The "SCSI Block Commands - 2" (SBC-2) standard defines bits [7:5] of the
CDB byte 1 as Reserved, for the READ and WRITE commands.
The updated "SCSI Block Commands - 3" (SBC-3) standard defines the same
bitfield as RDPROTECT and WRPROTECT, respectively.
After reviewing the above standards, and the following commits:
- SVN r8331 (git 676e2a32),
- SVN r8334 (git 6b3ecf5c),
we've determined that UefiScsiLib is incorrect in encoding the LUN in this
bitfield for the READ and WRITE commands.
Encoding a nonzero LUN there creates unintended RDPROTECT and WRPROTECT
values, which the recipient device is required to reject if it does not
support protection information, with CHECK CONDITION, ILLEGAL REQUEST,
INVALID FIELD IN CDB:
ScsiDiskRead10: Check Condition happened!
ScsiDisk: Sense Key = 0x5 ASC = 0x24!
ScsiDiskRead10: Check Condition happened!
ScsiDisk: Sense Key = 0x5 ASC = 0x24!
ScsiDiskRead10: Check Condition happened!
ScsiDisk: Sense Key = 0x5 ASC = 0x24!
ScsiDiskRead10: Check Condition happened!
ScsiDisk: Sense Key = 0x5 ASC = 0x24!
FatOpenDevice: read of part_lba failed Device Error
In practice this flaw breaks UefiScsiLib minimally on SCSI disks with
nonzero LUNs that are emulated by QEMU (after QEMU commit 96bdbbab, part
of v1.2.0).
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1166971
Reported-by: Cole Robinson <crobinso@redhat.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Suggested-by: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16454 6f19259b-4bc3-4df7-8a09-765794883524
This is to resolve the possible certificate entry retrieving issue caused by un-aligned (8-bytes) VirtualAddress in some PE/COFF image, which may break secure boot.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16449 6f19259b-4bc3-4df7-8a09-765794883524
that can cause an exception. mPeiExMapppingTableSize is the table size, but the
code needs to check the entry number.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hp.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16448 6f19259b-4bc3-4df7-8a09-765794883524
When scroll menu to the one not shows in current form, and this menu has option mismatch error, current display engine will not highlight this menu.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16447 6f19259b-4bc3-4df7-8a09-765794883524
Fix an issue of storing wrong PCD into XML file to only store PcdEx for AsBuilt sections
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@Intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16426 6f19259b-4bc3-4df7-8a09-765794883524
Revision 16400 adds support for Windows hosted gcc versions 4.8 and 4.9.
With this change, all of the GCCXX tool chains can be used from Windows.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16418 6f19259b-4bc3-4df7-8a09-765794883524
if processor number is the one of disabled processor, startupThisAP
should return invalid prameter.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16417 6f19259b-4bc3-4df7-8a09-765794883524
if any enabled APs are not in idle state, StartupAllAPs() should return immediately,
and must not change the other idled processor state. so we checked the state before
changed them.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16416 6f19259b-4bc3-4df7-8a09-765794883524
Because TimeoutInMicrosecsond is a unsigned value, converting it to
signed value will cause the data region changed. so this patch fix
that.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16415 6f19259b-4bc3-4df7-8a09-765794883524
SVN r16375 (git commit 72a11001, "OvmfPkg: CsmSupportLib: Set/use platform
specific legacy interrupt device") added the
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
PCD to CsmSupportLib. Since that "namespace" GUID is declared in
OvmfPkg/OvmfPkg.dec, and we've not used anything from OvmfPkg/OvmfPkg.dec
in CsmSupportLib.inf thus far, this is a new [Packages] dependency and
must be named.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16414 6f19259b-4bc3-4df7-8a09-765794883524
Based on the input request to get default value for questions.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16413 6f19259b-4bc3-4df7-8a09-765794883524
The ACPI payload that OVMF downloads from QEMU via fw_cfg depends on the
PCI enumaration and resource assignment performed by
MdeModulePkg/Bus/Pci/PciBusDxe.
Namely, although the ACPI payload is pre-generated in qemu during machine
initialization, in
main() [vl.c]
qemu_run_machine_init_done_notifiers()
pc_guest_info_machine_done() [hw/i386/pc.c]
acpi_setup() [hw/i386/acpi-build.c]
acpi_build()
acpi_add_rom_blob()
rom_add_blob(... acpi_build_update ...) [hw/core/loader.c]
fw_cfg_add_file_callback() [hw/nvram/fw_cfg.c]
the ACPI data is rebuilt at the first time any of the related fw_cfg files
are read, through the acpi_build_update() fw_cfg read-callback function:
fw_cfg_read() [hw/nvram/fw_cfg.c]
acpi_build_update() [hw/i386/acpi-build.c]
acpi_build()
(See qemu commit d87072ceeccf4f84a64d4bc59124bcd64286c070 and its
containing series.)
