Commit Graph

243 Commits

Author SHA1 Message Date
Yingke Liu 55668ca245 BaseTools/Trim: Fixed a bug that cannot trim long values
The long value substitution must move to the front of
HEX substitution, and updated build_rule to add --trim-long

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18170 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-06 08:05:59 +00:00
Ard Biesheuvel c4a59af8c1 BaseTools IA32/X64: Use GccBase.lds instead of gcc*-ld-script
These scripts all now have the same contents, so we only need to use
GccBase.lds. Therefore we can delete gcc-4K-align-ld-script,
gcc4.4-ld-script and gcc4.9-ld-script.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18142 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-03 08:23:59 +00:00
Ard Biesheuvel 6b3720e438 BaseTools AARCH64: move to unified GCC linker script
Drop the GCC AARCH64 specific linker script and use the new
unified one instead.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Tested-by: Leif Lindholm <leif.lindholm@linaro.org>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18138 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-03 08:23:05 +00:00
Ard Biesheuvel c28a4ab663 BaseTools IA32/X64: get header size and alignment from ld commandline
Instead of hardcoding the values for the PE/COFF header size and the
section alignment, set them on the linker command line. This factors
out these values from the various linker scripts, which will allow us
to unify them in a subsequent patch.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18134 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-03 08:22:16 +00:00
Leif Lindholm 28e80befa4 BaseTools: aarch64: add -fno-asynchronous-unwind-tables to gcc cflags
Some toolchains, at least Fedora GCC, generate inline unwind tables in
object files. These confuses GenFw to no end, leading to build failures:
  GenFw: ERROR 3000: Invalid WriteSections64(): ...
         unsupported ELF EM_AARCH64 relocation 0x105.
  GenFw: ERROR 3000: Invalid WriteSections64(): ...
         unsupported ELF EM_AARCH64 relocation 0x0.

I am aware of no current use of these tables, so explicitly disable
their generation for aarch64.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Tested-by: Wei Huang <wei@redhat.com>
Reviewed-by: Olivier Martin <olivier.martin@arm.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17905 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-09 16:29:44 +00:00
Ard Biesheuvel 64a910f3da BaseTools: AArch64: use explicit linker scripts
Instead of relying on the builtin linker script of GNU ld, which
may vary based on binutils version (which is not tightly coupled to
the GCC version) and linker command line options, introduce a linker
script for AArch64 to be used by all GCC/binutils versions.

The script is laid out such that two ELF sections .text and .data are
created that map onto the PE/COFF with the same names. By aligning
.data to the minimum alignment of .text, and by not adding any
additional padding -which is what LD's builtin linker script does- the
relative offset between .text and .data is retained after the PE/COFF
conversion. This should prevent problems with debuggers and other
tooling that are ELF based.

Also provided is an overlay linker script that increases the alignment
of .text and .data to 64 KB. This is intended for DXE_RUNTIME_DRIVER
modules, to make them compatible with the newly introduced
Properties Table feature.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Olivier Martin <Olivier.Martin@arm.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17824 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-06 15:57:50 +00:00
Jordan Justen 288ed59079 Revert tree to r17801
Revert r17802 "BaseTools: AArch64: use explicit linker scripts"
Revert r17803 "ArmVirtPkg: build runtime drivers with 64 KB section alignment"
Revert r17804 "IntelFrameworkModulePkg: AcpiS3SaveDxe: prepare for End-of-Dxe callback"
Revert r17805 "IntelFrameworkModulePkg: AcpiS3SaveDxe: call S3Ready() at End-of-Dxe"
Revert r17806 "OvmfPkg: AcpiS3SaveDxe: prepare for End-of-Dxe callback"

Requested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17807 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-02 07:23:33 +00:00
Ard Biesheuvel f0dbe9fa0a BaseTools: AArch64: use explicit linker scripts
Instead of relying on the builtin linker script of GNU ld, which
may vary based on binutils version (which is not tightly coupled to
the GCC version) and linker command line options, introduce a linker
script for AArch64 to be used by all GCC/binutils versions.

The script is laid out such that two ELF sections .text and .data are
created that map onto the PE/COFF with the same names. By aligning
.data to the minimum alignment of .text, and by not adding any
additional padding -which is what LD's builtin linker script does- the
relative offset between .text and .data is retained after the PE/COFF
conversion. This should prevent problems with debuggers and other
tooling that are ELF based.

