Remove the unused DevicePathSize variable from EnumerateAllKeywords().
Due to our use of -Werror=unused-but-set-variable when building under GCC, the presence of DevicePathSize is breaking the build.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17448 6f19259b-4bc3-4df7-8a09-765794883524
SVN r17428 ("MdeModulePkg: Implement UEFI25 HII Config keyword handler protocol") introduced code that triggers
-Werror=pointer-sign
under gcc ("warn for pointer argument passing or assignment with different signedness"). This patch fix up those locations.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17445 6f19259b-4bc3-4df7-8a09-765794883524
It provides a repository to cache ESRT info for FMP or Non-FMP instance.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Gao Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17426 6f19259b-4bc3-4df7-8a09-765794883524
Change the code to listen EFI_SW_DXE_BS_PC_LEGACY_BOOT_EVENT instead of the Legacy Boot event to provide more precise performance data.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Ruyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17377 6f19259b-4bc3-4df7-8a09-765794883524
In order to support default value for orderedlist opcode, support buffer type value for default/oneofoption opcode.
If oneofoption used as a default value, it will not be added to normal option list.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17336 6f19259b-4bc3-4df7-8a09-765794883524
DriverHealthManagerDxe provides a driver health management VFR form
which will be sent by UefiBootManagerLib when booting a boot option.
It also provides another driver health management VFR form which will
be included by certain boot manager menu through the VFR class GUID.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17331 6f19259b-4bc3-4df7-8a09-765794883524
BdsDxe driver links to UefiBootManagerLib and PlatformBootManager to
provide a pure UEFI boot manager conforming to the UEFI spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17328 6f19259b-4bc3-4df7-8a09-765794883524
Boot mode maybe changed at any point during the PEI phase, therefore, boot
mode should be checked later rather at entry point.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17323 6f19259b-4bc3-4df7-8a09-765794883524
- SVN r14866:
MdePkg and MdeModulePkg Pcd: Add the new EFI_GET_PCD_INFO_PROTOCOL and
EFI_GET_PCD_INFO_PPI support for PI 1.2.1 compliance.
added the "DataBase" local variable to PcdPeimInit(), and both set it and
used it.
- SVN r14869:
MdeModulePkg and Nt32Pkg Pcd: Add the new EFI_GET_PCD_INFO_PROTOCOL and
EFI_GET_PCD_INFO_PPI support for PI 1.2.1 compliance.
changed the PcdPeimInit() function, but "DataBase" remained both set and
used.
- SVN r17173:
MdeModulePkg Pcd: Check the input SkuId in SetSku()
changed the function again; and this time "DataBase" became
set-but-unused. It triggers the following build error, when building
ArmVirtualizationQemu.dsc with gcc-4.8:
MdeModulePkg/Universal/PCD/Pei/Pcd.c:150:21: error: variable 'DataBase'
set but not used [-Werror=unused-but-set-variable]
PEI_PCD_DATABASE *DataBase;
^
cc1: all warnings being treated as errors
Fix the error by removing the DataBase variable, restoring the pre-r14866
state locally, when the BuildPcdDatabase() function was called, but its
return value was thrown away.
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17179 6f19259b-4bc3-4df7-8a09-765794883524
then GetSku() could return the currently active SkuId.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17173 6f19259b-4bc3-4df7-8a09-765794883524
RFC1323 says the most recently received TSVal must be echoed in TSecr in ACK packets
which was not done at first connection because the code saving the TSVal from the peer
was skipped at this point. This resulted in sending an ACK reply with a 0 TSecr that
was rejected at least by FreeBSD. This patch fixes this by updating the saved TSVal
also for connection initiation packets.
