DeployedMode & AuditMode are UINT8 Global variable according to Enable Secure Boot feature defined in UEFI2.5 Mantis 1263. Add them to var check list.
https://mantis.uefi.org/mantis/view.php?id=1263
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19131 6f19259b-4bc3-4df7-8a09-765794883524
If the assert happens in a library, then it's hard to determine which module
using that library is generating that assert. Use gEfiCallerBaseName in
DebugAssert to display the module name.
V2: Updated code to use copy mem and ModuleNameSize calculation.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Baraneedharan Anbazhagan <anbazhagan@hp.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19128 6f19259b-4bc3-4df7-8a09-765794883524
BDS puts a special GUID in boot option optional data for
auto-discovered boot option. But when launching that boot
option, the BDS core unconditionally pass the special GUID
to the executable.
A good written application/OS loader can ignore the unexpected
parameters, but BDS core should still avoid passing the
unnecessary GUID.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19007 6f19259b-4bc3-4df7-8a09-765794883524
Add comments in INF file in BootMaintenanceManagerLib.inf.
Refine the comments in INF file in FileExplorerLib.inf
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18975 6f19259b-4bc3-4df7-8a09-765794883524
Align to old BDS behavior (IntelFrameworkModulePkg/BDS) to always create
MemoryTypeInfo variable regardless of the PcdResetOnMemoryTypeInformationChange
value.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18926 6f19259b-4bc3-4df7-8a09-765794883524
Split the boot maintenance manager library from UiApp in MdeModulePkg/Application
and put the library in MdeModulePkg/Library.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18923 6f19259b-4bc3-4df7-8a09-765794883524
Split the device manager library from UiApp in MdeModulePkg/Application
and put the library in MdeModulePkg/Library.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18922 6f19259b-4bc3-4df7-8a09-765794883524
Split the boot manager library from UiApp in MdeModulePkg/Application
and put the library in MdeModulePkg/Library.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18921 6f19259b-4bc3-4df7-8a09-765794883524
This library wrapper explorer protocol and produce the file explorer library.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18919 6f19259b-4bc3-4df7-8a09-765794883524
This library support select one file from the specified directory or from system root directory.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18917 6f19259b-4bc3-4df7-8a09-765794883524
The "read" word in SerialPortWrite() header comment block should be
"write".
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18910 6f19259b-4bc3-4df7-8a09-765794883524
The parameter name is also changed from Coordinate* to Offset* to
reflect that it's the offset to the location specified by Attribute.
For example, when the Attribute is Center, OffsetX and OffsetY are
used to specify the offset to the Center. OffsetX = 100 means
100 pixels right to the Center.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18867 6f19259b-4bc3-4df7-8a09-765794883524
The patch also moves the BmCharToUint to BmMisc.c because it
belongs to misc functions.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18855 6f19259b-4bc3-4df7-8a09-765794883524
The RestoreLockBox() and RestoreAllLockBoxInPlace() functions handle the
case when EFI_PEI_SMM_COMMUNICATION_PPI.Communicate() returns
EFI_NOT_STARTED: they access the SMRAM directly, for restoring LockBox
data.
This occurs if a PEIM needs to restore LockBox data *before* the SMBASE is
relocated and the SMI handler is installed for all processors.
One such PEIM is UefiCpuPkg/Universal/Acpi/S3Resume2Pei. On the S3 resume
path, in function S3RestoreConfig2(), LockBox data are restored *before*
the SmmRestoreCpu() function of UefiCpuPkg/PiSmmCpuDxeSmm is called via
SmmS3ResumeState->SmmS3ResumeEntryPoint. (The latter SmmRestoreCpu()
function is responsible for the SMBASE relocation.)
If a platform knows that its PEIMs restore LockBox data *only* before
SMBASE relocation -- e.g., due to S3Resume2Pei being the platform's only
SmmLockBoxPeiLib client --, then the platform might not want to include
"UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf" at all (hence
not provide EFI_PEI_SMM_COMMUNICATION_PPI) -- because all of those
restores would be serviced by direct SMRAM access anyway.
Currently the absence of EFI_PEI_SMM_COMMUNICATION_PPI is not supported by
SmmLockBoxPeiLib, but it's not hard to implement. Handle it the same as
when EFI_PEI_SMM_COMMUNICATION_PPI.Communicate() returns EFI_NOT_STARTED:
restore LockBox data directly from SMRAM.
