With mSecureHashAlgorithms being static this should not be
needed any more.
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
With mSecureHashAlgorithms being static this should not be
needed any more.
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Links from acpica.org are now redirected to the ACPICA overview page
on intel.com. Update the link so it goes to the 20200717 download page.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Check PcdConfidentialComputingGuestAttr instead of calling
MemEncryptSevIsEnabled() and MemEncryptTdxIsEnabled() to figure
whenever SEV or TDX is enabled.
This allows to remove the MemEncryptSevLib + MemEncryptTdxLib
dependencies.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Improve the formatting of the error message when GetVariable
fails: start the message with an upper-case character, and close the
quotes around the variable name.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
The Fedora 40 images uses gcc 14, includes libasan and
libubsan, clang, and some fixes and improvements.
See c98ff99762
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
The BDF format for PCI initiators in the SRAT table is incorrect.
The format is not a UINT16 but specific bytes.
PCI Bus Number (Bits 7:0 of Byte 2)
PCI Device Number (Bits 7:3 of Byte 3)
PCI Function Number (Bits 2:0 of Byte 3)
REF: https://uefi.org/specs/ACPI/6.5/05_ACPI_Software_Programming_Model.html#device-handle-pci
Signed-off-by: Jeff Brasen <jbrasen@nvidia.com>
Intel's ACPICA download is no longer on acpica.org, but that site
redirects to pages on intel.com. Update the link to acpica.org to
the new ACPICA download page.
Microsoft's acpi.info no longer exists, so update the link to point to
Microsoft's ACPI compiler information page.
While here, update the nasm link from http to https.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Update Tpm12.h and Tpm20.h and not use c++ reserved keywords
operator and xor in C structures to support use of these
include files when building with a C++ compiler.
This patch removes the temporary use of anonymous unions and
warning 4201 disable for VS20xx tool chains to complete the
following field name changes:
* operator -> operator_
* xor -> xor_
NOTE: This is a non-backwards compatible change to Tpm12.h
and Tmp20.h. And consumers of these include files that access
the "operator" or "xor" fields must be updated.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Change xor to xor_ to avoid C++ reserved work name collisions
when building with C++ compilers.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Update Tpm12.h and Tpm20.h and not use c++ reserved keywords
operator and xor in C structures to support use of these
include files when building with a C++ compiler.
This patch temporarily introduces an anonymous union to add
operator_ and xor_ fields to support migration from the current
field names to the new field names.
Warning 4201 is disabled for VS20xx tool chains is a temporary
change to allow the use of anonymous unions.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Links from acpica.org are now redirected to the ACPICA overview page
on intel.com. Update the link so it goes to the 20200517 download page.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4874
Question CheckBox, OneOf and Numeric can refer to Bit EFI VarStore.
CheckBox: data type is Boolean (1 byte),
Numeric/Oneof: data type is always UNIT32 for BIT VarStore,
When get default value for BIT VarStore, should return default value
with sizeof (UINT32) rather than the byte the bit width occupied.
Or incorrect default value will be used due to the size mismatch.
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
When updating memory attributes, if only access attributes are changed,
the default memory cache attribute is NULL and a CACHE_CC is added by
default.
Signed-off-by: Chao Li <lichao@loongson.cn>
BlockIo2 Read/Write/Flush APIs should signal the token's event when the
I/O operation completes, but the Emulator APIs do not. As a result, any
code that tries to implement async I/O will hang on emulator.
Both Windows and Unix emulator hosts work the same way:
- All I/O is completed synchronously.
- All I/O implementations contain the comment:
`// Caller is responsible for signaling EFI Event`
However, the protocol implementations do not signal the event, so the
event is never signalled.
Fix is to signal the event in the appropriate protocol implementations.
- If the host API returns success then the I/O is complete since it's
always synchronous.
- If there is a Token and Token->Event is not null and the I/O is
successful then the event should be signalled.
Signed-off-by: Doug Cook <idigdoug@gmail.com>
Introduce support for generating ACPI CPU SSDT table
for the X64 architecture.
Creates processor objects based on configuration data.
Cc: Sami Mujawar <Sami.Mujawar@arm.com>
Cc: Pierre Gondois <pierre.gondois@arm.com>
Signed-off-by: Abdul Lateef Attar <AbdulLateef.Attar@amd.com>
Updates X64 namespace object.
