Configure .gitignore file to ignore Bin/Win32 and Lib directory.
Those two directories are generated when BaseTools are compiled at Windows.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17187 6f19259b-4bc3-4df7-8a09-765794883524
1.BaseTool add ATTRIBUTE (+/-RT, RO) support in PCD declaration in DSC file
2.BaseTool collect valid PCD value in DEC file and generate data base for runtime sanity check
3.BaseTool support SetPcd error.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Bob Feng" <bob.c.feng@intel.com>
Reviewed-by: "Chen, Hesheng" <hesheng.chen@intel.com>
Reviewed-by: "Liu, Yingke D" <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17158 6f19259b-4bc3-4df7-8a09-765794883524
Root cause: The CryptoPkg\Library\IntrinsicLib needs override MSFT build option to remove /Oi and /GL,
but it doesn’t work because of the build option override in Nt32Pkg.dsc.
Solution: Remove /X in BaseTools/Conf/tools_def.template
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Cinnamon Shia <cinnamon.shia@hp.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17069 6f19259b-4bc3-4df7-8a09-765794883524
Before this change the alignment of the first data section was not taken into account.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Erik Bjorge <erik.c.bjorge@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16831 6f19259b-4bc3-4df7-8a09-765794883524
2. Generate correct HII data offset.
3. Fixed a bug for incorrect PCD value used in conditional statement.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16784 6f19259b-4bc3-4df7-8a09-765794883524
Use the example.com domain as recommended in RFC 2606.
NOTE: This does not modify the wording of the "TianoCore Contribution
Agreement 1.0" section
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Bruce Cran <bruce.cran@gmail.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16724 6f19259b-4bc3-4df7-8a09-765794883524
NASM tool version should be 2.07 instead of 2.0.7.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16596 6f19259b-4bc3-4df7-8a09-765794883524
Add support for the usage which is defined in the above line for a Protocol/Ppi/Guid
Add support for “!ERROR”
Ignore issue of parsing a macro
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16487 6f19259b-4bc3-4df7-8a09-765794883524
Gcc option -mno-unaligned-access is supported by gcc 4.7 and newer, so it shouldn't be used with gcc 4.6.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Olivier Martin <Olivier.martin@arm.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16464 6f19259b-4bc3-4df7-8a09-765794883524
Fix an issue of storing wrong PCD into XML file to only store PcdEx for AsBuilt sections
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@Intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16426 6f19259b-4bc3-4df7-8a09-765794883524
Revision 16400 adds support for Windows hosted gcc versions 4.8 and 4.9.
With this change, all of the GCCXX tool chains can be used from Windows.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16418 6f19259b-4bc3-4df7-8a09-765794883524
Here is a new patch that adds Windows support for both gcc 4.8.x and gcc 4.9.x.
This time testing is more thorough: boot testing using Duet for all 4 combinations of
IA32/X64 and gcc 4.8.2 and gcc 4.9.1 passes. A Windows hosted gcc 4.8.2 has been added here:
http://sourceforge.net/projects/edk2developertoolsforwindows/
The environment variable settings for Windows look like:
set UEFI_BUILD_TOOLS=%cd%\tools
set NASM_PREFIX=%UEFI_BUILD_TOOLS%\nasm211\
set GCC48_BIN=%UEFI_BUILD_TOOLS%\gcc482-x86\bin\
set GCC48_DLL=%UEFI_BUILD_TOOLS%\gcc482-x86\dll\;%GCC48_BIN%
set GCC48_ARM_PREFIX=%UEFI_BUILD_TOOLS%\gcc482-arm\bin\
set GCC48_AARCH64_PREFIX=%UEFI_BUILD_TOOLS%\gcc482-aarch64\bin\
set GCC49_BIN=%UEFI_BUILD_TOOLS%\gcc491-x86\bin\
set GCC49_DLL=%UEFI_BUILD_TOOLS%\gcc491-x86\dll\;%GCC49_BIN%
set GCC49_ARM_PREFIX=%UEFI_BUILD_TOOLS%\gcc491-arm\bin\
set GCC49_AARCH64_PREFIX=%UEFI_BUILD_TOOLS%\gcc491-aarch64\bin\
No change is needed for building from Linux.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16400 6f19259b-4bc3-4df7-8a09-765794883524
When R_AARCH64_CALL26/R_AARCH64_JUMP26 relocations referred to static
functions, they sometime refer to the start of the '.text' section + addend.
