REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4831
In this patch introduced the below changes,
[1] Add the event of system resource table installed callback.
- Register the event in DxeRuntimeCapsuleLibConstructor ()
- Unregister the event in DxeRuntimeCapsuleLibDestructor ()
[2] Migrate the event to update the module variable to cache ESRT table
from ReadyToBoot to system resource table installed.
[3] Add the condition to free the pool of buffer when the "mEsrtTable"
is not NULL.
Co-authored-by: Dakota Chiang <dakota.chiang@intel.com>
Signed-off-by: Jason1 Lin <jason1.lin@intel.com>
Under normal operation, some 30 or so of these lines logged as DEBUG_INFO
on first transmit.
This is not relevant information for users of the driver, so convert these
messages to VERBOSE.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
Report PXE error status via Status Code, with this design,
it will be flexible to register a status code handler
via gEfiRscHandlerProtocolGuid to output the customized error code
to other telemetry service.
The subclass code is `EFI_IO_BUS_IP_NETWORK`
Signed-off-by: Ethan Hsu <Eathonhsu@gmail.com>
When CPU smm profile feature was enabled, unblocked memory should
not set logging attribute when building resource HOB.
Signed-off-by: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
A potential issue may happen when FSP creates/changes page table while
bootloader doesn't expect page table being changed in FSP.
Current, FSP API support to save/restore stack, IDT and general purpose
registers. Following the same pattern, add save/restore page table
support to solve this issue.
Note that this feature only impacts FSP API mode, and is controlled
by PCD PcdFspSaveRestorePageTableEnable. For compatibility, the PCD
default value is set as FALSE.
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
The code changes in the patch is for trimming the leading path
to the modified directory in the .pytool/EccCheck script.
This is necessary when running Ecc on other repositories,
such as edk2-platforms, where the platform package is located
in a subfolder, like Platform/AMD/AmdPlatformPkg.
The EccCheck script checks for modified directories and expects them to start with the package name.
#
# Skip directory names that do not start with the package being scanned.
#
if file_dir.split('/')[0] != pkg:
continue
However, if the package name is in a subfolder,
the "git diff" command gives a relative path,
like Platform/AMD, which causes the condition to be false.
"M Platform/AMD/AmdPlatformPkg/Universal/LogoDxe/Logo.c"
As a result, EccCheck does not happen on modified files.
To fix this issue, the leading path needs to be trimmed
so that it starts from the directory name.
This change will not affect the existing check for the edk2 repository,
where all package names are at the first level directory.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Joey Vagedes <joey.vagedes@gmail.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Abdul Lateef Attar <AbdulLateef.Attar@amd.com>
If we search the codebase for &gEdkiiVariablePolicyProtocolGuid
we can find two drivers which install this policy:
VariableRuntimeDxe (installed in VariableDxe.c) and
VariableSmmRuntimeDxe (installed in VariablePolicySmmDxe.c).
The .inf file for VariableRuntimeDxe incorrectly lists the protocol
as CONSUMES in the comment, so change this to PRODUCES.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
GetProcessorInfo copies CpuData instead of CpuData.Info. The OUT parameter
ProcessorInfoBuffer is of type EFI_PROCESSOR_INFORMATION, not CPU_AP_DATA.
Fix it to copy the correct member CpuData.Info.
Signed-off-by: Vishal Oliyil Kunnil <quic_vishalo@quicinc.com>
BaseTools was moved out to a separate repo and consumed as a pip
module by edk2 CI. This process has not led to the desired goals
of doing so, so this patch removes the pip based BaseTools from
edk2 CI.
The original goal of moving BaseTools to a pip module was
primarily to speed up the development process, as the old edk2
mailing list was slow. However, with edk2 moving to PRs, it now
actually slows the BaseTools development process to have to do
a PR in another repo, publish the module, and then make a PR
in edk2 to consume the new BaseTools. It also holds up using
the features in a new BaseTools in other PRs.
There were other goals of moving, such as allowing projects to
use the BaseTools outside of edk2. This can still be accomplished
outside of this PR, this PR simply stops edk2 CI from using the
pip module.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Commit 6862b9d538 makes
more explicit the previous logic of the code anyway, which is that
it is (and was) only a fatal error if all secure algorithms fail.
However the comment updated by this commit seems somewhat
incompatible with that change, and even with the previous code
(which operated as now, just logging different error messages).