Suggested-by: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18823 6f19259b-4bc3-4df7-8a09-765794883524
The library itself doesn't provide any image decoding capabilities but
manages the different image decoders.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18770 6f19259b-4bc3-4df7-8a09-765794883524
Previously the pointer type is EFI_IFR_FORM_SET, it is incorrect when
do pointer addition without conversion.Now change it to UINT8 type.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18768 6f19259b-4bc3-4df7-8a09-765794883524
When parsing the authority component of the input URL, it can not distinguish
the ":" is the flag that indicates the port or the separator between
the ipv6 address.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Gary Ching-Pang Lin <glin@suse.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18744 6f19259b-4bc3-4df7-8a09-765794883524
Add a DEBUG statement when the number of PEI perf log entries
exceeds PcdMaxPeiPerformanceLogEntries
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18714 6f19259b-4bc3-4df7-8a09-765794883524
This function is mainly through the Hii handle to get the formset opcode.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18684 6f19259b-4bc3-4df7-8a09-765794883524
Make the BmFindLoadOption function public
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Sunny Wang <sunnywang@hpe.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18662 6f19259b-4bc3-4df7-8a09-765794883524
R18611 only updated the logic to return correct property
when no property set to variable with wildcard name.
But VariablePropertySet needs the pointer of property data for set.
So roll back the change in VariablePropertyGetWithWildcardName at R18611,
and check the property revision first in VariablePropertyGet and
SetVariableCheck before using the property data.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18626 6f19259b-4bc3-4df7-8a09-765794883524
to variable with wildcard name.
VarCheckLib has zeroed property for variable with wildcard name
and is waiting for property set. The code should return NULL
when no property set to variable with wildcard name, but not
return the zeroed property that will impact the functionality of
SetVariableCheck.
The issue does not appear with VarCheckUefiLib linked as the library
just has the expected property set.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18611 6f19259b-4bc3-4df7-8a09-765794883524
PcdSet## has no error status returned, then the caller has no idea about whether the set operation is successful or not.
PcdSet##S were added to return error status and PcdSet## APIs were put in ifndef DISABLE_NEW_DEPRECATED_INTERFACES condition.
To adopt PcdSet##S and further code development with DISABLE_NEW_DEPRECATED_INTERFACES defined, we need to Replace PcdSet## usage with PcdSet##S.
Normally, DynamicDefault PCD set is expected to be success, but DynamicHii PCD set failure is a legal case.
For this case, PcdS3BootScriptTablePrivateDataPtr and PcdS3BootScriptTablePrivateSmmDataPtr are expected to be DynamicDefault,
so use PcdSet64S to instead of PcdSet64 and assert when set failure.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18599 6f19259b-4bc3-4df7-8a09-765794883524
Current implementation assumes the performance entry count has no change from
multiple GetPerformanceMeasurement() while loops, it may cause the allocated buffer
for PerfEntriesAsDxeHandle at the first loop to be overflowed if the following loop has
the count changed.
This patch is also to sync the change at
commit R17851 "IntelFrameworkModulePkg GenericBdsLib: Resolve array size mismatch".
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18561 6f19259b-4bc3-4df7-8a09-765794883524
NetLibGetSystemGuid gets the UUID from SMBIOS table to use as the System GUID
(in DHCP and other network use cases). This change adds support to get the
UUID from either SMBIOS 2.x or 3.0, since SMBIOS 3.0 uses a different GUID in
the System Configuration Table.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18559 6f19259b-4bc3-4df7-8a09-765794883524
The pointer to the destination string changed,the max length also changed.Previous change neglect this point.
And base on the code logic,we can use StrCatS to replace StrCpyS.Now this patch is to fix this bug.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18497 6f19259b-4bc3-4df7-8a09-765794883524
What to do:
1. Remove a hidden assumption "No SMM driver writes BootScript between
SmmReadyToLock and S3SleepEntryCallback".
1.1. Use SmmExitBootServices and SmmLegacyBoot notification to record
AtRuntime flag.
1.2. Use mBootScriptDataBootTimeGuid LockBox to save boot time boot
script data to handle potential INSERT boot script at runtime in SMM.