It means the addend is different of '0'.
The non-patched code (before applying the relocation) already contains
the correct offset.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Olivier Martin <olivier.martin@arm.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16302 6f19259b-4bc3-4df7-8a09-765794883524
Update to show what the patch looks like in email form.
NOTE: This does not modify the wording of the "TianoCore Contribution
Agreement 1.0" section
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16297 6f19259b-4bc3-4df7-8a09-765794883524
This script is intended to assist with MASM to NASM syntax
conversions.
The output should be manually inspected and adjusted as needed, since
this script does not provide a perfect conversion.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Acked-by: Yingke D Liu <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16285 6f19259b-4bc3-4df7-8a09-765794883524
While edk2 is still maintained in SVN, Many edk2 developers use git
for their main workflow, using the official mirrors.
Add a .gitignore to the EDK II root, BaseTools and Conf directories to
prevents files generated as part of the build from cluttering up "git
status" output.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
[removed Linaro-specific bits, rework for upstream]
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16213 6f19259b-4bc3-4df7-8a09-765794883524
Support for building BaseTools on AArch64 is available in the tree, but
not currently "plugged in". This patch adds the required snippet.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Olivier Martin <olivier.martin@arm.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16169 6f19259b-4bc3-4df7-8a09-765794883524
1. Fix a bug of generating additional EOL in file header.
2. Fix a bug of format error for Defines section.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@Intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16153 6f19259b-4bc3-4df7-8a09-765794883524
1. Fix a bug of packaging a full path file in zip at Linux.
2. Fix a format error of generating Hob/Event/BootMode information.
3. Fix a bug of generating additional “GUID” subtype for “UNDEFINED” guid.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@Intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16149 6f19259b-4bc3-4df7-8a09-765794883524
This modification adds all of the other files within the tool’s directory tree that would be a cause to rebuild the tool.
The format in the Makefile for listing these other files was selected to allow the nightly build script to detect changes in the additional files.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: lhauch <larry.hauch@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16103 6f19259b-4bc3-4df7-8a09-765794883524
Add the missing 'MacroDict' field in FfsInfStatement.
The issue is that BaseTools/Source/Python/GenFds/FfsInfStatement.py", line 448, in __ExtendMacro__
String = GenFdsGlobalVariable.MacroExtend(String, self.MacroDict)
AttributeError: OptRomInfStatement instance has no attribute 'MacroDict'
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16099 6f19259b-4bc3-4df7-8a09-765794883524
The default object type for NASM is raw binary, and this will not link.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrew Fish <afish@apple.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16085 6f19259b-4bc3-4df7-8a09-765794883524
Developer - Tool add process:
1) Developer adds code for the new tool.
2) Developer updates the Makefile in the C or Python directory
a) The entry must make sure that the executable is generated in the BaseTools\Bin\Win32 directory and any supporting files are copied to the same directory as part of the build step.
3) Developer adds the <Toolname>.exe under the [Bin.Win32] section in the BinaryFiles.txt file.
4) Developer adds other files required to be present in the [ExtraFiles.Win32] section in the BinaryFiles.txt file.
Build Server:
1) Build all binaries by calling nmake on the Source\C\Makefile and Source\Python\Makefile
2) After building the binaries, the build server verify that the files listed in BaseTools\Source\BinFiles.txt are also in the edk2-toolbinaries project,
a. If a file is not under source control, then the build server will add file as long as it is present.
File format:
[SectionName.TargetDir]
File1
File2
…
Where:
SectionName is one of Bin, ExtraFiles or CxFreeze
TargeDir is the name of the subdirectory in the BaseTools\Bin directory tree.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: lhauch <larry.hauch@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16063 6f19259b-4bc3-4df7-8a09-765794883524
Remove redundant copy action for binary module to copy binary files to output directory only when the binary module is a library
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@Intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16057 6f19259b-4bc3-4df7-8a09-765794883524
Replace os.linesep with '\r\n' when generating UNI files to make sure all files are under DOS format.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16041 6f19259b-4bc3-4df7-8a09-765794883524
Note: Only tested with the GCC49 toolchain so far.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16016 6f19259b-4bc3-4df7-8a09-765794883524
Xcode 5 changed the arguments required to supoprt X64 EFIAPI so it is a new
target. XCODE5 supports Xcode 5.* and Xcode 6.*, and will probably support
future versions of Xcode as well.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Anderw Fish <afish@apple.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15979 6f19259b-4bc3-4df7-8a09-765794883524
-fno-merge-constants is not supported by clang, and it warns it will turn into
a hard error in the future.