This updates the comment to be more compatible with how the
code operates.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
Refer to the section 2.1 of tdx-virtual-firmware-design-guide spec,
APCI S3 is not supported in TDVF.
Therefore, TDVF should not read the S3 status via fw_cfg and always
set it as unsupported.
spec: https://cdrdv2.intel.com/v1/dl/getContent/733585
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Currently, the NULL version Tdx functions are only built for Ia32.
In BaseLib, the others architectures also need such NULL version
Tdx functions.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
The PcdCpuSmmRestrictedMemoryAccess is declared as either a dynamic or fixed
PCD. It is not recommended for use in the MM CPU driver.
Furthermore, IsRestrictedMemoryAccess() is only needed for SMM. Therefor,
there is no need for MM to consume the PcdCpuSmmRestrictedMemoryAccess.
So, this patch is to add the SMM specific file for its own functions, with
the change, the dependency of the MM CPU driver on
PcdCpuSmmRestrictedMemoryAccess can be removed.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Currently, mCpuSmmRestrictedMemoryAccess is only used by the
IsRestrictedMemoryAccess(). And IsRestrictedMemoryAccess() can
consume the PcdCpuSmmRestrictedMemoryAccess directly. Therefore,
mCpuSmmRestrictedMemoryAccess can be cleaned to simply the code
logic.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
After the 9f29fbd3, full mapping SMM page table is always created
regardless the value of the PcdCpuSmmRestrictedMemoryAccess. If so,
SMM PageTable Attributes can be set to ready-only since there is no
need to update it. So, this patch is to remove restricted memory
access check when setting the SMM PageTable attributes.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
SetPageTableAttributes() will use the IfReadOnlyPageTableNeeded() to
determine whether it is necessary to set the page table itself to
read-only. And IfReadOnlyPageTableNeeded() has already token into
account the status of IsRestrictedMemoryAccess(). Therefore, there
is no need for an additional call to IsRestrictedMemoryAccess()
before calling the SetPageTableAttributes().
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Deadloop if PFAddr is not supported by system, no need check SMM CPU
RestrictedMemory access enable or not.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Following the commit 9f29fbd3, full mapping SMM page table is always
created regardless the value of the PcdCpuSmmRestrictedMemoryAccess.
Consequently, a page fault (#PF) that triggers an update to the page
table occurs only when SmiProfile is enabled. Therefore, it is
necessary to save and restore the CR2 register when SmiProfile is
configured to be enabled.
And the operation of saving and restoring CR2 is considered to be
not heavy operation compared to the saving and restoring of CR3.
As a result, the condition check for SmiProfile has been removed,
and CR2 is now saved and restored unconditionally, without the need
for additional condition checks.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
SmiPFHandler depends on the IsSmmCommBufferForbiddenAddress() to do
the forbidden address check:
For SMM, verifying whether an address is forbidden is necessary only
when RestrictedMemoryAccess is enabled.
For MM, all accessible address is recorded in the ResourceDescriptor
HOB, so no need check the RestrictedMemoryAccess is enabled or not.
This patch is to move RestrictedMemoryAccess check into SMM
IsSmmCommBufferForbiddenAddress to align with above behavior. With
the change, SmiPFHandler doesn't need to check the
RestrictedMemoryAccess enable or not.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
This patch breaks the section processing loop if an invalid section with zero SectionLength is encountered.
Signed-off-by: Ragavarshini B <ragavarshinib@ami.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dhanaraj V <vdhanaraj@ami.com>
Cc: Sachin Ganesh <sachinganesh@ami.com>
This adds constants and structure definitions for Send/Get Boot Progress
Code through IPMI, according to Server Base Manageability Requirements
(SBMR) [1], Appendix F.
[1] https://developer.arm.com/documentation/den0069
Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
Starting with Visual Studio 2019 version 16.10, the /volatileMetadata
option is enabled by default when generating x64 code.
This patch disables the /volatileMetadata option for x64 builds in both
VS2019 and VS2022.
We observed a slight increase in used space for the Firmware volumes in
VS2019. Upon investigation, we found that VS2019 version 16.10 enabled
this feature by default. Disabling /volatileMetadata helps reduce the
used space by approximately 3.5KB by considering the 2 Firmware volumes
(2KB uncompressed FV and 1.5KB of compressed FV)
Signed-off-by: Ashraf Ali <ashraf.ali.s@intel.com>
After updating Doxygen, we can see that SetBootMode returns the BootMode
instead of status code as it should, fix it to return status.