Updates the object parser.
Updates the Readme.
Cc: Sami Mujawar <Sami.Mujawar@arm.com>
Cc: Pierre Gondois <pierre.gondois@arm.com>
Signed-off-by: Abdul Lateef Attar <AbdulLateef.Attar@amd.com>
Currently, PciHostBridgeUtilityGetRootBridgesHostProvided allocates memory
for aperture structures without clearing memory. This causes garbage in
the Translation field, but the Base and Limit fields have the correct
values because they are copied from the HOST_BRIDGE_INFO fields in the
HardwareInfoPciHostBridgeHostBridgeHostBridgeGetApertures function.
RootBridge: PciRoot(0x0)
Support/Attr: 70069 / 70069
DmaAbove4G: No
NoExtConfSpace: No
AllocAttr: 3 (CombineMemPMem Mem64Decode)
Bus: 0 - 80 Translation=0
Io: 6000 - FFFF Translation=5E9EB018
Mem: 80000000 - DFFFFFFF Translation=0
MemAbove4G: 600000000000 - 7FFFFFFFFFFF Translation=0
PMem: FFFFFFFFFFFFFFFF - 0 Translation=0
PMemAbove4G: FFFFFFFFFFFFFFFF - 0 Translation=0
Signed-off-by: Alexander Gryanko <xpahos@gmail.com>
Since the pixiefail CVE fix the network stack requires a hardware
random number generator. This can currently be a modern CPU supporting
the RDRAND instruction or a virtio-rng device.
The latter is initialized during the BDS phase.
To ensure all depending (network) modules are also started, we need to
run the dispatcher once more after the device was initialized.
Without this, network boot is not available under certain hardware
configurations.
Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
Analysed-by: Stefano Garzarella <sgarzare@redhat.com>
Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
StrSize() cannot return 0. As done in other packages, StrSize()
checks the length of the string doesn't exceed
PcdMaximumUnicodeStringLength. Add comments to make it more obvious.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4859
Reported-by: Tormod Volden <debian.tormod@gmail.com>
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
The "Found ACPI table" messages are informative and don't indicate an
error, so reduce the debug level from DEBUG_ERROR to DEBUG_INFO.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
ArmVirtKvmTool might execute at EL2 when running under nested
virtualization, and in this case, it should not use HVC but SMC to
invoke PSCI and SMCCC services.
Like QEMU, kvmtool provides the PSCI conduit via a node in the FDT, and
as per the SMCCC, the PSCI conduit and the SMCCC conduit are guaranteed
to be the same. So switch to the ArmMonitorLib implementation that
selects the conduit based on this FDT node.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
The implementation of ArmMonitorLib that selects the conduit (SMC or
HVC) based on the PSCI FDT node is suitable for other VMMs as well, so
rename it more appropriately.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
HCR_EL2 may contain fields that should be preserved (such as E2H, which
may be RES1 for all intents and purposes other than reading back the
register). So preserve the existing value when setting the TGE bit.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
With VHE enabled, EL2 uses the EL2&0 translation regime, which is
compatible with the EL1&0 translation regime when it comes to the TCR
configuration register and the page table descriptor.
Given that some CPUs may have VHE force enabled when executing at EL2,
the MMU code needs to be able to deal with this even if it doesn't
enable VHE itself.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Remove the code path for execution at EL3, which just dumps an error.
None of the other code is remotely suitable for execution at EL3, and so
just ASSERT()'ing here is sufficient, and simplifies future changes
related to VHE.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
When VHE is enabled, some pre-existing timer system register specifiers
are redirected to the HYP timer. To access the conventional timer,
special aliases have to be used that end in _EL02.
These aliases are not understood by Clang's internal assembler, so use
the generic mnemonics instead.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Add definitions for the non-global page tables descriptor attribute, as
well as the E2H TCR bit, so that we can use them in the MMU code.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
ARM requires softfloat routines when incorporating OpenSSL, which is a
bit of a hassle for no benefit, given that ARM is mostly obsolete at
this point.
