Commit Graph

22549 Commits

Author SHA1 Message Date
Jiewen Yao c13cb4aebf IntelSiliconPkg/VtdInfoSample: Fix IGD RMRR memory.
Fix a calculation problem in IGD RMRR memory.

Cc: Zeng Star <zeng.star@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Zeng Star <zeng.star@intel.com>
2017-10-24 10:45:54 +08:00
Dandan Bi f6194f5a64 UefiCpuPkg/MtrrLib: Make comments align with function
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2017-10-24 09:14:17 +08:00
Dandan Bi 382aeac2c8 MdeModulePkg/DxeIplPeim: Refine coding style in function comments
Make the comments align with the function.
And add some missing function comments.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2017-10-24 09:14:17 +08:00
Dandan Bi 71d047b483 IntelFrameworkModule/LegacyBios: Avoid explicit comparison for BOOLEAN
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2017-10-24 09:14:17 +08:00
Dandan Bi 2f909679b0 IntelFrameworkModulePkg/Csm: Refine coding style in comments
Make the comments follow Edk2 coding style:
1. Make the comments starts with /** and end with **/.
2. Make the comments descrition end with '.'

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2017-10-24 09:14:16 +08:00
Ard Biesheuvel d8e36289ce EmbeddedPkg: add driver to set graphical/serial console preference
Linux on ARM/arm64 will infer from the presence of a /chosen/stdout-path
DT property or of a SPCR ACPI table that the primary console is the serial
port, even if a graphical console is available as well.

So let's introduce a driver that allows the user to set a preference
between graphical and serial if both are available. If the preference
is set to 'Graphical', and any GOP protocol instances have been installed
by the time the ReadyToBoot event is signalled, remove the DT property
and/or the SPCR table entirely.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-10-23 12:14:00 +01:00
Ruiyu Ni 6e32874427 MdeModulePkg/PciBus: Fix bug that PCI BUS claims too much resource
The bug was caused by 728d74973c
"MdeModulePkg/PciBus: Count multiple hotplug resource paddings".

The patch firstly updated the Bridge->Alignment to the maximum
alignment of all devices under the bridge, then aligned the
Bridge->Length to Bridge->Alignment.
It caused too much resources were claimed.

The new patch firstly aligns Bridge->Length to Bridge->Alignment,
then updates the Bridge->Alignment to the maximum alignment of all
devices under the bridge.
Because the step to update the Bridge->Alignment is to make sure
the resource allocated to the bus under the Bridge meets all
devices alignment. But the Bridge->Length doesn't have to align
to the maximum alignment.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2017-10-23 15:50:55 +08:00
Ruiyu Ni e00e0dd722 UefiCpuPkg/MtrrLib: Use SetMem instead of SetMem64 to fix hang
ClearMasks and OrMasks are not 8-byte aligned.
But SetMem64 requires the input address is 8-byte aligned.
If the input is not 8-byte aligned, assertion is hit.
Use SetMem instead.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2017-10-23 15:49:04 +08:00
Ruiyu Ni 1a421c2c17 ShellPkg/editor: Fix system hang when console max column > 200
EditorClearLine() assumes the console max column is less than 200.
When the max column is bigger than 200, the code incorrectly
modifies the content out side of Line buffer.
It may cause system hang or reset.

The patch changes the function to print several times when
the max column is bigger than 200.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
2017-10-23 15:04:18 +08:00
Fu Siyuan b9e5df4336 NetworkPkg: Remove ping6 and ifconfig shell application.
Edk2 has duplicated ping6/ifconfig6 implementation in NetworkPkg and ShellPkg.
The usage and parameter format of these 2 versions are exactly same. These two
commands have been added to Shell specification so the copy under
  ShellPkg\Library\UefiShellNetwork2CommandsLib\
will be actively maintained in future.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2017-10-23 09:01:57 +08:00
Huajing Li 5ce99ab99e ShellPkg/alias: Fix flag parsing logic
Existing logic to parse the flags isn't complete and cannot detect
some invalid combinations of flags.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
2017-10-20 12:54:36 +08:00
Ruiyu Ni f545256641 MdeModulePkg/PciHostBridge: Set SpecificFlag to 0 for Mem32/Mem64
Existing code forgot to set Descriptor->SpecificFlag to 0 when
the resource type is non-prefetchable MMIO.
The patch adds the missing assignment.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2017-10-20 12:52:08 +08:00
Ruiyu Ni 86cabbcfa0 UefiCpuPkg/MtrrLib: Fix bug that may incorrectly set <1MB attribute
MtrrLibSetBelow1MBMemoryAttribute() may be called multiple times.
It's possible that in a 2nd call, Modified[0] is set to TRUE in
1st call but ClearMasks[0] and OrMasks[0] is uninitialized in
2nd call. It causes FixedSettings->Mtrr[0] be set to random
data.

