https://bugzilla.tianocore.org/show_bug.cgi?id=48297f17a15 (2024/02/22)
"OvmfPkg: Shell*.inc: allow building without network support"
breaks building OVMF with `-D NETWORK_ENABLE=0`.
Before this commit we could build OVMF e.g. with the following
command in the OvmfPkg directory:
./build.sh -D NETWORK_ENABLE=0
After the commit the same command fails early with:
/home/user/OpenSource/edk2/OvmfPkg/OvmfPkgX64.dsc(15):
error F001: Pcd (gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections)
defined in DSC is not declared in DEC files referenced in INF files in
FDF. Arch: ['X64']
This commit conditionally removes the undefined Pcd reference in
NetworkPkg which is part of this issue.
Similar changes are needed in separate commits for
OvmfPkg (and for ArmVirtPkg, since the issue also
exists there, although masked by another issue).
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
As per the emailed RFC in
https://edk2.groups.io/g/devel/topic/rfc_move/107675828,
this patch moves CompilerIntrinsicsLib from ArmPkg to
MdePkg as this library provides compiler intrinsics, which
are industry standard.
This aligns with the goal of integrating ArmPkg into existing
packages: https://bugzilla.tianocore.org/show_bug.cgi?id=4121.
The newly placed CompilerIntrinsicsLib is added to MdeLibs.dsc.inc
as every DSC that builds ARM/AARCH64 needs this library added. The
old location is removed from every DSC in edk2 in this commit also
to not break bisectability with minimal hoop jumping.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
AsmMacroIoLib.h and AsmMacroIoLibV8.h are used by the
CompilerIntrinsicsLib, which is moving to MdePkg. These
functions provide standard definitions for ARM/AARCH64
assembly code, respectively, and so are moved to the arch
directories in MdePkg to avoid MdePkg having a
dependency on ArmPkg.
Now that the files are in Arm/ and AArch64/ directories,
the filenames are changed to AsmMacroLib.h as we can
distinguish the architecture from the path.
AsmMacroIoLib.inc is unused and so is removed.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
AArch64/ashlti3.S was using AsmMacroIoLib.h which is the ARM version
of these definitions. AsmMacroIoLibV8.h is the AARCH64 version of
these defintions. This patch moves that file to use the proper arch
file.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
After the loongarch flash block size is changed from 128K to 256K,
qemu requires that the UEFI firmware size be aligned with the flash block size(256K).
Otherwise, the firmware cannot be loaded,
Use the following code to resolve the old firmware loading problem:
mv QEMU_EFI.fd QEMU_EFI.fd-bak
cat QEMU_EFI.fd-bak /dev/zero | head -c 16m > ./QEMU_EFI.fd
mv QEMU_VARS.fd QEMU_VARS.fd-bak
cat QEMU_VARS.fd-bak /dev/zero | head -c 16m > ./QEMU_VARS.fd
For the new firmware, we refer to other architecture UEFI and
set the UEFI firmware size to align with the flash block size(256K).
So for this patch, we set the UEFI firmware size to 256K alignment.
Cc: Bibo Mao <maobibo@loongson.cn>
Cc: Chao Li <lichao@loongson.cn>
Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
When a Serial device resets, the Modem Control Register Data Terminal
Ready and Request to Send need to be cleared also. Otherwise the
registers will be left in their previous state, and the connected device
will not be able to transmit data.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
The natural aligmenent seems to be failed on some cases. So, this patch
intends to add the pack(1) to ensure the structure aligned with a
one-byte boundary.
Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
Moved SetMemN API to a separate file to eliminate unnecessary inclusion
of InternalMemSetMem64 and InternalMemSetMem32 APIs in driver binary.
When the compiler linking the Object files it may not remove all the
unused from NASM OBJs. This change is to reorganize the C files to
minimize the impact of the NASM behavior resulting is code size
reduction.
