Commit Graph

18495 Commits

Author SHA1 Message Date
Samer El-Haj-Mahmoud 730f807141 SecurityPkg: Update servers TCG ACPI Table template to TCG 1.2
Update the TCG Spec in the the EFI_TCG_SERVER_ACPI_TABLE from TCG 1.0 to
TCG 1.2

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-05-03 10:11:12 +08:00
Derek Lin 336dbfd1ca SecurityPkg: Reduce DEBUG verbosity in Tcg2Dxe
Reduce several DEBUG messages verbosity from INFO to VERBOSE, so that will not see debug message around each driver loading when TPM 2.0 part present.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-05-03 10:11:07 +08:00
Samer El-Haj-Mahmoud 8b1331df8b SecurityPkg: Fix TPM 1.2 NV Storage Command Size byte order
Fix Tpm12NvWriteValue() command/response length byte order.
Tpm12SubmitCommand() was using the value from Command.Hdr.paramSize
which was swapped to be Big Endian, but the function was
expecting it in UINT32 Little Endian

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-05-03 10:10:58 +08:00
Samer El-Haj-Mahmoud fd338d8bd7 SecurityPkg: Fix bug in TPM 1.2 SelfTest
Fix uninitialized command Length variable in TPM1.2 Self Test command

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-05-03 10:10:53 +08:00
Samer El-Haj-Mahmoud f060d160ea SecurityPkg: Add DEBUG messages for TPM12Startup
Add DEBUG messages for TPM12Startup to distinguish between TPM_SUCCESS
and
TPM_INVALID_POSTINIT. This helps debugging some hardware problems.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-05-03 10:10:41 +08:00
Samer El-Haj-Mahmoud 148bd4e362 SecurityPkg: Add DEBUG messages for TPM2Startup
Add DEBUG messages for TPM2Startup to distinguish between TPM_RC_SUCCESS
and TPM_RC_INITIALIZE. This helps debugging some hardware problems.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-05-03 10:03:41 +08:00
Leahy, Leroy P 81a23a0fee CorebootModulePkg: Remove DuetPkg references
Remove the references to DuetPkg.  Copy the files from revision
ffea0a2ce2 of DuetPkg into
CorebootModulePkg.  The components include:
* PciBusNoEnumerationDxe
* PciRootBridgeNoEnumerationDxe
* SataControllerDxe

TEST=Build and run on Galileo Gen2

Change-Id: Id07185f7e226749e5f7c6b6cb427bcef7eac8496
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com>
Reviewed-by: Maurice Ma <maurice.ma@intel.com>
Reviewed-by: Prince Agyeman <prince.agyeman@intel.com>
2016-05-02 15:46:44 -07:00
Leahy, Leroy P 13986b690c CorebootPayloadPkg: Remove trailing white space
Remove trailing white space from existing .dsc and .fdf files.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com>
Reviewed-by: Prince Agyeman <prince.agyeman@intel.com>
2016-05-02 10:57:15 -07:00
Ard Biesheuvel c4cc609dc8 ArmPlatformPkg/PrePi: allow unicore version to be used on MP hardware
When combining UEFI firmware built from Tianocore with ARM Trusted
Firmware running in EL3, it is the responsibility of ATF that only
a single core enters the UEFI firmware in EL2, and the remaining cores
are released directly to the OS via PSCI SMC calls.

In this case, we don't need the MpCore flavor of PrePi or PrePeiCore,
but the UniCore flavor currently checks the CPU identification registers
directly, and refuses to proceed if the boot CPU is part of a MpCore
system.

So drop the ASSERT()'s that implement this check.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2016-04-29 18:12:52 +02:00
Ard Biesheuvel 3dece14502 ArmPkg: implement CpuIo2 protocol driver specific for PCI
The CpuIo2 protocol is required by the generic PciHostBridgeDxe driver,
which relies on it to back its own I/O and MMIO operations.

Since ARM has no native I/O port equivalent, such accesses can only
originate from PCI drivers, and the PCI I/O space is translated to MMIO
in this case.

So we can implement this protocol using MMIO operations only, and take
the PCI I/O translation offset into account when performing I/O port
accesses.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2016-04-29 18:04:25 +02:00
Ard Biesheuvel d7c06eb030 ArmPlatformPkg: move PCI related PCD definitions to ArmPkg
The PCI related PCDs are not platform specific, and architectural
protocols such as CpuIo2 are based on PCI provided MMIO to IO
translation, so these PCDs belong in ArmPkg not ArmPlatformPkg.