SignedCapsulePkg relies on OpenSSL for authentication, and while it
might be feasible to migrate ARM to MbedTLS and retain support, let's
just drop support entirely.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
ArmSoftFloatLib is going away, so remove all residual references to it.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Redfish uses JsonLib, which supports encoding real numbers. This
handling is implemented using C floating point types, which means that
on 32-bit ARM, a softfloat library is required, even though the CPUs we
still (marginally) care about all support floating point in hardware.
The UEFI spec does not permit the use of floating point on ARM at all,
and so the correct thing to do here is to simply disable this driver on
32-bit ARM entirely.
Note that the ARM platform code does allow the VFP unit to be enabled at
boot time, and so rebuilding this driver with hardware FP should be
feasible, in case anyone has an interest in running it on a 32-bit ARM
system.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Drop the ArmSoftFloatLib dependency from the OpensslLib implementations,
so that we can retire this git submodule and associated dependencies in
other components.
The upshot of this is that OpenSSL can no longer be used on 32-bit ARM
by components that rely on the random number generation routines (which
is where the floating point usage resides). In practice, this means that
ARM platforms should use MbedTLs instead for things like signed
capsules, authenticated variables and TPM2 support. HTTPS boot is no
longer supported, as TlsDxe depends on OpensslLib directly.
Note that MbedTLS itself -surprisingly- depends on OpensslLib as well,
but only for the SM3 routines, and incorporating those does not require
softfloat support.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
If a GitHub account has been deleted entirely, a `None` user will
be returrned from the GitHub API. This change accounts for a `None`
user when querying GitHub APIs for user information.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
This patch updates libspdm to pull in various bug fixes,
but primarily commit ca4854be3325bd8fc7f2c714574d17aac2d4e13b
which updates libspdm's MbedTLS submodule to v3.6.2, fixing
CVE https://nvd.nist.gov/vuln/detail/CVE-2023-37920 there.
This CVE does not affect libspdm or edk2, but automatic
CVE scanning tools see the bad version of the certifi
pip module in the edk2/libspdm code trees and flag these
projects as failing.
libspdm has been updated to pull in the newer MbedTLS that
fixes this issue and this patch updates edk2 to pull in
the newer libspdm.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
As TPM2.0 is popular, updating default value for the Setup menu supports
a benefit for some systems that have another TPM Setup menu to select
TPM2.0 devices (e.g. dTPM, fTPM) depending on platform bios.
For example, when loading default configuration using F9 key in Setup
(Brower Action: SystemLevel), it is possible for them to load an
unsynchronized value. If user does not adjust the value before saving
Setup, it could influence an unexpected TPM initialization at next boot.
Setting TPM2.0 as default value supports the benefit related to the case.
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
This commit is to check if the resource HOB range does not
exceed the max supported physical address.
The function BuildMemoryMapFromResDescHobs is to build Memory
Region from resource HOBs. Then the memory maps will be used
during creating or modifying SMM page table. If the resource
HOB range exceeds the max supported physical address, then
subsequent calling of PageTableMap() will fail.
Signed-off-by: Dun Tan <dun.tan@intel.com>
BaseCryptLib turn gettimeofday() from a Macro into a function call,
apply the same change to BaseCryptLibMbedTls
Signed-off-by: Amy Chan <amy.chan@intel.com>
Enable x2apic mode in case the number of possible CPUs (including
hotplug-able CPus which are not (yet) online) is larger than 255.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The UpdateArgcArgv() function documentation says "If OldArgv or OldArgc
is NULL then that value is not returned."
However, only OldArgc was checked for NULL, probably because of
copy-pasto. In case OldArgc was non-NULL, but OldArgv was null, it could
cause a segmentation fault.
Check OldArgv is not NULL before dereferencing the value.
Signed-off-by: Tormod Volden <debian.tormod@gmail.com>
Oliver Steffen
Gerd Hoffmann
Rebecca Cran
Ray Ni
Oliver Smith-Denny
Jeff Brasen
Michael D Kinney
Dandan Bi
Chao Li
Doug Cook (WINDOWS)
Abdul Lateef Attar
Alexander Gryanko
Yang Gang
Marc Chen
Pierre Gondois
Ard Biesheuvel
Michael Kubacki
Phil Noh
Dun Tan
Amy Chan
Tormod Volden