Signed-off-by: Ashraf Ali <ashraf.ali.s@intel.com>
- In c36414b131 change, it was introduced
the ReadyToBoot event check to prevent the boot service got called
in runtime to cause the issue.
- In this patch introduced the ExitBootService event to replace it.
It would be better to base on the BootService status to decide
the source of ESRT table.
- Based on the BootService availability to decide,
- Exit : Use cache ESRT table in IF-condition
- Not Exit: Use boot service to locate protocol in ELSE-condition
Co-authored-by: Dakota Chiang <dakota.chiang@intel.com>
Signed-off-by: Jason1 Lin <jason1.lin@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4831
In this patch introduced the below changes,
[1] Add the event of system resource table installed callback.
- Register the event in DxeRuntimeCapsuleLibConstructor ()
- Unregister the event in DxeRuntimeCapsuleLibDestructor ()
[2] Migrate the event to update the module variable to cache ESRT table
from ReadyToBoot to system resource table installed.
[3] Add the condition to free the pool of buffer when the "mEsrtTable"
is not NULL.
Co-authored-by: Dakota Chiang <dakota.chiang@intel.com>
Signed-off-by: Jason1 Lin <jason1.lin@intel.com>
Under normal operation, some 30 or so of these lines logged as DEBUG_INFO
on first transmit.
This is not relevant information for users of the driver, so convert these
messages to VERBOSE.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
Report PXE error status via Status Code, with this design,
it will be flexible to register a status code handler
via gEfiRscHandlerProtocolGuid to output the customized error code
to other telemetry service.
The subclass code is `EFI_IO_BUS_IP_NETWORK`
Signed-off-by: Ethan Hsu <Eathonhsu@gmail.com>
When CPU smm profile feature was enabled, unblocked memory should
not set logging attribute when building resource HOB.
Signed-off-by: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
A potential issue may happen when FSP creates/changes page table while
bootloader doesn't expect page table being changed in FSP.
Current, FSP API support to save/restore stack, IDT and general purpose
registers. Following the same pattern, add save/restore page table
support to solve this issue.
Note that this feature only impacts FSP API mode, and is controlled
by PCD PcdFspSaveRestorePageTableEnable. For compatibility, the PCD
default value is set as FALSE.
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
The code changes in the patch is for trimming the leading path
to the modified directory in the .pytool/EccCheck script.
This is necessary when running Ecc on other repositories,
such as edk2-platforms, where the platform package is located
in a subfolder, like Platform/AMD/AmdPlatformPkg.
The EccCheck script checks for modified directories and expects them to start with the package name.
#
# Skip directory names that do not start with the package being scanned.
#
if file_dir.split('/')[0] != pkg:
continue
However, if the package name is in a subfolder,
the "git diff" command gives a relative path,
like Platform/AMD, which causes the condition to be false.
"M Platform/AMD/AmdPlatformPkg/Universal/LogoDxe/Logo.c"
As a result, EccCheck does not happen on modified files.
To fix this issue, the leading path needs to be trimmed
so that it starts from the directory name.
This change will not affect the existing check for the edk2 repository,
where all package names are at the first level directory.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Joey Vagedes <joey.vagedes@gmail.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Abdul Lateef Attar <AbdulLateef.Attar@amd.com>
If we search the codebase for &gEdkiiVariablePolicyProtocolGuid
we can find two drivers which install this policy:
VariableRuntimeDxe (installed in VariableDxe.c) and
VariableSmmRuntimeDxe (installed in VariablePolicySmmDxe.c).
The .inf file for VariableRuntimeDxe incorrectly lists the protocol
as CONSUMES in the comment, so change this to PRODUCES.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
GetProcessorInfo copies CpuData instead of CpuData.Info. The OUT parameter
ProcessorInfoBuffer is of type EFI_PROCESSOR_INFORMATION, not CPU_AP_DATA.
Fix it to copy the correct member CpuData.Info.