2. Do not depend on OS to help restore ACPINvs data and use
EfiReservedMemoryType instead of EfiACPIMemoryNVS.
2.1. Use mBootScriptSmmPrivateDataGuid LockBox to save boot script
SMM private data with BackFromS3 = TRUE at runtime. S3 resume
will help restore it to tell the Library the system is back
from S3.
Why to do:
1. The hidden assumption "No SMM driver writes BootScript between
SmmReadyToLock and S3SleepEntryCallback" will cause confusion to
the library's consumer and block the usage of "SMM driver writes
BootScript after SmmReadyToLock". So Remove the assumption.
2. In original code, there might be a corner case that malicious
code patch ACPINvs boot TableLength field same as SMM boot script.
So that it can skip the table restore. The impact is that BootScript
in SMM may be overridden by malicious code.
--------------------
CopyMem ((VOID*)&TableHeader, (VOID*)mS3BootScriptTablePtr->TableBase, sizeof(EFI_BOOT_SCRIPT_TABLE_HEADER));
if (mS3BootScriptTablePtr->TableLength + sizeof(EFI_BOOT_SCRIPT_TERMINATE) != TableHeader.TableLength) { // TableLength is in NVS
......
//
// NOTE: We should NOT use TableHeader.TableLength, because it is already updated to be whole length.
//
mS3BootScriptTablePtr->TableLength = (UINT32)(mLockBoxLength - sizeof(EFI_BOOT_SCRIPT_TERMINATE)); ? This line can be skipped.
--------------------
So use EfiReservedMemoryType instead of EfiACPIMemoryNVS as the code
has been updated to not depend on OS to help restore ACPINvs data.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18467 6f19259b-4bc3-4df7-8a09-765794883524
The mBmPerfHeader.Count isn't reset to 0 in BmWriteBootToOsPerformanceData()
so when the actual performance data entry count exceeds the LimitCount,
the performance data collection breaks on condition
if (mBmPerfHeader.Count == LimitCount), but 2nd time calling this function
will not break on condition if (mBmPerfHeader.Count == LimitCount) because
the mBmPerfHeader.Count always bigger than LimitCount, which results buffer
overrun.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18417 6f19259b-4bc3-4df7-8a09-765794883524
Convert the UNIX to DOS end of line format.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18324 6f19259b-4bc3-4df7-8a09-765794883524
The check will be based on PcdVarCheck binary that generated
by BaseTools.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18294 6f19259b-4bc3-4df7-8a09-765794883524
The check will be based on VarCheckHiiBin that generated
from FV and Hii Database.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18293 6f19259b-4bc3-4df7-8a09-765794883524
What to do: Implement VarCheckUefiLib NULL class library instance.
The code logic are separated from Variable driver, and it will consume VarCheckLib
to register var check handler and variable property set for UEFI defined variables.
Why to do: Share code.
Separate variable check UEFI code from Variable driver in MdeModulePkg.
We are going to separate generic software logic code from Variable Driver
to benefit other variable driver implementation. Auth services has been done
to be AuthVariableLib, now to cover variable check service.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18279 6f19259b-4bc3-4df7-8a09-765794883524
What to do:
1. Add VarCheckLib LibraryClass definitions.
2. Implement VarCheckLib library instance.
The code logic are separated from Variable driver.
Why to do: Share code.
Separate variable check service from Variable driver in MdeModulePkg.
We are going to separate generic software logic code from Variable Driver
to benefit other variable driver implementation. Auth services has been done
to be AuthVariableLib, now to cover variable check service.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18278 6f19259b-4bc3-4df7-8a09-765794883524
In HttpLib, the Event BodyParseComplete should return to the
callback function when the whole message body has been parsed
including the trailer if it has.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18213 6f19259b-4bc3-4df7-8a09-765794883524
NetRandomInitSeed() function use current time to initialize the random seed,
while in some platform the time service is not accuracy that make the random
seed collision. This patch add the monotonic count to the seed to avoid this.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18185 6f19259b-4bc3-4df7-8a09-765794883524
When there are multiple network boot options, user will see multiple
"UEFI Network" boot options. It's hard to distinguish them using the
description.
The patch enhances the boot option generation logic to append " 2"
/" 3"/" 4"/... number suffix to the non-first network boot options.
