After the 9f29fbd3, full mapping SMM page table is always created
regardless the value of the PcdCpuSmmRestrictedMemoryAccess. If so,
SMM PageTable Attributes can be set to ready-only since there is no
need to update it. So, this patch is to remove restricted memory
access check when setting the SMM PageTable attributes.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
SetPageTableAttributes() will use the IfReadOnlyPageTableNeeded() to
determine whether it is necessary to set the page table itself to
read-only. And IfReadOnlyPageTableNeeded() has already token into
account the status of IsRestrictedMemoryAccess(). Therefore, there
is no need for an additional call to IsRestrictedMemoryAccess()
before calling the SetPageTableAttributes().
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Deadloop if PFAddr is not supported by system, no need check SMM CPU
RestrictedMemory access enable or not.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Following the commit 9f29fbd3, full mapping SMM page table is always
created regardless the value of the PcdCpuSmmRestrictedMemoryAccess.
Consequently, a page fault (#PF) that triggers an update to the page
table occurs only when SmiProfile is enabled. Therefore, it is
necessary to save and restore the CR2 register when SmiProfile is
configured to be enabled.
And the operation of saving and restoring CR2 is considered to be
not heavy operation compared to the saving and restoring of CR3.
As a result, the condition check for SmiProfile has been removed,
and CR2 is now saved and restored unconditionally, without the need
for additional condition checks.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
SmiPFHandler depends on the IsSmmCommBufferForbiddenAddress() to do
the forbidden address check:
For SMM, verifying whether an address is forbidden is necessary only
when RestrictedMemoryAccess is enabled.
For MM, all accessible address is recorded in the ResourceDescriptor
HOB, so no need check the RestrictedMemoryAccess is enabled or not.
This patch is to move RestrictedMemoryAccess check into SMM
IsSmmCommBufferForbiddenAddress to align with above behavior. With
the change, SmiPFHandler doesn't need to check the
RestrictedMemoryAccess enable or not.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
This patch breaks the section processing loop if an invalid section with zero SectionLength is encountered.
Signed-off-by: Ragavarshini B <ragavarshinib@ami.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dhanaraj V <vdhanaraj@ami.com>
Cc: Sachin Ganesh <sachinganesh@ami.com>
This adds constants and structure definitions for Send/Get Boot Progress
Code through IPMI, according to Server Base Manageability Requirements
(SBMR) [1], Appendix F.
[1] https://developer.arm.com/documentation/den0069
Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
Starting with Visual Studio 2019 version 16.10, the /volatileMetadata
option is enabled by default when generating x64 code.
This patch disables the /volatileMetadata option for x64 builds in both
VS2019 and VS2022.
We observed a slight increase in used space for the Firmware volumes in
VS2019. Upon investigation, we found that VS2019 version 16.10 enabled
this feature by default. Disabling /volatileMetadata helps reduce the
used space by approximately 3.5KB by considering the 2 Firmware volumes
(2KB uncompressed FV and 1.5KB of compressed FV)
Signed-off-by: Ashraf Ali <ashraf.ali.s@intel.com>
After updating Doxygen, we can see that SetBootMode returns the BootMode
instead of status code as it should, fix it to return status.
Signed-off-by: Vishal Oliyil Kunnil <quic_vishalo@quicinc.com>
The Doxygen comment for SetBootMode and GetBootMode in PrePiHobLib/Hob.c
does not match declaration in PrePiLib.h. The C file has it wrong. Align
the text to match the header.
Signed-off-by: Vishal Oliyil Kunnil <quic_vishalo@quicinc.com>
ACPI 6.5 adds mode flags that could do with
more human-readable display in Acpiview. This
adds support for displaying those flags.
Signed-off-by: Carsten Haitzler <carsten.haitzler@foss.arm.com>
In BmFindBootOptionInVariable() we prevent passing a NULL pointer to
EfiBootManagerFindLoadOption(). However, it can accept a NULL pointer as
the second argument as long as count is zero. This change updates the
assert condtion to only assert if the pointer is NULL and the count is
non-zero.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
This patch replaces call of IpmiSubmitCommand() issued
REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE IPMI command to check
whether bootstrap credential support enabled or not.