Thanks to Laszlo Ersek for analysis and help in debugging.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17165 6f19259b-4bc3-4df7-8a09-765794883524
Also update PCD_SERVICE_PEI_VERSION and PCD_SERVICE_DXE_VERSION to match with
the new PcdDataBase binary generated by BaseTools.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17161 6f19259b-4bc3-4df7-8a09-765794883524
to just return EFI_SUCCESS if the variable has been in the locked list.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17141 6f19259b-4bc3-4df7-8a09-765794883524
to handle the case PE file alignment is not same as PE section alignment.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17063 6f19259b-4bc3-4df7-8a09-765794883524
Add SMBIOS 64-bit entry point and 64-bit table support for SMBIOS 3.0.
Introduce PcdSmbiosEntryPointProvideMethod to produce 32-bit or 64-bit
SMBIOS table.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Elvin Li <elvin.li@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17051 6f19259b-4bc3-4df7-8a09-765794883524
to return EFI_NOT_FOUND when a specified variable doesn't exist and
Data parameter is NULL but DataSize parameter is valid in GetVariable() invocation.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17030 6f19259b-4bc3-4df7-8a09-765794883524
Some compilers requires an empty line at the end of the file.
ARM compiler version 5 is one of these compilers:
error #1-D: last line of file ends without a newline
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Olivier Martin <olivier.martin@arm.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16918 6f19259b-4bc3-4df7-8a09-765794883524
As the drivers and library do not reference gEfiSmmAccess2ProtocolGuid explicitly now
after SmmMemLib introduced.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16760 6f19259b-4bc3-4df7-8a09-765794883524
for trying to reclaim variable space at EndOfDxe.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16687 6f19259b-4bc3-4df7-8a09-765794883524
And leave the variable error flag in NV flash as the last boot variable error flag.
After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash
will be initialized to this local current boot variable error flag.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16684 6f19259b-4bc3-4df7-8a09-765794883524
The code in AcpiTableDxe handles the installation of FADT and FACS in both
possible orders. In the [FADT, FACS] installation order, the FACS is at
once linked into the FADT. In the [FACS, FADT] installation order, the
FACS is stashed temporarily, and it is linked into the FADT when the FADT
is installed later.
According to the ACPI specification, *at most one* of FADT.FirmwareCtrl
and FADT.XFirmwareCtrl may be nonzero. The code is aware of this
requirement, and it never sets both of them to nonzero values at once.
However, the code doesn't expect the following:
- The caller first installs the FACS, which is stashed. The address that
is saved happens to fall below 4GB.
- The caller then installs a FADT, with a zero FirmwareCtrl field, and a
nonzero (pre-populated) XFirmwareCtrl field.
In this case the code sets FADT.FirmwareCtrl to the less-than-4GB address
of the stashed FACS, and leaves the different nonzero value in
FADT.XFirmwareCtrl. This violates the ACPI specification.
Prevent this by always zeroing the field that we do *not* set.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.Yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16659 6f19259b-4bc3-4df7-8a09-765794883524
El Torito format can be used on different media (eg: USB).
A ISO image can be dumped onto a USB mass-storage.
These media might not have the same block size as the CDROM media (ie: 2KB).
The El Torito code and the specification assumes a LBA 2KB.
In addition, the specification says in "12.3.4.4 CD-ROM and DVD-ROM":
UEFI code does not assume a fixed block size.
I was able to dupliacte the issue by copying a debian ISO on a USB driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Olivier Martin <olivier.martin@arm.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16600 6f19259b-4bc3-4df7-8a09-765794883524
and follow UEFI spec to check UEFI defined variables.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16579 6f19259b-4bc3-4df7-8a09-765794883524
This module implements Simple FileSystem protocol over Firmware Volume (FV).
EFI Modules included into a FV can be listed and launched from the EFI Shell or any other EFI applications.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Brendan Jackman <brendan.jackman@arm.com>
Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Olivier Martin <olivier.martin@arm.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16547 6f19259b-4bc3-4df7-8a09-765794883524
The GNU assembler (2.24.51.20140918) is failing to build when movw is used on this instruction.
Instead use the mov instruction, which matches the other cases of loading segment registers.