So the 2nd one becomes "UEFI Network 2".
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18062 6f19259b-4bc3-4df7-8a09-765794883524
that assumes the SMRAM reserved range is only at the end of the SMRAM descriptor.
//
// This range has reserved area, calculate the left free size
//
gSmmCorePrivate->SmramRanges[Index].PhysicalSize = SmramResRegion->SmramReservedStart - gSmmCorePrivate->SmramRanges[Index].CpuStart;
Imagine the following scenario where we just reserve the first page of the SMRAM range:
SMRAM Descriptor:
Start: 0x80000000
Size: 0x02000000
Reserved Range:
Start: 0x80000000
Size: 0x00001000
In this case the adjustment to the SMRAM range size yields zero: ReservedStart - SMRAM Start is 0x80000000 - 0x80000000 = 0.
So even though most of the range is still free the IPL code decides its unusable.
The problem comes from the email thread: [edk2] PiSmmIpl SMRAM Reservation Logic.
http://thread.gmane.org/gmane.comp.bios.tianocore.devel/15268
Also to follow the idea in the email thread, the patch is to
1. Keep only one copy of full SMRAM ranges in gSmmCorePrivate->SmramRanges,
split record for SmmConfiguration->SmramReservedRegions and SMM Core that
will be marked to be EFI_ALLOCATED in gSmmCorePrivate->SmramRanges.
2. Handle SmmConfiguration->SmramReservedRegions at beginning of, at end of,
in the middle of, or cross multiple SmramRanges.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18031 6f19259b-4bc3-4df7-8a09-765794883524
Change the type of mStatusString[] to reflect that it is a CONST
array of pointers to CONST.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18022 6f19259b-4bc3-4df7-8a09-765794883524
Remove two protocols never used in DxeNetLib.inf and add HttpLib access in MdeModulePkg.dec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: fanwang2 <fan.wang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17983 6f19259b-4bc3-4df7-8a09-765794883524
In certain rare circumstance, the data passed from outside of SMM may be
invalid resulting the integer overflow. The issue are found by code review.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17908 6f19259b-4bc3-4df7-8a09-765794883524
Safe string functions may ASSERT when the source length is larger than the MaxDest. This patch use Strn**S to indicate the copy length.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17867 6f19259b-4bc3-4df7-8a09-765794883524
This patch add the header file and DXE implementation for the HttpLib.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17856 6f19259b-4bc3-4df7-8a09-765794883524
UEFI Spec HTTP Boot Device Path, after retrieving the boot resource
information, the BootURI device path node will be updated to include
the BootURI information. It means the device path on the child handle
will be updated after the LoadFile() service is called.
To handle this case, UefiBootManagerLib BmGetLoadOptionBuffer API
is updated as the below:
1) Get Device handle based on Device Path
2) Call LoadFile() service (GetFileBufferByFilePath() API) to get Load File Buffer.
3) Retrieve DevicePath from Device handle
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17798 6f19259b-4bc3-4df7-8a09-765794883524
UEFI Spec HTTP Boot Device Path, after retrieving the boot resource
information, the BootURI device path node will be updated to include
the BootURI information. It means the device path on the child handle
will be updated after the LoadFile() service is called.
To handle this case, SecurityManagementLib ExecuteSecurityHandlers API
is updated as the below:
1) Get Device handle based on Device Path
2) Call LoadFile() service (GetFileBufferByFilePath() API) to get Load File Buffer.
3) Retrieve DevicePath from Device handle
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17797 6f19259b-4bc3-4df7-8a09-765794883524
What to do:
1. Add AuthVariableLib LibraryClass definitions.
2. Implement a NULL AuthVariableLib library instance.
3. Add VARIABLE_ENTRY_PROPERTY definition to VarCheck.h.
4. Add VARIABLE_ENTRY_CONSISTENCY and variable attribute
combinations definitions to VariableFormat.h.
Why to do:
1. Share code.
1.1. Separate auth variable service from Auth Variable driver in
SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit
and be used by different implementation of Auth Variable drivers.
