lhauch [Thu, 21 Aug 2014 16:41:41 +0000 (16:41 +0000)]
Adding files for proposed replacement for edksetup.bat.
This changes includes new scripts that breaks out some of the functionality in edksetup.bat and eliminates calling the toolsetup.bat file in BaseTools directory.
Edk2Setup.bat is to be used for testing. If no bugs are reported by the end of September, 2014, the file will be renamed to edksetup.bat.
Hess Chen [Thu, 21 Aug 2014 07:51:21 +0000 (07:51 +0000)]
This patch is going to:
1. Skip the content defined in USER EXTENSION section without raising an error.
2. Wrap os.utime to use two arguments.
3. Add GenFdsCommand for PlatformAutoGen
Yingke Liu [Thu, 21 Aug 2014 01:39:18 +0000 (01:39 +0000)]
1. AutoGen.c should be generated if it is not empty even if there are no C source files.
2. If there are sub directories in current module, the corresponding directory in OUTPUT should be created.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yingke Liu <yingke.d.liu@intel.com> Reviewed-by: Chen, Hesheng <hesheng.chen@intel.com> Reviewed-by: Feng, Bob C <bob.c.feng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15860 6f19259b-4bc3-4df7-8a09-765794883524
Olivier Martin [Wed, 20 Aug 2014 23:20:54 +0000 (23:20 +0000)]
StdLib: reinstate the use of va_arg() to handle long double arguments in vfscanf.
NOTE: Replaces the previous version which was a file from the wrong project.
Applies the patch, submitted by Olivier Martin, to use va_arg for long double.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Olivier Martin <Olivier.Martin@arm.com> Reviewed-by: Daryl McDaniel <daryl.mcdaniel@intel.com>
Includes some cosmetic changes to enhance readability.
Harry Liebel [Wed, 20 Aug 2014 21:55:45 +0000 (21:55 +0000)]
StdLib/LibC: Fix ARM symbol problems
StdLibPrivateInternalFiles: Add AArch64 support
Disable 'memcpy' symbol for ARM in LibC. It is already provided by the ARM compiler intrinsics library.
Add missing 'strtold' symbol. Use the same fallback as IPF for now.
Use Include definitions as provided by ARM version.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Harry Liebel <Harry.Liebel@arm.com> Reviewed-By: Olivier Martin <olivier.martin@arm.com> Reviewed-By: Daryl McDaniel <daryl.mcdaniel@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15858 6f19259b-4bc3-4df7-8a09-765794883524
Olivier Martin [Wed, 20 Aug 2014 21:11:26 +0000 (21:11 +0000)]
StdLib: reinstate the use of va_arg() to handle long double arguments in vfscanf.
Applies the patch, submitted by Olivier Martin, to use va_arg for long double.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Olivier Martin <Olivier.Martin@arm.com> Reviewed-by: Daryl McDaniel <daryl.mcdaniel@intel.com>
Also initializes an array so that strings will be properly terminated.
Includes some cosmetic changes to enhance readability.
Hess Chen [Wed, 20 Aug 2014 07:41:38 +0000 (07:41 +0000)]
This patch is going to:
1. Fix a bug in GenFds for wrongly handling '"' of command line parameter.
2. Provide different input parameter mode for different OS. For Linux, using a list. For Windows, using a string.
3. Remove 3 un-existing function calling.
- The edk2 coding style prefers each variable declaration to stand on
its own line.
- Internal linkage (ie. STATIC) functions have caused problems with
source level debugging before, so we generally avoid STATIC in MdePkg.
- Even forward declarations of functions should carry full comment
blocks.
- Nullity checks in controlling expressions should be spelled out
explicitly, as (Ptr != NULL).