Signed-off-by: Vishal Oliyil Kunnil <quic_vishalo@quicinc.com>
BaseTools was moved out to a separate repo and consumed as a pip
module by edk2 CI. This process has not led to the desired goals
of doing so, so this patch removes the pip based BaseTools from
edk2 CI.
The original goal of moving BaseTools to a pip module was
primarily to speed up the development process, as the old edk2
mailing list was slow. However, with edk2 moving to PRs, it now
actually slows the BaseTools development process to have to do
a PR in another repo, publish the module, and then make a PR
in edk2 to consume the new BaseTools. It also holds up using
the features in a new BaseTools in other PRs.
There were other goals of moving, such as allowing projects to
use the BaseTools outside of edk2. This can still be accomplished
outside of this PR, this PR simply stops edk2 CI from using the
pip module.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Commit 6862b9d538 makes
more explicit the previous logic of the code anyway, which is that
it is (and was) only a fatal error if all secure algorithms fail.
However the comment updated by this commit seems somewhat
incompatible with that change, and even with the previous code
(which operated as now, just logging different error messages).
This updates the comment to be more compatible with how the
code operates.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
Refer to the section 2.1 of tdx-virtual-firmware-design-guide spec,
APCI S3 is not supported in TDVF.
Therefore, TDVF should not read the S3 status via fw_cfg and always
set it as unsupported.
spec: https://cdrdv2.intel.com/v1/dl/getContent/733585
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Currently, the NULL version Tdx functions are only built for Ia32.
In BaseLib, the others architectures also need such NULL version
Tdx functions.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
The PcdCpuSmmRestrictedMemoryAccess is declared as either a dynamic or fixed
PCD. It is not recommended for use in the MM CPU driver.
Furthermore, IsRestrictedMemoryAccess() is only needed for SMM. Therefor,
there is no need for MM to consume the PcdCpuSmmRestrictedMemoryAccess.
So, this patch is to add the SMM specific file for its own functions, with
the change, the dependency of the MM CPU driver on
PcdCpuSmmRestrictedMemoryAccess can be removed.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Currently, mCpuSmmRestrictedMemoryAccess is only used by the
IsRestrictedMemoryAccess(). And IsRestrictedMemoryAccess() can
consume the PcdCpuSmmRestrictedMemoryAccess directly. Therefore,
mCpuSmmRestrictedMemoryAccess can be cleaned to simply the code
logic.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
After the 9f29fbd3, full mapping SMM page table is always created
regardless the value of the PcdCpuSmmRestrictedMemoryAccess. If so,
SMM PageTable Attributes can be set to ready-only since there is no
need to update it. So, this patch is to remove restricted memory
access check when setting the SMM PageTable attributes.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
SetPageTableAttributes() will use the IfReadOnlyPageTableNeeded() to
determine whether it is necessary to set the page table itself to
read-only. And IfReadOnlyPageTableNeeded() has already token into
account the status of IsRestrictedMemoryAccess(). Therefore, there
is no need for an additional call to IsRestrictedMemoryAccess()
before calling the SetPageTableAttributes().
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Deadloop if PFAddr is not supported by system, no need check SMM CPU
RestrictedMemory access enable or not.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Following the commit 9f29fbd3, full mapping SMM page table is always
created regardless the value of the PcdCpuSmmRestrictedMemoryAccess.
Consequently, a page fault (#PF) that triggers an update to the page
table occurs only when SmiProfile is enabled. Therefore, it is
necessary to save and restore the CR2 register when SmiProfile is
configured to be enabled.
And the operation of saving and restoring CR2 is considered to be
not heavy operation compared to the saving and restoring of CR3.
As a result, the condition check for SmiProfile has been removed,
and CR2 is now saved and restored unconditionally, without the need
for additional condition checks.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
SmiPFHandler depends on the IsSmmCommBufferForbiddenAddress() to do
the forbidden address check:
For SMM, verifying whether an address is forbidden is necessary only
when RestrictedMemoryAccess is enabled.