1.2 The VARIABLE_ENTRY_PROPERTY definition to VarCheck.h,
VARIABLE_ENTRY_CONSISTENCY and variable attribute
combinations definitions to VariableFormat.h will be shared
by merged Variable driver and AuthVariableLib.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17757 6f19259b-4bc3-4df7-8a09-765794883524
What to do:
1. Move TpmMeasurementLib LibraryClass from SecurityPkg to MdeModulePkg.
2. Implement a NULL TpmMeasurementLib library instance.
Why to do:
1. Share code.
We are moving forward to separate auth variable service from Auth Variable
driver in SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit
and be used by different implementation of Auth Variable drivers.
2. Remove code duplication and reduce maintenance effort.
After auth variable service separated from Auth Variable driver in SecurityPkg
to AuthVariableLib. The remaining code logic of Auth Variable driver in SecurityPkg
will be almost same with Variable driver in MdeModulePkg. We are going to
merge them.
3. TpmMeasurementLib is consumed by Auth Variable driver in SecurityPkg now,
as Auth Variable driver in SecurityPkg will be merged to Variable driver in
MdeModulePkg, so the library class also needs to be moved to MdeModulePkg.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17753 6f19259b-4bc3-4df7-8a09-765794883524
Per PI spec all allocation of SMRAM should use EfiRuntimeServicesCode or EfiRuntimeServicesData.
So SMM instance use EfiRuntimeServicesCode as the default memory allocation type instead of EfiBootServicesData.
This patch clarify this usage in comments.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17667 6f19259b-4bc3-4df7-8a09-765794883524
Display engine base on class opcode to detect whether in
front page.Now remove class/subclass and use FormsetGuid
or ClassGuid to judge whether in front page
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17590 6f19259b-4bc3-4df7-8a09-765794883524
1. Continue to get performance data by Performance Protocol
when no SMM performance data found.
2. Not try to get SMM performance data again
if no SMM performance handler found.
3. Correct typo 'totol' and 'guage'.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17561 6f19259b-4bc3-4df7-8a09-765794883524
For boot performance dump, as current behavior.
It depends on which PerformanceLib instance the DP application linked to.
For example, if DxePerfrmanceLib(MdeModulePkg\Library\DxePerformanceLib)
got linked, it will try to dump PEI and DXE performance data; and if
DxeSmmPerfrmanceLib(MdeModulePkg\Library\DxeSmmPerformanceLib)
got linked, then SMM performance data are expected.
It has burden and confusion to developers about the DP application need to be linked to
different PerformanceLib instance in *.dsc and rebuilt for the performance data dump.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17548 6f19259b-4bc3-4df7-8a09-765794883524
This API can be used for platform to customize the boot description other than using core provided boot description.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17547 6f19259b-4bc3-4df7-8a09-765794883524
from FullSmramRanges and FullSmramRangeCount in SmmCorePrivate by Constructor.
It can avoid potential first call to FreePool() -> BufferInSmram() ->
if (mSmramRanges == NULL) { GetSmramRanges();} ->
gBS->LocateProtocol() at boottime with >= TPL_NOTIFY or
after ReadyToLock or at OS runtime.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17463 6f19259b-4bc3-4df7-8a09-765794883524
BaseSortLib is the library instance name not the class name.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17398 6f19259b-4bc3-4df7-8a09-765794883524
BdsDxe driver links to UefiBootManagerLib and PlatformBootManager to
provide a pure UEFI boot manager conforming to the UEFI spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17328 6f19259b-4bc3-4df7-8a09-765794883524
Add stride PCD to MdeModulePkg to support 16550 UARTs with a register stride that is not 1 byte.
The default value is 1 byte.
Quark SoC uses a stride of 4 bytes.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17215 6f19259b-4bc3-4df7-8a09-765794883524
Copy below two library instances from IntelFrameworkModulePkg to MdeModulePkg. Then, Platform dsc can
refer to them from MdeModulePkg, and remove the dependency of IntelFrameworkModulePkg. The ones in
IntelFrameworkModulePkg are still kept for compatibility.
1. PeiDxeDebugLibReportStatusCode
2. LzmaCustomDecompressLib
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17112 6f19259b-4bc3-4df7-8a09-765794883524
As the drivers and library do not reference gEfiSmmAccess2ProtocolGuid explicitly now
after SmmMemLib introduced.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16760 6f19259b-4bc3-4df7-8a09-765794883524
Move libraries from ShellPkg into MdeModulePkg and MdePkg.