Chris Phillips [Tue, 19 Aug 2014 23:05:44 +0000 (23:05 +0000)]
ShellPkg: Fixes for timezone handling and 'date -sfo'
- Update 'date -sfo' format to match UEFI Shell 2.1 spec
- Fixes to correctly initialize Second
- Set correct sign when setting timezone with the 'time -tz' command. Now matches UEFI spec calculation of "Localtime = UTC - TimeZone"
- Display "LOCAL" when TimeZone == EFI_UNSPECIFIED_TIMEZONE
- Allow a timezone of '_local' to be provided by user
- Better invalid command line checking
Jaben Carsey [Tue, 19 Aug 2014 21:00:34 +0000 (21:00 +0000)]
ShellPkg: Refactor string manipulation in UefiShellLib command
This patch replaces StrCpy with StrnCpy or refactors out the usage of StrCpy through some other means.
This patch replaces StrCat with StrnCat or refactors out the usage of StrCat through some other means.
Olivier Martin [Tue, 19 Aug 2014 13:35:14 +0000 (13:35 +0000)]
ArmPkg/BdsLib: Prevent a hang in BdsConnectDevicePath() when a sub-device path is not found
Some device paths were making BdsConnectDevicePath() hang.
To prevent these hangs we check if the handle returned by
gBS->LocateDevicePath() is the same after each iteration.
An example of a device path that hangs:
PciRoot(0x0)/Pci(0x1,0x0)/USB(0x0,0x0)/USB(0x3,0x0)/HD(...)
The connect controller function manages to find PciRoot()/Pci(0x1,0x0)
but the USB driver does not produce USB(0x0,0x0)/USB(0x3,0x0) and
returns EFI_SUCCESS on its initialization.
Jordan Justen [Mon, 18 Aug 2014 23:04:24 +0000 (23:04 +0000)]
UefiCpuPkg: Add ResetVector/FixupVtf
This implements the older VTF ResetVector code often used on EDK II
IA32 & X64 platforms.
This VTF requires build time fixups in order to find the SEC entry
point. The BaseTools GenFv tool has code that patches the jump target
of the reset vector code to match the entry point of the SEC image in
the PEI Firmware Volume.
v2:
* Rename from OldVtf to FixupVtf
* Use EDK II extension of .nasmb rather than .nasmbin
Jordan Justen [Mon, 18 Aug 2014 23:03:17 +0000 (23:03 +0000)]
BaseTools: Add rules to build NASM source file into a binary
v2:
* Use EDK II tool name of NASMB rather than NASMBIN
* Use EDK II extension of .nasmb rather than .nasmbin
v3:
* Create listing file
* Don't change into source directory
* Add ENV(NASM_PREFIX) before nasm for NASM_PATH
Chris Phillips [Mon, 18 Aug 2014 20:00:08 +0000 (20:00 +0000)]
ShellPkg: Fix EFI_SHELL_PROTOCOL to contain new members from UEFI Shell 2.1 spec
- Removes EFI_SHELL_PROTOCOL21
- Adds RegisterGuidName, GetGuidName, GetGuidFromName, and GetEnvEx to EFI_SHELL_PROTOCOL
Gao, Liming [Mon, 18 Aug 2014 05:43:06 +0000 (05:43 +0000)]
Update PeiCore to follow PI spec to retrieve GUIDED section data when ExtractionPpi is not found.
Enhance PeiCore Security Policy to check AuthenticationStatus when SecurityPpi is not found.
BaseOrderedCollectionRedBlackTreeLib.c(151) : warning C4244:
'return' : conversion from 'int' to 'BOOLEAN', possible loss of data
BaseOrderedCollectionRedBlackTreeLib.c(840) : warning C4244:
'return' : conversion from 'int' to 'BOOLEAN', possible loss of data
This is incorrect. The ISO C standard guarantees that the expressions in
question can only return values 0 and 1, both of which can be represented
by BOOLEAN (== UINT8, == unsigned char).
Silence the incorrect warnings with explicit casts to BOOLEAN.