NOTE: this *WILL* break some out-of-tree platforms, the fix is changing
all consumers of gArmPlatformTokenSpaceGuid.PcdPci* to
gArmTokenSpaceGuid.PcdPci*

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2016-04-29 18:04:21 +02:00
Ard Biesheuvel dfbc039fac MdeModulePkg/DxeCore: set ImageContext Handle and ImageRead() fields
Set the ImageContext.Handle and ImageContext.ImageRead() fields so that
PeCoffLoaderRelocateImageExtraAction() can invoke PeCoffLoaderGetImageInfo
or PeCoffLoaderGetPeHeader if desired to obtain additional metadata.

We will use this to create a PeCoffLoaderRelocateImageExtraAction()
implementation that applies boot time strict mapping permissions to
PE/COFF modules.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2016-04-29 16:57:50 +02:00
Ard Biesheuvel b59e2427c2 MdeModulePkg/PciBusDxe: don't create bogus descriptor if no resources needed
If the current PCI configuration requires no resources to be allocated at
all (i.e., unpopulated bus), the PCI enumeration code creates a single
ACPI_ADDRESS_SPACE_DESCRIPTOR memory descriptor with all fields cleared.
This is rejected by the SubmitResources() implementation of the generic
PciHostBridgeDxe in the following way:

  PciHostBridge: SubmitResources for PcieRoot(0x0)
   Mem: Granularity/SpecificFlag = 0 / 00
        Length/Alignment = 0x0 / 0x0
  PciBus: HostBridge->SubmitResources() - Invalid Parameter

  ASSERT_EFI_ERROR (Status = Invalid Parameter)
  ASSERT [PciBusDxe] .../PciBusDxe/PciLib.c(561): !EFI_ERROR (Status)

So instead, create the empty configuration as a single entry of type
EFI_ACPI_END_TAG_DESCRIPTOR.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2016-04-29 15:23:20 +08:00
Thomas Palmer cdd1b5e548 BaseTools/Build: Better DSC arch filtering
Description:
When building for any specific architecture, the build script today is loading
DSC sections for other architectures not in the build. The build process should
disregard DSC sections that are not relevant to the build.

My previous patch only fixed issue for one section type (Components). This
patch will handle all section types by updating the MetaFileParser class, which
now takes a Arch argument and will filter the DSC table results as they are
returned from the database.  The database still contains all information from
DSCs for when builds support multiple arch's

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2016-04-29 14:53:27 +08:00
Yonghong Zhu 35217a337c BaseTools: fix the bug for FMP to support use Macro as path description
Fix the bug for FMP image to support to use Macro as path description,
eg: FILE DATA = $(OUTPUT_DIRECTORY)/$(TARGET)_$(TOOL_CHAIN_TAG)/test.efi

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-04-29 14:51:06 +08:00
Qiu Shumin 6d3911d406 ShellPkg: Add NULL pointer check.
Add pointer check to avoid NULL pointer dereferenced.

Cc: Jaben Carsey <jaben.carsey@intel.com>
Cc: Tapan Shah <tapandshah@hpe.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Tapan Shah <tapandshah@hpe.com>
2016-04-29 13:23:19 +08:00
Jiewen Yao 91f51fcc84 MdePkg-SmmMemLib: Enhance SmmIsBufferOutsideSmmValid() check for fixed comm buffer.
This patch adds more check in SmmIsBufferOutsideSmmValid(), to make sure that
SMM communication buffer is only EfiReservedMemoryType/EfiRuntimeServicesCode/
EfiRuntimeServicesData/EfiACPIMemoryNVS. So that the communication buffer will
not touch any OS memory.

The assumption is that a platform reports valid SMM communication buffer at
EndOfDxe, because EndOfDxe is last hook point that SMM code can call-out to
get memory map information.
A platform MUST finish SMM communication buffer allocation before EndOfDxe.
If a DXE or OS driver need do communication after EndOfDxe, it can either
allocate SMM communication buffer before EndOfDxe and save it, or consume
EDKII_PI_SMM_COMMUNICATION_REGION_TABLE table to get general fixed comm buffer.

This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
2016-04-29 12:49:26 +08:00
Eric Dong 009264f5cf SecurityPkg-Opal(2): Enhance AHCI Bar MMIO region check.
This patch enhance OPAL password SMM driver to check SMM bar is valid MMIO
besides outside of SMRAM.