The patch fixes this issue by introducing a local Modified[]
array and only updates FixedSettings->Mtrr[] when LocalModified[i]
is TRUE.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
2017-10-20 12:52:08 +08:00
Eric Dong 1e3f7a3782 UefiCpuPkg/MpInitLib: Avoid call PcdGet* in Ap & Bsp.
MicrocodeDetect function will run by every threads, and it will
use PcdGet to get PcdCpuMicrocodePatchAddress and
PcdCpuMicrocodePatchRegionSize, if change both PCD default to dynamic,
system will in non-deterministic behavior.

By design, UEFI/PI services are single threaded and not re-entrant
so Multi processor code should not use UEFI/PI services. Here, Pcd
protocol/PPI is used to access dynamic PCDs so it would result in
non-deterministic behavior.

This code get PCD value in BSP and save them in CPU_MP_DATA for Ap.

https://bugzilla.tianocore.org/show_bug.cgi?id=726

Cc: Crystal Lee <CrystalLee@ami.com.tw>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2017-10-20 10:30:46 +08:00
chenc2 3539e850eb SecurityPkg/SecureBootConfigDxe: Handle lack of STR_SIGNATURE_* tokens
Add check to avoid NULL ptr dereference. The function HiiGetString
will return NULL pointer when the platform does not install the
appropriate string or call HiiGetString fail.(For example, HII not
support specified language.)

Cc: Zhang Chao <chao.b.zhang@intel.com>
Cc: Wu Hao <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Wu Hao <hao.a.wu@intel.com>
2017-10-19 22:22:30 +08:00
Laszlo Ersek 1958124a6c OvmfPkg: fix dynamic default for oprom verification policy PCD without SB
I missed the following, both while reviewing and while testing commit
6041ac65ae ("OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION
when SEV is active", 2017-10-05):

If "-D SECURE_BOOT_ENABLE" is not passed on the "build" command line, then
OVMF has no dynamic default at all for
"PcdOptionRomImageVerificationPolicy". This means that the PcdSet32S()
call added in the subject commit doesn't even compile:

> OvmfPkg/PlatformPei/AmdSev.c: In function 'AmdSevInitialize':
> OvmfPkg/PlatformPei/AmdSev.c:67:3: error: implicit declaration of
> function '_PCD_SET_MODE_32_S_PcdOptionRomImageVerificationPolicy'
> [-Werror=implicit-function-declaration]
>    PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);
>    ^
> cc1: all warnings being treated as errors

Make the current, SB-only, 0x00 dynamic default unconditional.

This is the simplest approach, and it reflects the intent of original
commit 1fea9ddb4e ("OvmfPkg: execute option ROM images regardless of
Secure Boot", 2016-01-07). Without SECURE_BOOT_ENABLE,
"SecurityPkg/Library/DxeImageVerificationLib" is not used anyway, so the
PCD is never read.

This issue was first caught and reported by Gerd Hoffmann
<kraxel@redhat.com>'s Jenkins CI. Later it was also reported in
<https://bugzilla.tianocore.org/show_bug.cgi?id=737>.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Fixes: 6041ac65ae
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
[lersek@redhat.com: trim commit message as suggested by Jordan]
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
[lersek@redhat.com: add reference to TianoCore BZ#737]
2017-10-19 10:41:09 +02:00
Long Qin 6ded19558a SecurityPkg/Pkcs7Verify: Add the comments to address security problem
Add the comments to address security problems in the Pkcs7Verify Protocol
per UEFI 2.7 updates.

