tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Acidanthera UEFI Development Kit based on EDK II edk2-stable202311
22,534 Commits 15 Branches 0 Tags 330 MiB
C 76.4%
Assembly 10.5%
Python 9.3%
Rich Text Format 1.5%
C++ 0.8%
Other 1.1%
Go to file
Laszlo Ersek 1958124a6c OvmfPkg: fix dynamic default for oprom verification policy PCD without SB 
I missed the following, both while reviewing and while testing commit
6041ac65ae ("OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION
when SEV is active", 2017-10-05):

If "-D SECURE_BOOT_ENABLE" is not passed on the "build" command line, then
OVMF has no dynamic default at all for
"PcdOptionRomImageVerificationPolicy". This means that the PcdSet32S()
call added in the subject commit doesn't even compile:

> OvmfPkg/PlatformPei/AmdSev.c: In function 'AmdSevInitialize':
> OvmfPkg/PlatformPei/AmdSev.c:67:3: error: implicit declaration of
> function '_PCD_SET_MODE_32_S_PcdOptionRomImageVerificationPolicy'
> [-Werror=implicit-function-declaration]
>    PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);
>    ^
> cc1: all warnings being treated as errors

Make the current, SB-only, 0x00 dynamic default unconditional.

This is the simplest approach, and it reflects the intent of original
commit 1fea9ddb4e ("OvmfPkg: execute option ROM images regardless of
Secure Boot", 2016-01-07). Without SECURE_BOOT_ENABLE,
"SecurityPkg/Library/DxeImageVerificationLib" is not used anyway, so the
PCD is never read.

