Commit Graph

17572 Commits

Author SHA1 Message Date
Yao, Jiewen a3cad6f867 SecurityPkg: Correct NumberOfPCRBanks calculation.
Previously, NumberOfPCRBanks is calculated based on TPM
capability. However, there might be a case that TPM hardware
support 1 algorithm, but BIOS does not support and BIOS
mask it via PCD. This causes the conflict between
HashAlgorithmBitmap and NumberOfPCRBanks.
So we move the NumberOfPCRBanks calculation based on
HashAlgorithmBitmap to make sure the data is consistent.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19660 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18 05:49:39 +00:00
Yao, Jiewen 87361c6a54 SecurityPkg: Replace TREE macro with TCG2.
Since Tcg2Dxe driver follows TCG spec, we should use
TCG2 MACRO, instead of TREE macro.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19659 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18 05:48:32 +00:00
Ruiyu Ni 4a50cf4ebd MdeModulePkg: Add generic PciHostBridgeDxe driver.
This driver links to PciHostBridgeLib provided by platform/silicon to
produce PciRootBridgeIo and PciHostBridgeResourceAllocation protocol.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19658 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18 04:50:18 +00:00
Ruiyu Ni 32fa5588ff MdePkg: Add PciSegmentLib instance based on PciLib
This PciSegmentLib instance only supports Segment 0 access.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19657 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18 04:50:04 +00:00
Ruiyu Ni 7ff66d3c4a MdeModulePkg: Add PciHostBridgeLibNull
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19656 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18 04:49:54 +00:00
Ruiyu Ni 9e9a30bd16 MdeModulePkg: Add new library class PciHostBridgeLib
PciHostBridgeDxe driver needs PciHostBridgeLib implemented by platform
to provide the root bridge related information and may call into
PciHostBridgeLib when resource conflicts happen.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19655 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18 04:49:22 +00:00
Liming Gao 9ab925fdf7 EdkCompatibilityPkg: Fix wrong guid value of gEfiManagedNetworkProtocolGuid
UEFI2.1B corrects the guid value of gEfiManagedNetworkProtocolGuid.
ECP package updates its value in ManagedNetwork.h, but miss the one
in EdkIIGlueLib.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19654 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18 03:03:19 +00:00
Jiaxin Wu a51896e475 NetworkPkg: Fix SPD entry edit policy issue in IPSecConfig.
The current implementation doesn't handle the relationship
between SPD and SAD well, which may introduce some security
and connection issue after SPD updated.
For SPD entry edit policy, if one SPD entry is edited/updated,
the original SAs list should be discard. Current IPSecConfig
tool does not dealt properly with those rules.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19653 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18 01:59:41 +00:00
Jiaxin Wu 4991eeffcd NetworkPkg: Fix IpSec SPD and SAD mapping issue when SPD is updated
The current implementation doesn't handle the relationship between
SPD and SAD well, which may introduce some security and connection
issue after SPD updated.
For SPD SetData policy:
 A) When delete the existed SPD entry, its related SAs also should be
removed from its Sas list(SadEntry->BySpd). If the SA entry is
established by IKE, we can remove it from global SAD list(SadEntry->List)
and then free it directly since its SpdEntry will be freed later.
 B) SPD SetData operation should do some setting date validity-check.
For example, whether the SaId specified by setting Data is valid. If
the setting date is invalid, EFI_INVALID_PARAMETER should be returned.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19652 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18 01:59:16 +00:00
Yonghong Zhu 22061fab23 BaseTools: VPD Tool to allocate VPD region be aligned based on value type
Base on build spec update, ASCII strings(“string”), will be byte aligned,
Unicode strings(L”string”) will be two-byte aligned, Byte arrays,
{0x00, 0x01} will be 8-byte aligned.
This patch is going to update VPD Tool to allocate VOID* PCDs to an offset
value that is aligned based in syntax of the PCD value.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19651 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18 01:47:50 +00:00
Yonghong Zhu 5a13737abf BaseTools: VOID* PCDs in VPD region must be aligned based on value type
Base on build spec update, ASCII strings(“string”), will be byte aligned,
Unicode strings(L”string”) will be two-byte aligned, Byte arrays,
{0x00, 0x01} will be 8-byte aligned.
This patch is going to halt with an error message if a VOID* PCD has an
offset value that is not aligned based on the syntax of the PCD value.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19650 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18 01:46:25 +00:00
Yonghong Zhu 8b54f22f60 BaseTools: Fix GenPatchPcdTable to support '-' characters in file names
The Regular Expression parsing of lines in MAP files does not currently
support the use of '-' in the column for the filename the symbol is
sources from, it cause a build break from the GenPatchPcdTable.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19649 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18 01:42:20 +00:00
Tapan Shah ccdf8bcfe4 ShellPkg: Update 'dh' command to reflect correct driver handle information
'dh' command shows Supported EFI Specification Version value as DriverVersion. Changing it to 'SupportedEfiSpecVersion' to provide more accurate information.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Tapan Shah <tapandshah@hpe.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19648 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-15 17:05:18 +00:00
Dandan Bi 0196c24a94 MdeModulePkg:Fix the potential memory leak issue in Display Engine
The MenuOption insert to gMenuOption allocate memory every time,but not free.
Now add the code to free it.And for Date/Time,it will create 3 menus,but previously
the Description point to the same address,so when free the Description,it will cause
issue,now reset the Description pointer.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19647 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-15 09:50:40 +00:00
Chao Zhang 623538ff98 SecurityPkg: SecureBootConfigDxe: Fix string typo
Fix secure boot mode transition string typo.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19646 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-15 05:26:04 +00:00
Chao Zhang 02dd6af921 SecurityPkg: SecureBootConfigDxe: Enhance secure boot string update logic
ExtractConfig is called many times, so it's not efficient to update Secure Boot STR_SECURE_BOOT_STATE_CONTENT, STR_CUR_SECURE_BOOT_MODE_CONTENT string in ExtractConfig.
As these 2 strings are displayed on one form, always update them when opening the form.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19645 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-15 01:06:51 +00:00
Chao Zhang 668ceb0ea1 SecurityPkg: SecureBootConfigDxe: Change KEY_TRANS_SECURE_BOOT_MODE value
Change KEY_TRANS_SECURE_BOOT_MODE value, as it conflicts with OPTION_DEL_KEK_QUESTION_ID.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19644 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-15 00:58:37 +00:00
Jiaxin Wu a74f05d972 NetworkPkg: Remove DNS QType and QClass definition
This patch is used to remove DNS QType and QClass definition in
DnsImpl.h since it will be exposed in NetLib.h.

Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19643 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-14 03:00:38 +00:00
Jiaxin Wu a57cdf337d MdeModulePkg: Add DNS QType and QClass values definition
This patch is used to add DNS QType and QClass values definition
in NetLib.h

Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19642 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-14 03:00:16 +00:00
Paulo Alcantara ef422fc53c NetworkPkg: Fix some typos in Http boot driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Paulo Alcantara <paulo.alc.cavalcanti@hp.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19640 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-12 01:37:48 +00:00
Chao Zhang 91e914f587 SecurityPkg: TcgDxe,Tcg2Dxe,TrEEDxe: New PCD for TCG event log and TCG2 final event log area
TCG event log and TCG2 final event log area length can be configurable to meet platform event log
requirement.
PcdTcgLogAreaMinLen    : 0x10000  based on minimum requirement in TCG ACPI Spec 00.37
PcdTcg2FinalLogAreaLen : 0x8000   based on experience value

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19639 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-12 00:37:02 +00:00
Ard Biesheuvel d764d59849 BaseTools AARCH64: build XIP modules with strict alignment
GCC for AARCH64 recognizes byte swapping load and store sequences
and may replace them with wider loads or stores combined with rev
instructions. In some cases (i.e., with GCC version 5 and later)
this may result in unaligned accesses, which are not allowed before
we turn the MMU on.