The following libraries are being migrated out of ShellPkg in order to make
their functionality more widely available.
• PathLib: Incorporate into MdePkg/Library/BaseLib
• FileHandleLib: MdePkg/Library/UefiFileHandleLib
• BaseSortLib: MdeModulePkg/Library/BaseSortLib
• UefiSortLib: MdeModulePkg/Library/UefiSortLib
Diffs showing file changes are in the attached file, LibMigration.patch.
A description of the changes follows:
• Move ShellPkg/Include/Library/FileHandleLib.h to MdePkg/Include/Library/FileHandleLib.h
• Move ShellPkg/Include/Library/SortLib.h to MdeModulePkg/Include/Library/SortLib.h
• Move ShellPkg/Library/BaseSortLib to MdeModulePkg/Library/BaseSortLib
• Move ShellPkg/Library/UefiSortLib to MdeModulePkg/Library/UefiSortLib
• Move ShellPkg/Library/BasePathLib/BasePathLib.c to MdePkg/Library/BaseLib/FilePaths.c
• Merge ShellPkg/Include/Library/PathLib.h into MdePkg/Include/Library/BaseLib.h
• Delete ShellPkg/Library/BasePathLib; Includes BasePathLib.c and BasePathLib.inf
• NetworkPkg/NetworkPkg.dsc
• PerformancePkg.dsc
• OvmfPkg/OvmfPkgX64.dsc
• OvmfPkg/OvmfPkgIa32X64.dsc
• OvmfPkg/OvmfPkgIa32.dsc
o Update SortLib and FileHandleLib library classes to point to the new library locations.
o Remove PathLib library class and make sure that BaseLib is described.
• MdeModulePkg/MdeModulePkg.dec
o Add SortLib library class
• MdePkg/MdePkg.dec
o Add FileHandleLib library class
o Add PcdUefiFileHandleLibPrintBufferSize PCD
• MdePkg/Library/BaseLib/BaseLib.inf
o Add FilePaths.c to [Sources]
• MdePkg/Include/Library/BaseLib.h
o Update file description to include "file path functions"
• ShellPkg/ShellPkg.dsc
o Change PACKAGE_GUID to { C1014BB7-4092-43D4-984F-0738EB424DBF }
o Update PACKAGE_VERSION to 1.0
o Update SortLib and FileHandleLib library classes to point to the new library locations.
o Remove PathLib library class and make sure that BaseLib is described.
o Remove ShellPkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf from [Components]
• ShellPkg/ShellPkg.dec
o Update PLATFORM_VERSION to 1.0
o Remove declarations of the FileHandleLib, SortLib, and PathLib Library Classes
o Update comment for the PcdShellPrintBufferSize PCD.
• ShellPkg/Library/UefiShellLevel2CommandsLib/UefiShellLevel2CommandsLib.inf
• ShellPkg/Application/Shell/Shell.inf
o Remove PathLib from [LibraryClasses]
• ShellPkg/Library/UefiShellLevel2CommandsLib/UefiShellLevel2CommandsLib.h
• ShellPkg/Application/Shell/Shell.h
o Remove #include <Library/PathLib.h>
• ShellPkg/Library/UefiShellLevel1CommandsLib/UefiShellLevel1CommandsLib.inf
o Add PathLib to [LibraryClasses]
• ShellPkg/Library/UefiShellLevel1CommandsLib/If.c
o Remove #include <Library/PathLib.h>
• ShellPkg/Application/ShellSortTestApp/ShellSortTestApp.inf
o Add MdeModulePkg/MdeModulePkg.dec to [Packages]
• MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf
• MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
o Replace ShellPkg.dec with MdeModulePkg.dec in [Packages]
• MdeModulePkg/Library/UefiSortLib/UefiSortLib.c
o Remove #include <ShellBase.h>
o Define USL_FREE_NON_NULL() to replace SHELL_FREE_NON_NULL()
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Daryl McDaniel <daryl.mcdaniel@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Erik Bjorge <erik.c.bjorge@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16601 6f19259b-4bc3-4df7-8a09-765794883524
SPrintLength() and SPrintLengthAsciiFormat() API doesn’t work with 'g', 't' and 'r' option. The fix sync from MdePkg BasePrintLib instance.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16593 6f19259b-4bc3-4df7-8a09-765794883524
1.Add code to cover the space which is not covered by browser before.
