Add a new function (VariableSmmIsPrimaryBufferValid) to check
Primary Buffer valid or not.
original function (VariableSmmIsBufferOutsideSmmValid) is used to
check the buffer outside MMRAM.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Yuanhao Xie <yuanhao.xie@intel.com>
For MM, the MM Handlers do not need to validate the buffer if it is
the CommBuffer passed from MmCore through the MmiHandler() parameter.
Return TRUE directly in this case. Fix buffer valid check for MM in
this patch.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Yuanhao Xie <yuanhao.xie@intel.com>
In the MdeModulePkg/VarCheckPolicyLib, the Primary Buffer
(CommBuffer) check function has been updated to match the buffer
validation behavior.
For SMM, the SMM Handlers is to validate the buffer outside MMRAM.
For MM, the MM Handlers do not need to validate the buffer if it is
the CommBuffer passed from MmCore through the MmiHandler() parameter.
Return TRUE directly in this case. Existing code is incorrect for
the MM check. This will be fixed in the following patch.
There is no function impact.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Yuanhao Xie <yuanhao.xie@intel.com>
In the MdeModulePkg/FaultTolerantWriteSmm, the Primary Buffer
(CommBuffer) check function has been updated to match the buffer
validation behavior:
For SMM, the SMM Handlers is to validate the buffer outside MMRAM.
For MM, the MM Handlers do not need to validate the buffer if it is
the CommBuffer passed from MmCore through the MmiHandler() parameter.
Return TRUE directly in this case.
There is no function impact.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Yuanhao Xie <yuanhao.xie@intel.com>
struct.unpack() returns a tuple even for a single-element pack,
resulting in signature verification being evaluated to false even when
the signature is there.
This fixes --decode and --dump-info actions incorrectly reporting issues
with parsing capsule dependencies when there are none.
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
--decode unconditionally uses args.OutputFile.name as a prefix for
output files that it creates and fails in a non-pretty way without
--output option.
This doesn't address creation/truncation of the file specified via
--output, but at least you're able to decode a capsule.
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
This field seems to be one-based according UEFI specification, default
value is 1 and --decode of GenerateCapsule.py errors upon seeing
UpdateImageIndex less than 1. So align --encode behaviour to enforce a
value within the 1..255 range.
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Commit b68d566439 added support for
input subject name with signtool and broke --decode operation by using
incorrect identifier in one place (could be an incomplete rename during
review).
It's `args.SignToolSubjectName`, not `args.SignSubjectName`.
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
This patch is to consume the PcdCpuSmmApSyncTimeout2 to
enhance the flexibility of timeout configuration.
In some cases, certain processors may not be able to enter
SMI, and prolonged waiting could lead to kernel soft/hard
lockup. We have now defined two timeouts. The first timeout
can be set to a smaller value to reduce the waiting period.
Processors that are unable to enter SMI will be woken up
through SMIIPL to enter SMI, followed by a second waiting
period. The second timeout can be set to a larger value to
prevent delays in processors entering SMI case due to the
long instruction execution.
This patch adjust the location of PcdCpuSmmApSyncTimeout2
to avoid conflict.
Signed-off-by: Yanbo Huang <yanbo.huang@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
This reverts commit cb3134612d.
Intel server platform sync this commit will hit conflict since our code base is old.
We don't want to cherry-pick the dependent patches to avoid potential issue.
We need to revert this commit first and then fix the conflict and reapply the change.
Sorry for the incovenience.
Signed-off-by: Yanbo Huang <yanbo.huang@intel.com>
Because the complex dependency between SerialPortLib and
PciExpressLib leads to multiple references to the lib
library in the loongarch dsc file, optimizing SerialPortLib
now simplifies multiple references to lib in the dsc file.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Bibo Mao <maobibo@loongson.cn>
Cc: Chao Li <lichao@loongson.cn>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Xianglai Li <lixianglai@loongson.cn>
Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
This change fixes an issue where the returned section data length
is always 4 bytes larger than the actual section length. This could
cause an issue where the caller accesses the final 4 bytes which
would be invalid.
Co-authored-by: Kun Qin <kuqin@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
MMIO ranges within the mProtectionMemRange array may exceed 4G
and should be configured as 'Present & NX'. However, the initial
attribute for these MMIO addresses in the page table is
'non-present'. Other attributes should not be set or updated for
a non-present range if the present bit mask is zero, as this could
result in an error during the InitPaging for the page table update
process.
This patch is to resolve the error to make sure MMIO page table
can be configured correctly.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
For TDCALL leaf TDG.VP.INFO, the bit 31:0 in R8 returns NUM_VCPUS and
bit 63:32 in R8 returns MAX_VCPUS. Current struct
TDCALL_INFO_RETURN_DATA defines them in wrong order.
