM. For performance
consideration, PiSmmIpl will always try to set SMM RAM to write-back.
But there's a hole in the code which will fail the setting write-back
attribute because of no corresponding cache capabilities. This patch
will add necessary cache capabilities before setting corresponding
attributes.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2018-04-13 13:05:00 +08:00
Jian J Wang 5fef2c7069 MdeModulePkg/SmmCore: add sanity check for SetMemoryAttributes
Heap Guard feature needs enough memory and paging to work. Otherwise
calling SetMemoryAttributes to change page attribute will fail. This
patch add necessary check of result of calling SetMemoryAttributes.
This can help users to debug their problem in enabling this feature.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2018-04-13 13:04:59 +08:00
Jian J Wang a5cd613cdb MdeModulePkg/DxeCore: add sanity check for SetMemoryAttributes
Heap Guard feature needs enough memory and paging to work. Otherwise
calling SetMemoryAttributes to change page attribute will fail. This
patch add necessary check of result of calling SetMemoryAttributes.
This can help users to debug their problem in enabling this feature.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2018-04-13 13:04:59 +08:00
Star Zeng 36db7492e1 SignedCapsulePkg SystemCapsuleLib: Change some dbg level to DEBUG_INFO
This debug message should be info instead of error. This patch is to
change the debug level to DEBUG_INFO.
DEBUG((DEBUG_ERROR, "checking FV....0x%08x - 0x%x\n",
       FvHeader, FvHeader->FvLength));    // "Mark"

This comment is inaccurate. This patch is to remove it.
//
// Check section
//

This debug message should be removed as FvHeader may have been out of
range FdStart and FdSize, and the loop will go to "Mark" above again if
FvHeader is not out of range FdStart and FdSize, and then that debug
message will be shown. This patch is to remove this debug message.
DEBUG((DEBUG_ERROR, "Next FV....0x%08x - 0x%x\n",
       FvHeader, FvHeader->FvLength));

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Amy Chan <amy.chan@intel.com>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2018-04-13 12:57:10 +08:00