The error message seen is:
AsmFuncs.iii:283: Error: incorrect register `%rax' used with `w' suffix
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16529 6f19259b-4bc3-4df7-8a09-765794883524
- Fix EFI_IPv4_ADDRESS usages to use a macro to copy the structure
instead of direct assignment, to avoid runtime alignment errors.
- Fix a EFI_INPUT_KEY usage in TerminalDxe to use CopyMem() to copy the
structure instead of direct assignment, to avoid runtime alignment error.
- Delete excess local variables that are initialized but otherwise unused.
- CompilerIntrinsicsLib library now imported for AARCH64, as well as ARM.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Randy Pawell <randy_pawell@hp.com>
Reviewed-by: Olivier Martin <Olivier.Martin@arm.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16471 6f19259b-4bc3-4df7-8a09-765794883524
DXE FpdtStatusCodeHandler is required to be unregistered even if StatusCodeReport is disabled. This change makes sure FpdtStatusCodeHandler be always unregistered.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Vincent Zimmer <vincent.zimmer@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16470 6f19259b-4bc3-4df7-8a09-765794883524
that can cause an exception. mPeiExMapppingTableSize is the table size, but the
code needs to check the entry number.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hp.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16448 6f19259b-4bc3-4df7-8a09-765794883524
When scroll menu to the one not shows in current form, and this menu has option mismatch error, current display engine will not highlight this menu.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16447 6f19259b-4bc3-4df7-8a09-765794883524
Based on the input request to get default value for questions.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16413 6f19259b-4bc3-4df7-8a09-765794883524
DiskIoDxe: Fix ReadDiskEx and WriteDiskEx to not modify the user’s buffer when the BufferSize is 0.
DiskIoDxe: Fix ReadDiskEx and WriteDiskEx hang issue when the submitted blockio2 task is completed before submitting another blockio2 task.
DiskIoDxe: Fix FlushEx to free the flush task item in callback (memory leak issue).
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16215 6f19259b-4bc3-4df7-8a09-765794883524
1. Work space and spare block must be in a FVB with FV header.
Updated to work space and spare block could be in independent FVBs that are without FV header.
2. NV region, work space and spare block must have same BlockSize.
Updated to NV region, work space and spare block could have different BlockSize.
3. Works space size must be <= one block size.
Update to work space size could be <= one block size (not span blocks) or > one block size (block size aligned).
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16201 6f19259b-4bc3-4df7-8a09-765794883524
Before get default value for each questions, call ExtractConfig function to get the altcfg string for all formset. Later when question try to get default value from AltCfg string, just get the value from the saved altcfg string instead of call ExtractConfig function to get it.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16162 6f19259b-4bc3-4df7-8a09-765794883524
even if the native function's arguments are less than 4.
From MSDN x64 Software Conventions, Overview of x64 Calling Conventions:
“The caller is responsible for allocating space for parameters to the
callee, and must always allocate sufficient space for the 4 register
parameters, even if the callee doesn’t have that many parameters.
This aids in the simplicity of supporting C unprototyped functions,
and vararg C/C++ functions.”
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud elhaj@hp.com
Reviewed by: Jiewen Yao <Jiewen.Yao@intel.com>
Reviewed by: Feng Tian <Feng.Tian@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16152 6f19259b-4bc3-4df7-8a09-765794883524
1. Module UNI and Package UNI files are not DOS format. Convert them to DOS format.
2. Remove unused SectionExtractionDxeModStrs.uni and SectionExtractionPeiModStrs.uni
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16044 6f19259b-4bc3-4df7-8a09-765794883524
2. Add MODULE_UNI_FILE file that contains the localized Abstract and Description of a module.
a. Addresses an information gap between INF files and the UEFI Distribution Packaging Specification XML schema
b. There will be an associated update to UPT in BaseTools to consume MODULE_UNI_FILE and associated UNI file during UDP creation that performs the INF -> XML conversion.
c. There will be an associated update to UPT in BaseTools to produce MODULE_UNI_FILE and associated UNI file during UDP installation that performs the XML -> INF conversion.
