Since the PGD series registers are in an unknown state when reset, some
simulators will hang when restarting if these registers are not cleared,
so they are cleared in this patch.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Chao Li <lichao@loongson.cn>
The following individuals are no longer active maintainers:
- Wenxing Hou
- Zhichao Gao
- Chan Laura
- Catharine West
Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
PrePeiCore and Sec directly write the firmware version to the serial port.
They relies on another component to initialize the serial port, however
in certain configurations (such as release builds that don't use a
DebugLib that initializes the serial port), the serial port can be
uninitialized at this point, causing a crash when SerialPortWrite
is called here.
This patch updates PrePeiCore and Sec to call SerialPortInitialize before
calling SerialPortWrite directly, which follows the pattern of
other serial port writes. It is accepted to call the initialization
routine multiple times, it is supposed to dump out if the serial
port is already initialized.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Susovan is no longer an active contributor.
Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4793
MCUD Data Region Length(DATA_LEN_OF_MCUD) pushed to stack
is incorrect for 64-bit. The Data occupied by MCUD section
is 32 bytes in 64-bit instead of 16 bytes in 32-bit. This
commit inputs the correct the Data Region Length for the
MCUD Section and also corrects the code that retrieves this
data.
Signed-off-by: Aravind P R <aravind.p.r@intel.com>
Commit 2f499c36db commented out the
RandomTestCase tests in CpuPageTableLibTestHost, but it left the
test suite being registered without any tests. This causes a failure
for tools that check to ensure tests are being registered with test
suites.
This patch comments out the test suite in addition to the tests
being added to it.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
According to the TCG EFI platform specification, the firmware must
measure the EV_SEPARATOR event into PCRs 0-7. As PCR[1] and PCR[7]
map to RTMR[0], and PCRs [2-6] map to RTMR[1], it is necessary to
measure one EV_SEPARATOR event into RTMR[0] and another one into
RTMR[1].
An issue is found in TdTcg2Dxe that 2 EV_SEPARATOR events are measured
to RTMR[0] but no EV_SEPARATOR event is measured to RTMR[1]. This
patch fixes the above issue.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Qinkun Bao <qinkun@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Allocate EfiACPIMemoryNVS buffer for TCG2 related usage in
Tcg2ConfigPeim. The buffer will be used in Tcg2Acpi driver
to retrive information from SMM environment.
Previously, the buffer used in Tcg2Acpi driver is AcpiNvs
type. But I mistakenly thought the Runtime Data type buffer
should also work. So I used API AllocateRuntimePages() to
allocate buffer in 9a76c7945b and consume the buffer in
e939ecf6c1. Recently we found that if the buffer type is
Runtime Data instead of AcpiNvs, BSOD issue happened after
boot into OS.
So this commit is to Allocate EfiACPIMemoryNVS buffer for
TCG2 usage in SMM to align with the initial code logic.
Signed-off-by: Dun Tan <dun.tan@intel.com>
The value of the Pages for TCG2 communication buffer
should be EFI_SIZE_TO_PAGES(sizeof(TCG_NVS)) instead of
sizeof(TCG_NVS).
Signed-off-by: Dun Tan <dun.tan@intel.com>
Introduce state machine to improve the code flow in GetBootFile()
to make it more readable. Allows new states to be easily added
without adding further nested ifs.
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
The following message is visible on mergify runs:
"The configuration uses the deprecated merge_method attribute of the
queue action in one or more pull_request_rules. It must now be used
under the queue_rules configuration."
With the following warning:
"A brownout is planned on August 26th, 2024.
This option will be removed on September 23rd, 2024."
This change updates the configuration file to comply with the new
format.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
This patch fixes a leak of memory allocated for the RAM disk in cases
when an error occurred while reading contents of a file from disk
or RamDiskRegister() returned some error condition.
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
Currently EDK2 is supporting VS2022, with VS2022 EmulatorPkg build is
failing, this patch is to add the VS2022 support for WinHost
Signed-off-by: Ashraf Ali <ashraf.ali.s@intel.com>
Add helper function HexDump for printing hex dump of CM Object fields.
Also merge multiple flavors of PrintCharX into one function PrintChars
by using the field length.
Signed-off-by: Dat Mach <dmach@nvidia.com>
Extending the Redfish Credential protocol to allow Redfish Clients
to be registered/unregistered for tracking their end of work
and delete a bootstrap account when all registered Redfish clients
finish their communication with Redfish service.
Redfish Http module also was updated to register/unregister clients
on Redfish Service creation/stop event.
Cc: Abner Chang <abner.chang@amd.com>
Cc: Nickle Wang <nicklew@nvidia.com>
Signed-off-by: Igor Kulchytskyy <igork@ami.com>
This change is added to incorporate basic implementation for
CRC16-CCITT-FALSE algorithm.
