REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4716
Migrate FSP-T/M binary from temporary RAM to permanent RAM before NEM
tear down. Tcg module will use permanent address of FSP-T/M for
measurement. In MdeModulePkg, PeiCore installs mMigrateTempRamPpi if
PcdMigrateTemporaryRamFirmwareVolumes is True before NEM tear down and
after permanent memory ready.
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Duggapu Chinni B <chinni.b.duggapu@intel.com>
Cc: Chen Gang C <gang.c.chen@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Zhihao Li <zhihao.li@intel.com>
Update AMD sepcification references (code comments) as part of a refactor of
MSR definitions and SEV-SNP related defines, which aims to remove
family-specific references (filename) as these defines are common to all
modern EPYC Processors.
Signed-off-by: Paul Grimes <paul.grimes@amd.com>
Update the Msr.h eader guard to comply with latest edk2 coding guidelines. This
change is part of a refactor of MSR definitions and SEV-SNP related defines,
which aims to remove family-specific references (filename) as these defines are
common to all modern EPYC Processors.
Signed-off-by: Paul Grimes <paul.grimes@amd.com>
Delete Fam17Msr.h as part of a refactor of MSR definitions and SEV-SNP related
defines, which aims to remove family-specific references (filename) as these
defines are common to all modern EPYC Processors.
Signed-off-by: Paul Grimes <paul.grimes@amd.com>
Update reference to SevSnpMsr.h as part of a refactor of MSR definitions and
SEV-SNP related defines. Remove family-specific references (filename) as these
defines are common to all modern EPYC Processors.
Signed-off-by: Paul Grimes <paul.grimes@amd.com>
Update reference to SevSnpMsr.h as part of a refactor of MSR definitions and
SEV-SNP related defines. Remove family-specific references (filename) as these
defines are common to all modern EPYC Processors.
Signed-off-by: Paul Grimes <paul.grimes@amd.com>
Add SevSnpMsr.h as part of a refactor of MSR definitions and SEV-SNP related
defines, which aims to remove family-specific references (filename) as these
defines are common to all modern EPYC Processors.
Signed-off-by: Paul Grimes <paul.grimes@amd.com>
Add global variable mVariableRtCacheInfo to save the
content in gEdkiiVariableRuntimeCacheInfoHobGuid. With
this new global variable, 7 global variables can be
removed.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Refine the code logic in InitVariableCache().
In this commit, three times calling of
InitVariableCache() for different type cache are
merged into one calling. This commit is to make
the code looks cleaner and doesn't change any
code functionality.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Remove the usage of PcdEnableVariableRuntimeCache. We can
use the existence of gEdkiiVariableRuntimeCacheInfoHobGuid
to indicate if variable runtime cache is enabled or not.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Consume gEdkiiVariableRuntimeCacheInfoHobGuid in
VariableSmmRuntimeDxe driver to initialize the following
variable cache related buffer:
*mVariableRuntimeHobCacheBuffer
*mVariableRuntimeNvCacheBuffer
*mVariableRuntimeVolatileCacheBuffer
*mVariableRuntimeCachePendingUpdate
*mVariableRuntimeCacheReadLock
*mHobFlushComplete
The code to to allocate
and unblock the buffer for
different type cache in VariableSmmRuntimeDxe is also
removed in this commit.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Remove unneed FreePages() for RuntimeHobCacheBuffer which is
allocated in PEI phase.
So the global variable mVariableRuntimeHobCacheBufferSize
also can be removed.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Remove the two unnecessary global variables and
replace them by two local variables:
mVariableRuntimeNvCacheBufferSize
mVariableRuntimeVolatileCacheBufferSize
Signed-off-by: Dun Tan <dun.tan@intel.com>
Install the callback of gEfiPeiMemoryDiscoveredPpiGuid
to create gEdkiiVariableRuntimeCacheInfoHobGuid in
VariablePei module. When PcdEnableVariableRuntimeCache
is TRUE, the callback will be installed to allocate
the needed buffer for different type variable runtime
cache, unblock the buffer and build this HOB. Then the
runtime cache buffer address and size will be saved in
the HOB content.
Signed-off-by: Dun Tan <dun.tan@intel.com>
This commit defines VARIABLE_RUNTIME_CACHE_INFO HOB.
The HOB is used to store the address and size of the
buffer that will be used for variable runtime service
when the PcdEnableVariableRuntimeCache is TRUE.
In following patches, when PcdEnableVariableRuntimeCache
is TRUE, VariablePei module will install a callback of
gEfiPeiMemoryDiscoveredPpiGuid to allocate needed buffer
for different type cache, unblock the buffer and build HOB.
Then VariableSmmRuntimeDxe driver will consume the
gEdkiiVariableRuntimeCacheInfoHobGuid to initialize the
variable runtime cache related content.
Signed-off-by: Dun Tan <dun.tan@intel.com>
The CoreCount, EnabledCore and ThreadCount counts
should be set to 0xFF if value is greater than
255 per the SMBIOS specification.