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cast pointer type to VOID* to avoid potential build error.
If the two PCD are FixAtBuild, PcdGetPtr will return a const
type pointer. Since the second parameter of BuildGuidDataHob
is VOID*, build error may happen with following log:
C4090: 'function': different 'const' qualifiers
Signed-off-by: Dun Tan <dun.tan@intel.com>
Write the feature bit into PcdConfidentialComputingGuestAttr
and enable DebugVirtualization in PEI, SEC, DXE.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
---
Changes:
v5:
* "rb" from Tom
v4:
* s/DebugSwap/DebugVirtualization/g
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since the previous commit.
Fix AmdMemEncryptionAttrCheck to check the level and feature
correctly and add DebugVirtualization support.
Since the actual feature flag is not set yet, this should cause
no behavioural change.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
---
Changes:
v5:
* "rb" from Tom
The SEV-ES DebugVirtualization feature enables type B swapping of
debug registers on #VMEXIT and makes #DB and DR7 intercepts
unnecessary and unwanted.
When DebugVirtualization is enabled, this stops booting if
interaction from the HV.
Add new API to PEI, SEC, DXE.
This does not change the existing behaviour yet.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
---
Changes:
v5:
* "rb" from Tom
v4:
* s/DebugSwap/DebugVirtualization/
PcdConfidentialComputingGuestAttr so far only contained an SEV mode bit
but there are more other features which do not translate to levels
such as DebugVirtualization or SecureTsc.
Add the feature mask and the DebugVirtualization feature bit to the PCD.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
---
Changes:
v4:
* s/CCAttrFeatureAmdSevDebugSwap/CCAttrFeatureAmdSevEsDebugVirtualization/
v2:
* expanded features mask
* added type mask
For now we need DebugSwap but others are likely to be needed too.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
Changes:
v5:
* "rb" from Tom
v4:
* added more from April/2024 APM
RISC-V ovmf used VirtualRealTimeClockLib but the default epoch is a
compilation time. It causes that the RISC-V ovmf binary image is NOT
reproducible.
This patch added the support of SOURCE_DATE_EPOCH by printenv command.
If SOURCE_DATE_EPOCH be found then we use it as BUILD_EPOCH. Otherwise
we run date command for setting BUILD_EPOCH.
For distributions want a reproducible RISC-V ovmf image, they should
export SOURCE_DATE_EPOCH environment variable before building ovmf.
References: https://reproducible-builds.org/docs/source-date-epoch/
Cc: Pete Batard <pete@akeo.ie>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
Most of the definitions in this file are currently well documented.
This adds documentation for a few missing fields in the NVMe
Controller Capabilities structure.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
If kernel hashes are enabled but no initrd is provided,
QEMU will still create an entry in the hash table, but it
will be the hash of an empty buffer.
Remove the explicit check for the length of the blob.
This logic will be handled by the later hash comparison,
which will still fail when the blob is not present
but is expected, but will pass when the blob is not present
and the hash table contains a hash of an empty buffer.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Eui64 is a 64 bit value, so the "L" or "l" is required for
format specifier, otherwise only lower 32 bit will be converted.
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Update retrieval of private guids, protocols, or ppis from a package's
declaration file to use the original path of the module's INF file
rather than the current path. When building the same module multiple
times in the same INF (by override the define's FILE_GUID), a temporary
instance of the module is generated outside the package, causing the
retrieval of private values to fail as the check to access private
values is done by verifying the module to build, is inside the package.
Signed-off-by: Joey Vagedes <Joey.Vagedes@gmail.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Allows ignore lines in the CI YAML file to use git ignore syntax.
This is especially useful for ignore files recursively in directories
like those that may exist in an external dependency folder.
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
BZ #4456
Fixed a bug which led to an ASSERT due to the USB device
context being maintained after a port reset, but the
underlying XHCI context was uninitialized. Specifically,
Xhc->UsbDevContext is freed after a reset and only
re-allocates the default [0] enpoint transfer ring.
In order to avoid a memory leak, device enumeration is
performed after freeing the necessary buffers. This
allocates the Xhc->UsbDevContext for all endpoints of
the USB device.
Signed-off-by: Britton Chesley <Brit.Chesley@amd.com>
Pass build variables (those passed to build.py through -D) to the DSC
parser to provide a more accurate parsing of the DSC file.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Signed firmware measurements are allowed to be passed along to in the
TCG and CC event logs according to the TCG PC Client Platform Firware
Profile. The event logs include events that Tcg2Dxe reads from
appropriately GUIDed HOBs, so allow opt/org.tianocode/sp800155evt/%d to
pass along events that the VMM sees fit to provide. One event per
number, starting from 0, increasing by 1 until there are no more
contiguous files.