This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-04-29 12:49:25 +08:00
Eric Dong 83681c74f0 SecurityPkg-Opal(1): Use fixed SMM communication buffer in OPAL password lib.
This patch enhance OPAL password lib SMM communication by using fixed
SMM communication buffer.

Update OPAL password lib to consume EDKII_PI_SMM_COMMUNICATION_REGION_TABLE
as fixed communication buffer for SMM communication.

This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-04-29 12:49:23 +08:00
Liming Gao de2459d66d MdeModulePkg-FPDT(4): Use fixed buffer for SMM_PERF_COMMUNICATE in PerfLib.
This patch enhance performance data SMM communication by using fixed
SMM communication buffer.

Update PerformanceLib to use fixed SMM communication buffer to get
performance data by SMM_PERF_COMMUNICATE API.

This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-04-29 12:49:21 +08:00
Liming Gao d158ba675b MdeModulePkg-FPDT(3): Use SMM_FPDT_FUNCTION_GET_BOOT_RECORD_DATA_BY_OFFSET in FpdtDxe.
This patch enhance performance data SMM communication by using fixed
SMM communication buffer.

Update FpdtDxe to use fixed SMM communication buffer to get
performance data by SMM_FPDT_FUNCTION_GET_BOOT_RECORD_DATA_BY_OFFSET API.

This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-04-29 12:49:20 +08:00
Liming Gao 77a6e6c4f9 MdeModulePkg-FPDT(2): Add SMM_FPDT_FUNCTION_GET_BOOT_RECORD_DATA_BY_OFFSET in FpdtSmm Handler.
This patch enhance performance data SMM communication by using fixed
SMM communication buffer.

Update FpdtSmm to handle SMM_FPDT_FUNCTION_GET_BOOT_RECORD_DATA_BY_OFFSET
request.

This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-04-29 12:49:18 +08:00
Liming Gao 7110e306fa MdeModulePkg-FPDT(1): Add SMM_FPDT_FUNCTION_GET_BOOT_RECORD_DATA_BY_OFFSET definition.
This patch enhance performance data SMM communication by using fixed
SMM communication buffer.

A new command SMM_FPDT_FUNCTION_GET_BOOT_RECORD_DATA_BY_OFFSET is added,
because we need to support get partial PerformanceData to fixed SMM communication
buffer. If performance data is bigger than fixed SMM communication buffer,
the DXE agent need to call SMM_FPDT_FUNCTION_GET_BOOT_RECORD_DATA_BY_OFFSET
multiple times to get all data out.

This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-04-29 12:49:16 +08:00
Star Zeng 2f7961c7d6 MdeModulePkg-MemoryProfile(3): Use SMRAM_PROFILE_COMMAND_GET_PROFILE_DATA_BY_OFFSET in MemoryProfileInfo.
This patch enhance SMM memory profile SMM communication by using fixed
SMM communication buffer.

Update MemoryProfileInfo APP to use fixed SMM communication buffer to get
profile data by SMRAM_PROFILE_COMMAND_GET_PROFILE_DATA_BY_OFFSET API.

This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-04-29 12:49:14 +08:00
Star Zeng c3592c86ee MdeModulePkg-MemoryProfile(2): Add SMRAM_PROFILE_COMMAND_GET_PROFILE_DATA_BY_OFFSET in PiSmmCore.
This patch enhance SMM memory profile SMM communication by using fixed
SMM communication buffer.

Update PiSmmCore to handle SMRAM_PROFILE_COMMAND_GET_PROFILE_DATA_BY_OFFSET
request.

This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
2016-04-29 12:49:13 +08:00
Star Zeng 73e0de6282 MdeModulePkg-MemoryProfile(1): Add SMRAM_PROFILE_COMMAND_GET_PROFILE_DATA_BY_OFFSET definition.
This patch enhance SMM memory profile SMM communication by using fixed
SMM communication buffer.

A new command SMRAM_PROFILE_COMMAND_GET_PROFILE_DATA_BY_OFFSET is added,
because we need to support get partial ProfileData to fixed SMM communication
buffer. If profile data is bigger than fixed SMM communication buffer,
the DXE agent need to call SMRAM_PROFILE_COMMAND_GET_PROFILE_DATA_BY_OFFSET
multiple times to get all data out.