Also provided is an overlay linker script that increases the alignment
of .text and .data to 64 KB. This is intended for DXE_RUNTIME_DRIVER
modules, to make them compatible with the newly introduced
Properties Table feature.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17802 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-02 06:36:00 +00:00
Yingke Liu bbb6369486 BaseTools: Updated tool_def to support 4K alignment.
Replace '/MERGE:.data=.text /MERGE:.rdata=.text' with /MERGE:.rdata=.data

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17726 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-29 03:14:33 +00:00
Yingke Liu 061eb5c31d BaseTools: Update IASL download link and remove specific version info.
The version of IASL compiler in the tools_def.template file no longer exists on the acpica.org site.
Update download link and remove the specific version info from the tools_def.template file.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17725 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-29 03:10:25 +00:00
Yingke Liu 867d1cd4cd BaseTools: Append FILE_GUID to BaseName.
This patch makes sure the EFI file in $(BIN_DIR) is unique. If there are modules with same BaseName, the FILE_GUID is appended.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17608 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-10 07:50:59 +00:00
Liming Gao 49b0a79388 BaseTools: Update BuildRule for *.nasmb
*.nasmb is place of *.asm16. To keep the same output file, copy the output
file with .com postfix.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17580 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-08 09:44:57 +00:00
Jordan Justen c85bc0c9d4 BaseTools/Conf: Don't support upper case nasm extensions
For *.asm and *.s, there have been cases of *.Asm and *.S files, but
since the nasm extensions are new, we don't need to support the upper
case extensions.

In other words, remove .Nasm and .NASM.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17544 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-01 23:21:00 +00:00
Yingke Liu ec22bede67 BaseTools: Add default BuildRuleOrder in tools_def.template
*_*_*_*_BUILDRULEORDER = nasm Nasm NASM asm Asm ASM S s
*_XCODE32_*_*_BUILDRULEORDER    = S s nasm Nasm NASM
*_XCLANG_*_*_BUILDRULEORDER     = S s nasm Nasm NASM
*_XCODE5_*_*_BUILDRULEORDER     = S s nasm Nasm NASM

Tool Chain in Mac Os will use S as the first priority. Other tool chains
use nasm as the first priority.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17510 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-26 10:32:47 +00:00
Cinnamon Shia ca04b83afb NT32Pkg: Fix build errors from building secure boot with NT32 X64
Root cause: The CryptoPkg\Library\IntrinsicLib needs override MSFT build option to remove /Oi and /GL, 
but it doesn’t work because of the build option override in Nt32Pkg.dsc.
Solution: Remove /X in BaseTools/Conf/tools_def.template

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Cinnamon Shia <cinnamon.shia@hp.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17069 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-23 05:39:51 +00:00
Liming Gao c5f1d437ed BaseTools Fix NASM tool version in comments of tools_def.template
NASM tool version should be 2.07 instead of 2.0.7.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16596 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-09 10:07:02 +00:00
Scott Duplichan 62771cee1d Fix ARM build failure with gcc 4.6.
Gcc option -mno-unaligned-access is supported by gcc 4.7 and newer, so it shouldn't be used with gcc 4.6.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Olivier Martin <Olivier.martin@arm.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16464 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-02 00:44:04 +00:00
Scott Duplichan 915a379b1c BaseTools: Extend support for Windows hosted gcc to versions 4.4-4.7.
Revision 16400 adds support for Windows hosted gcc versions 4.8 and 4.9.
With this change, all of the GCCXX tool chains can be used from Windows.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16418 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-24 02:43:17 +00:00
Scott Duplichan 285a175441 BaseTools: Modify gcc 4.8 and 4.9 tool chain definition to support building from Windows.
Here is a new patch that adds Windows support for both gcc 4.8.x and gcc 4.9.x. 
This time testing is more thorough: boot testing using Duet for all 4 combinations of 
IA32/X64 and gcc 4.8.2 and gcc 4.9.1 passes. A Windows hosted gcc 4.8.2 has been added here:
http://sourceforge.net/projects/edk2developertoolsforwindows/