3. Add Module Extra UNI file that provides the localized Name of a module.
a. [UserExtensions.TianoCore."ExtraFiles"] provides an easy method for a module to specify extra files not listed in [Sources] or [Binaries] sections to be added to a UDP without having to list the files in the UPT package information data file.
b. There will be an associated update to UPT in BaseTools to package up files listed in [UserExtensions.TianoCore."ExtraFiles"] during UDP creation.
c. UNI file contains localized name of a module to go along with the localized Abstract and Description from the MODULE_UNI_FILE.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zeng, Star <star.zeng@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15963 6f19259b-4bc3-4df7-8a09-765794883524
1. Usage information in INF file comment blocks are either incomplete or incorrect.
This includes usage information for Protocols/PPIs/GUIDs/PCDs/HOBs/Events/BootModes.
The syntax for usage information in comment blocks is defined in the EDK II Module Information (INF) Specification
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zeng, Star <star.zeng@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15962 6f19259b-4bc3-4df7-8a09-765794883524
2. CapsuleLongModeBuffer variable should be set to Read-Only. It should not be changed by someone else.
3. Introduce a new PCD PcdIdentifyMappingPageTablePtr to share the same range of page table between AcpiS3 and Capsule.
4. Capsule stack size is allocated from PcdCapsulePeiLongModeStackSize.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Elvin Li <elvin.li@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15909 6f19259b-4bc3-4df7-8a09-765794883524
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Add support for RSA 2048 SHA 256 signing and verification encoded in a PI FFS GUIDED Encapsulation Section. The primary use case of this feature is in support of signing and verification of encapsulated FVs for Recovery and Capsule Update, but can potentially be used for signing and verification of any content that can be stored in a PI conformant FFS file. Signing operations are performed from python scripts that wrap OpenSsl command line utilities. Verification operations are performed using the OpenSsl libraries in the CryptoPkg.
The guided encapsulation sections uses the UEFI 2.4 Specification defined GUID called EFI_CERT_TYPE_RSA2048_SHA256_GUID. The data layout for the encapsulation section starts with the UEFI 2.4 Specification defined structure called EFI_CERT_BLOCK_RSA_2048_SHA256 followed immediately by the data. The signing tool included in these patches performs encode/decode operations using this data layout. HashType is set to the UEFI 2.4 Specification defined GUID called EFI_HASH_ALGORITHM_SHA256_GUID.
MdePkg/Include/Guid/WinCertificate.h
=================================
//
// WIN_CERTIFICATE_UEFI_GUID.CertType
//
#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
{0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
///
/// WIN_CERTIFICATE_UEFI_GUID.CertData
///
typedef struct {
EFI_GUID HashType;
UINT8 PublicKey[256];
UINT8 Signature[256];
} EFI_CERT_BLOCK_RSA_2048_SHA256;
MdePkg/Include/Protocol/Hash.h
=================================
#define EFI_HASH_ALGORITHM_SHA256_GUID \
{ \
0x51aa59de, 0xfdf2, 0x4ea3, {0xbc, 0x63, 0x87, 0x5f, 0xb7, 0x84, 0x2e, 0xe9 } \
}
The verification operations require the use of public key(s). A new PCD called gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer is added to the SecurityPkg that supports one or more SHA 256 hashes of the public keys. A SHA 256 hash is performed to minimize the FLASH overhead of storing the public keys. When a verification operation is performed, a SHA 256 hash is performed on EFI_CERT_BLOCK_RSA_2048_SHA256.PublicKey and a check is made to see if that hash matches any of the hashes in the new PCD. It is recommended that this PCD always be configured in the DSC file as storage type of [PcdsDynamixExVpd], so the public keys are stored in a protected read-only region.