The VMM may provide reference measurements through UEFI variables that
it references from the SP800-155 event3 structure given the appropriate
RIM locator type, or via URL, etc.
Each event read from fw_cfg, is written one-by-one to
a EFI_HOB_GUID_TYPE HOB created for the event. The name they target
gTcg800155PlatformIdEventHobGuid for the later Dxe driver to use to
extend the event log.
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
The TCG_Sp800_155_PlatformId_Event2 and 3 structures both list the
platform model string twice, which is incorrect according to the
TCG PC Client Platform Firmware Profile.
Also add constant definitions for the locator types added in the
December 2023 revision.
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
A new contributor has a name not describable by the character set
developed for 1960s US teleprinters, causing the CI to object and
blocking their code from being merged due to the copyright statement.
While we do want to keep the code clean from characters other
contributors cannot trivially reproduce, this should not extend to
requiring intentionally misstating legal claims.
Until we figure out the long-term fix, add an exception for the surname
triggering the failure.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
Consume gEdkiiTcg2AcpiCommunicateBufferHobGuid in Tcg2Acpi
driver. Tcg2Acpi will use the buffer stored in the HOB to
exchange information with Tcg2StandaloneMm by the
MM_COMMUNICATION_PROTOCOL.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Install a callback of gEfiPeiMemoryDiscoveredPpiGuid to
build the gEdkiiTcg2AcpiCommunicateBufferHobGuid in the
Tcg2ConfigPei PEIM.
The HOB contains a buffer reserved by MmUnblockMemoryLib.
The buffer will be used in Tcg2Acpi driver to retrive
information from standalone mm environment.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Add a new GUID HOB gEdkiiTcg2AcpiCommunicateBufferHobGuid.
This Tcg2 Acpi Communicate Buffer HOB is used to store the
address of a buffer reserved for Tcg2Acpi driver. The buffer
will be used to retrive information from Standalone mm
environment.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Consume gEdkiiTcgPhysicalPresenceInterfaceVerHobGuid in
StandaloneMmTcg2PhysicalPresenceLib. This is to avoid
using the dynamic PcdTcgPhysicalPresenceInterfaceVer in
StandaloneMm module.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Consume gEdkiiTpmInstanceHobGuid in Tcg2StandaloneMm
driver. It's to avoid using dynamic PcdTpmInstanceGuid
in StandaloneMm driver.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Build following two new HOBs:
gEdkiiTcgPhysicalPresenceInterfaceVerHobGuid
gEdkiiTpmInstanceHobGuid
The two HOBs will be used by Tcg2StandaloneMm driver
to avoid using the related dynamic PCDs.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Add a new gEdkiiTcgPhysicalPresenceInterfaceVerHobGuid.
This new Guid HOB contains a a string of the Version of
Physical Presence interface which is the same as
PcdTcgPhysicalPresenceInterfaceVer. The HOB is used for
StandaloneMm driver which needs to consume the dynamic
PcdTcgPhysicalPresenceInterfaceVer.
Signed-off-by: Dun Tan <dun.tan@intel.com>
This new Guid HOB contains a TPM instance Guid which
is the same as PcdTpmInstanceGuid. The HOB is used for
StandaloneMm driver which needs to consume the dynamic
PcdTpmInstanceGuid.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Now that CONST input strings to the AmlLib APIs
are properly marked as CONST we don't need to cast
them to non-CONST before passing them.
Signed-off-by: Jeshua Smith <jeshuas@nvidia.com>
Several input strings to AmlLib APIs are treated
as CONST but were missing the CONST keyword,
requiring their callers to create unnecessary r/w
copies of r/o input strings. This change properly
marks these input strings as CONST.
Signed-off-by: Jeshua Smith <jeshuas@nvidia.com>
Reviewed-by: Jeff Brasen <jbrasen@nvidia.com>
The xdrlib dependency was removed in commit
5cadb8ce21 but the actual import of the
module was not removed. This commit removes the import of xdrlib and
sorts the imports.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Jiaxin Wu
Sergii Dmytruk
Yanbo Huang
Xianglai Li
Michael Kubacki
Xiaoyao Li
Dun Tan
Alexey Kardashevskiy
Chun-Yi Lee
Tobin Feldman-Fitzthum
Mike Maslenkin
Joey Vagedes
Britton Chesley
Dionna Glaze
Leif Lindholm
Jeshua Smith
dependabot[bot]