The environment variable settings for Windows look like:

set UEFI_BUILD_TOOLS=%cd%\tools
set NASM_PREFIX=%UEFI_BUILD_TOOLS%\nasm211\
set GCC48_BIN=%UEFI_BUILD_TOOLS%\gcc482-x86\bin\
set GCC48_DLL=%UEFI_BUILD_TOOLS%\gcc482-x86\dll\;%GCC48_BIN%
set GCC48_ARM_PREFIX=%UEFI_BUILD_TOOLS%\gcc482-arm\bin\
set GCC48_AARCH64_PREFIX=%UEFI_BUILD_TOOLS%\gcc482-aarch64\bin\
set GCC49_BIN=%UEFI_BUILD_TOOLS%\gcc491-x86\bin\
set GCC49_DLL=%UEFI_BUILD_TOOLS%\gcc491-x86\dll\;%GCC49_BIN%
set GCC49_ARM_PREFIX=%UEFI_BUILD_TOOLS%\gcc491-arm\bin\
set GCC49_AARCH64_PREFIX=%UEFI_BUILD_TOOLS%\gcc491-aarch64\bin\

No change is needed for building from Linux. 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16400 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-18 02:38:20 +00:00
Liming Gao d808fc659d BaseTools: Correct NASM output file type for UNIXGCC and CYGGCC.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16399 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-18 02:19:47 +00:00
Nikolai Saoukh 0a0ca7877d BaseTools: Use '/' as path separator for objcopy --add-gnu-debuglink
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Nikolai Saoukh <nms@otdel-1.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16172 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-25 02:29:18 +00:00
Andrew Fish e5367bfb61 BaseTools: Fix XCODE5 to work properly with NASM
The default object type for NASM is raw binary, and this will not link.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrew Fish <afish@apple.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16085 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-10 16:48:59 +00:00
Jordan Justen b3f9cdaebb BaseTools tools_def: Indicate that NASM 2.07 or later is required
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16018 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-01 17:22:58 +00:00
Jordan Justen ff0279814a BaseTools build_rule: Add .nasm => .obj build rule
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16017 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-01 17:22:51 +00:00
Jordan Justen 9a5a743582 BaseTools tools_def: Add NASM_FLAGS
Note: Only tested with the GCC49 toolchain so far.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16016 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-01 17:07:19 +00:00
Anderw Fish 9358dc21e7 BaseTools: Cleanup XCODE build rules
Update C-Code-File rule since XCODE never needs the SYMRENAME step.
Add *.S16 to Mash16-Code-File rule to supoprt 16-bit assmebly with XCODE

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Anderw Fish <afish@apple.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com> 


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15980 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-29 18:34:04 +00:00
Anderw Fish 4484f397d3 BaseTools: Add the XCODE5 tools target to supoprt Xcode 5
Xcode 5 changed the arguments required to supoprt X64 EFIAPI so it is a new 
target. XCODE5 supports Xcode 5.* and Xcode 6.*, and will probably support
future versions of Xcode as well. 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Anderw Fish <afish@apple.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com> 



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15979 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-29 18:29:46 +00:00
Yingke Liu 97fa0ee9b1 License header updated to match correct format.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15971 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-28 13:53:34 +00:00
Andrew Fish 057ac410e3 BaseTools: add support Xcode 5 in the EmulatorPkg
The XCODE32 target is used to build the x86_64 Mac OS X application for the 
emulator. The other Xcode targets build the EFIAPI needed for UEFI. This patch
removes an obsolete command line argument.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrew Fish <afish@apple.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15930 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-28 04:57:12 +00:00
Olivier Martin cb60328323 BaseTools: Added support for GCC stack protector for ARM architecture
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Olivier Martin <olivier.martin@arm.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15854 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-20 18:02:38 +00:00
Jordan Justen abb158ded4 BaseTools: Add rules to build NASM source file into a binary
v2:
 * Use EDK II tool name of NASMB rather than NASMBIN
 * Use EDK II extension of .nasmb rather than .nasmbin
v3:
 * Create listing file
 * Don't change into source directory
 * Add ENV(NASM_PREFIX) before nasm for NASM_PATH

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15820 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-18 23:03:17 +00:00
Michael Kinney 65ce860e49 Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney  <michael.d.kinney@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>

Add support for RSA 2048 SHA 256 signing and verification encoded in a PI FFS GUIDED Encapsulation Section.  The primary use case of this feature is in support of signing and verification of encapsulated FVs for Recovery and Capsule Update, but can potentially be used for signing and verification of any content that can be stored in a PI conformant FFS file.  Signing operations are performed from python scripts that wrap OpenSsl command line utilities.  Verification operations are performed using the OpenSsl libraries in the CryptoPkg.