-Wno-deprecated-declarations removes warnings about obsolete libraries that
are not secure.
-Wno-self-assign removes warnings from LZMA code.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Anderw Fish <afish@apple.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15938 6f19259b-4bc3-4df7-8a09-765794883524
The XCODE32 target is used to build the x86_64 Mac OS X application for the
emulator. The other Xcode targets build the EFIAPI needed for UEFI. This patch
removes an obsolete command line argument.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrew Fish <afish@apple.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15930 6f19259b-4bc3-4df7-8a09-765794883524
Updated the VolInfo version output to remove the tool description from the --version output string.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: lhauch <larry.hauch@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15924 6f19259b-4bc3-4df7-8a09-765794883524
1. Support a force binary build mode by adding “--ignore-source” to command line options.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15897 6f19259b-4bc3-4df7-8a09-765794883524
1. Add a recovery mode for UPT failure
2. Add UNI file support
3. Add binary file header support
4. Add support for PCD error message
5. Add support for replace
6. Format generated INF/DEC files
7. Update dependency check
8. Other minor fixes
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15896 6f19259b-4bc3-4df7-8a09-765794883524
We strongly prefer that contribtions be offered using the same license
as the project/module. But, we should document other acceptable
licenses for contributions.
This will allow package owners to more easily know if they can accept
a contribution under a different source license.
NOTE: This does not modify the wording of the "TianoCore Contribution
Agreement 1.0" section
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Mark Doran <mark.doran@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15892 6f19259b-4bc3-4df7-8a09-765794883524
1. Add a checkpoint to check if an UNI file is a valid UTF-16 file
2. Add a checkpoint to check if a GUID/PPI/PROTOCOL/PCD is in a valid format.
3. Some other minor changes.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15886 6f19259b-4bc3-4df7-8a09-765794883524
This changes includes new scripts that breaks out some of the functionality in edksetup.bat and eliminates calling the toolsetup.bat file in BaseTools directory.
Edk2Setup.bat is to be used for testing. If no bugs are reported by the end of September, 2014, the file will be renamed to edksetup.bat.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: lhauch <larry.hauch@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15867 6f19259b-4bc3-4df7-8a09-765794883524
1. Skip the content defined in USER EXTENSION section without raising an error.
2. Wrap os.utime to use two arguments.
3. Add GenFdsCommand for PlatformAutoGen
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15865 6f19259b-4bc3-4df7-8a09-765794883524
2. If there are sub directories in current module, the corresponding directory in OUTPUT should be created.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Chen, Hesheng <hesheng.chen@intel.com>
Reviewed-by: Feng, Bob C <bob.c.feng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15860 6f19259b-4bc3-4df7-8a09-765794883524
1. Fix a bug in GenFds for wrongly handling '"' of command line parameter.
2. Provide different input parameter mode for different OS. For Linux, using a list. For Windows, using a string.
3. Remove 3 un-existing function calling.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15847 6f19259b-4bc3-4df7-8a09-765794883524
v2:
* Use EDK II tool name of NASMB rather than NASMBIN
* Use EDK II extension of .nasmb rather than .nasmbin
v3:
* Create listing file
* Don't change into source directory
* Add ENV(NASM_PREFIX) before nasm for NASM_PATH
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15820 6f19259b-4bc3-4df7-8a09-765794883524
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: lhauch <larry.hauch@intel.com>
Fix the behavior of the –version flag in the Rsa2048Sha256 tools and update logic for showing program name, version, usage, and copyright information to match other BaseTools.