While working on this feature, I noticed that the CRC32 signing and verification feature was incomplete. It only supported CRC32 based verification in the DXE Phase, so the attached patches also provide support for CRC32 based verification in the PEI Phase.
I also noticed that the most common method for incorporating guided section extraction libraries was to directly link them to the DXE Core, which is not very flexible. The attached patches also add a generic section extraction PEIM and a generic section extraction DXE driver that can each be linked against one or more section extraction libraries. This provides a platform developer with the option of providing section extraction services with the DXE Core or providing section extraction services with these generic PEIM/DXE Drivers.
Patch Summary
==============
1) BaseTools - Rsa2049Sha256Sign python script that can perform test signing or custom signing of PI FFS file GUIDed sections
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard OS path or in path specified by OS environment variable called OPENSSL_PATH
c. Provides standard EDK II command line arguments for a tool that encodes/decodes guided encapsulation section
Rsa2048Sha256Sign - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256Sign -e|-d [options] <input_file>
positional arguments:
input_file specify the input filename
optional arguments:
-e encode file
-d decode file
-o filename, --output filename
specify the output filename
--private-key PRIVATEKEYFILE
specify the private key filename. If not specified, a
test signing key is used.
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
2) BaseTools - Rsa2049Sha256GenerateKeys python script that can generate new private/public key and PCD value that is SHA 256 hash of public key using OpenSsl command line utilities.
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard path or in path specified by OS environment variable called OPENSSL_PATH
Rsa2048Sha256GenerateKeys - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256GenerateKeys [options]
optional arguments:
-o [filename [filename ...]], --output [filename [filename ...]]
specify the output private key filename in PEM format
-i [filename [filename ...]], --input [filename [filename ...]]
specify the input private key filename in PEM format
--public-key-hash PUBLICKEYHASHFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in binary format
--public-key-hash-c PUBLICKEYHASHCFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in C structure format
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
3) BaseTools\Conf\tools_def.template
a. Define GUID/Tool to perform RSA 2048 SHA 256 test signing and instructions on how to use alternate private/public key
b. GUID is EFI_CERT_TYPE_RSA2048_SHA256_GUID
c. Tool is Rsa2049Sha256Sign
4) MdeModulePkg\Library\PeiCrc32GuidedSectionExtractionLib
a. Add peer for DxeCrc32GuidedSectionExtractionLib so both PEI and DXE phases can perform basic integrity checks of PEI and DXE components
5) MdeModulePkg\Universal\SectionExtractionPei
a. Generic PEIM that can link against one or more NULL section extraction library instances to provided one or more GUIDED Section Extraction PPIs
6) MdeModulePkg\Universal\SectionExtractionDxe
a. Generic DXE Driver that can link against one or more NULL section extraction library instances to provide one or more GUIDED Section Extraction Protocols.
7) SecurityPkg\Library\PeiRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs PEI phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
8) SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs DXE phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15799 6f19259b-4bc3-4df7-8a09-765794883524
It changes some of the PCD declarations to add more supported PCD storage types and
the change in the PCD access methods is associated with that.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zeng, Star <star.zeng@intel.com>
Reviewed-by: Kinney, Michael D <michael.d.kinney@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15798 6f19259b-4bc3-4df7-8a09-765794883524
FALSE evaluates to 0. This was flagged by LLVM compiler as a
warning:
"expression which evaluates to zero treated as a null pointer
constant of type 'EFI_MTFTP4_OVERRIDE_DATA *'
[-Wnon-literal-null-conversion]"
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Harry Liebel <Harry.Liebel@arm.com>
Reviewed-By: Olivier Martin <olivier.martin@arm.com>
Reviewed-By: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed-By: Ye, Ting (ting.ye@intel.com)