This function is useful for providing CRC16 value used in other data
structures that requires CRC16 value that complies with JEDEC SPD
requirements, i.e. BDAT table.
The lookup table is inherited from `https://crccalc.com/` and the result
values are also compared against this site.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
Some multi-function input devices (e.g. combo keyboard and mouse)
present as IAD-style devices (https://www.usb.org/defined-class-codes,
https://learn.microsoft.com/en-us/windows-hardware/drivers/usbcon/usb-interface-association-descriptor).
Historically, multi-function devices would report a DeviceClass of 0,
indicating that interface matching should be done on the interface
descriptor rather than the global device descriptor.
IAD-style devices us DeviceClass of 0xEF, so they don't match
MatchUsbClass() for keyboard (DeviceClass=3, SubClass=1, Proto=1). If
they are treated as if they had a DeviceClass of zero, which is more
traditional for legacy multi-function devices, then the interface
descriptors are used instead and these types of devices will "just work"
without needing to add a custom USB device path to ConIn.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
Since the edk2 repository is owned by an organization, the default
GitHub token will not be able to access the collaborator list.
Therefore, a GitHub App with `metadata:read` permission will be used
to grant access to that REST API. This is used in GitHub.py when it
makes the `repo_gh.get_collaborators()` call that resolves to the
`/repos/{owner}/{repo}/collaborators` GitHub REST API.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
To make the Python code used within the action more mantainable over
time, it is moved to a standalone script in .github/scripts.
No functional changes are made to the workflow itself.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Adds additional documentation and cleans up debug messages printed
to GitHub workflow output (available in the GitHub Actions pane).
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Enhances the flow that adds a comment on a PR if a non-collaborator
is in the reviewer list by checking if a comment was previously left
on the PR. If it was for the same set of non-collaborators, another
comment is not created. If a new non-collaborator is discovered, the
message will be left identifying that new user account.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
If a non-collaborator is part of the reviewer list, an admin needs
to be notified so they can be removed.
This change finds the list of admins for the repo and notifies them
in the comment left on the PR describing the list of non-collaborator
users. The message itself is cleaned up to show only the
non-collaborator users for ease of identification.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Updates logic to:
- Not request reviews from reviewers that have already left a review
on the PR. Previously, the reviewers review (e.g. approval) would
remain on the PR, but they would be notified on each change to the
PR. This approach follows the expected notification process for
requesting reviews which is one time. Maintainers and reviewers can
set up their own notifications for more granular updates on PR
activity separately.
- Add the collaborator reviewers if a reviewer(s) is found to not be
a collaborator. This is an improvement to today's behavior which is
to not add any reviewers if a single reviewer is not a collaborator
of the repo.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Removed the `download_gh_file()` function which is no longer needed
with sparse checkout.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Uses PyGithub for GitHub interactions instead of the GitHub REST API
directly.
This simplifies the code, improves error handling and robustness, and
lets the PyGithub project abstract GitHub REST API changes that may
occur over time.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Uses `GitPython` instead of invoking the git executable directly.
This has the benefit of improving code readability and less support
code for binary interaction.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
- Optimizes and makes the PIP module installation process for the
workflow more robust by caching the pip modules used so the only
time the workflow needs to reach to PyPi is when new PIP modules
are published.
- Improves long term stability by locking the major versions for PIP
modules in the workflow. This is to reduce overall maintenance over
time to automatically pick up new versions while also not being
broken in the process.
- Removes edk2-pytool-extensions as it is not used.
The new "requirements.txt" file is used to lock versions and support
the caching step which depends on a requirements file.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Optimizes the repository checkout step from an average time of 21
to 1 second by performing a sparse checkout of only the file paths
needed for the workflow run at a fetch depth of 1.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
In this commit, we rename IsAddressValid function to
IsSmmProfilePFAddressAbove4GValid and remove unneeded
code logic in it.
Currently, IsAddressValid is only used in the function
RestorePageTableAbove4G. It's used to identify if a SMM
profile PF address above 4G is inside mProtectionMemRange
or not. So we can remove the PcdCpuSmmProfileEnable FALSE
condition related code logic in it. Also the function name
is change to be more detailed and specific.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Remove unneeded calling of SmmProfileMapPFAddress () in
SmmProfileMapPFAddress if SMM profile is not started.
Previously, before SMM profile is started at ReadyToLock,
SMM page table only covers [0, 4G]. The access to the range
above 4G will cause PF. SmmProfileMapPFAddress is needed
here to map the PF address before SMM profile is started.