The Pkcs7Verifier function VerifySignature() has problematic use cases
where it might be used to unwittingly bypass security checks.  The specific
problem is that if the supplied hash is a different algorithm from the
blacklist hash, the hash will be approved even if it should have been
denied. The added comments place a strong warning about the problem.
It is possible to use the protocol reliably, either by agreeing a hash to
use for all time (like sha256) or by looping over all supported hashes when
using the protocol.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2017-10-18 23:03:38 +08:00
Laszlo Ersek 4bbf39632c BaseTools/BuildEnv: override "set -C" (noclobber) in sourcing shell env
The BuildEnv utility is sourced (executed by the user's interactive shell)
when the user sets up the build session. Some users like to set -C
(noclobber) for some additional safety in their shells, which trips up
BuildEnv. Update the redirection operator so that it overrides noclobber.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Thomas Huth <thuth@redhat.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
2017-10-18 11:34:03 +02:00
Laszlo Ersek 11b74aa472 SecurityPkg/AuthVariableLib: fix GCC build error
Commit 53c6ff1803 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for
Private Auth Variable", 2017-09-12) introduced the following build
failure under several GCC toolchain versions:

> SecurityPkg/Library/AuthVariableLib/AuthService.c: In function
> 'CalculatePrivAuthVarSignChainSHA256Digest':
> SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error:
> pointer targets in passing argument 3 of 'X509GetCommonName' differ in
> signedness [-Werror=pointer-sign]
>    Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
>                                                           ^~~~~~~~~~~~~~
> In file included from
> SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0,
>                  from
>                  SecurityPkg/Library/AuthVariableLib/AuthService.c:32:
> CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 *
> {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}'
>  X509GetCommonName (
>  ^~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors

Fix it by changing the type of "CertCommonName" to array-of-CHAR8.

Locations where "CertCommonName" is used in the
CalculatePrivAuthVarSignChainSHA256Digest() function:

- it is taken the size of -- not impacted by this patch;

- passed to X509GetCommonName() as an argument -- the patch fixes the
  build error;

- passed to Sha256Update() as argument for "IN CONST VOID  *Data" -- not
  impacted by the patch;

- passed to AsciiStrLen() as argument -- drop the now-superfluous explicit
  cast.

Since we are touching the Sha256Update() function call, fix the coding
style too:

- the line is overlong, so break each argument to its own line;

- insert a space between "AsciiStrLen" and the opening paren "(".

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Gary Lin <glin@suse.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Long Qin <qin.long@intel.com>
Reported-by: Gary Lin <glin@suse.com>
Suggested-by: Gary Lin <glin@suse.com>
Suggested-by: Long Qin <qin.long@intel.com>
Fixes: 53c6ff1803
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-10-17 21:46:21 +02:00
Brijesh Singh 6041ac65ae OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active
The following commit:

1fea9ddb4e OvmfPkg: execute option ROM images regardless of Secure Boot

sets the OptionRomImageVerificationPolicy to ALWAYS_EXECUTE the expansion
ROMs attached to the emulated PCI devices. A expansion ROM constitute
another channel through which a cloud provider (i.e hypervisor) can
inject a code in guest boot flow to compromise it.

When SEV is enabled, the bios code has been verified by the guest owner
via the SEV guest launch sequence before its executed. When secure boot,
is enabled, lets make sure that we do not allow guest bios to execute a
code which is not signed by the guest owner.

Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2017-10-17 21:28:27 +02:00
Brijesh Singh 071f1d19dd SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
By default the image verification policy for option ROM images is 0x4
(DENY_EXECUTE_ON_SECURITY_VIOLATION) but the following OvmfPkg commit:

1fea9ddb4e OvmfPkg: execute option ROM images regardless of Secure Boot

set it to 0x0 (ALWAYS_EXECUTE). This is fine because typically option
ROMs comes from host-side and most of the time cloud provider (i.e
hypervisor) have full access over a guest anyway. But when secure boot
is enabled, we would like to deny the execution of option ROM when
SEV is active. Having dynamic Pcd will give us flexibility to set the
security policy at the runtime.

Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2017-10-17 21:28:26 +02:00
chenc2 65c77f0210 SecurityPkg/SecureBootConfigDxe: Change the declaring of buffer.
The change doesn't impact the functionality.
To avoid magic code is helpful for maintaining the codes.
Use stack variable for known max length variable is more
clear and safe than heap buffer.

Cc: Zhang Chao B <chao.b.zhang@intel.com>
Cc: Wu Hao A <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2017-10-17 22:03:42 +08:00
chenc2 0085d619dd SecurityPkg/SecureBootConfigDxe: Fix coding style issue
The change doesn't impact the functionality.

