To prevent speculative intruction fetches from MMIO ranges that may
have side effects on reads, the architecture requires device mappings
to be created with the XN or UXN/PXN bits set (for the ARM/EL2 and
EL1&0 translation regimes, respectively.)
Note that, in the ARM case, this involves moving all accesses to a
client domain since permission attributes like XN are ignored from
a manager domain. The use of a client domain is actually mandated
explicitly by the UEFI spec.
Reported-by: Heyi Guo <heyi.guo@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18891 6f19259b-4bc3-4df7-8a09-765794883524
Some users of this library (i.e., FVP-AArch64 and RTSM-A15_MPCore)
may be built to execute straight from NOR flash. Since device mappings
should have the XN attribute set (according to the architecture), mapping
the NOR flash as a device may prevent it from being executable.
Since the NOR flash DXE driver is perfectly capable of setting the correct
attributes for the region it needs to write to, and since we will be
executing from DRAM by that time anyway, we can simply map the NOR flash
as normal memory initially.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18890 6f19259b-4bc3-4df7-8a09-765794883524
The ARM architecture version 7 and later mandates that device mappings
have the XN (non-executable) bit set, to prevent speculative instruction
fetches from read-sensitive regions. This implies that we should not map
regions as device if we want to execute from them, so the NOR region that
contains our FD image should be mapped as normal memory instead.
The MMU code deals correctly with overlapping ARM_MEMORY_REGION_DESCRIPTOR
entries, and later entries in the array take precedence over earlier ones.
So simply add an entry to the end of the array that overrides the mapping
attributes of the FD image, wherever it resides.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18889 6f19259b-4bc3-4df7-8a09-765794883524
The function GcdAttributeToArmAttribute() is not used anywhere in the
code base, and is only defined for AARCH64 and not for ARM. It also
fails to set the bits for shareability and non-executability that we
require for correct operation. So remove it.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18888 6f19259b-4bc3-4df7-8a09-765794883524
The ASSERT (PrivateData->PeiMemoryInstalled) in if (PrivateData->PeiMemoryInstalled)
condition is useless, it should be ASSERT (FALSE) to follow the code's expectation.
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18887 6f19259b-4bc3-4df7-8a09-765794883524
The parameter name is also changed from Coordinate* to Offset* to
reflect that it's the offset to the location specified by Attribute.
For example, when the Attribute is Center, OffsetX and OffsetY are
used to specify the offset to the Center. OffsetX = 100 means
100 pixels right to the Center.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18867 6f19259b-4bc3-4df7-8a09-765794883524
The parameter name is also changed from Coordinate* to Offset* to
reflect that it's the offset to the location specified by Attribute.
For example, when the Attribute is Center, OffsetX and OffsetY are
used to specify the offset to the Center. OffsetX = 100 means
100 pixels right to the Center.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18866 6f19259b-4bc3-4df7-8a09-765794883524
We force alignment to 2K after generating the DebugAgentVectorTable
symbol, and hence DebugAgentVectorTable itself may not be 2K-aligned,
and table entries may not be at the correct offset from the
DebugAgentVectorTable base address.
Fix this by forcing alignment before generating the
DebugAgentVectorTable symbol.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18865 6f19259b-4bc3-4df7-8a09-765794883524
The patch also moves the BmCharToUint to BmMisc.c because it
belongs to misc functions.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18855 6f19259b-4bc3-4df7-8a09-765794883524
when we make BaseTools, it report warnings about VfrError.cpp and VolInfo,
so this patch fix this warning.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18851 6f19259b-4bc3-4df7-8a09-765794883524
The RestoreLockBox() and RestoreAllLockBoxInPlace() functions handle the
case when EFI_PEI_SMM_COMMUNICATION_PPI.Communicate() returns
EFI_NOT_STARTED: they access the SMRAM directly, for restoring LockBox
data.
This occurs if a PEIM needs to restore LockBox data *before* the SMBASE is
relocated and the SMI handler is installed for all processors.
One such PEIM is UefiCpuPkg/Universal/Acpi/S3Resume2Pei. On the S3 resume
path, in function S3RestoreConfig2(), LockBox data are restored *before*
the SmmRestoreCpu() function of UefiCpuPkg/PiSmmCpuDxeSmm is called via
SmmS3ResumeState->SmmS3ResumeEntryPoint. (The latter SmmRestoreCpu()
function is responsible for the SMBASE relocation.)
If a platform knows that its PEIMs restore LockBox data *only* before
SMBASE relocation -- e.g., due to S3Resume2Pei being the platform's only
SmmLockBoxPeiLib client --, then the platform might not want to include
"UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf" at all (hence
not provide EFI_PEI_SMM_COMMUNICATION_PPI) -- because all of those
restores would be serviced by direct SMRAM access anyway.
Currently the absence of EFI_PEI_SMM_COMMUNICATION_PPI is not supported by
SmmLockBoxPeiLib, but it's not hard to implement. Handle it the same as
when EFI_PEI_SMM_COMMUNICATION_PPI.Communicate() returns EFI_NOT_STARTED:
restore LockBox data directly from SMRAM.
Suggested-by: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18823 6f19259b-4bc3-4df7-8a09-765794883524
If the 2nd boot quickly after the first succeed boot, it will function well.
But if you wait for some time after 1nd succeed boot and boot again, the
TCP state may change from established to closed wait as the http server send
fin flag, then boot fail occurred.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18783 6f19259b-4bc3-4df7-8a09-765794883524
A corner case like below will cause a NOT_DISPATCHED FV has no opportunity to
be dispatched.
1. FV_RECOVERY has SecCore, PeiCore and some other PEI modules, a module will
report FVMAIN_COMPACT and FV_RECOVERY2 in sequence.