For this reason we must not dispatch AcpiPlatformDxe before PciBusDxe
completes the enumeration.
Luckily, the PI Specification 1.3 defines
EFI_PCI_ENUMERATION_COMPLETE_GUID in Volume 5, "10.9 End of PCI
Enumeration Overview", as an indicia to inform the platform when the PCI
enumeration process has completed. PciBusDxe installs this protocol at the
end of the PciEnumerator() function.
Let's add this GUID to the Depex section of AcpiPlatformDxe, in order to
state the dependency explicitly.
On Xen, and on older QEMU where the linker/loader fw_cfg interface is
unavailable, this introduces a harmless ordering constraint -- we'll
always include PciBusDxe in OVMF, so the dependency will always be
satisfied.
I tested this change as follows:
- I dumped the ACPI tables in a Fedora 20 guest, before and after the
change, and compared them. The only thing that actually changed was the
FACS address. (Which I promptly tested with S3 suspend/resume.) Plus, of
course, the FACP checksum changed, because the FACP links the FACS.
- Tested S3 in my Windows Server 2008 R2 and Windows Server 2012 R2 guests.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16411 6f19259b-4bc3-4df7-8a09-765794883524
It is defined in the PI Specification version 1.3.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eugene Cohen <eugene@hp.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16409 6f19259b-4bc3-4df7-8a09-765794883524
Describe PCD service can’t be used at Runtime phase.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16403 6f19259b-4bc3-4df7-8a09-765794883524
Here is a new patch that adds Windows support for both gcc 4.8.x and gcc 4.9.x.
This time testing is more thorough: boot testing using Duet for all 4 combinations of
IA32/X64 and gcc 4.8.2 and gcc 4.9.1 passes. A Windows hosted gcc 4.8.2 has been added here:
http://sourceforge.net/projects/edk2developertoolsforwindows/
The environment variable settings for Windows look like:
set UEFI_BUILD_TOOLS=%cd%\tools
set NASM_PREFIX=%UEFI_BUILD_TOOLS%\nasm211\
set GCC48_BIN=%UEFI_BUILD_TOOLS%\gcc482-x86\bin\
set GCC48_DLL=%UEFI_BUILD_TOOLS%\gcc482-x86\dll\;%GCC48_BIN%
set GCC48_ARM_PREFIX=%UEFI_BUILD_TOOLS%\gcc482-arm\bin\
set GCC48_AARCH64_PREFIX=%UEFI_BUILD_TOOLS%\gcc482-aarch64\bin\
set GCC49_BIN=%UEFI_BUILD_TOOLS%\gcc491-x86\bin\
set GCC49_DLL=%UEFI_BUILD_TOOLS%\gcc491-x86\dll\;%GCC49_BIN%
set GCC49_ARM_PREFIX=%UEFI_BUILD_TOOLS%\gcc491-arm\bin\
set GCC49_AARCH64_PREFIX=%UEFI_BUILD_TOOLS%\gcc491-aarch64\bin\
No change is needed for building from Linux.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16400 6f19259b-4bc3-4df7-8a09-765794883524
Remove hard-coded list of PCI devices for which the Interrupt Line
register is initialized. Instead, provide a "visitor" function to
initialize the register only for present and applicable PCI devices.
At this time, we match the behavior of SeaBIOS (file src/fw/pciinit.c,
functions *_pci_slot_get_irq() and "map the interrupt" block from
pci_bios_init_device()).
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16398 6f19259b-4bc3-4df7-8a09-765794883524
when gBS->ExitBootServices() is called, the APs should avoid to access
the unsafed buff datas which were allocated by boot services.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Tested-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16397 6f19259b-4bc3-4df7-8a09-765794883524
The fix, having "lock" and the locked instruction on the same line in
the source.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Build-tested-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16394 6f19259b-4bc3-4df7-8a09-765794883524
This patch contain type casts and replace one * operation by a
MultU64x32() call.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Scott Duplichan <scott@notabs.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Build-tested-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16393 6f19259b-4bc3-4df7-8a09-765794883524
This patch contain only type cast.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Scott Duplichan <scott@notabs.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Build-tested-by: Scott Duplichan <scott@notabs.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16392 6f19259b-4bc3-4df7-8a09-765794883524
This patch replace some types in GrantTable and the argument Index of
XenHypercallHvmGetParam to what the types should be.