2.Remove ESC help string for front page screen.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16541 6f19259b-4bc3-4df7-8a09-765794883524
- Fix EFI_IPv4_ADDRESS usages to use a macro to copy the structure
instead of direct assignment, to avoid runtime alignment errors.
- Fix a EFI_INPUT_KEY usage in TerminalDxe to use CopyMem() to copy the
structure instead of direct assignment, to avoid runtime alignment error.
- Delete excess local variables that are initialized but otherwise unused.
- CompilerIntrinsicsLib library now imported for AARCH64, as well as ARM.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Randy Pawell <randy_pawell@hp.com>
Reviewed-by: Olivier Martin <Olivier.Martin@arm.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16471 6f19259b-4bc3-4df7-8a09-765794883524
1. Module UNI and Package UNI files are not DOS format. Convert them to DOS format.
2. Remove unused SectionExtractionDxeModStrs.uni and SectionExtractionPeiModStrs.uni
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16044 6f19259b-4bc3-4df7-8a09-765794883524
2. Add MODULE_UNI_FILE file that contains the localized Abstract and Description of a module.
a. Addresses an information gap between INF files and the UEFI Distribution Packaging Specification XML schema
b. There will be an associated update to UPT in BaseTools to consume MODULE_UNI_FILE and associated UNI file during UDP creation that performs the INF -> XML conversion.
c. There will be an associated update to UPT in BaseTools to produce MODULE_UNI_FILE and associated UNI file during UDP installation that performs the XML -> INF conversion.
3. Add Module Extra UNI file that provides the localized Name of a module.
a. [UserExtensions.TianoCore."ExtraFiles"] provides an easy method for a module to specify extra files not listed in [Sources] or [Binaries] sections to be added to a UDP without having to list the files in the UPT package information data file.
b. There will be an associated update to UPT in BaseTools to package up files listed in [UserExtensions.TianoCore."ExtraFiles"] during UDP creation.
c. UNI file contains localized name of a module to go along with the localized Abstract and Description from the MODULE_UNI_FILE.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zeng, Star <star.zeng@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15963 6f19259b-4bc3-4df7-8a09-765794883524
1. Usage information in INF file comment blocks are either incomplete or incorrect.
This includes usage information for Protocols/PPIs/GUIDs/PCDs/HOBs/Events/BootModes.
The syntax for usage information in comment blocks is defined in the EDK II Module Information (INF) Specification
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zeng, Star <star.zeng@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15962 6f19259b-4bc3-4df7-8a09-765794883524
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Add support for RSA 2048 SHA 256 signing and verification encoded in a PI FFS GUIDED Encapsulation Section. The primary use case of this feature is in support of signing and verification of encapsulated FVs for Recovery and Capsule Update, but can potentially be used for signing and verification of any content that can be stored in a PI conformant FFS file. Signing operations are performed from python scripts that wrap OpenSsl command line utilities. Verification operations are performed using the OpenSsl libraries in the CryptoPkg.
The guided encapsulation sections uses the UEFI 2.4 Specification defined GUID called EFI_CERT_TYPE_RSA2048_SHA256_GUID. The data layout for the encapsulation section starts with the UEFI 2.4 Specification defined structure called EFI_CERT_BLOCK_RSA_2048_SHA256 followed immediately by the data. The signing tool included in these patches performs encode/decode operations using this data layout. HashType is set to the UEFI 2.4 Specification defined GUID called EFI_HASH_ALGORITHM_SHA256_GUID.
MdePkg/Include/Guid/WinCertificate.h
=================================
//
// WIN_CERTIFICATE_UEFI_GUID.CertType
//
#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
{0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
///
/// WIN_CERTIFICATE_UEFI_GUID.CertData
///
typedef struct {
EFI_GUID HashType;
UINT8 PublicKey[256];
UINT8 Signature[256];
} EFI_CERT_BLOCK_RSA_2048_SHA256;
MdePkg/Include/Protocol/Hash.h
=================================
#define EFI_HASH_ALGORITHM_SHA256_GUID \
{ \
0x51aa59de, 0xfdf2, 0x4ea3, {0xbc, 0x63, 0x87, 0x5f, 0xb7, 0x84, 0x2e, 0xe9 } \
}
The verification operations require the use of public key(s). A new PCD called gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer is added to the SecurityPkg that supports one or more SHA 256 hashes of the public keys. A SHA 256 hash is performed to minimize the FLASH overhead of storing the public keys. When a verification operation is performed, a SHA 256 hash is performed on EFI_CERT_BLOCK_RSA_2048_SHA256.PublicKey and a check is made to see if that hash matches any of the hashes in the new PCD. It is recommended that this PCD always be configured in the DSC file as storage type of [PcdsDynamixExVpd], so the public keys are stored in a protected read-only region.
