BaseTools has a limitation that modules in FVs that are force rebased
must have the same file and section alignment. This is intended for
XIP modules.
VS2019 and previous VS toolchains did not set 4k section alignment,
but VS2022 does, in order for memory protections to be applied to
images. This causes issues when building SEC and PEI modules on
VS2022 as the file alignment is 0x20 but the section alignment
is 0x1000, so BaseTools will fail to generate the FV. One option
is to set the file alignment to 0x1000 for all of these files, but
that is a large waste of space and is not feasible on some platforms
that have limited flash space. The other option is to selectively
set 0x20 as the section alignment for SEC and PEI modules, which is
the approach GCC ARM/AARCH64 took.
This is only an issue for building 64-bit PEI on x86 currently, as
other architectures are not supported by VS2022 in edk2 yet. For IA32,
the section alignment is set to 0x20 and so it matches the file
alignment, however x64 PEI uses the X64 DLINK flags which have 0x1000
set. For other architectures that don't have the PEI/DXE architecture
split, this is also an issue.
This commit is required to use VS2022 as the default CI in edk2, as
OvmfPkgX64.dsc will fail to build. Any platform with 64-bit PEI also
requires this.
This commit also updates CryptoPkg.dsc and SecurityPkg.dsc as they
are setting custom section alignments.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
VS2022's DLINK2_FLAGS (containing only /WHOLEARCHIVE) was commented
out during upstreaming, due to some downstream platform issues
when /WHOLEARCHIVE was set. This does not prove an issue for edk2
and is what is used for earlier versions of VS, so is added here
for VS2022.
If platforms see issues, bugs should be filed on edk2 (or fixed in
the platform if applicable).
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
Adds a VS Code GitHub issue notebook that can be used with the VS
Code GitHub Issue Notebook Extension to view PR queries on
Tianocore repositories.
VS Code extension:
https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-github-issue-notebooks
This is intended to provide a single real-time dashboard that
reflects PR status from all Tianocore repositories so users can
track their PRs and quickly find PRs that need their attention.
To use this, install the VS Code extension and open the file.
This can be done in a Web browser at vscode.dev or locally in
VS Code.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Since TdxHelperLib was defined in LibraryClasses for OvmfPkgX64.dsc,
the extra definitions is removed.
And for other dsc, add the Null-TdxHelperLib to remove the extra
definitions.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Add TdTcg2Pei in OvmfPkgX64.dsc in early PEI phase to
support CC measurement.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Because PeiTpmMeasurementLib supports both TCG measurement and CC
measurement, it shall be controled by TPM2_ENABLE and
CC_MEASUREMENT_EANBLE.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
TdTcg2Pei is added to install the gEdkiiCcPpi for a TD-Guest.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Since TdxHelperLib has the API(TdxHelperMapPcrToMrIndex)
to map PCR to MR index, the duplicate codes are removed.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Add below APIs to support the implementation for CC measurement.
- TdxHelperMapPcrToMrIndex
- TdxHelperHashAndExtendToRtmr
- TdxHelperBuildTdxMeasurementGuidHob
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Since the TdxHelperLib is used for measurement
in PEI phase, it required TDVF to add the library.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
PeiTpmMeasurementLib is updated to support both TCG measurement and
CC Measurement. gEfiPeiMasterBootModePpiGuid is removed from [Depex]
because it is not needed for the library.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
gEdkiiCcPpi is designed to support CC measurement in PEI phase.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Following the UEFI Shell Specification revision 2.2,
add helper for the '-fwui' option of the reset command.
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
According to ACPI Specification, 64 bit physical address of the XSDT
provides indentical functionality to the RSDT but accommodates physical
address of description headers that are larger than 32 bits.
In this case physical address of XSDT table is 64 bit aligned, however
size of ACPI description tabled header is not 64 bit aligned. It leads
to the entry of other description headers are not 64 bit aligned. In
AARCH64 architecture, deference non-aligned 64 bit address to fetch
64-bit data will trigger Alignment fault. Use ReadUnaligned64 method
to fix this unaligned data access issue.
Signed-off-by: Ajan Zhong <ajan.zhong@newfw.com>
If alignment check is enabled in AARCH64 platform, FDT parser might
dereference non-aligned 64-bit address to fetch 64-bit data.
Use unaligned data read to avoid triggering unaligned data access.
Signed-off-by: Ajan Zhong <ajan.zhong@newfw.com>
While IScsiDxe certainly is a useful feature it is rarely used, and it
slows down firmware boot quite a bit. So disable it by default and only
load it in case this is explicitly requested via fw_cfg.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
UefiDriverEntryPointFwCfgOverrideLib will use
PcdEntryPointOverrideDefaultValue to decide what to do in case the
fw_cfg file specified via PcdEntryPointOverrideFwCfgVarName is not
present. Default is "yes".
This allows to disable drivers by default and only enable them when
requested via fw_cfg.