Now we always create full mapping SMM page table in the
SmmInitPageTable(). When SMM profile is enabled, before
SMM profile is started at ReadyToLock, SMM page table
covers [0, MaxSupportedPhysicalAddress]. So the case that
access to the range above 4G causes PF won't happen
anymore.
Then we can remove the calling of SmmProfileMapPFAddress
before SMM profile is started.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Rename SmiDefaultPFHandler to SmiProfileMapPFAddress
and move the implementation to SmmProfileArch.c since
it only will be used when SMM profile is enabled.
Signed-off-by: Dun Tan <dun.tan@intel.com>
In this commit, we remove duplicate CpuDeadLoop in
SmiPfHandler where mCpuSmmRestrictedMemoryAccess is
TRUE.
With last commit, we always call CpuDeadLoop if SMM
profile is disabled. Then the CpuDeadLoop calling
for the condition (mCpuSmmRestrictedMemoryAccess &&
IsSmmCommBufferForbiddenAddress (PFAddress)) is not
needed anymore. We also modify the IA32 related code
to be aligned with X64.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Always call CpuDeadLoop() in SmiPFHandler if SMM
profile is disabled.
Previously, when PcdCpuSmmRestrictedMemoryAccess is
FALSE, SMM page table only covers [0, 4g]. When code
access to range above 4g happens, SmiPFHandler will map
the accessed not-present range to present. After we
always create full mapping page table, the dynamic page
table creation logic is only needed when SMM profile is
enabled. So we use CpuDeadLoop() in SmiPFHandler to cover
the all the PF exception when SMM profile is disabled
Considering that [0, 4g] is always mapped in SMM page
table, we also modify the IA32 SmiPFHandler code to be
aligned with X64 code.
Signed-off-by: Dun Tan <dun.tan@intel.com>
In this commit, we only set some special bits in paging entry
content when SMM profile is enabled.
Previously, we set Pml4Entry sub-entries number and set the
IA32_PG_PMNT bit for first 4 PdptEntry. It's to make sure that
the paging structures cover [0, 4G] won't be reclaimed during
dynamic page table creation.
In last commit, we always create full mapping SMM page table
regardless PcdCpuSmmRestrictedMemoryAccess. With this change,
we only need to dynamic create SMM page table in smm PF handler
when PcdCpuSmmProfileEnable is TRUE.
So the sub-entries number and IA32_PG_PMNT bit in paging entry
is only needed to set when PcdCpuSmmProfileEnable is TRUE.
Signed-off-by: Dun Tan <dun.tan@intel.com>
In this commit, we always create full mapping SMM page
table in SmmInitPageTable regardless the value of the
PcdCpuSmmRestrictedMemoryAccess.
Previously, when PcdCpuSmmRestrictedMemoryAccess is false,
only [0, 4G] is mapped in smm page table in SmmInitPageTable.
If the range above 4G is accessed in SMM, SmiPFHandler will
create new paging entry for the accessed range. To simplify
the code logic, we also create full mapping SMM page table
in SmmInitPageTable when PcdCpuSmmRestrictedMemoryAccess is
false. Then we don't need to dynamic create paging entry for
range above 4G except SMM profile is enabled.
The comparison of SMM page table before and after the change
under different configuration are listed here:
1.PcdCpuSmmRestrictedMemoryAccess is TRUE
No change
2.PcdCpuSmmRestrictedMemoryAccess is FALSE and
PcdCpuSmmProfileEnable is TRUE
Before: the SMM page table when ReadyToLock covers
1. SMRAM range 2.SMM profile range
3. MMIO range below 4G
After: the SMM page table when ReadyToLock covers
1. SMRAM range 2.SMM profile range
3. MMIO range below 4G and above 4G
3.PcdCpuSmmRestrictedMemoryAccess is FALSE and
PcdCpuSmmProfileEnable is FALSE
Before: the SMM page table when ReadyToLock covers
[0, 4G]
After: the SMM page table when ReadyToLock covers
[0, MaxSupportPhysicalAddress]
Signed-off-by: Dun Tan <dun.tan@intel.com>
This reverts commit bef0d333dc "UefiCpuPkg/PiSmmCpuDxeSmm:
Fix system hang when SmmProfile enable".
The commit bef0d333dc was added to modify the code logic in
InitPaging() to fix a code assert issue. Previously, the root
cause of this issue is that we try to only set NX attribute
for not-present MMIO range above 4G when SMM profile feature
is enabled, which is not allowed by CpuPageTableLib.
But after we always create full mapping initial SMM page
table in the next commit, this code assert issue won't happen
anymore since MMIO range above 4g will also be present in SMM
page table before InitPaging().