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15805 6f19259b-4bc3-4df7-8a09-765794883524
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
Add support for RSA 2048 SHA 256 signing and verification encoded in a PI FFS GUIDED Encapsulation Section. The primary use case of this feature is in support of signing and verification of encapsulated FVs for Recovery and Capsule Update, but can potentially be used for signing and verification of any content that can be stored in a PI conformant FFS file. Signing operations are performed from python scripts that wrap OpenSsl command line utilities. Verification operations are performed using the OpenSsl libraries in the CryptoPkg.
The guided encapsulation sections uses the UEFI 2.4 Specification defined GUID called EFI_CERT_TYPE_RSA2048_SHA256_GUID. The data layout for the encapsulation section starts with the UEFI 2.4 Specification defined structure called EFI_CERT_BLOCK_RSA_2048_SHA256 followed immediately by the data. The signing tool included in these patches performs encode/decode operations using this data layout. HashType is set to the UEFI 2.4 Specification defined GUID called EFI_HASH_ALGORITHM_SHA256_GUID.
MdePkg/Include/Guid/WinCertificate.h
=================================
//
// WIN_CERTIFICATE_UEFI_GUID.CertType
//
#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
{0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
///
/// WIN_CERTIFICATE_UEFI_GUID.CertData
///
typedef struct {
EFI_GUID HashType;
UINT8 PublicKey[256];
UINT8 Signature[256];
} EFI_CERT_BLOCK_RSA_2048_SHA256;
MdePkg/Include/Protocol/Hash.h
=================================
#define EFI_HASH_ALGORITHM_SHA256_GUID \
{ \
0x51aa59de, 0xfdf2, 0x4ea3, {0xbc, 0x63, 0x87, 0x5f, 0xb7, 0x84, 0x2e, 0xe9 } \
}
The verification operations require the use of public key(s). A new PCD called gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer is added to the SecurityPkg that supports one or more SHA 256 hashes of the public keys. A SHA 256 hash is performed to minimize the FLASH overhead of storing the public keys. When a verification operation is performed, a SHA 256 hash is performed on EFI_CERT_BLOCK_RSA_2048_SHA256.PublicKey and a check is made to see if that hash matches any of the hashes in the new PCD. It is recommended that this PCD always be configured in the DSC file as storage type of [PcdsDynamixExVpd], so the public keys are stored in a protected read-only region.
While working on this feature, I noticed that the CRC32 signing and verification feature was incomplete. It only supported CRC32 based verification in the DXE Phase, so the attached patches also provide support for CRC32 based verification in the PEI Phase.
I also noticed that the most common method for incorporating guided section extraction libraries was to directly link them to the DXE Core, which is not very flexible. The attached patches also add a generic section extraction PEIM and a generic section extraction DXE driver that can each be linked against one or more section extraction libraries. This provides a platform developer with the option of providing section extraction services with the DXE Core or providing section extraction services with these generic PEIM/DXE Drivers.
Patch Summary
==============
1) BaseTools - Rsa2049Sha256Sign python script that can perform test signing or custom signing of PI FFS file GUIDed sections
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard OS path or in path specified by OS environment variable called OPENSSL_PATH
c. Provides standard EDK II command line arguments for a tool that encodes/decodes guided encapsulation section
Rsa2048Sha256Sign - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256Sign -e|-d [options] <input_file>
positional arguments:
input_file specify the input filename
optional arguments:
-e encode file
-d decode file
-o filename, --output filename
specify the output filename
--private-key PRIVATEKEYFILE
specify the private key filename. If not specified, a
test signing key is used.
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
2) BaseTools - Rsa2049Sha256GenerateKeys python script that can generate new private/public key and PCD value that is SHA 256 hash of public key using OpenSsl command line utilities.
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard path or in path specified by OS environment variable called OPENSSL_PATH
Rsa2048Sha256GenerateKeys - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256GenerateKeys [options]
optional arguments:
-o [filename [filename ...]], --output [filename [filename ...]]
specify the output private key filename in PEM format
-i [filename [filename ...]], --input [filename [filename ...]]