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15741 6f19259b-4bc3-4df7-8a09-765794883524
Original code check if Attribute > 0x7FFFFFFF, this is wrong and fail to check valid case per UEFI spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Elvin Li <elvin.li@intel.com>
Reviewed-by: Jaben Carsey <Jaben.carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15734 6f19259b-4bc3-4df7-8a09-765794883524
UEFI spec mentioned that the color mask can be set even when the device is in an invalid text mode. But the current code add text mode check. Removed the check now.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Elvin Li <elvin.li@intel.com>
Reviewed-by: Jaben Carsey <Jaben.Carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15721 6f19259b-4bc3-4df7-8a09-765794883524
Check for 8th bit being reserved as per UEFI spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jaben Carsey <Jaben.carsey@intel.com>
Reviewed-by: Erik Bjorge <erik.c.bjorge@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Elvin Li <elvin.li@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15680 6f19259b-4bc3-4df7-8a09-765794883524
PcdDiskIoDataBufferBlockNum replaced the hardcoded value into
the Disk I/O driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Olivier Martin <olivier.martin@arm.com>
Reviewed-By: Tian, Feng <feng.tian@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15235 6f19259b-4bc3-4df7-8a09-765794883524
And, update NameString IScsiDxeStrings[] to IScsi4DxeStrings[] to match its BASE_NAME
Signed-off-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15186 6f19259b-4bc3-4df7-8a09-765794883524
2. Append null terminated character at the end of option 67.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Jin, Eric <eric.jin@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15099 6f19259b-4bc3-4df7-8a09-765794883524
PcdMaxSizeNonPopulateCapsule and PcdMaxSizePopulateCapsule are declared to support Dynamic, but used by FixedPcdGet32 in CapsuleRuntimeDxe.
QueryCapsuleCapabilities is a runtime interface and PCD protocol can’t be used in runtime environment.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14988 6f19259b-4bc3-4df7-8a09-765794883524
In GetLocalTokenNumber () of Service.c(DXE), the TokenNumber is wrong to call GetPtrTypeSize ().
GetPtrTypeSize need the original TokenNumber.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Bob C Feng <bob.c.feng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14936 6f19259b-4bc3-4df7-8a09-765794883524
The SmmLockBox driver in
"MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf" currently
specifies a DepEx on EFI_SMM_SW_DISPATCH2_PROTOCOL.
However, the driver doesn't use this protocol at all, either directly or
indirectly. It calls SmiHandlerRegister()
[MdeModulePkg/Core/PiSmmCore/Smi.c] to register SmmLockBoxHandler()
(which serves LockBox requests).
In turn, the SMM Core function SmiHandlerRegister() is also implemented
without EFI_SMM_SW_DISPATCH2_PROTOCOL.
The DepEx has been present since the initial commit of the SmmLockBox
driver (SVN r12029); it is probably superfluous. Let's remove it.
(Alternatively, we could extend OvmfPkg/EmuSmmDxe to fake this protocol,
and return EFI_UNSUPPORTED when any member is called.)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14930 6f19259b-4bc3-4df7-8a09-765794883524
2. DxeMain will get Vector Handoff Table GUIDed HOB to install configuration table if it has.
3. Updated CPU Exception Handler Library to provide 3 new APIs to replace original one API and updated NULL instance accordingly.
4. Updated DxeMain/CapsuleX64/BootSriptExectorDxe to use the new API in CPU Exception Handler Lib.
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14884 6f19259b-4bc3-4df7-8a09-765794883524
It has no obviously benefit to reduce size by PcdPcdInfoGeneration, so remove this PCD.
And PCD_INFO_GENERATION flag can be used to enable/disable PCD info feature, a sample is added in Nt32Pkg to show how to use this flag.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14869 6f19259b-4bc3-4df7-8a09-765794883524
It can fix the potential failure to return EFI_OUT_OF_RESOURCES of the second variable set of large variable.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14822 6f19259b-4bc3-4df7-8a09-765794883524
Create rules to determine whether iSCSI need DHCP protocol in current configuration by examining user’s configuration data in DriverBindingSupported().
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com >
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14802 6f19259b-4bc3-4df7-8a09-765794883524