The guided encapsulation sections uses the UEFI 2.4 Specification defined GUID called EFI_CERT_TYPE_RSA2048_SHA256_GUID.  The data layout for the encapsulation section starts with the UEFI 2.4 Specification defined structure called EFI_CERT_BLOCK_RSA_2048_SHA256 followed immediately by the data.  The signing tool included in these patches performs encode/decode operations using this data layout.  HashType is set to the UEFI 2.4 Specification defined GUID called EFI_HASH_ALGORITHM_SHA256_GUID.

MdePkg/Include/Guid/WinCertificate.h
================================= 
//
// WIN_CERTIFICATE_UEFI_GUID.CertType
// 
#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
  {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }

///
/// WIN_CERTIFICATE_UEFI_GUID.CertData
/// 
typedef struct {
  EFI_GUID  HashType;
  UINT8     PublicKey[256];
  UINT8     Signature[256];
} EFI_CERT_BLOCK_RSA_2048_SHA256;

MdePkg/Include/Protocol/Hash.h
================================= 
#define EFI_HASH_ALGORITHM_SHA256_GUID \
  { \
    0x51aa59de, 0xfdf2, 0x4ea3, {0xbc, 0x63, 0x87, 0x5f, 0xb7, 0x84, 0x2e, 0xe9 } \
  }

The verification operations require the use of public key(s).  A new PCD called gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer is added to the SecurityPkg that supports one or more SHA 256 hashes of the public keys.  A SHA 256 hash is performed to minimize the FLASH overhead of storing the public keys.  When a verification operation is performed, a SHA 256 hash is performed on EFI_CERT_BLOCK_RSA_2048_SHA256.PublicKey and a check is made to see if that hash matches any of the hashes in the new PCD.  It is recommended that this PCD always be configured in the DSC file as storage type of [PcdsDynamixExVpd], so the public keys are stored in a protected read-only region.

While working on this feature, I noticed that the CRC32 signing and verification feature was incomplete.  It only supported CRC32 based verification in the DXE Phase, so the attached patches also provide support for CRC32 based verification in the PEI Phase.

I also noticed that the most common method for incorporating guided section extraction libraries was to directly link them to the DXE Core, which is not very flexible.  The attached patches also add a generic section extraction PEIM and a generic section extraction DXE driver that can each be linked against one or more section extraction libraries.  This provides a platform developer with the option of providing section extraction services with the DXE Core or providing section extraction services with these generic PEIM/DXE Drivers.

Patch Summary
==============
1)	BaseTools - Rsa2049Sha256Sign python script that can perform test signing or custom signing of PI FFS file GUIDed sections
  a.	Wrapper for a set of OpenSsl command line utility operations
  b.	OpenSsl command line tool must be installed in location that is in standard OS path or in path specified by OS environment variable called OPENSSL_PATH
  c.	Provides standard EDK II command line arguments for a tool that encodes/decodes guided encapsulation section 

Rsa2048Sha256Sign - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256Sign -e|-d [options] <input_file>

positional arguments:
  input_file            specify the input filename

optional arguments:
  -e                    encode file
  -d                    decode file
  -o filename, --output filename
                        specify the output filename
  --private-key PRIVATEKEYFILE
                        specify the private key filename. If not specified, a
                        test signing key is used.
  -v, --verbose         increase output messages
  -q, --quiet           reduce output messages
  --debug [0-9]         set debug level
  --version             display the program version and exit
  -h, --help            display this help text

2)	BaseTools - Rsa2049Sha256GenerateKeys python script that can generate new private/public key and PCD value that is SHA 256 hash of public key using OpenSsl command line utilities.
  a.	Wrapper for a set of OpenSsl command line utility operations
  b.	OpenSsl command line tool must be installed in location that is in standard path or in path specified by OS environment variable called OPENSSL_PATH