Cc: Bi Dandan <dandan.bi@intel.com>
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Bi Dandan <dandan.bi@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2017-10-17 16:47:45 +08:00
Dandan Bi 5f2b325e4d Security/OpalHii.c: Handle NULL Request or Request with no elements
According to UEFI spec, for the ExtractConfig function in
EFI_HII_CONFIG_ACCESS_PROTOCOL,If a NULL is passed in for the Request
field or if a ConfigHdr is passed in with no request elements, all of
the settings being abstracted by this function will be returned in the
Results field.

The implementation of ExtractConfig function in OpalHii.c misses to
handle above cases.This patch is to do the enhancements.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2017-10-17 13:23:06 +08:00
Ruiyu Ni 1c29d03869 UefiCpuPkg/MtrrLib: Fix MtrrDebugPrintAllMtrrsWorker to avoid hang
ARRAY_SIZE(Mtrrs->Variables.Mtrr) was used in
MtrrDebugPrintAllMtrrsWorker() to parse the MTRR registers.
Instead, the actual variable MTRR count should be used.
Otherwise, the uninitialized random data in MtrrSetting may cause
MtrrLibSetMemoryType() hang.

Steven Shi found this bug in QEMU when using Q35 chip.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Steven Shi <steven.shi@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
2017-10-17 10:05:36 +08:00
Ruiyu Ni e2ac374f85 ShellPkg/UefiShellLib: Use a more bright blue/green color
Some developers/QAs complain the color of directory or executable
files is hard to see and suggest to use a more bright color.
I agree with this suggestion so make this patch.
The look and feel is much better now.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
2017-10-17 09:59:50 +08:00
Yonghong Zhu 9705814429 BaseTools: Fix a bug Build directory should relative to WORKSPACE
The bug is for build output files it still use mws.join function, it
cause maybe we will get the build output files in the PACKAGES_PATH
because mws.join will try WORKSPACE first, if the file doesn't exist
then try PACKAGES_PATH. But for build output, we expected it should
relative to WORKSPACE.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-10-16 16:41:40 +08:00
Ruiyu Ni 9c8c4478cf UefiCpuPkg/MtrrLib: Skip Base MSR access when the pair is invalid
The patch optimized the MTRR access code to skip the Base MSR
access when the Mask MSR indicates the pair is invalid.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
2017-10-16 13:09:46 +08:00
Ruiyu Ni 2bbd7e2fbd UefiCpuPkg/MtrrLib: Update algorithm to calculate optimal settings
The new algorithm converts the problem calculating optimal
MTRR settings (using least MTRR registers) to the problem finding
the shortest path in a graph.
The memory required in extreme but rare case can be up to 256KB,
so using local stack buffer is impossible considering current
DxeIpl only allocates 128KB stack.

The patch changes existing MtrrSetMemoryAttributeInMtrrSettings() and
MtrrSetMemoryAttribute() to use the 4-page stack buffer for
calculation. The two APIs return BUFFER_TOO_SMALL when the buffer
is too small for calculation.

The patch adds a new API MtrrSetMemoryAttribute*s*InMtrrSettings() to
set multiple-range attributes in one function call.
Since every call to MtrrSetMemoryAttributeInMtrrSettings (without-s)
or MtrrSetMemoryAttribute() requires to calculate the MTRRs for the
whole physical memory, combining multiple calls in one API can
significantly reduce the calculation time.
In theory, if N times of call to without-s API costs N seconds,
the new API only costs 1 second.
The new API uses the buffer supplied from caller to calculate
MTRRs and returns BUFFER_TOO_SMALL when the buffer is too small for
calculation.