Meanwhile another issue was introduced by commit bef0d333dc:
In the entrypoint of PiSmmCpuDxe driver, we will set some
pages in stack range as not-present in SMM page table if
PcdCpuSmmStackGuard or PcdControlFlowEnforcementPropertyMask
is TRUE. But in commit bef0d333dc, all SMRAM range are set
to present in InitPaging() if SMM profile is enabled. Then
the stack guard and shadow stack features do not work anymore.
So let's revert the commit "UefiCpuPkg/PiSmmCpuDxeSmm: Fix
system hang when SmmProfile enable"
Signed-off-by: Dun Tan <dun.tan@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4821
- The capsule payload digest got hardcoded inside the GenerateCapsule
script as "sha256".
- It would be hard for the caller to change the supported hash algorithm
which supported on OpenSSL or Windows signtool program and platform.
- Capsule payload digest signed data is followed by the PKCS#7 standard,
in EDK-II CryptoPkg "Pkcs7Verify ()" is supported to validate with
several hash algorithms naturally.
(md5, sha1, sha256, sha384, and sha512)
- Deliver below changes within this patch,
(1) Introduce an optional argument "--hash-algorithm" to assign
the caller expected one and leave the default value "sha256"
to support the backward compatibility.
(2) Add the double quotes to put the string of certificate's
subject name inside it.
(3) Set "Open" argument of "SignToolSubjectName" into "False".
(4) Set "Convert" argument of "SignToolSubjectName: into "str".
(5) Correct the actual name of the "--subject-name" flag.
(6) Add back correct number of arguments for PayloadDescriptor
class object initializing.
Note:
- Platform needs to support the correspond hash algorithm to validate
the digital signature or the failure would be observed.
- Set the md5 and sha1 algorithm as EOL based on the CryptoPkg supported
table and reject the capsule creation.
Signed-off-by: Jason1 Lin <jason1.lin@intel.com>
The flag for HTTU override in an SMMUv3 node in the IORT table is
defined in MdePkg/Include/IndustryStandard/IoRemappingTable.h as
a single bit. BIT0 or BIT1. The implementation of this field is
actually two bits, with the following mapings:
0b0000: Hardware update of the Access flag and dirty state are not
supported.
0b0001: Support for hardware update of the Access flag for Block and
Page descriptors.
0b0010: As 0b0001, and adds support for hardware update of the Access
flag for Block and Page descriptors. Hardware update of dirty state is
supported.
Referenced in Arm® System Memory Management Unit Architecture Specification
SMMU architecture version 3:
https://documentation-service.arm.com/static/63d7a2d5e4378a55c5e045b9
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
WinRcPath generally takes about 2 seconds to run, due to calling
multiple .bat files behind the scenes. This change reduces this time to
~0 seconds due to the following changes:
1. It will attempt to load the path from the cache, which is located a
$(WORKSPACE)/Conf/.rc_path. If the loading is a success and the rc_path
still exists, it will use it.
2. If the cache did not exist, or the path provided by the cache does
not exist, it will find the rc path via the .bat files. If that
succeeds, it will write the path to the cache.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
The patch at "1fc55a3933b0 OvmfPkg: Use heap memory
for virtio-scsi request" modified the virtio-scsi
request header memory to be allocated from the heap.
In doing so the request structure header which was
a local variable on the stack was converted to be a
pointer. This required adjusting the size computation
for the request header to reflect that the structure
was changed to a pointer.
Unfortunately, this was missed out in the call to
VirtioAppendDesc() for enqueuing the request due to
which only 8 bytes were being shared with the host
instead of the size of the VIRTIO_SCSI_REQ structure
which is 51 bytes.
This resulted in the following error message to
be printed by qemu: "qemu-system-<arch>: wrong size
for virtio-scsi headers" and the virtio-scsi
functionality degraded.
Therefore, pass the correct size of the virtio-scsi
request header when enqueuing the request.
Reported-by: Aithal Srikanth <sraithal@amd.com>
Tested-by: Aithal Srikanth <sraithal@amd.com>
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
The SmmS3Cr3 is only used by S3Resume PEIM to switch CPU from 32bit
to 64bit, it should be the CR3 for Non-SMM environment and init by
InitSmmS3Cr3 function. No need set to SMM CR3.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Chao Li
Nate DeSimone
Oliver Smith-Denny
Aravind P R
dependabot[bot]
Oliver Smith-Denny
Min M Xu
Michael G.A. Holland
Dun Tan
Saloni Kasbekar
Michael Kubacki
Mike Maslenkin
Ashraf Ali
Dat Mach
Igor Kulchytskyy
kuqin12
John Schock
Jason1 Lin
joe
Joey Vagedes
Sami Mujawar
Jiaxin Wu