Signed-off-by: Jeff Brasen <jbrasen@nvidia.com>
Declares in the .inf file that the current component is an MM_STANDALONE
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
This produces output that matches CodeChecker log command
- Set directory to build output path
- Set build destination to the object created instead of the path
- Add recursive macro support
- Add lookup in module.Macros dictionary
- Add leading include flag to include list
- Add source file to compile commands
Signed-off-by: Jeff Brasen <jbrasen@nvidia.com>
The compiler will use this function if it is
left shifting a 128 bit value.
Seen when updating OpenSSL.
Signed-off-by: Jeff Brasen <jbrasen@nvidia.com>
Since commit 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237"),
networking modules depend on gEfiRngProtocolGuid but nothing in OvmfXen
provides it. This is visible in the logs as several modules present but
not loading:
Driver A2F436EA-A127-4EF8-957C-8048606FF670 was discovered but not loaded!!
Driver E4F61863-FE2C-4B56-A8F4-08519BC439DF was discovered but not loaded!!
Driver 025BBFC7-E6A9-4B8B-82AD-6815A1AEAF4A was discovered but not loaded!!
Driver 529D3F93-E8E9-4E73-B1E1-BDF6A9D50113 was discovered but not loaded!!
Driver 94734718-0BBC-47FB-96A5-EE7A5AE6A2AD was discovered but not loaded!!
Include SecurityPkg/RandomNumberGenerator/RngDxe to fix this.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Following the discussion at [1] and as the ArmLib relies on them,
move ArmPkg/Chipset/Aarch64[|Mmu].h files to the MdePkg.
Update the path to correctly include the moved files.
[1] https://edk2.groups.io/g/devel/message/111566
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
Following the discussion at [1] and as the ArmLib relies on them,
move ArmPkg/Chipset/ArmV7[|Mmu].h files to the MdePkg.
Update the path to correctly include the moved files.
[1] https://edk2.groups.io/g/devel/message/111566
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
Related to https://bugzilla.tianocore.org/show_bug.cgi?id=4121, but not
resolving it. (Nearly?) all of ArmPkg describes industry standard
behaviour, and hence according to general rules, ought to live in MdePkg.
Addressing this will however be a substantial task.
Take a first step by moving the ArmLib interface definition to MdePkg,
as discussed in
https://edk2.groups.io/g/devel/topic/patch_v5_2_6/102725178
Continuous-integration-options: PatchCheck.ignore-multi-package
Cc: Pierre Gondois <pierre.gondois@arm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Set the rdrand feature bit when faking cpuid for host test cases.
Needed to make the CryptoPkg test cases work.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
PcdCpuSmmApSyncTimeout2 PCD was added in previous patch
(52d0a208), this patch is to override PcdCpuSmmApSyncTimeout2
to 10ms (same as PcdCpuSmmApSyncTimeout) so as to align with
original behavior.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
PcdCpuSmmApSyncTimeout is not only used by BSP to wait AP,
but also for AP to wait BSP (APHandler).
This patch is only to refine the PCD comment. No function
impact.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
This patch is to consume the PcdCpuSmmApSyncTimeout2 to
enhance the flexibility of timeout configuration.
In some cases, certain processors may not be able to enter
SMI, and prolonged waiting could lead to kernel soft/hard
lockup. We have now defined two timeouts. The first timeout
can be set to a smaller value to reduce the waiting period.
Processors that are unable to enter SMI will be woken up
through SMIIPL to enter SMI, followed by a second waiting
period. The second timeout can be set to a larger value to
prevent delays in processors entering SMI case due to the
long instruction execution.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Provide the capability for platform to specifies the 2nd
timeout value in microseconds for the BSP/AP in SMM to wait for
one another to enter SMM.
The added interface can enhance the flexibility of timeout
configuration. In some cases, certain processors may not be
able to enter SMI, and prolonged waiting could lead to
kernel soft/hard lockup. We have now defined two timeouts.
The first timeout can be set to a smaller value to reduce
the waiting period. Processors that are unable to enter SMI
will be woken up through SMIIPL to enter SMI, followed by
a second waiting period. The second timeout can be set to a
larger value to prevent delays in processors entering SMI
case due to the long instruction execution.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Add OvmfRng include snippets with the random number generator
configuration for OVMF. Include RngDxe, build with BaseRngLib,
so the rdrand instruction is used (if available).
Also move VirtioRng to the include snippets.
Use the new include snippets for OVMF builds.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Check whenever RngLib actually returns random numbers, only return
a non-zero number of Algorithms if that is the case.
This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
only in case it can actually deliver random numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
RDRAND has notoriously been broken many times over its lifespan.
Add a smoketest to RDRAND, in order to better sniff out potential
security concerns.
Also add a proper CPUID test in order to support older CPUs which may
not have it; it was previously being tested but then promptly ignored.
Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c
:x86_init_rdrand() per commit 049f9ae9..
Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
code to MIT and the public domain.
>On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
<..>
> I (re)wrote that function in Linux. I hereby relicense it as MIT, and
> also place it into public domain. Do with it what you will now.
>
> Jason
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Starting from certain version of Visual Studio C compiler (I don’t
have the exact version. I am using VS2019), CpuDeadLoop is optimized
quite well by compiler.