This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-04-29 12:49:11 +08:00
Jiewen Yao 6e4e6ffda4 MdeModulePkg: Add new driver to publish EDKII_PI_SMM_COMMUNICATION_REGION_TABLE.
Add a driver to publish EDKII_PI_SMM_COMMUNICATION_REGION_TABLE, so that
other DXE driver can consume this table directly. NOTE: This is sample driver.
A platform may uses its own way to define default SMM communication buffer
region and publish information in its own
EDKII_PI_SMM_COMMUNICATION_REGION_TABLE.

This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Feng, Tian <feng.tian@intel.com>
2016-04-29 12:49:09 +08:00
Jiewen Yao 1e01ea240e MdeModulePkg: Add EDKII_PI_SMM_COMMUNICATION_REGION_TABLE definition.
This configuration table is used to describe platform pre-allocated memory
for SMM communication buffer. If DXE driver wants to communicate with SMM
agent, it can use this memory as SMM communication buffer instead of allocate
new memory region.

This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-04-29 12:49:08 +08:00
Jiaxin Wu 76cd3ffab6 ShellPkg: Enhance ping6 to select the interface automatically
v2:
* Refine the code to make it more readable.

This patch is used to support no source IP specified case while
multiple NICs existed in the platform. The command will select the
first both connected and configured interface automatically.
Note: Source address is always required when pinging a
link-local address.

Cc: Bhupesh Sharma <bhupesh.sharma@nxp.com>
Cc: Jaben Carsey <jaben.carsey@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-04-29 11:32:35 +08:00
Jiaxin Wu 9ce14ca124 ShellPkg: Enhance ping to select the interface automatically
v2:
* A. Refine the code to make it more readable.
* B. Add hint message for link local address case.

This patch is used to support no source IP specified case
while multiple NICs existed in the platform. The command
will select the first both connected and configured interface
automatically.
Note: Source address is always required when pinging a
link-local address.

Cc: David Van Arnem <dvanarnem@cmlab.biz>
Cc: Bhupesh Sharma <bhupesh.sharma@nxp.com>
Cc: Jaben Carsey <jaben.carsey@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-04-29 11:32:17 +08:00
Feng Tian 5db1ac89be MdeModulePkg/NvmExpressDxe: comments update to meet implementation
Cc: Simon (Xiang) Lian-SSI <simon.lian@ssi.samsung.com>
Cc: Wu, Hao A <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Wu, Hao A <hao.a.wu@intel.com>
Reviewed-by: Simon (Xiang) Lian-SSI <simon.lian@ssi.samsung.com>
2016-04-29 11:25:46 +08:00
Jiewen Yao 6a0d242212 MdePkg: Add WSMT definition.
This patch adds Windows SMM Security Mitigation
Table @ http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx

Cc: "Gao, Liming" <liming.gao@intel.com>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Gao, Liming" <liming.gao@intel.com>
2016-04-29 11:11:12 +08:00
Zhang, Chao B 91422384d5 SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT
In image verification, if image verified pass in DBT, still need to verify if it is blocked by any other cert/cert hash from DBX.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Dick Wilkins <dick_wilkins@phoenix.com>
2016-04-29 10:48:07 +08:00
Jeff Fan 07e8892090 UefiCpuPkg/MtrrLib: Remove the loop of calculating Fixed-MTRR Mask
Introduce the 32bit mask seeds to calculate Fixed-MTRR or&and mask values. It
could avoid the loop operation and 64bit shift operations.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-04-29 10:07:07 +08:00
Jeff Fan aaa1e579a5 UefiCpuPkg/MtrrLib: Remove the loop of calculating byte offset in MSR
Calculate byte offset in MSR directly and removing the loop.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-04-29 10:07:06 +08:00
Jeff Fan 0f35412232 UefiCpuPkg/MtrrLib: Reduce the loop time to get fixed-MTRR MSR index
Add input fixed-MTRR MSR index to be start MSR index to avoid finding fixed-MTRR
MSR index from 0 at each time.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-04-29 10:07:06 +08:00
Samer El-Haj-Mahmoud 21cc5ebf36 ShellPkg: Update smbiosview for latest Type 17 devices
Update smbiosview to understand latest SMBIOS Type 17 devices from
SMBIOS 3.0.0 spec

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
2016-04-28 13:03:26 -07:00
Laszlo Ersek 84d2070aef OvmfPkg: PlatformBdsLib: lock down SMM regardless of S3
At the moment, the EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL is only installed if
S3 is enabled -- at the end of SaveS3BootScript().