So build any modules or static libraries that may execute with the MMU
off with -mstrict-align. Other modules don't need this switch, so we
can remove it from the CLANG35/AARCH64 common CC flags.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19638 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11 08:50:49 +00:00
Ard Biesheuvel 3a02a87f9f BaseTools AARCH64: add separate GCC build rule for XIP objects
This introduces a special .c to .obj build rule for GCC/AARCH64 that
takes into account additional compiler flags that have been specified
via *_*_*_CC_XIPFLAGS. These will be passed after (and in addition to)
the ordinary CC_FLAGS.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19637 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11 08:50:39 +00:00
Michael Thomas 819a2394f1 BaseTools/VfrCompile: honor CC if it is set
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Thomas <malinka@entropy-development.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19636 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11 07:42:03 +00:00
Yao, Jiewen 7ae130da85 SecurityPkg: Clear AuthSession content after use.
Some commands in Tpm2CommandLib accept AuthSession
as input parameter and copy to local command buffer.
After use, this AuthSession content should be zeroed,
because there might be some secrete there.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19635 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11 05:18:32 +00:00
Yao, Jiewen f1e95ab817 SecurityPkg: Add Tpm2Startup return code check.
Tpm2Startup does not check TPM device return code.
It might cause problem, that error is not detected
in Tcg2Peim, for example, S3 resume case.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19634 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11 05:15:18 +00:00
Yao, Jiewen afcef7560f SecurityPkg: MOR drivers use Tcg2Protocol instead of TrEE.
The official TCG standard uses Tcg2Protocol, instead of TrEE.
We should update TCG driver to use Tcg2Protocol, too.
TrEE should be used only for old TrEE implementation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19633 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11 05:12:31 +00:00
Feng Tian c592181266 MdeModulePkg/NvmExpressDxe: Fix MS toolchain /Od 32bit build failure
Note NVME_ACQ & NVME_ASQ internal data structure are changed to make
build pass.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19632 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11 02:47:21 +00:00
Feng Tian faf0f16cef MdeModulePkg/UfsBlockIoPei: Fix MS toolchain /Od 32bit build failure
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19631 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11 02:46:36 +00:00
Ruiyu Ni e8e1bdd66a MdeModulePkg: Fix GraphicsConsole driver resolution out of sync issue
When the GOP doesn't support the resolution specified by
PcdVideoHorizontalResolution and PcdVideoVerticalResolution,
the code tries to set the resolution to 800x600 but uses the resolution
equals to the PCD when calculating the text print position.
The patch fixes the bug by updating the resolution to 800x600 for
this case.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19630 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11 02:29:09 +00:00
Hao Wu de3ecb331f PcAtChipsetPkg SerialIoLib: Fix VS2010 build error
When overriding compiler options '/GL' with '/GL-', VS2010 will report
warning C4701 potentially uninitialized local variable for 'LcrParity'
and 'LcrStop' in function SerialPortSetAttributes().

This commit fixes this build issue.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19629 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11 00:34:36 +00:00
Hao Wu 4977ee965f MdeModulePkg BaseSerialPortLib: Fix VS2010 build error
When overriding compiler options '/GL' with '/GL-', VS2010 will report
warning C4701 potentially uninitialized local variable for 'LcrParity'
and 'LcrStop' in function SerialPortSetAttributes().

This commit fixes this build issue.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19628 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11 00:34:15 +00:00
Daryl McDaniel c96bf1ff2c StdLib: Fix compilation errors caused by previous commit of daConsole.c
Move functions da_ConFlush and da_ConClose to just before da_ConPoll so that
they are defined after any calls to them.

Replace da_ConFlush with the actual final implementation instead of the
initial version which was committed.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Daryl McDaniel <edk2-lists@mc2research.org>
Reviewed-by: Michael Zimmermann <sigmaepsilon92@gmail.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19627 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-10 21:23:51 +00:00
Ruiyu Ni 2e26862c6d MdeModulePkg: DeleteLoadOptionVariable() removes Boot####
Change EfiBootManagerDeleteLoadOptionVariable() to not just
remove #### from BootOrder but also remove Boot#### variable.

The old behavior tries to do less for performance but it leaves
unreferenced Boot#### which cannot be reclaimed in variable
reclaim operation though the Boot#### will be eventually be overwritten
by EfiBootManagerAddLoadOptionVariable().

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19626 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-08 07:16:22 +00:00
Eric Dong 20fe162556 Refine error handle code, avoid assert when load this module twice.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19625 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-08 05:21:55 +00:00
Fu Siyuan 0507449955 MdeModulePkg: Update MNP driver to recycle TX buffer asynchronously.
This patch updates the MNP driver to recycle TX buffer asynchronously, instead 
of using a while loop wait after each transmit command.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com> 

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19624 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-08 02:38:34 +00:00
Fu Siyuan 7b4b93a247 MdeModulePkg: update SNP.GetStatus to handle multiple recycled TX buffer.
This patch fixes a bug in SNP.GetStatus() interface. The UNDI driver may return
multiple transmitted buffers in a single GetStatus command, while SNP.GetStatus
could only return one pointer each time, the rest of them are lost. This patch
fixes this issue by store these recycled pointer in a temporary buffer in SNP
driver.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com> 

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19623 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-08 02:21:25 +00:00
Samer El-Haj-Mahmoud c2967d35d8 SecurityPkg : Tpm2DeviceLibDTpm : Rename TisTpmCommand to avoid name collision
Change TisTpmCommand to Tpm2TisTpmCommand. Makes function name more clear.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19622 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-08 01:36:45 +00:00
Michael Kinney b7d5f6ca13 QuarkPlatformPkg/PlatformSecureLib: Remove redundant GPIO expander config
Remove GPIO expander configuration actions that are now performed in
PEI Phase in PlatformInit module.  In order to detect physical presence
only the state of the Reset Button needs to be read.

Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Kelly Steele <kelly.steele@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19621 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07 22:43:31 +00:00
Michael Kinney 406d857544 QuarkPlatformPkg/PlatformEarlyInit: Configure GPIO expander
Configure GPIO expander in PEI phase
1) Configure all GPIO expander pins connected to Reset Button as inputs
2) Configure multiplexer for I2C to route I2C bus to Arduino Header

Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Kelly Steele <kelly.steele@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19620 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07 22:43:22 +00:00
Michael Kinney b1169100d6 QuarkPlatformPkg/PlatformHelperLib: Move PCAL functions for PEI use
The functions used to manage the PCAL GPIO I2C expander are located
in a DXE specific source file.  Move these functions to a source
file that is common to both the PEI and DXE versions of this library
so these GPIO pins can be managed from PEIMs.

Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Kelly Steele <kelly.steele@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19619 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07 22:43:11 +00:00
Michael Kinney 8b43c84e2d QuarkPlatformPkg/PlatformInit: Adjust memory bin size to avoid reboot
Update memory bin sizes in Memory Type Information on first boot after
FLASH update to avoid reboot when memory bins are too small when all
features are enabled.

Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Kelly Steele <kelly.steele@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19618 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07 22:31:13 +00:00
Michael Kinney 655dabe338 SecurityPkg/Tcg: Fix debug messages
Debug messages are using a format strings with %s for
a Unicode string, but the strings being printed are
ASCII strings and this results in corrupted debug
messages.  Change the the format string to use %a
instead of %s.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19617 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07 22:24:22 +00:00
Tapan Shah e49ecad0fa ShellPkg: Clean-up 'map' command error message handling
Refactor 'map' command error handling code and add standard error message

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Tapan Shah <tapandshah@hpe.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19616 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07 22:01:28 +00:00
Michael Kinney eb0e964936 QuarkSocPkg: Remove X64 from SUPPORTED_ARCHITECTURES
QuarkSocPkg is only for IA32.  Remove X64 from SUPPORTED_ARCCHITECTURES in
DSC file.

Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Kelly Steele <kelly.steele@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19615 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07 21:52:53 +00:00
Laszlo Ersek 1fea9ddb4e OvmfPkg: execute option ROM images regardless of Secure Boot
Change the image verification policy for option ROM images to 0x00
(ALWAYS_EXECUTE).

While this may not be a good idea for physical platforms (see e.g.
<https://trmm.net/Thunderstrike>), on the QEMU platform the benefits seem
to outweigh the drawbacks:

- For QEMU's virtual PCI devices, and for some assigned PCI devices, the
  option ROMs come from host-side files, which can never be rewritten from
  within the guest. Since the host admin has full control over a guest
  anyway, executing option ROMs that originate from host-side files
  presents no additional threat to the guest.

- For assigned physical PCI devices with option ROMs, the argument is not
  so clear-cut. In theory a setup could exist where:

  - the host-side UEFI firmware (with DENY_EXECUTE_ON_SECURITY_VIOLATION)
    rejects the option ROM of a malicious physical PCI device, but

  - when the device is assigned to the guest, OVMF executes the option ROM
    in the guest,

  - the option ROM breaks out of the guest (using an assumed QEMU
    vulnerability) and gains QEMU user privileges on the host.

  However, in order to escalate as far as it would happen on the bare
  metal with ALWAYS_EXECUTE (i.e., in order to gain firmware-level access
  on the host), the malicious option ROM would have to break through (1)
  QEMU, (2) traditional UID and GID based privilege separation on the
  host, (3) sVirt (SELinux) on the host, (4) the host OS - host firmware
  boundary. This is not impossible, but not likely enough to discourage
  the use cases below.

- This patch makes it possible to use unsigned iPXE network drivers that
  QEMU presents in the option ROMs of virtual NICs and assigned SR-IOV
  VFs, even if Secure Boot is in User Mode or Deployed Mode.