Signed-off-by: Vishal Oliyil Kunnil <quic_vishalo@quicinc.com>
The Doxygen comment for SetBootMode and GetBootMode in PrePiHobLib/Hob.c
does not match declaration in PrePiLib.h. The C file has it wrong. Align
the text to match the header.
Signed-off-by: Vishal Oliyil Kunnil <quic_vishalo@quicinc.com>
ACPI 6.5 adds mode flags that could do with
more human-readable display in Acpiview. This
adds support for displaying those flags.
Signed-off-by: Carsten Haitzler <carsten.haitzler@foss.arm.com>
In BmFindBootOptionInVariable() we prevent passing a NULL pointer to
EfiBootManagerFindLoadOption(). However, it can accept a NULL pointer as
the second argument as long as count is zero. This change updates the
assert condtion to only assert if the pointer is NULL and the count is
non-zero.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
This patch replaces call of IpmiSubmitCommand() issued
REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE IPMI command to check
whether bootstrap credential support enabled or not.
The problem is that in accordance with IPMI spec while handling
such command BMC creates bootstrap account. The credentials of this account
is returned as a response. Obviously in this code the response is not used.
From the other side there is an implementation
of EDKII_REDFISH_CREDENTIAL_PROTOCOL exists and used by
RedfishPlatformCredentialIpmiLib.
By design RedfishPlatformCredentialIpmiLib keeps returned bootstrap
credentials and uses it later. So all services using
EDKII_REDFISH_CREDENTIAL_PROTOCOL instance operates with a same
credentials.
Current design of PlatformHostInterfaceBmcUsbNicLib leads to creation
of two bootstrap accounts on BMC side. This is on nesseccary and one
account is not used at all.
Using EDKII_REDFISH_CREDENTIAL_PROTOCOL prevents from creating useless
bootstrap account on BMC side.
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
PlatformHostInterfaceBmcUsbNicLib.c: In function 'CheckBmcUsbNic':
PlatformHostInterfaceBmcUsbNicLib.c:1253:14: error: error: 'HandleBuffer'
may be used uninitialized in this function [-Werror=maybe-uninitialized]
Status =
CheckBmcUsbNicOnHandles (BufferSize/sizeof (EFI_HANDLE), HandleBuffer);
cc1: all warnings being treated as errors
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
/RedfishDiscoverDxe.c:1979:37: error: 'RestExInstance' may be used
uninitialized in this function [-Werror=maybe-uninitialized]
RestExInstance->Signature = EFI_REDFISH_DISCOVER_DATA_SIGNATURE;
cc1: all warnings being treated as errors
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
Add the necessary toolchain override flags for ms_abi and LTO on X64 for
the unversioned GCC toolchain profile.
This resolves a runtime segmentation fault.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
Move all BaseCryptLib resolutions for 32-bit ARM to MbedTls, which does
not require a softfloat library, which can therefore be dropped from
EDK2 entirely going forward.
Note that this implies no TLS networking for 32-bit ARM, as this code
has a direct dependency on OpenSSL, so move the TlsLib resolution to a
AARCH64-only section to force the build to fail early when attempting to
build 32-bit ARM targets with NETWORK_TLS_ENABLE set.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This patch removes the _DSM Memory Clear and MOR
auto-detect functionality via _PTS, as
_DSM Memory Clear was deprecated in TCG PC Client
Reset Attack Mitigation Spec Version 1.10 revision 17
Family "2.0" and _PTS is deemed security deficient.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Remove unused MemoryClear SMI Handler, which is no longer
used due to _DSM Memory Clear no longer being used.
_DSM Memory Clear was deprecated in 2019 by TCG PC Client
Platform Reset Attack Mitigation Spec Version 1.10 revision 17
Family "2.0".