For MM, all accessible address is recorded in the ResourceDescriptor
HOB, so no need check the RestrictedMemoryAccess is enabled or not.
This patch is to move RestrictedMemoryAccess check into SMM
IsSmmCommBufferForbiddenAddress to align with above behavior. With
the change, SmiPFHandler doesn't need to check the
RestrictedMemoryAccess enable or not.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
This patch breaks the section processing loop if an invalid section with zero SectionLength is encountered.
Signed-off-by: Ragavarshini B <ragavarshinib@ami.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dhanaraj V <vdhanaraj@ami.com>
Cc: Sachin Ganesh <sachinganesh@ami.com>
This adds constants and structure definitions for Send/Get Boot Progress
Code through IPMI, according to Server Base Manageability Requirements
(SBMR) [1], Appendix F.
[1] https://developer.arm.com/documentation/den0069
Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
Starting with Visual Studio 2019 version 16.10, the /volatileMetadata
option is enabled by default when generating x64 code.
This patch disables the /volatileMetadata option for x64 builds in both
VS2019 and VS2022.
We observed a slight increase in used space for the Firmware volumes in
VS2019. Upon investigation, we found that VS2019 version 16.10 enabled
this feature by default. Disabling /volatileMetadata helps reduce the
used space by approximately 3.5KB by considering the 2 Firmware volumes
(2KB uncompressed FV and 1.5KB of compressed FV)
Signed-off-by: Ashraf Ali <ashraf.ali.s@intel.com>
After updating Doxygen, we can see that SetBootMode returns the BootMode
instead of status code as it should, fix it to return status.
Signed-off-by: Vishal Oliyil Kunnil <quic_vishalo@quicinc.com>
The Doxygen comment for SetBootMode and GetBootMode in PrePiHobLib/Hob.c
does not match declaration in PrePiLib.h. The C file has it wrong. Align
the text to match the header.
Signed-off-by: Vishal Oliyil Kunnil <quic_vishalo@quicinc.com>
ACPI 6.5 adds mode flags that could do with
more human-readable display in Acpiview. This
adds support for displaying those flags.
Signed-off-by: Carsten Haitzler <carsten.haitzler@foss.arm.com>
In BmFindBootOptionInVariable() we prevent passing a NULL pointer to
EfiBootManagerFindLoadOption(). However, it can accept a NULL pointer as
the second argument as long as count is zero. This change updates the
assert condtion to only assert if the pointer is NULL and the count is
non-zero.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
This patch replaces call of IpmiSubmitCommand() issued
REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE IPMI command to check
whether bootstrap credential support enabled or not.
The problem is that in accordance with IPMI spec while handling
such command BMC creates bootstrap account. The credentials of this account
is returned as a response. Obviously in this code the response is not used.
From the other side there is an implementation
of EDKII_REDFISH_CREDENTIAL_PROTOCOL exists and used by
RedfishPlatformCredentialIpmiLib.
By design RedfishPlatformCredentialIpmiLib keeps returned bootstrap
credentials and uses it later. So all services using
EDKII_REDFISH_CREDENTIAL_PROTOCOL instance operates with a same
credentials.
Current design of PlatformHostInterfaceBmcUsbNicLib leads to creation
of two bootstrap accounts on BMC side. This is on nesseccary and one
account is not used at all.
Using EDKII_REDFISH_CREDENTIAL_PROTOCOL prevents from creating useless
bootstrap account on BMC side.