This avoid to have type cast in code.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Build-tested-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16391 6f19259b-4bc3-4df7-8a09-765794883524
Since a message to XenStore have a lenght of type UINT32, have
XenStore.c deal only with UINT32 instead of a mixmatch with UINTN.
This patch replaces the type of Len in WRITE_REQUEST and the type of the
argument Len of XenStoreWriteStore and XenStoreReadStore.
This patch should avoid to have type cast were it does not make sense to
have them.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Build-tested-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16390 6f19259b-4bc3-4df7-8a09-765794883524
SVN r16380 ("UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp
Verification support for Secure Boot") broke the "dbt" variable's
association with its expected namespace GUID.
According to "MdePkg/Include/Guid/ImageAuthentication.h", *all* of the
"db", "dbx", and "dbt" (== EFI_IMAGE_SECURITY_DATABASE2) variables have
their special meanings in the EFI_IMAGE_SECURITY_DATABASE_GUID namespace.
However, the above commit introduced the following expression in
VariableServiceSetVariable():
> - } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
> - ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) {
> + } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
> + ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))
> + || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2)) == 0) {
Simply replacing the individual expressions with the predicates
"GuidMatch", "DbMatch", "DbxMatch", and "DbtMatch", the above
transformation becomes:
> - } else if (GuidMatch &&
> - ((DbMatch) || (DbxMatch))) {
> + } else if (GuidMatch &&
> + ((DbMatch) || (DbxMatch))
> + || DbtMatch) {
In shorter form, we change
GuidMatch && (DbMatch || DbxMatch)
into
GuidMatch && (DbMatch || DbxMatch) || DbtMatch
which is incorrect, because this way "dbt" will match outside of the
intended namespace / GUID.
The error was caught by gcc:
> SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c: In function
> 'VariableServiceSetVariable':
>
> SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c:3188:71: error:
> suggest parentheses around '&&' within '||' [-Werror=parentheses]
>
> } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
> ^
> cc1: all warnings being treated as errors
Fix the parentheses.
This change may have security implications.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16389 6f19259b-4bc3-4df7-8a09-765794883524
Code added in SVN r16339 ("CryptoPkg Updates to support RFC3161 timestamp
signature verification.") introduced many new uses of the offsetof()
macro. Since the offsetof() macro in "OpenSslSupport.h" casts a pointer to
an "int", it triggers a large number of
error: cast from pointer to integer of different size
[-Werror=pointer-to-int-cast]
errors when building CryptoPkg with gcc-4.8 for X64.
Remedy this by directing offsetof() to the OFFSET_OF() macro in
"MdePkg/Include/Base.h" (which matches how "OpenSslSupport.h" resolves the
va_*() macros too).
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Build-tested-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16388 6f19259b-4bc3-4df7-8a09-765794883524
SVN r16339 ("CryptoPkg Updates to support RFC3161 timestamp signature
verification.") introduced the following build failure:
> CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c: In function
> 'TimestampTokenVerify':
> CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c:538:3: error: passing
> argument 2 of 'd2i_TS_TST_INFO' from incompatible pointer type [-Werror]
> TstInfo = d2i_TS_TST_INFO (NULL, &TstTemp, (int)TstSize);
> ^
> In file included from CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c:22:0:
> CryptoPkg/Include/openssl/asn1t.h:803:10: note: expected 'const unsigned
> char **' but argument is of type 'UINT8 **'
> stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
> ^
> CryptoPkg/Include/openssl/asn1t.h:799:2: note: in expansion of macro
> 'IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname'
> IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
> ^
> CryptoPkg/Include/openssl/asn1t.h:778:42: note: in expansion of macro
> 'IMPLEMENT_ASN1_FUNCTIONS_fname'
> #define IMPLEMENT_ASN1_FUNCTIONS(stname)
> IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
> ^
> CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c:136:1: note: in expansion of
> macro 'IMPLEMENT_ASN1_FUNCTIONS'
> IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO)
> ^
> cc1: all warnings being treated as errors
Note that the cast
(const unsigned char **) &TstTemp
does not match the general edk2 coding style, but it *does* match
other similar casts in this file.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Build-tested-by: Scott Duplichan <scott@notabs.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16387 6f19259b-4bc3-4df7-8a09-765794883524