specify the input private key filename in PEM format
--public-key-hash PUBLICKEYHASHFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in binary format
--public-key-hash-c PUBLICKEYHASHCFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in C structure format
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
3) BaseTools\Conf\tools_def.template
a. Define GUID/Tool to perform RSA 2048 SHA 256 test signing and instructions on how to use alternate private/public key
b. GUID is EFI_CERT_TYPE_RSA2048_SHA256_GUID
c. Tool is Rsa2049Sha256Sign
4) MdeModulePkg\Library\PeiCrc32GuidedSectionExtractionLib
a. Add peer for DxeCrc32GuidedSectionExtractionLib so both PEI and DXE phases can perform basic integrity checks of PEI and DXE components
5) MdeModulePkg\Universal\SectionExtractionPei
a. Generic PEIM that can link against one or more NULL section extraction library instances to provided one or more GUIDED Section Extraction PPIs
6) MdeModulePkg\Universal\SectionExtractionDxe
a. Generic DXE Driver that can link against one or more NULL section extraction library instances to provide one or more GUIDED Section Extraction Protocols.
7) SecurityPkg\Library\PeiRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs PEI phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
8) SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs DXE phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15800 6f19259b-4bc3-4df7-8a09-765794883524
relocations
- ADR_PREL_LO21: support for loading a PC relative label offset.
- R_AARCH64_CONDBR19: support for conditional branch instruction (ELF64 code: 280).
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Harry Liebel <Harry.Liebel@arm.com>
Signed-off-by: Olivier Martin <olivier.martin@arm.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15745 6f19259b-4bc3-4df7-8a09-765794883524
This change will point to the correct location of the rc.exe tool.
RC.exe is used for building UEFI compliant drivers that must have a UEFI_HII_RESOURCE_SECTION generated as part of the .efi image file.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: lhauch <larry.hauch@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15735 6f19259b-4bc3-4df7-8a09-765794883524
Vs2013 issue #1: warning message about uninitialized variables or pointers like this:
s:\incbld\ia32\intelframeworkmodulepkg\bus\isa\isabusdxe\isabus.c(395) : warning C4701: potentially uninitialized local variable 'DevicePathData' used
s:\incbld\ia32\intelframeworkmodulepkg\bus\isa\isabusdxe\isabus.c(395) : warning C4703: potentially uninitialized local pointer variable 'DevicePathData' used
LINK : fatal error LNK1257: code generation failed
The following online messages shows discussions related to this vs2013 issue and how Microsoft engineer responded. They suggest a work around by adding the initialization for the variables.
https://connect.microsoft.com/VisualStudio/feedback/details/816730/bogus-warning-from-vs-2013
Vs2013 issue #2:
C:\Program Files\Windows Kits\8.1\include\um\winnt.h(5105) : error C2220: warning treated as error - no 'object' file generated
C:\Program Files\Windows Kits\8.1\include\um\winnt.h(5105) : warning C4005: 'InterlockedCompareExchange64' : macro redefinition
This happened for Nt32Pkg.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang, Yu <yu.wang@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15722 6f19259b-4bc3-4df7-8a09-765794883524
As long as $EDK_TOOLS_PATH is properly set, the BaseTools/ directory
is not necessary in the workspace. The BuildEnv file itself suggests
setting the variable if BaseTools/ is not available.
However, this only works if the user also sets $WORKSPACE. Otherwise,
BuildEnv refuses to set WORKSPACE itself and does not even try to use
the preset $EDK_TOOLS_PATH. Remove the check that fails, as it does
not have any practical benefit.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15702 6f19259b-4bc3-4df7-8a09-765794883524
GCC 4.9 may use 64-byte (0x40) alignment for data sections.
Therefore we use a different link script for GCC 4.9. The only
difference from the gcc4.4-ld-script is the alignment for data
sections.
When using the GCC48 toolchain with GCC 4.9, this error would be
encountered by GenFw:
> GenFw: ERROR 3000: Invalid
> Unsupported section alignment.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15697 6f19259b-4bc3-4df7-8a09-765794883524
Eric Dong
Liming Gao
lhauch
Bob Feng
Chen, Hesheng
Cinnamon Shia
Erik Bjorge
Yingke Liu
Jordan Justen
Aaron Pop
Scott Duplichan
Cecil Sheng
Olivier Martin
Ryan Harkin
Nikolai Saoukh
Leif Lindholm
Andrew Fish
Abner Chang
Michael Kinney
Harry Liebel
Wang, Yu
Paolo Bonzini
Gao, Liming liming.gao