The compiler does not generate instructions that jump out of the loop
when the "Index" is non-zero.
It becomes harder/impossible for developers to break out of the dead-loop
in debugger.
The new version of CpuDeadLoop() compares a volatile global to a volatile
local. This forces 2 reads and a comparison on every loop iteration.
The local variable can be set to 1 to exit the loop without modifying the
global variable.
Using VS2019 with max opt enabled, The dead-loop can be exit by setting
Index to 1 in a debugger.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Fix calculation of first section in FileFindSection for FILE2 headers
in UefiPayloadEntry module.
Signed-off-by: Sebastian Witt <sebastian.witt@siemens.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: James Lu <james.lu@intel.com>
Reviewed-by: Gua Guo <gua.guo@intel.com>
This reverts commit 32460bb5b1, which is
no longer needed as ArmVirtQemu now has its own special implementation
for ArmMonitorLib.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This reverts commit 865229bcc8, and
restores the old state where dynamic PCDs are only used when TPM support
is configured.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This reverts commit c98f7f7550, which is
no longer needed: the SMCCC conduit will be converted back to being
hardcoded, as PrePi based ArmVirtPkg build cannot support dynamic PCDs,
and falling back to patchable PCDs does not work either.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Whether SMCCC calls use HVC or SMC generally depends on the exception
level that the firmware executes at, but also on whether or not EL2 is
implemented.
This is almost always known at build time, which is why the default
ArmMonitorLib used to model this as a feature PCD. However, on QEMU,
things are not that simple.
However, SMCCC specifies that the conduit is the same as the one used
for PSCI calls (which has been retrofitted into SMCCC when it was
defined). Given that QEMU provides this information via the device tree,
let's use it to select the conduit, using a special ArmMonitorLib
implementation.
This also removes the need to set the associated PCD at runtime, given
that its updated value will no longer be used.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
When building ArmVirtQemuKernel with CLANGDWARF (which does not require
a GCC workaround where -mgeneral-regs-only is needed to ensure
-mstrict-align works as expected), the C code invoked from the PrePi
startup code may contain instructions that access the FP/SIMD register
file. This means that the FP/SIMD must be enabled before making such
calls, and this is currently not the case. So fix that, by moving the
call to ArmEnableVFP() early into the asm startup code.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
The guest os which depends on vbeshim for video support is -- according
to the comments -- Windows 2008 R2. Which went EOL in January 2020,
more than four years ago.
Time to retire VbeShim. RIP.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
The ESRT table is not required in UEFI firmware. In such cases, the
table may not be present in the UEFI Configuration Table. The mEsrtTable
is to check if the IsNestedFmpCapsule() function is invoked at runtime
to determine whether to use gEsrtManagementProtocolGuid or the ESRT
table from the Configuration Table. Unfortunately, the check does not
cover situations where the ESRT is not present, potentially resulting in
a kernel crash. This patch is intended to fix this issue.
Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
Following https://bugzilla.tianocore.org/show_bug.cgi?id=2817 this
bug could also apply to strncpy and strcat.
For strncpy use count+1 if smaller than MAX_STRING_SIZE. This still
restricts the destination size to MAX_STRING_SIZE as before but allows
a strncpy when the source is close after destination without triggering
the InternalSafeStringNoAsciiStrOverlap check in AsciiStrnCpyS.
For strcat use the destination string length + the size of the source
string including the terminator as destination size if smaller than
MAX_STRING_SIZE.
Also move both functions to CrtWrapper.c as they do not return the
correct return value. AsciiStrnCpyS and AsciiStrCatS return
RETURN_VALUE instead of a char * to the destination buffer.
Signed-off-by: Sebastian Witt <sebastian.witt@siemens.com>
strcpy fails when strSource is closer than 4096 bytes after strDest.
This is caused by an overlap check in AsciiStrCpyS:
//
// 5. Copying shall not take place between objects that overlap.
//
SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap
(Destination, DestMax, (CHAR8 *)Source, SourceLen + 1),
RETURN_ACCESS_DENIED);
Since DestMax is MAX_STRING_SIZE (0x1000) and with a Source
that is in this area behind Destination, AsciiStrCpyS will fail
and strcpy will do nothing.
When called by CRYPTO_strdup in openssl this leads to uninitialzed
memory that gets accessed instead of the copied string.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2817
Signed-off-by: Sebastian Witt <sebastian.witt@siemens.com>
Emit a DEBUG_WARN message if there is not enough flash space left to
write/update a variable. This condition is currently not logged
appropriately in all cases, given that full variable store can easily
render the system unbootable.
This new message helps identifying this condition.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Fix logic error that changes the commit range checked depending
on the verbosity level set.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Zhihao Li
Paul Grimes
Dun Tan
Jeff Brasen
xieyuanh
Wenxing Hou
Ross Lagerwall
Pierre Gondois
Leif Lindholm
Gerd Hoffmann
Jiaxin Wu
Pedro Falcato
Ray Ni
Dhaval
Sebastian Witt
Ard Biesheuvel
Nhi Pham
Rebecca Cran
HoraceX Lien
Oliver Steffen
Michael D Kinney