While a runtime OS is never booted with SMM unlocked (because the SMM IPL
locks down SMM as a last resort:

> SMM IPL!  DXE SMM Ready To Lock Protocol not installed before Ready To
> Boot signal
> SmmInstallProtocolInterface: [EfiSmmReadyToLockProtocol] 0
> Patch page table start ...
> Patch page table done!
> SMM IPL locked SMRAM window

), we shouldn't allow UEFI drivers and applications either to mess with
SMM just because S3 is disabled. So install
EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL in PlatformBdsInit() unconditionally.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
2016-04-28 19:35:29 +02:00
Laszlo Ersek 70017e4461 OvmfPkg: PlatformBdsLib: lock down SMM in PlatformBdsInit()
OVMF's PlatformBdsLib currently makes SMM vulnerable to the following
attack:

(1) a malicious guest OS copies a UEFI driver module to the EFI system
    partition,

(2) the OS adds the driver as a Driver#### option, and references it from
    DriverOrder,

(3) at next boot, the BdsEntry() function in
    "IntelFrameworkModulePkg/Universal/BdsDxe/BdsEntry.c" processes
    Driver#### and DriverOrder between the calls to PlatformBdsInit() and
    PlatformBdsPolicyBehavior(),

(4) OVMF locks down SMM only in PlatformBdsPolicyBehavior(), hence the
    driver runs with SMM unlocked.

The BdsEntry() function of the MdeModulePkg BDS driver (in file
"MdeModulePkg/Universal/BdsDxe/BdsEntry.c") recommends to "Signal
ReadyToLock event" in PlatformBootManagerBeforeConsole() -- which
corresponds to PlatformBdsInit() --, not in
PlatformBootManagerAfterConsole() -- which corresponds to
PlatformBdsPolicyBehavior().

Albeit an independent question, but it's worth mentioning: this patch also
brings OvmfPkg's PlatformBdsInit() closer to ArmVirtPkg's. Namely, the
latter signals End-of-Dxe in PlatformBdsInit() already.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
2016-04-28 19:35:26 +02:00
Laszlo Ersek 058196bbb3 MdeModulePkg: PiDxeS3BootScriptLib: honor PcdAcpiS3Enable
In the edk2 tree, there are currently four drivers that consume
PcdAcpiS3Enable:

  IntelFrameworkModulePkg/Universal/Acpi/AcpiS3SaveDxe/AcpiS3SaveDxe.inf
  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
  MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf
  MdeModulePkg/Universal/Acpi/SmmS3SaveState/SmmS3SaveState.inf

From these, AcpiS3SaveDxe is the only one that isn't also a client of the
S3BootScriptLib class; all the others (BootScriptExecutorDxe,
S3SaveStateDxe, SmmS3SaveState) are clients of the S3BootScriptLib class.

In turn, the edk2 tree contains only one non-Null instance of the
S3BootScriptLib class:

  MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf

Therefore we can safely state that BootScriptExecutorDxe, S3SaveStateDxe,
and SmmS3SaveState are all linked against PiDxeS3BootScriptLib.

Now, if PcdAcpiS3Enable is FALSE when either of BootScriptExecutorDxe,
SmmS3SaveState, or SmmS3SaveState is dispatched, then the following
happens:

- The constructor of PiDxeS3BootScriptLib, function
  S3BootScriptLibInitialize(), registers a protocol installation callback
  for gEfiDxeSmmReadyToLockProtocolGuid. Namely, the function
  S3BootScriptEventCallBack().

- The driver immediately exits with EFI_UNSUPPORTED from its entry point
  function, upon seeing PcdAcpiS3Enable == FALSE. (See commits
  800c02fbe2, 125e093876, and d2d38610603f6.)

- This leaves a dangling callback pointer in the DXE core.

- When Platform BDS installs gEfiDxeSmmReadyToLockProtocolGuid (which is a
  valid thing to do for locking down SMM, even in the absence of S3
  support!), things blow up.