Test performed:
1. Random test
 a. Generate random memory settings, use the new algorithm to
    calculate the MTRRs.
 b. Read back the MTRRs and check the memory settings match
    the desired memory settings.
 c. Repeat the above #1 and #2 100000 times.
2. OVMF 32PEI + 64DXE boot to shell.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-10-16 13:09:46 +08:00
Ruiyu Ni 1416ecb4a9 UefiCpuPkg/MtrrLib: Optimize MtrrLibLeastAlignment()
The patch changes MtrrLibLeastAlignment() to
MtrrLibBiggestAlignment() and optimizes the implementation
to be more efficient.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-10-16 13:09:45 +08:00
Ruiyu Ni 5fbb5adea8 UefiCpuPkg/MtrrLib: refine MtrrLibProgramFixedMtrr()
The patch replaces some if-checks with assertions because
they are impossible to happen.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-10-16 13:09:45 +08:00
Liming Gao 222c49300d SourceLevelDebugPkg: Update SmmDebugAgentLib to restore APIC timer
In enter SMI, APIC timer may be initialized. After exit SMI, APIC timer
will be restore.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2017-10-16 11:23:16 +08:00
Liming Gao 3372ab3cf2 MdeModulePkg: Update RuntimeDxe Crc32 to check the input parameter
This is the regression issue. After apply CalculateCrc32(), the parameter
check is missing.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Wu Hao A <hao.a.wu@intel.com>
2017-10-16 11:23:07 +08:00
Jian J Wang 79da2d2849 UefiCpuPkg/PiSmmCpuDxeSmm: Fix bitwise size issue
Cc: Eric Dong <eric.dong@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
2017-10-16 09:03:41 +08:00
Zhang, Chao B d7c054f985 SecurityPkg\Tcg2Pei: FV measure performance enhancement
1. Leverage Pre-Hashed FV PPI to reduce duplicated hash
2. Only measure BFV at the beginning. Other FVs are measured in FVinfo callback with nested
   FV check. https://bugzilla.tianocore.org/show_bug.cgi?id=662

Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2017-10-15 08:16:36 +08:00
Zhang, Chao B 53c6ff1803 SecurityPkg:AuthVariableLib:Implement ECR1707 for Private Auth Variable
ECR1707 for UEFI2.7 clarified certificate management rule for private time-based
AuthVariable.Trusted cert rule changed from whole signer's certificate stack to
top-level issuer cert tbscertificate + SignerCert CN for better management compatibility.
Hash is used to reduce storage overhead.

Cc: Long Qin <qin.long@intel.com>
Cc: Chen Chen <chen.a.chen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>'
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Chen Chen <chen.a.chen@intel.com>
2017-10-14 22:27:14 +08:00
Meenakshi Aggarwal 120fd64781 Ifconfig : Fixed False information about Media State.
Issue : We were setting MediaPresent as TRUE (default) and
not checking return status of NetLibDetectMedia().
NetLibDetectMedia() sets MediaPresent FLAG in case of success
only and dont change flag on error.
So, Media State will display as 'Media Present', in case of
error also.

Fix : Check return value of NetLibDetectMedia(), if error then
print "Media State Unknown"

Contributed-under: TianoCore Contribution Agreement 1.1

Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
2017-10-13 17:14:50 +08:00
Eric Dong 152e8d7670 UefiCpuPkg/S3Resume2Pei: Handle Communicate Ppi not exist issue.
Current code assume Communicate Ppi always existed, so it adds
ASSERT to confirm it. Ovmf platform happened not has this Ppi, so
the ASSERT been trig. This patch handle Ppi not existed case.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2017-10-13 13:12:00 +08:00
Eric Dong d76c2da8d5 MdeModulePkg/PiSmmCore: Install Protocol when S3 resume finished.
Install EdkiiSmmEndOfS3ResumeProtocol when S3 resume finished.
S3ResumePei will send S3 resume finished event to SmmCore through
communication buffer.

V2 change:
 None.

V3 change:
1. Uninstall the protocol right after install it to avoid run out of memory.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-10-12 10:17:56 +08:00
Eric Dong 18b13fabfa UefiCpuPkg/S3Resume2Pei: Send S3 resume finished event to SmmCore.
Driver will send S3 resume finished event to SmmCore through communicate
buffer after it signals EndOfPei event.

V2 Changes:
1. Change structures name to avoid they start with EFI_.
2. Base on DXE phase bits to provide communication buffer, current implement
check both PEI and DXE phase.

V3 Changes:
1. Change structure name for better understanding.
2. Enhance communication buffer calculate logic to more accurate.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-10-12 10:17:51 +08:00
Eric Dong 59f0ef95e0 MdeModulePkg/SmmEndOfS3Resume.h: Add new protocol definition.
Add gEdkiiSmmEndOfS3ResumeProtocolGuid which used by SmmCore to
notify smm drives that S3 resume has finished.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-10-12 10:17:46 +08:00
Jian J Wang dfbfd6a4f5 IntelFrameworkModulePkg/LegacyBiosDxe: Fix GCC5 build warning
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2017-10-12 10:14:58 +08:00
Ruiyu Ni 5e6e2dcc38 MdeModulePkg/Bds: Check variable name even *if* OptionNumber is NULL
Current implementation skips to check whether the last four
characters are digits when the OptionNumber is NULL.
Even worse, it may incorrectly return FALSE when OptionNumber is
NULL.