Also log a message with the config option applied and whenever the
default value or a fw_cfg option was used.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use UefiDriverEntryPointFwCfgOverrideLib for UsbMassStorageDxe so
the driver can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/UsbStorageSupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use UefiDriverEntryPointFwCfgOverrideLib for IScsiDxe so the driver
can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/ISCSISupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use UefiDriverEntryPointFwCfgOverrideLib for VirtioNetDxe so the driver
can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/VirtioNetSupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Currently, the only way to disable PXE boot options is to change the PCD
variables PcdIPv4PXESupport and PcdIPv6PXESupport in the source code or
use the "--pcd" option in the build script. Other boot options such
as HTTP or iSCSI can be disabled using the -D<option> flag.
NETWORK_PXE_BOOT_ENABLE will add a consistent way to disable PXE booting.
This is the third and final part of a series of patches to enable the
NETWORK_PXE_BOOT_ENABLE build flag. At this point, the flag will be able
to disable PXE functionality.
Signed-off-by: Alexander Gryanko <xpahos@gmail.com>
The second step is to add an option to the OvmfPkg module to disable
PXE booting using the NETWORK_PXE_BOOT_ENABLE flag. The patch is divided
into 3 parts. At the current stage the flag is not functional.
Signed-off-by: Alexander Gryanko <xpahos@gmail.com>
The first step is to add an option to disable PXE loading. The patch is
divided into 3 parts. This part adds the NETWORK_PXE_BOOT_ENABLE flag
to the ArmVirtPkg module. At the current stage the flag is not functional.
Signed-off-by: Alexander Gryanko <xpahos@gmail.com>
The GetRandomNumber functions in DxeRngLib can return success without
actually generating a random number. This occurs because there are code
paths through `GenerateRandomNumberViaNist800Algorithm` that do not
initialize the `Status` variable.
- Assume mFirstAlgo == MAX_UINTN (no secure algorithms available)
- Assume none of the secure algorithms have `Available` set.
- Assume PcdEnforceSecureRngAlgorithms is TRUE.
In this condition, the `Status` variable is never initialized, `Buffer`
data is never touched. It is fairly likely that Status is 0, so we can
return EFI_SUCCESS without writing anything to Buffer.
Fix is to set `Status = error_code` in this code path.
`EFI_SECURITY_VIOLATION` seems appropriate.
Signed-off-by: Doug Cook <idigdoug@gmail.com>
DebugLib PCDs are very important, but they're confusing and not
well-explained anywhere. Improve the documentation comments for them to
explain how they work and how they relate to each other.
Signed-off-by: Doug Cook <idigdoug@gmail.com>
The scratch buffer (EfiBootServicesData) is assigned to extract DXE FVs
that are compressed. The matching decompression library returns the buffer
size as below. The buffer is no longer used after completing extraction.
Need to free the buffer to optimize memory allocation and usage.
BaseUefiDecompressLib : sizeof (SCRATCH_DATA)
LzmaCustomDecompressLib : SCRATCH_BUFFER_REQUEST_SIZE (64KB)
BrotliCustomDecompressLib : From EncodeData header (usually, xxMB checked)
In case of Brotli decompression, it is found that a big chunk of memory is
required, based on EncodeData header. (e.g. a 4MB compressed FV reports
about 39MB scratch size)
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
The issue with locating the expected interface and endpoint descriptors
arises because `configDesc` (USB_CONFIG_DESCRIPTOR) and `IfDesc`
(USB_INTERFACE_DESCRIPTOR) are incremented by structure size rather than
by actual descriptor length.
Specifically:
- `configDesc` should be incremented by its actual length.
- `IfDesc` should be incremented by its actual length.
This incorrect increment causes misalignment, preventing access to the
subsequent interface and endpoint descriptors.
[Suggested Solution]
Update the code to increment the pointers by the actual descriptor lengths,
ensuring proper access to all descriptors in the USB configuration.
Signed-off-by: Aniket Surekar <Aniket.Surekar@Dell.com>
According to UEFI spec 2.10 errata A section 7.4.6
"All events from the EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES and
EFI_EVENT_GROUP_EXIT_BOOT_SERVICES event notification groups as well
as events of type EVT_SIGNAL_EXIT_BOOT_SERVICES must be signaled
before ExitBootServices() returns EFI_SUCCESS. The events are only
signaled once even if ExitBootServices() is called multiple times."
So keep track of whether ExitBootServices() has been called, and signal
the event group EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES only the first
time around.
EFI_EVENT_GROUP_EXIT_BOOT_SERVICES will only be signalled if
ExitBootServices() is going to run to [successful] completion, after
which calling it a second time is not possible anyway. So for this case,
no special handling is needed.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
When booting at EL2, enable VHE if available so that the early ID map
can be enabled as well. This gets rid of any memory accesses (reads or
writes) before the MMU and caches are enabled.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Oliver Smith-Denny
Michael Kubacki
Ceping Sun
John Chung
Pierre Gondois
Ajan Zhong
Gerd Hoffmann
Alexander Gryanko
Mike Maslenkin
Doug Cook (WINDOWS)
Rebecca Cran
Phil Noh
Aniket_Surekar
Ard Biesheuvel
Chao Li