2. FVMAIN_COMPACT has a FV image file with GUIDED FV image section in it.
3. FV_RECOVERY2 has DxeIpl and other PEI modules, the DxeIpl will install
SectionExtractionPpi
If ALL the PEIMs in FV_RECOVERY and FV_RECOVERY2 have DEPEX satisfied and
executed in one loop, PeimNeedingDispatch will be always FALSE, FVMAIN_COMPACT
will have no opportunity to be decompressed and dispatched as DxeIpl executes
after the first processing to FVMAIN_COMPACT.
The patch is to set PeimNeedingDispatch to TRUE when ProcessFvFile() not successfully,
then the NOT_DISPATCHED FV could have another opportunity to be processed.
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Eugene Cohen <eugene@hp.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18781 6f19259b-4bc3-4df7-8a09-765794883524
Mark all cached memory mappings as shareable (or inner shareable on
AArch64) so that our view of memory is kept coherent by the hardware.
This is relevant for things like coherent DMA and virtualization (where
a guest may migrate to another core) but in general, since UEFI on ARM
is mostly used in a context where the secure firmware and possibly a
secure OS are already up and running, it is best to refrain from using
any non-shareable mappings.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18778 6f19259b-4bc3-4df7-8a09-765794883524
The ARM and AARCH64 linker scripts have recently been updated so that
the memory layouts of the ELF and PE/COFF versions of each module are
identical. In particular, this means that the ELF images now have a
hole before the first section rather than starting at offset 0x0, which
means we no longer have to correct for this difference when loading the
ELF image into the debugger.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Leif Lindholm <leif.lindholm@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18775 6f19259b-4bc3-4df7-8a09-765794883524
The library itself doesn't provide any image decoding capabilities but
manages the different image decoders.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18770 6f19259b-4bc3-4df7-8a09-765794883524
Previously the pointer type is EFI_IFR_FORM_SET, it is incorrect when
do pointer addition without conversion.Now change it to UINT8 type.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18768 6f19259b-4bc3-4df7-8a09-765794883524
Add new option --keepoptionalheader and that flag does not zero PE/COFF
optional header fields including the version fields. It can support the
case that the PE/COFF optional header would be kept.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18767 6f19259b-4bc3-4df7-8a09-765794883524
The BasePostCodeLibPort80 instance just prints UINT8 to IoPort 80. Some boards
may support 16bit or 32bit. To support them, new PCD PcdPort80DataWidth is
introduced to specify the width of data bits to Port80.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18765 6f19259b-4bc3-4df7-8a09-765794883524
This patch fixes an issue in PEI with encapsulated FV images where the
AuthenticationStatus is not correctly propagated down to child FV
handles. The PEI core registers for callbacks for both FvInfo and
FvInfo2 PPIs. These callbacks process the FVs which will recurse as
necessary to find more encapsulated FVs. (FvInfo2 is an updated PPI
that includes an AuthenticationStatus field - the original FvInfo did
not include this.)
When encapsulated FV processing occurs the PEI core installs both
FvInfo and FvInfo2 PPIs. The original implementation installs FvInfo
first and FvInfo2 second. As soon as the FvInfo PPI is installed the
notification callback handler immediately fires causing recursive FV
processing to occur. Since there is no AuthenticationStatus provided
for the original FvInfo the callback assumes AuthenticationStatus is
zero (unsigned / unverified) even though the parent FV may have been
verified.
This changes the order of FvInfo and FvInfo2 installs to ensure that
the notification callback occurs for FvInfo2 first and appropriate
AuthenticationStatus data can be propagated from parent FV to child
FV.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eugene Cohen <eugene@hp.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18764 6f19259b-4bc3-4df7-8a09-765794883524
Sync the branch changes to Trunk,
Add "RTC Battery Present" item in setup page.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Lu Shifei <shifeix.a.lu@intel.com>
Reviewed-by: Tim He <tim.he@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18763 6f19259b-4bc3-4df7-8a09-765794883524
Http server will return error status in http header when http connection
cannot be established,so the http boot driver should print the error code
code to the screen and the users can know what happened.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18761 6f19259b-4bc3-4df7-8a09-765794883524
If TPM2_Startup(TPM_SU_STATE) to return an error, the system
firmware that resumes from S3 MUST deal with a TPM2_Startup
error appropriately.
For example, issuing a TPM2_Startup(TPM_SU_CLEAR) command and
configuring the device securely by taking actions like extending
a separator with an error digest (0x01) into PCRs 0 through 7.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18760 6f19259b-4bc3-4df7-8a09-765794883524
When allocating memory to perform non-coherent DMA, use the cache
writeback granule rather than the data cache linesize for alignment.
This prevents the explicit cache maintenance from corrupting
unrelated adjacent data if the cache writeback granule exceeds
the cache linesize.
Reported-by: Mark Rutland <mark.rutland@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18759 6f19259b-4bc3-4df7-8a09-765794883524
Add a function to ArmLib that provides access to the Cache Writeback
Granule (CWG) field in CTR_EL0. This information is required when
performing non-coherent DMA.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18758 6f19259b-4bc3-4df7-8a09-765794883524
Drop the call to ArmInvalidateDataCache () from the PrePi startup
sequence. This kind of data cache maintenance should not be performed
when running under virtualization.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18757 6f19259b-4bc3-4df7-8a09-765794883524
The ARM architecture provides no reliable way to clean or invalidate
the entire data cache at runtime. The reason is that such maintenance
requires the use of set/way maintenance operations, which are suitable
only for the kind of maintenance that is carried out when the cache is
taken offline entirely.
So ASSERT () when any of the CacheMaintenanceLib whole data cache routines
are invoked rather than pretending we can do anything meaningful here.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18756 6f19259b-4bc3-4df7-8a09-765794883524