Rsa2048Sha256GenerateKeys - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256GenerateKeys [options]

optional arguments:
  -o [filename [filename ...]], --output [filename [filename ...]]
                        specify the output private key filename in PEM format
  -i [filename [filename ...]], --input [filename [filename ...]]
                        specify the input private key filename in PEM format
  --public-key-hash PUBLICKEYHASHFILE
                        specify the public key hash filename that is SHA 256
                        hash of 2048 bit RSA public key in binary format
  --public-key-hash-c PUBLICKEYHASHCFILE
                        specify the public key hash filename that is SHA 256
                        hash of 2048 bit RSA public key in C structure format
  -v, --verbose         increase output messages
  -q, --quiet           reduce output messages
  --debug [0-9]         set debug level
  --version             display the program version and exit
  -h, --help            display this help text

3)	BaseTools\Conf\tools_def.template
  a.	Define GUID/Tool to perform RSA 2048 SHA 256 test signing and instructions on how to use alternate private/public key
b.	GUID is EFI_CERT_TYPE_RSA2048_SHA256_GUID
  c.	Tool is Rsa2049Sha256Sign
4)	MdeModulePkg\Library\PeiCrc32GuidedSectionExtractionLib
  a.	Add peer for DxeCrc32GuidedSectionExtractionLib so both PEI and DXE phases can perform basic integrity checks of PEI and DXE components
5)	MdeModulePkg\Universal\SectionExtractionPei
  a.	Generic PEIM that can link against one or more NULL section extraction library instances to provided one or more GUIDED Section Extraction PPIs
6)	MdeModulePkg\Universal\SectionExtractionDxe
  a.	Generic DXE Driver that can link against one or more NULL section extraction library instances to provide one or more GUIDED Section Extraction Protocols.
7)	SecurityPkg\Library\PeiRsa2048Sha256GuidedSectionExtractLib
  a.	NULL library instances that performs PEI phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
  b.	Based on algorithms from SecurityPkg Authenticated Variable services
  c.	Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
8)	SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib
  a.	NULL library instances that performs DXE phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
  b.	Based on algorithms from SecurityPkg Authenticated Variable services
  c.	Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15800 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-14 06:30:10 +00:00
lhauch d8162fb5aa CodeModule: BaseTools - tools_def.txt VS2010, VS2010x86, VS2012 and VS2012x86 update locations for rc.exe tool
This change will point to the correct location of the rc.exe tool.
RC.exe is used for building UEFI compliant drivers that must have a UEFI_HII_RESOURCE_SECTION generated as part of the .efi image file.

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: lhauch <larry.hauch@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15735 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-01 18:11:32 +00:00
Wang, Yu 537bc12400 Add VS2013 tool chain in BaseTools\Conf\tools_def.template. Also, two issues came up related to vs2013 build and caused the build to fail.
Vs2013 issue #1:  warning message about uninitialized variables or pointers like this:
s:\incbld\ia32\intelframeworkmodulepkg\bus\isa\isabusdxe\isabus.c(395) : warning C4701: potentially uninitialized local variable 'DevicePathData' used
s:\incbld\ia32\intelframeworkmodulepkg\bus\isa\isabusdxe\isabus.c(395) : warning C4703: potentially uninitialized local pointer variable 'DevicePathData' used
LINK : fatal error LNK1257: code generation failed
The following online messages shows discussions related to this vs2013 issue and how Microsoft engineer responded.  They suggest a work around by adding the initialization for the variables.
https://connect.microsoft.com/VisualStudio/feedback/details/816730/bogus-warning-from-vs-2013

Vs2013 issue #2:
C:\Program Files\Windows Kits\8.1\include\um\winnt.h(5105) : error C2220: warning treated as error - no 'object' file generated
C:\Program Files\Windows Kits\8.1\include\um\winnt.h(5105) : warning C4005: 'InterlockedCompareExchange64' : macro redefinition
This happened for Nt32Pkg.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang, Yu <yu.wang@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15722 6f19259b-4bc3-4df7-8a09-765794883524
2014-07-31 06:14:01 +00:00
Jordan Justen dafe0fedc5 BaseTools: Add GCC49 toolchain; align data sections to 0x40
GCC 4.9 may use 64-byte (0x40) alignment for data sections.

Therefore we use a different link script for GCC 4.9. The only
difference from the gcc4.4-ld-script is the alignment for data
sections.