Fix this issue by returning immediately from S3BootScriptLibInitialize()
if PcdAcpiS3Enable is FALSE -- it is useless to initialize the library
instance if the containing driver module exits first thing in its entry
point.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jaben Carsey <Jaben.carsey@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2016-04-28 19:34:13 +02:00
Jiaxin Wu 59844e1266 NetworkPkg: Fix incorrect buffer free in HttpDxe
FragmentBuffer of each TcpWrap in HttpDxe should not be
freed in HttpTcpTokenCleanup(). This buffer points to
HttpMsg body actually, which is the responsibility of the
caller to allocate a buffer for Body.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-04-28 16:28:04 +08:00
Jiaxin Wu b347a22aec NetworkPkg: Avoid the indefinite wait case in HttpDxe
Need the timer check to avoid the indefinite wait case
in HttpDxe driver
A.HTTP receive Header process in HttpTcpReceiveHeader();
B.HTTP receive Body process in HttpTcpReceiveBody();

Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Cc: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-04-28 16:27:42 +08:00
Liming Gao 467d5f6b30 MdeModulePkg: DxeCore MemoryPool Algorithm Update
Use 128 bytes as the start size region to be same to previous one.

64 bytes is small as the first range. On X64 arch, POOL_OVERHEAD
takes 40 bytes, the pool data less than 24 bytes can be fit into
it. But, the real allocation is few that can't reduce its free pool
link list. And, the second range (64~128) has more allocation
that also increases the free pool link list of the first range.
Then, the link list will become longer and longer. When LinkList
check enable in DEBUG tip, the long link list will bring the
additional overhead and bad performance. Here is the performance
data collected in our X64 platform with DEBUG enable.
64  byte: 22 seconds in BDS phase
128 byte: 19.6 seconds in BDS phase

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
2016-04-28 10:46:42 +08:00
Tapan Shah a5b731e085 ShellPkg: Fix typos and EDK2 coding style issues
Fixing typos and EDK2 coding style issues found from previous submit

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Tapan Shah <tapandshah@hpe.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
2016-04-27 09:29:35 -07:00
Abdul Lateef Attar 262e2d94b6 ShellPkg: Fix pci command for '_e' option
ShellPkg: Fix pci command for '_e' option

    Processing of '_e' argument was missing.
    Added fix, to process the '_e' option
    for printing additional AER information.

    Contributed-under: TianoCore Contribution Agreement 1.0
    Signed-off-by: Abdul Lateef Attar <abdul-lateef.attar@hpe.com>
	Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
	Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
2016-04-27 09:27:39 -07:00
Dandan Bi c87b13cdb5 MdeModulePkg: Export ConfigResp only for form Package after ReadyToBoot
The Hii runtime support feature will export the content of
HiiDatabase and the ConfigResp string to runtime buffer
after ReadyToBoot event is triggered. If some drivers
add/update/remove packages from Hiidatabase after ReadyToBoot:
Originally we will both export the content of HiiDatabase and
the ConfigResp string for all packages.
But now after investigation, we found only for form packages need
to export the content of HiiDatabase and the ConfigResp string,
for other packages just need to export the content of HiiDatabase.
Now to enhance this logic.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
2016-04-27 16:39:47 +08:00
Dandan Bi e626a36c93 MdeModulePkg: BOOLEAN type needn't to compare to TRUE/FALSE explicitly
Fix this issue to follow the coding style.

Cc: Qiu Shumin <shumin.qiu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
2016-04-27 16:39:46 +08:00
Liming Gao 41a779e77f MdeModulePkg: Add description to MdeModulePkg AcpiTable driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2016-04-27 14:41:36 +08:00
Nagaraj Hegde 19c2572560 NetworkPkg:HttpDxe:Consume DxeHttpLib API changes
HttpGenRequestString is updated to HttpGenRequestMessage,
with an additional argument. This patch updates the caller
of the DxeHttpLib API. Also, we will avoid adding any '\0'
to the string, which was added to make AsciiStrLen to
work on the string.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Nagaraj Hegde <nagaraj-p.hegde@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
2016-04-27 10:43:18 +08:00
Nagaraj Hegde e297a0a498 MdeModulePkg:DxeHttpLib: Update to DxeHttpLib API
Rename and update the logic of HttpGenRequestString API provided
by DxeHttpLib. The RequestString size is returned as an argument.
The user is not expected to do a AsciiStrLen anymore, and is not
logical too, since request string can contain message body and
using AsciiStrLen on such a string can provide truncated lengths.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Nagaraj Hegde <nagaraj-p.hegde@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
2016-04-27 10:43:08 +08:00