While working on this feature, I noticed that the CRC32 signing and verification feature was incomplete. It only supported CRC32 based verification in the DXE Phase, so the attached patches also provide support for CRC32 based verification in the PEI Phase.
I also noticed that the most common method for incorporating guided section extraction libraries was to directly link them to the DXE Core, which is not very flexible. The attached patches also add a generic section extraction PEIM and a generic section extraction DXE driver that can each be linked against one or more section extraction libraries. This provides a platform developer with the option of providing section extraction services with the DXE Core or providing section extraction services with these generic PEIM/DXE Drivers.
Patch Summary
==============
1) BaseTools - Rsa2049Sha256Sign python script that can perform test signing or custom signing of PI FFS file GUIDed sections
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard OS path or in path specified by OS environment variable called OPENSSL_PATH
c. Provides standard EDK II command line arguments for a tool that encodes/decodes guided encapsulation section
Rsa2048Sha256Sign - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256Sign -e|-d [options] <input_file>
positional arguments:
input_file specify the input filename
optional arguments:
-e encode file
-d decode file
-o filename, --output filename
specify the output filename
--private-key PRIVATEKEYFILE
specify the private key filename. If not specified, a
test signing key is used.
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
2) BaseTools - Rsa2049Sha256GenerateKeys python script that can generate new private/public key and PCD value that is SHA 256 hash of public key using OpenSsl command line utilities.
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard path or in path specified by OS environment variable called OPENSSL_PATH
Rsa2048Sha256GenerateKeys - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256GenerateKeys [options]
optional arguments:
-o [filename [filename ...]], --output [filename [filename ...]]
specify the output private key filename in PEM format
-i [filename [filename ...]], --input [filename [filename ...]]
specify the input private key filename in PEM format
--public-key-hash PUBLICKEYHASHFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in binary format
--public-key-hash-c PUBLICKEYHASHCFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in C structure format
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
3) BaseTools\Conf\tools_def.template
a. Define GUID/Tool to perform RSA 2048 SHA 256 test signing and instructions on how to use alternate private/public key
b. GUID is EFI_CERT_TYPE_RSA2048_SHA256_GUID
c. Tool is Rsa2049Sha256Sign
4) MdeModulePkg\Library\PeiCrc32GuidedSectionExtractionLib
a. Add peer for DxeCrc32GuidedSectionExtractionLib so both PEI and DXE phases can perform basic integrity checks of PEI and DXE components
5) MdeModulePkg\Universal\SectionExtractionPei
a. Generic PEIM that can link against one or more NULL section extraction library instances to provided one or more GUIDED Section Extraction PPIs
6) MdeModulePkg\Universal\SectionExtractionDxe
a. Generic DXE Driver that can link against one or more NULL section extraction library instances to provide one or more GUIDED Section Extraction Protocols.
7) SecurityPkg\Library\PeiRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs PEI phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
8) SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs DXE phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15799 6f19259b-4bc3-4df7-8a09-765794883524
This library has one depex of SerialPortPpi. Then, the PEIM linked it has this depex so that it is dispatched after SerialPortPpi is installed. SerialPortPpi notifies the platform initialization done, then serial port will work.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Kinney, Michael D <michael.d.kinney@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15782 6f19259b-4bc3-4df7-8a09-765794883524
2. DxeMain will get Vector Handoff Table GUIDed HOB to install configuration table if it has.
3. Updated CPU Exception Handler Library to provide 3 new APIs to replace original one API and updated NULL instance accordingly.
4. Updated DxeMain/CapsuleX64/BootSriptExectorDxe to use the new API in CPU Exception Handler Lib.
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14884 6f19259b-4bc3-4df7-8a09-765794883524