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
PlatformHostInterfaceBmcUsbNicLib.c: In function 'CheckBmcUsbNic':
PlatformHostInterfaceBmcUsbNicLib.c:1253:14: error: error: 'HandleBuffer'
may be used uninitialized in this function [-Werror=maybe-uninitialized]
Status =
CheckBmcUsbNicOnHandles (BufferSize/sizeof (EFI_HANDLE), HandleBuffer);
cc1: all warnings being treated as errors
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
/RedfishDiscoverDxe.c:1979:37: error: 'RestExInstance' may be used
uninitialized in this function [-Werror=maybe-uninitialized]
RestExInstance->Signature = EFI_REDFISH_DISCOVER_DATA_SIGNATURE;
cc1: all warnings being treated as errors
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
Add the necessary toolchain override flags for ms_abi and LTO on X64 for
the unversioned GCC toolchain profile.
This resolves a runtime segmentation fault.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
Move all BaseCryptLib resolutions for 32-bit ARM to MbedTls, which does
not require a softfloat library, which can therefore be dropped from
EDK2 entirely going forward.
Note that this implies no TLS networking for 32-bit ARM, as this code
has a direct dependency on OpenSSL, so move the TlsLib resolution to a
AARCH64-only section to force the build to fail early when attempting to
build 32-bit ARM targets with NETWORK_TLS_ENABLE set.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This patch removes the _DSM Memory Clear and MOR
auto-detect functionality via _PTS, as
_DSM Memory Clear was deprecated in TCG PC Client
Reset Attack Mitigation Spec Version 1.10 revision 17
Family "2.0" and _PTS is deemed security deficient.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Remove unused MemoryClear SMI Handler, which is no longer
used due to _DSM Memory Clear no longer being used.
_DSM Memory Clear was deprecated in 2019 by TCG PC Client
Platform Reset Attack Mitigation Spec Version 1.10 revision 17
Family "2.0".
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Comments out a redundant call to RestoreTpl(). While this does not
technically violate spec on raise/restore TPL, TPL should already be at
the specified level. This extra call introduces an asymmetry between
RaiseTpl and RestoreTpl calls, which makes analysis of TPL correctness
more difficult and hampers certain non-standard TPL usages that some
platforms require. Additionally, the two TPL variables were renamed to
provide context for each of them.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
Adds a call to RestoreTpl() in DiskIo2ReadWriteDisk(). While the current
implementation does not technically violate spec on raise/restore TPL,
this extra call ensures symmetry between RaiseTpl and RestoreTpl calls,
which makes analysis of TPL correctness simpler and permits certain
non-standard TPL usages that some platforms require.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
Gerd reports that ArmVirtQemu running under KVM lost network boot
support on systems that do not implement the RNDR/RNDRRS system
registers, which provide an architectural, CPU-based source of random
numbers. Under KVM, the TRNG SMCCC is available as a fallback, which is
exposed via RngDxe but not via the base RngLib library. This means that
direct users of RngLib, such as OpensslLib, have no access to the TRNG
based entropy source.
Let's fix this by resolving RngLib dependencies for UEFI_DRIVER type
drivers via DxeRngLib, which uses the protocol exposed by RngDxe
internally.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
- This PR aims to prevent a buffer overrun issue found in FtwGetLastWriteHeader
function.As per the current code, when there is a malformed blocks (with all bytes as 0s)
then `Offset += FTW_WRITE_TOTAL_SIZE (FtwHeader->NumberOfWrites,
FtwHeader->PrivateDataSize)` would access beyond FtwWorkSpaceSize.
- Also added the signature check to validate work space
Signed-off-by: Sureshkumar Ponnusamy <sponnusamy@microsoft.com>
Mike Beaton
Oliver Smith-Denny
Xianglai Li
Carsten Haitzler
Ken Lautner
Nhi Pham
Ashraf Ali
Jason1 Lin
yhsu3
Hongbin1 Zhang
Zhiguang Liu
Abdul Lateef Attar
Vishal Oliyil Kunnil
Ceping Sun
Jiaxin Wu
ragavarshinib
Rebecca Cran
Mike Maslenkin
Leif Lindholm
Ard Biesheuvel
John Strange
Sureshkumar Ponnusamy