The patch fixes it to always check the variable name even
OptionNumber is NULL.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2017-10-12 10:00:48 +08:00
Ruiyu Ni 618ef6f9ba MdeModulePkg/Bds: Remove assertion in BmCharToUint
BmCharToUint() could be called using external data and it
already contains logic to return -1 when data is invalid,
so removing unnecessary assertion to avoid system hang.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2017-10-12 10:00:48 +08:00
Jian J Wang 90f3922b01 OvmfPkg/QemuVideoDxe: Bypass NULL pointer detection during VBE SHIM installing
QemuVideoDxe driver will link VBE SHIM into page 0. If NULL pointer
detection is enabled, this driver will fail to load. NULL pointer detection
bypassing code is added to prevent such problem during boot.

Please note that Windows 7 will try to access VBE SHIM during boot if it's
installed, and then cause boot failure. This can be fixed by setting BIT7
of PcdNullPointerDetectionPropertyMask to disable NULL pointer detection
after EndOfDxe. As far as we know, there's no other OSs has such issue.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ayellet Wolman <ayellet.wolman@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
2017-10-11 16:39:02 +08:00
Jian J Wang d057d8c4e9 IntelFrameworkModulePkg/Csm: Add code to bypass NULL pointer detection
Legacy has to access interrupt vector, BDA, etc. located in memory between
0-4095. To allow as much code as possible to be monitored by NULL pointer
detection, we add code to temporarily disable this feature right before
those memory access and enable it again afterwards.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ayellet Wolman <ayellet.wolman@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2017-10-11 16:39:01 +08:00
Jian J Wang f8c1133bbb UefiCpuPkg/PiSmmCpuDxeSmm: Implement NULL pointer detection for SMM code
The mechanism behind is the same as NULL pointer detection enabled in EDK-II
core. SMM has its own page table and we have to disable page 0 again in SMM
mode.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ayellet Wolman <ayellet.wolman@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2017-10-11 16:39:01 +08:00
Jian J Wang a7181d952f MdeModulePkg/Core/Dxe: Add EndOfDxe workaround for NULL pointer detection
One of issue caused by enabling NULL pointer detection is that some PCI
device OptionROM, binary drivers and binary OS boot loaders may have NULL
pointer access bugs, which will prevent BIOS from booting and is almost
impossible to fix. BIT7 of PCD PcdNullPointerDetectionPropertyMask is used
as a workaround to indicate BIOS to disable NULL pointer detection right
after event gEfiEndOfDxeEventGroupGuid, and then let boot continue.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ayellet Wolman <ayellet.wolman@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-10-11 16:39:01 +08:00
Jian J Wang 9189ec20b9 MdeModulePkg/DxeIpl: Implement NULL pointer detection
NULL pointer detection is done by making use of paging mechanism of CPU.
During page table setup, if enabled, the first 4-K page (0-4095) will be
marked as NOT PRESENT. Any code which unintentionally access memory between
0-4095 will trigger a Page Fault exception which warns users that there's
potential illegal code in BIOS.

This also means that legacy code which has to access memory between 0-4095
should be cautious to temporarily disable this feature before the access
and re-enable it afterwards; or disalbe this feature at all.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ayellet Wolman <ayellet.wolman@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-10-11 16:39:00 +08:00
Wang, Jian J f7e077768f MdeModulePkg/MdeModulePkg.dec,.uni: Add NULL pointer detection PCD
PCD PcdNullPointerDetectionPropertyMask is a bitmask used to control the
NULL address detection functionality in code for different phases.

If enabled, accessing NULL address in UEFI or SMM code can be caught
as a page fault exception.

    BIT0    - Enable NULL pointer detection for UEFI.
    BIT1    - Enable NULL pointer detection for SMM.
    BIT2..6 - Reserved for future uses.
    BIT7    - Disable NULL pointer detection just after EndOfDxe. This is a
              workaround for those unsolvable NULL access issues in
              OptionROM, boot loader, etc. It can also help to avoid
              unnecessary exception caused by legacy memory (0-4095) access
              after EndOfDxe, such as Windows 7 boot on Qemu.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ayellet Wolman <ayellet.wolman@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-10-11 16:39:00 +08:00