BaseOrderedCollectionRedBlackTreeLib.c:
In function 'OrderedCollectionInsert':
BaseOrderedCollectionRedBlackTreeLib.c:586:
error: 'Result' may be used uninitialized in this function
This is incorrect. There are two areas of use of Result to consider:
- In the very first while loop. The warning is likely not about this code
area, because Result is assigned directly before use.
- The last use of Result in the function. The build warning / error is
incorrect. For Result to be uninitialized at that point, the very first
while loop must not have been entered at all (because that loop assigns
a value to Result). However, if that loop is never entered, then Parent
is still NULL. And Parent==NULL implies that the use of Result is never
reached, because we jump to the Done label just before it.
Assign an irrelevant value of 0 to Result at the beginning of the function
in order to silence the incorrect warning.
Dong, Guo [Fri, 15 Aug 2014 08:10:55 +0000 (08:10 +0000)]
1) Update code to use PcdFixedUsbCredentialProviderTokenFileName and PcdMaxVariableSize as patchable PCD instead of FixedAtBuild PCD.
2) Correct a typo in file comments of Tpm12Ownership.c
Fu, Siyuan [Fri, 15 Aug 2014 05:33:34 +0000 (05:33 +0000)]
Use string pointer instead string buffer to avoid string copy operation.
Use CopyMem() to guarantee the NULL terminal will always be appended to the destination string.
Hess Chen [Fri, 15 Aug 2014 03:06:48 +0000 (03:06 +0000)]
There is a limitation on WINDOWS OS for the length of entire file path can’t be larger than 255. There is an OS API provided by Microsoft to add “\\?\” before the path header to support the long file path. Enable this feature on basetools.
Michael Kinney [Thu, 14 Aug 2014 20:08:17 +0000 (20:08 +0000)]
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: lhauch <larry.hauch@intel.com>
Fix the behavior of the –version flag in the Rsa2048Sha256 tools and update logic for showing program name, version, usage, and copyright information to match other BaseTools.
Gao, Liming [Thu, 14 Aug 2014 14:30:32 +0000 (14:30 +0000)]
PcAtChipsetPkg: new AcpiTimerLib libraries.
Two library instances are added to support BASE type and DXE type. Those libraries provides basic timer support using the ACPI timer hardware. The performance counter features are provided by the processors time stamp counter.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Gao, Liming <liming.gao@intel.com> Reviewed-by: Kinney, Michael D <michael.d.kinney@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15803 6f19259b-4bc3-4df7-8a09-765794883524
Long, Qin [Thu, 14 Aug 2014 10:16:57 +0000 (10:16 +0000)]
OpenSSL 0.9.8zb was released at 06-Aug-2014, including bug and security fixes.
This patch is to catch the latest OpenSSL release.
NOTE: The content of EDKII_openssl-0.9.8zb.patch is same with the old EDKII_openssl-0.9.8za.patch, and the extra changes
are only name / directory modifications.
Michael Kinney [Thu, 14 Aug 2014 06:31:34 +0000 (06:31 +0000)]
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Dong, Guo <guo.dong@intel.com>
Add support for RSA 2048 SHA 256 signing and verification encoded in a PI FFS GUIDED Encapsulation Section. The primary use case of this feature is in support of signing and verification of encapsulated FVs for Recovery and Capsule Update, but can potentially be used for signing and verification of any content that can be stored in a PI conformant FFS file. Signing operations are performed from python scripts that wrap OpenSsl command line utilities. Verification operations are performed using the OpenSsl libraries in the CryptoPkg.
The guided encapsulation sections uses the UEFI 2.4 Specification defined GUID called EFI_CERT_TYPE_RSA2048_SHA256_GUID. The data layout for the encapsulation section starts with the UEFI 2.4 Specification defined structure called EFI_CERT_BLOCK_RSA_2048_SHA256 followed immediately by the data. The signing tool included in these patches performs encode/decode operations using this data layout. HashType is set to the UEFI 2.4 Specification defined GUID called EFI_HASH_ALGORITHM_SHA256_GUID.