The problem is that in accordance with IPMI spec while handling
such command BMC creates bootstrap account. The credentials of this account
is returned as a response. Obviously in this code the response is not used.
From the other side there is an implementation
of EDKII_REDFISH_CREDENTIAL_PROTOCOL exists and used by
RedfishPlatformCredentialIpmiLib.
By design RedfishPlatformCredentialIpmiLib keeps returned bootstrap
credentials and uses it later. So all services using
EDKII_REDFISH_CREDENTIAL_PROTOCOL instance operates with a same
credentials.
Current design of PlatformHostInterfaceBmcUsbNicLib leads to creation
of two bootstrap accounts on BMC side. This is on nesseccary and one
account is not used at all.
Using EDKII_REDFISH_CREDENTIAL_PROTOCOL prevents from creating useless
bootstrap account on BMC side.
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
PlatformHostInterfaceBmcUsbNicLib.c: In function 'CheckBmcUsbNic':
PlatformHostInterfaceBmcUsbNicLib.c:1253:14: error: error: 'HandleBuffer'
may be used uninitialized in this function [-Werror=maybe-uninitialized]
Status =
CheckBmcUsbNicOnHandles (BufferSize/sizeof (EFI_HANDLE), HandleBuffer);
cc1: all warnings being treated as errors
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
/RedfishDiscoverDxe.c:1979:37: error: 'RestExInstance' may be used
uninitialized in this function [-Werror=maybe-uninitialized]
RestExInstance->Signature = EFI_REDFISH_DISCOVER_DATA_SIGNATURE;
cc1: all warnings being treated as errors
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
Add the necessary toolchain override flags for ms_abi and LTO on X64 for
the unversioned GCC toolchain profile.
This resolves a runtime segmentation fault.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
Move all BaseCryptLib resolutions for 32-bit ARM to MbedTls, which does
not require a softfloat library, which can therefore be dropped from
EDK2 entirely going forward.
Note that this implies no TLS networking for 32-bit ARM, as this code
has a direct dependency on OpenSSL, so move the TlsLib resolution to a
AARCH64-only section to force the build to fail early when attempting to
build 32-bit ARM targets with NETWORK_TLS_ENABLE set.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This patch removes the _DSM Memory Clear and MOR
auto-detect functionality via _PTS, as
_DSM Memory Clear was deprecated in TCG PC Client
Reset Attack Mitigation Spec Version 1.10 revision 17
Family "2.0" and _PTS is deemed security deficient.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Remove unused MemoryClear SMI Handler, which is no longer
used due to _DSM Memory Clear no longer being used.
_DSM Memory Clear was deprecated in 2019 by TCG PC Client
Platform Reset Attack Mitigation Spec Version 1.10 revision 17
Family "2.0".
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Comments out a redundant call to RestoreTpl(). While this does not
technically violate spec on raise/restore TPL, TPL should already be at
the specified level. This extra call introduces an asymmetry between
RaiseTpl and RestoreTpl calls, which makes analysis of TPL correctness
more difficult and hampers certain non-standard TPL usages that some
platforms require. Additionally, the two TPL variables were renamed to
provide context for each of them.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
Adds a call to RestoreTpl() in DiskIo2ReadWriteDisk(). While the current
implementation does not technically violate spec on raise/restore TPL,
this extra call ensures symmetry between RaiseTpl and RestoreTpl calls,
which makes analysis of TPL correctness simpler and permits certain
non-standard TPL usages that some platforms require.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
Gerd reports that ArmVirtQemu running under KVM lost network boot
support on systems that do not implement the RNDR/RNDRRS system
registers, which provide an architectural, CPU-based source of random
numbers. Under KVM, the TRNG SMCCC is available as a fallback, which is
exposed via RngDxe but not via the base RngLib library. This means that
direct users of RngLib, such as OpensslLib, have no access to the TRNG
based entropy source.