This issue was first caught and reported by Gerd Hoffmann
<kraxel@redhat.com>'s Jenkins CI. Later it was also reported in
<https://bugzilla.tianocore.org/show_bug.cgi?id=737>.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Fixes: 6041ac65ae
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
[lersek@redhat.com: trim commit message as suggested by Jordan]
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
[lersek@redhat.com: add reference to TianoCore BZ#737]
 		2017-10-19 10:41:09 +02:00
AppPkg AppPkg/WebServer: Fix build failure. 2017-09-14 08:55:09 +08:00
ArmPkg ArmPkg/ArmSvcLib: Add ArmSvcLib implementation. 2017-10-06 22:35:41 +01:00
ArmPlatformPkg ArmPlatformPkg: Store initial timer value 2017-10-10 17:30:39 +01:00
ArmVirtPkg ArmVirtPkg ArmVirtDxeHobLib: Implement BuildFv3Hob 2017-10-10 20:54:48 +08:00
BaseTools BaseTools/BuildEnv: override "set -C" (noclobber) in sourcing shell env 2017-10-18 11:34:03 +02:00
BeagleBoardPkg BeagleBoardPkg: switch to generic non-coherent DmaLib 2017-08-30 14:13:58 +01:00
Conf EDK II: Add .gitignore 2014-10-14 16:08:15 +00:00
CorebootModulePkg edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
CorebootPayloadPkg edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
CryptoPkg CryptoPkg: Add new API to retrieve commonName of X.509 certificate 2017-09-25 00:06:41 +08:00
DuetPkg DuetPkg: Fix Xcode 9 Beta treating 32-bit left shift as undefined 2017-08-11 08:44:54 +08:00
EdkCompatibilityPkg edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
EdkShellBinPkg edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
EdkShellPkg edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
EmbeddedPkg EmbeddedPkg PrePiHobLib: Implement BuildFv3Hob 2017-10-10 20:54:47 +08:00
EmulatorPkg edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
FatBinPkg edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
FatPkg edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
IntelFrameworkModulePkg IntelFrameworkModulePkg/LegacyBiosDxe: Fix GCC5 build warning 2017-10-12 10:14:58 +08:00
IntelFrameworkPkg IntelFrameworkPkg PeiHobLibFramework: Implement BuildFv3Hob 2017-10-10 20:54:37 +08:00
IntelFsp2Pkg IntelFsp2Pkg: Update Section Name in INF files 2017-10-10 18:10:23 +08:00
IntelFsp2WrapperPkg IntelFsp2WrapperPkg: Update Protocol/Guid usage in INF files 2017-10-10 18:10:24 +08:00
IntelFspPkg edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
IntelFspWrapperPkg edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
IntelSiliconPkg IntelSiliconPkg/VTdPmrPei: Add EndOfPei callback for S3 2017-09-23 16:14:30 +08:00
MdeModulePkg MdeModulePkg: Update RuntimeDxe Crc32 to check the input parameter 2017-10-16 11:23:07 +08:00
MdePkg SecurityPkg/Pkcs7Verify: Add the comments to address security problem 2017-10-18 23:03:38 +08:00
NetworkPkg NetworkPkg: Update Protocol/Guid usage in INF file to match source code logic 2017-10-10 18:10:21 +08:00
Nt32Pkg Nt32Pkg: Enable UDF file system support 2017-09-08 20:43:05 +02:00
Omap35xxPkg Omap35xxPkg: switch to EmbeddedPkg's NonCoherentDmaLib 2017-08-30 14:13:47 +01:00
OptionRomPkg edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
OvmfPkg OvmfPkg: fix dynamic default for oprom verification policy PCD without SB 2017-10-19 10:41:09 +02:00
PcAtChipsetPkg PcAtChipsetPkg: Update GUID usage in PcRtc INF to match the source code 2017-10-10 18:10:18 +08:00
PerformancePkg PerformancePkg DP: Init CustomCumulativeData.MinDur 2017-08-14 16:55:44 +08:00
QuarkPlatformPkg QuarkPlatformPkg/Readme.md: Bring Readme.md up to date 2017-08-10 09:44:24 -07:00
QuarkSocPkg QuarkSocPkg/QNCSmmDispatcher: Fix use after free issue #2 2017-08-16 19:42:17 -07:00
SecurityPkg SecurityPkg/Pkcs7Verify: Add the comments to address security problem 2017-10-18 23:03:38 +08:00
ShellBinPkg ShellBinPkg: AARCH64/ARM Shell binary update. 2017-08-31 15:41:59 +01:00
ShellPkg ShellPkg/UefiShellLib: Use a more bright blue/green color 2017-10-17 09:59:50 +08:00
SignedCapsulePkg SignedCapsulePkg: Update Guid usage in INF file to match source code logic 2017-10-10 18:10:21 +08:00
SourceLevelDebugPkg SourceLevelDebugPkg: Update SmmDebugAgentLib to restore APIC timer 2017-10-16 11:23:16 +08:00
StdLib edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
StdLibPrivateInternalFiles edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
UefiCpuPkg UefiCpuPkg/MtrrLib: Fix MtrrDebugPrintAllMtrrsWorker to avoid hang 2017-10-17 10:05:36 +08:00
UnixPkg UnixPkg: Remove UnixPkg files (It is replaced by EmulatorPkg) 2013-07-29 21:09:55 +00:00
Vlv2DeviceRefCodePkg edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
Vlv2TbltDevicePkg Vlv2TbltDevicePkg: Remove reference deprecated macro. 2017-08-07 15:28:13 +08:00
.gitignore edk2: Add .DS_Store to .gitignore for macOS 2017-05-19 15:14:34 -07:00
BuildNotes2.txt BaseTools: Updated BuildNotes URLs 2016-03-25 09:46:44 +08:00
Contributions.txt edk2: Fix typo in Contributions.txt 2017-08-16 17:50:44 +08:00
Edk2Setup.bat Edk2Setup.bat: Fix build errors from VS tools PREFIX ENV missing 2016-11-05 09:10:58 +08:00
License.txt edk2: Move License.txt file to root 2017-08-03 11:02:17 -07:00
Maintainers.txt Maintainers.txt: add Xen reviewer for ArmVirtPkg 2017-09-26 23:23:50 +01:00
Readme.md edk2: Add Readme.md to root of edk2 repository 2017-08-03 11:02:25 -07:00
edksetup.bat BaseTools: suppress usage instructions with rebuild options 2017-07-04 10:16:13 +08:00
edksetup.sh BaseTools/edksetup.sh: fix invalid test for current working directory 2017-08-10 12:54:58 +08:00

Readme.md

EDK II Project

A modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications from www.uefi.org.

Contributions to the EDK II open source project are covered by the TianoCore Contribution Agreement 1.1

The majority of the content in the EDK II open source project uses a BSD 2-Clause License. The EDK II open source project contains the following components that are covered by additional licenses:

The EDK II Project is composed of packages. The maintainers for each package are listed in Maintainers.txt.

Resources