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Comments out a redundant call to RestoreTpl(). While this does not
technically violate spec on raise/restore TPL, TPL should already be at
the specified level. This extra call introduces an asymmetry between
RaiseTpl and RestoreTpl calls, which makes analysis of TPL correctness
more difficult and hampers certain non-standard TPL usages that some
platforms require. Additionally, the two TPL variables were renamed to
provide context for each of them.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
Adds a call to RestoreTpl() in DiskIo2ReadWriteDisk(). While the current
implementation does not technically violate spec on raise/restore TPL,
this extra call ensures symmetry between RaiseTpl and RestoreTpl calls,
which makes analysis of TPL correctness simpler and permits certain
non-standard TPL usages that some platforms require.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
Gerd reports that ArmVirtQemu running under KVM lost network boot
support on systems that do not implement the RNDR/RNDRRS system
registers, which provide an architectural, CPU-based source of random
numbers. Under KVM, the TRNG SMCCC is available as a fallback, which is
exposed via RngDxe but not via the base RngLib library. This means that
direct users of RngLib, such as OpensslLib, have no access to the TRNG
based entropy source.
Let's fix this by resolving RngLib dependencies for UEFI_DRIVER type
drivers via DxeRngLib, which uses the protocol exposed by RngDxe
internally.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
- This PR aims to prevent a buffer overrun issue found in FtwGetLastWriteHeader
function.As per the current code, when there is a malformed blocks (with all bytes as 0s)
then `Offset += FTW_WRITE_TOTAL_SIZE (FtwHeader->NumberOfWrites,
FtwHeader->PrivateDataSize)` would access beyond FtwWorkSpaceSize.
- Also added the signature check to validate work space
Signed-off-by: Sureshkumar Ponnusamy <sponnusamy@microsoft.com>
Fixing RETURN_ERROR macro.
It is causing problem in Coverity Static analysis tool as we are directly converting the UINT value to INTN
Changing value from UINT to INTN might cause problem. Here we know that the values would not be in loss of data.
To increase the code quality and increase the static tool analysis score we have to change it
Cc: Jiangang He <jiangang.he@amd.com>
Cc: Neo Hsueh <Hong-Chih.Hsueh@amd.com>
Signed-off-by: Parth Thakkar <ParthRajeshkumar.Thakkar@amd.com>
Since the PEI Hob service is ready after PEIM loaded,
TDVF should build the Hob for TdHob and Cfv event
at first.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Currently, TDVF gets LowMemory and FistNonAddress from the e820tables
via fw_cfg, while TD-Hob can also provide the memory info of LowMemory
and FistNonAddress.
In current stage e820tables are not measured but TD-Hob is measured in
early phase by TDVF.
So, from the security perspective we'd better use the information from
TD-Hob instead of e820tables.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
The patch adds ProcessorUpgradeInvalid(0xFF) definition in Processor
Upgrade(Type 4, Offset 19h) for SMBIOS Type4 based on SMBIOS v3.8.0.
Processor Upgrade should be 0xFF when no other valid enumeration is
available.
Signed-off-by: Jason Zhao <jason.zhao@intel.com>
This update refactors the code by moving the LocatePpi function call
outside of the for loop where it was previously called repeatedly.
By relocating the LocatePpi invocation outside of the loop,
we improve the efficiency of the code by avoiding redundant lookups.
Signed-off-by: Ashraf Ali <ashraf.ali.s@intel.com>
DevPathToTextUsbWWID allocates a separate copy of the SerialNumber
string to append a null terminator if the original string is not null
terminated. However, by using AllocateCopyPool, it tries to copy
'Length + 1' words from the existing string containing 'Length'
characters into the target string. Split the copy out to only copy
'Length' characters instead.
This was reported by GCC's -Wstringop-overread when compiling a copy
of this routine included in a library on FreeBSD.
Signed-off-by: John Baldwin <jhb@FreeBSD.org>
edk2-basetools was depending on old versions of several packages. That
was fixed in version 0.1.53. Update pip-requirements.txt to use that
version, and bump the versions and dependency expressions of other
packages to use or allow use of newer versions.
Also, update the URL to the requirements file format since it's
moved.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
It is normal for a disk to not have FAT file system (known as No Media),
therefore, it should not produce a "failed" entry in the boot console.
This aims to lower the debug level to verbose.
Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
Jason1 Lin
Mike Beaton
yhsu3
Hongbin1 Zhang
Zhiguang Liu
Abdul Lateef Attar
Vishal Oliyil Kunnil
Oliver Smith-Denny
Ceping Sun
Jiaxin Wu
ragavarshinib
Nhi Pham
Ashraf Ali
Carsten Haitzler
Ken Lautner
Rebecca Cran
Mike Maslenkin
Leif Lindholm
Ard Biesheuvel
John Strange
Sureshkumar Ponnusamy
Parth
Jason Zhao
Neo Hsueh
John Baldwin
Rebecca Cran