Let's fix this by resolving RngLib dependencies for UEFI_DRIVER type
drivers via DxeRngLib, which uses the protocol exposed by RngDxe
internally.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
- This PR aims to prevent a buffer overrun issue found in FtwGetLastWriteHeader
function.As per the current code, when there is a malformed blocks (with all bytes as 0s)
then `Offset += FTW_WRITE_TOTAL_SIZE (FtwHeader->NumberOfWrites,
FtwHeader->PrivateDataSize)` would access beyond FtwWorkSpaceSize.
- Also added the signature check to validate work space
Signed-off-by: Sureshkumar Ponnusamy <sponnusamy@microsoft.com>
Fixing RETURN_ERROR macro.
It is causing problem in Coverity Static analysis tool as we are directly converting the UINT value to INTN
Changing value from UINT to INTN might cause problem. Here we know that the values would not be in loss of data.
To increase the code quality and increase the static tool analysis score we have to change it
Cc: Jiangang He <jiangang.he@amd.com>
Cc: Neo Hsueh <Hong-Chih.Hsueh@amd.com>
Signed-off-by: Parth Thakkar <ParthRajeshkumar.Thakkar@amd.com>
Since the PEI Hob service is ready after PEIM loaded,
TDVF should build the Hob for TdHob and Cfv event
at first.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Currently, TDVF gets LowMemory and FistNonAddress from the e820tables
via fw_cfg, while TD-Hob can also provide the memory info of LowMemory
and FistNonAddress.
In current stage e820tables are not measured but TD-Hob is measured in
early phase by TDVF.
So, from the security perspective we'd better use the information from
TD-Hob instead of e820tables.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
The patch adds ProcessorUpgradeInvalid(0xFF) definition in Processor
Upgrade(Type 4, Offset 19h) for SMBIOS Type4 based on SMBIOS v3.8.0.
Processor Upgrade should be 0xFF when no other valid enumeration is
available.
Signed-off-by: Jason Zhao <jason.zhao@intel.com>
This update refactors the code by moving the LocatePpi function call
outside of the for loop where it was previously called repeatedly.
By relocating the LocatePpi invocation outside of the loop,
we improve the efficiency of the code by avoiding redundant lookups.
Signed-off-by: Ashraf Ali <ashraf.ali.s@intel.com>
DevPathToTextUsbWWID allocates a separate copy of the SerialNumber
string to append a null terminator if the original string is not null
terminated. However, by using AllocateCopyPool, it tries to copy
'Length + 1' words from the existing string containing 'Length'
characters into the target string. Split the copy out to only copy
'Length' characters instead.
This was reported by GCC's -Wstringop-overread when compiling a copy
of this routine included in a library on FreeBSD.
Signed-off-by: John Baldwin <jhb@FreeBSD.org>
edk2-basetools was depending on old versions of several packages. That
was fixed in version 0.1.53. Update pip-requirements.txt to use that
version, and bump the versions and dependency expressions of other
packages to use or allow use of newer versions.
Also, update the URL to the requirements file format since it's
moved.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
It is normal for a disk to not have FAT file system (known as No Media),
therefore, it should not produce a "failed" entry in the boot console.
This aims to lower the debug level to verbose.
Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
Adds an entry to the package's CI configuration file that enable policy
5 for stuart_pr_eval. With this Policy, all INFs used by the package are
extracted from the provided DSC file and compared against the list of
changed *.inf (INF) files in the PR. If there is a match, stuart_pr_eval
will specify that this package is affected by the PR and needs to be
tested.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Adds an entry to the package's CI configuration file that enable policy
5 for stuart_pr_eval. With this Policy, all INFs used by the package are
extracted from the provided DSC file and compared against the list of
changed *.inf (INF) files in the PR. If there is a match, stuart_pr_eval
will specify that this package is affected by the PR and needs to be
tested.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Adds an entry to the package's CI configuration file that enable policy
5 for stuart_pr_eval. With this Policy, all INFs used by the package are
extracted from the provided DSC file and compared against the list of
changed *.inf (INF) files in the PR. If there is a match, stuart_pr_eval
will specify that this package is affected by the PR and needs to be
tested.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Adds an entry to the package's CI configuration file that enable policy
5 for stuart_pr_eval. With this Policy, all INFs used by the package are
extracted from the provided DSC file and compared against the list of
changed *.inf (INF) files in the PR. If there is a match, stuart_pr_eval
will specify that this package is affected by the PR and needs to be
tested.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Adds an entry to the package's CI configuration file that enable policy
5 for stuart_pr_eval. With this Policy, all INFs used by the package are
extracted from the provided DSC file and compared against the list of
changed *.inf (INF) files in the PR. If there is a match, stuart_pr_eval
will specify that this package is affected by the PR and needs to be
tested.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Adds an entry to the package's CI configuration file that enable policy
5 for stuart_pr_eval. With this Policy, all INFs used by the package are
extracted from the provided DSC file and compared against the list of
changed *.inf (INF) files in the PR. If there is a match, stuart_pr_eval
will specify that this package is affected by the PR and needs to be
tested.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Adds an entry to the package's CI configuration file that enable policy
5 for stuart_pr_eval. With this Policy, all INFs used by the package are
extracted from the provided DSC file and compared against the list of
changed *.inf (INF) files in the PR. If there is a match, stuart_pr_eval
will specify that this package is affected by the PR and needs to be
tested.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Adds an entry to the package's CI configuration file that enable policy
5 for stuart_pr_eval. With this Policy, all INFs used by the package are
extracted from the provided DSC file and compared against the list of
changed *.inf (INF) files in the PR. If there is a match, stuart_pr_eval
will specify that this package is affected by the PR and needs to be
tested.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Adds an entry to the package's CI configuration file that enable policy
5 for stuart_pr_eval. With this Policy, all INFs used by the package are
extracted from the provided DSC file and compared against the list of
changed *.inf (INF) files in the PR. If there is a match, stuart_pr_eval
will specify that this package is affected by the PR and needs to be
tested.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Adds an entry to the package's CI configuration file that enable policy
5 for stuart_pr_eval. With this Policy, all INFs used by the package are
extracted from the provided DSC file and compared against the list of
changed *.inf (INF) files in the PR. If there is a match, stuart_pr_eval
will specify that this package is affected by the PR and needs to be
tested.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Adds an entry to the package's CI configuration file that enable policy
5 for stuart_pr_eval. With this Policy, all INFs used by the package are
extracted from the provided DSC file and compared against the list of
changed *.inf (INF) files in the PR. If there is a match, stuart_pr_eval
will specify that this package is affected by the PR and needs to be
tested.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Adds an entry to the package's CI configuration file that enable policy
5 for stuart_pr_eval. With this Policy, all INFs used by the package are
extracted from the provided DSC file and compared against the list of
changed *.inf (INF) files in the PR. If there is a match, stuart_pr_eval
will specify that this package is affected by the PR and needs to be
tested.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4729
From SCT testing report, Reset() does not support the case when
ExtendedVerification is set to FALSE. So, we should return
EFI_INVALID_PARAMETER in this case. For details, please refer to
Bug 4729.
Signed-off-by: Nickle Wang <nicklew@nvidia.com>
Include a mapping for HTTP error 429 to return the correct
status code. Additionally include a link to the official
HTTP status codes in the HttpMappingToStatusCode function header.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
Jiaxin Wu
ragavarshinib
Nhi Pham
Ashraf Ali
Vishal Oliyil Kunnil
Carsten Haitzler
Ken Lautner
Rebecca Cran
Mike Maslenkin
Leif Lindholm
Ard Biesheuvel
John Strange
Sureshkumar Ponnusamy
Parth
Ceping Sun
Jason Zhao
Neo Hsueh
John Baldwin
Rebecca Cran
Joey Vagedes
Nickle Wang