When using the GCC48 toolchain with GCC 4.9, this error would be
encountered by GenFw:
> GenFw: ERROR 3000: Invalid
>   Unsupported section alignment.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15697 6f19259b-4bc3-4df7-8a09-765794883524
2014-07-28 17:37:10 +00:00
Gao, Liming e4ac870fe9 Sync BaseTool trunk (version r2670) into EDKII BaseTools.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Liu, Yingke D (yingke.d.liu@intel.com)


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15605 6f19259b-4bc3-4df7-8a09-765794883524
2014-07-01 07:10:10 +00:00
Gao, Liming f51461c829 Sync BaseTool trunk (version r2649) into EDKII BaseTools.
Signed-off-by: Gao, Liming <liming.gao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15188 6f19259b-4bc3-4df7-8a09-765794883524
2014-01-27 05:23:15 +00:00
Gao, Liming 2bc3256ca6 Sync BaseTool trunk (version r2640) into EDKII BaseTools.
Signed-off-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Liu, Jiang A <jiang.a.liu@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15089 6f19259b-4bc3-4df7-8a09-765794883524
2014-01-10 05:25:50 +00:00
Liming Gao 4afd3d0422 Sync BaseTool trunk (version r2599) into EDKII BaseTools.
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Heshen Chen <chen.heshen@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14591 6f19259b-4bc3-4df7-8a09-765794883524
2013-08-23 02:18:16 +00:00
lgao4 25918452ed Sync BaseTools Trunk (version r2524) to EDKII main trunk.
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Liu Yingke <yingke.d.liu@intel.com>
Reviewed-by: Yurui Zeng <yurui.zeng@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13353 6f19259b-4bc3-4df7-8a09-765794883524
2012-05-23 08:27:14 +00:00
lgao4 64b2609fcf Sync BaseTools Trunk (version r2518) to EDKII main trunk.
Signed-off-by: Liming Gao <liming.gao@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13178 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-10 07:18:20 +00:00
lgao4 9508d0fa4f Sync BaseTool trunk (version r2474) into EDKII BaseTools.
Signed-off-by: lgao4
Reviewed-by: gikidy



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12883 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-16 08:52:13 +00:00
lgao4 2bcc713e74 Sync BaseTool trunk (version r2423) into EDKII BaseTools. The change mainly includes:
1. Fix !include issues
  2. Fix Trim to skip the postfix 'U' for hexadecimal and decimal numbers
  3. Fix building error C2733 when building C++ code.
  4. Add GCC46 tool chain definition
  5. Add new RVCT and RVCTLINUX tool chains

Signed-off-by: lgao4


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12782 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-25 06:21:03 +00:00
lgao4 d40b2ee60e Sync BaseTool trunk (version r2397) into EDKII BaseTools. The change mainly includes
1. Fix the issue that root directory of disk can’t be used as WORKSPACE.
2. Update AutoGen code style to pass C++ compiler.

Signed-off-by: lgao4
Reviewed-by: jsu1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12676 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-09 04:32:08 +00:00
lgao4 0d2711a693 Sync BaseTools Trunk (version r2387) to EDKII main trunk.
Signed-off-by: lgao4
Reviewed-by: gikidy

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12602 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-29 06:59:30 +00:00
lgao4 79b74a03e0 Sync BaseTools Branch (version r2362) to EDKII main trunk.
Signed-off-by: lgao4
Reviewed-by: jsu1
Reviewed-by: ydliu

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12525 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-11 02:49:48 +00:00
lgao4 29e22e2bd6 Sync BaseTools Branch (version r2324) to EDKII main trunk.
Signed-off-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12435 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-23 06:03:45 +00:00
lgao4 b36d134faf Sync BaseTools Branch (version r2321) to EDKII main trunk.
Signed-off-by: lgao4
Reviewed-by: gikidy


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12372 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-18 12:17:25 +00:00
lgao4 4234283c3a Sync BaseTools Branch (version r2271) to EDKII main trunk.
BaseTool Branch:
  https://edk2-buildtools.svn.sourceforge.net/svnroot/edk2-buildtools/branches/Releases/BaseTools_r2100

Signed-off-by: lgao4
Reviewed-by: hchen30

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12214 6f19259b-4bc3-4df7-8a09-765794883524
2011-08-26 07:46:26 +00:00
lgao4 da92f27632 Sync BaseTools Branch (version r2149) to EDKII main trunk.
BaseTool Branch:
  https://edk2-buildtools.svn.sourceforge.net/svnroot/edk2-buildtools/branches/Releases/BaseTools_r2100

  



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11640 6f19259b-4bc3-4df7-8a09-765794883524
2011-05-11 10:26:49 +00:00