- The change also makes it possible to execute unsigned, outdated
  (revoked), or downright malicious option ROMs of assigned physical
  devices in guests, for corporate, entertainment, academia, or security
  research purposes.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19614 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07 18:48:17 +00:00
Laszlo Ersek 65d2bf4223 OvmfPkg: inherit Image Verification Policy defaults from SecurityPkg
Secure Boot support was originally addded to OvmfPkg on 2012-Mar-09, in
SVN r13093 (git 8cee3de7e9), titled

  OvmfPkg: Enable secure-boot support when SECURE_BOOT_ENABLE==TRUE

At that time the image verification policies in
SecurityPkg/SecurityPkg.dec were:

- option ROM image:      0x00 (ALWAYS_EXECUTE)
- removable media image: 0x05 (QUERY_USER_ON_SECURITY_VIOLATION)
- fixed media image:     0x05 (QUERY_USER_ON_SECURITY_VIOLATION)

The author of SVN r13093 apparently didn't want to depend on the
SecurityPkg defaults for the latter two image origins, plus the
ALWAYS_EXECUTE policy for option ROM images must have been deemed too lax.
For this reason SVN r13093 immediately spelled out 0x05
(QUERY_USER_ON_SECURITY_VIOLATION) within OvmfPkg for all three image
origins.

Fast forward to 2013-Aug-28: policy 0x05
(QUERY_USER_ON_SECURITY_VIOLATION) had been forbidden in the UEFI spec,
and SVN r14607 (git db44ea6c4e) reflected this in the source code:

- The policies for the latter two image origins were switched from 0x05 to
  0x04 (DENY_EXECUTE_ON_SECURITY_VIOLATION) in SecurityPkg,

- the patch changed the default policy for option ROM images too, from
  0x00 (ALWAYS_EXECUTE) to 0x04 (DENY_EXECUTE_ON_SECURITY_VIOLATION),

- any other client DSC files, including OvmfPkg's, underwent a whole-sale
  0x05 (QUERY_USER_ON_SECURITY_VIOLATION) -> 0x04
  (DENY_EXECUTE_ON_SECURITY_VIOLATION) replacement too.

The practical result of that patch for OvmfPkg was that the explicit 0x04
settings would equal the strict SecurityPkg defaults exactly.

And that's what we have today: the "override the default values from
SecurityPkg" comments in OvmfPkg's DSC files are stale, in practice.

It is extremely unlikely that SecurityPkg would change the defaults from
0x04 (DENY_EXECUTE_ON_SECURITY_VIOLATION) any time in the future, so let's
just inherit those in OvmfPkg.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19613 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07 18:48:13 +00:00
Feng Tian 1d3fa1bd38 MdeModulePkg/ScsiDisk: Increase the value of SCSI_DISK_TIMEOUT to 30s
As ScsiDisk and ScsiBus driver are used to manage SCSI or ATAPI devices,
the timeout value is updated to 30s to follow ATA/ATAPI spec in which
the device may take up to 30s to respond command.

The change is used to solve device compatibility issue found with a TEAC
DV-W28S-WZ3 slim DVD plus a SONY AccuCORE DVD-R media in which the DVD
spends 8s to response READ_CAPACITY cmd after resetting the host machine.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19612 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07 07:03:54 +00:00
Feng Tian 7cac240163 MdeModulePkg/Ide: return correct status when DRQ is not ready for ATAPI
When executing ATAPI cmd at IDE mode, EFI_SUCCESS may be returned wrongly
with old logic but in fact DRQ is not ready and the transaction doesn't
get executed correctly at this time.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19611 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07 07:03:32 +00:00
Laszlo Ersek bdc063e134 Revert "ShellPkg : Add UEFI_APPLICATION module type to UefiShellInstall1CommandsLib.inf"
SVN r19585 broke the OVMF build:

> ShellPkg/Library/UefiShellInstall1CommandsLib/UefiShellInstall1CommandsLib.inf(20):
> error 3001: MODULE_TYPE UEFI_DRIVER UEFI_APPLICATION is not supported
> for EDK II, valid values are:
>  BASE SEC PEI_CORE PEIM DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER
>  DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_DRIVER UEFI_APPLICATION USER_DEFINED
>  SMM_CORE

Revert the patch.

Reported-by: Laszlo Ersek <lersek@redhat.com>
Suggested-by: "El-Haj-Mahmoud, Samer" <samer.el-haj-mahmoud@hpe.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19610 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-06 16:23:20 +00:00