The verification operations require the use of public key(s). A new PCD called gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer is added to the SecurityPkg that supports one or more SHA 256 hashes of the public keys. A SHA 256 hash is performed to minimize the FLASH overhead of storing the public keys. When a verification operation is performed, a SHA 256 hash is performed on EFI_CERT_BLOCK_RSA_2048_SHA256.PublicKey and a check is made to see if that hash matches any of the hashes in the new PCD. It is recommended that this PCD always be configured in the DSC file as storage type of [PcdsDynamixExVpd], so the public keys are stored in a protected read-only region.
While working on this feature, I noticed that the CRC32 signing and verification feature was incomplete. It only supported CRC32 based verification in the DXE Phase, so the attached patches also provide support for CRC32 based verification in the PEI Phase.
I also noticed that the most common method for incorporating guided section extraction libraries was to directly link them to the DXE Core, which is not very flexible. The attached patches also add a generic section extraction PEIM and a generic section extraction DXE driver that can each be linked against one or more section extraction libraries. This provides a platform developer with the option of providing section extraction services with the DXE Core or providing section extraction services with these generic PEIM/DXE Drivers.
Patch Summary
==============
1) BaseTools - Rsa2049Sha256Sign python script that can perform test signing or custom signing of PI FFS file GUIDed sections
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard OS path or in path specified by OS environment variable called OPENSSL_PATH
c. Provides standard EDK II command line arguments for a tool that encodes/decodes guided encapsulation section
Rsa2048Sha256Sign - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256Sign -e|-d [options] <input_file>
positional arguments:
input_file specify the input filename
optional arguments:
-e encode file
-d decode file
-o filename, --output filename
specify the output filename
--private-key PRIVATEKEYFILE
specify the private key filename. If not specified, a
test signing key is used.
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
2) BaseTools - Rsa2049Sha256GenerateKeys python script that can generate new private/public key and PCD value that is SHA 256 hash of public key using OpenSsl command line utilities.
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard path or in path specified by OS environment variable called OPENSSL_PATH
Rsa2048Sha256GenerateKeys - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256GenerateKeys [options]
optional arguments:
-o [filename [filename ...]], --output [filename [filename ...]]
specify the output private key filename in PEM format
-i [filename [filename ...]], --input [filename [filename ...]]
specify the input private key filename in PEM format
--public-key-hash PUBLICKEYHASHFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in binary format
--public-key-hash-c PUBLICKEYHASHCFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in C structure format
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
3) BaseTools\Conf\tools_def.template
a. Define GUID/Tool to perform RSA 2048 SHA 256 test signing and instructions on how to use alternate private/public key
b. GUID is EFI_CERT_TYPE_RSA2048_SHA256_GUID
c. Tool is Rsa2049Sha256Sign
4) MdeModulePkg\Library\PeiCrc32GuidedSectionExtractionLib
a. Add peer for DxeCrc32GuidedSectionExtractionLib so both PEI and DXE phases can perform basic integrity checks of PEI and DXE components
5) MdeModulePkg\Universal\SectionExtractionPei
a. Generic PEIM that can link against one or more NULL section extraction library instances to provided one or more GUIDED Section Extraction PPIs
6) MdeModulePkg\Universal\SectionExtractionDxe
a. Generic DXE Driver that can link against one or more NULL section extraction library instances to provide one or more GUIDED Section Extraction Protocols.
7) SecurityPkg\Library\PeiRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs PEI phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
8) SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs DXE phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
Michael Kinney [Thu, 14 Aug 2014 06:30:10 +0000 (06:30 +0000)]
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
Add support for RSA 2048 SHA 256 signing and verification encoded in a PI FFS GUIDED Encapsulation Section. The primary use case of this feature is in support of signing and verification of encapsulated FVs for Recovery and Capsule Update, but can potentially be used for signing and verification of any content that can be stored in a PI conformant FFS file. Signing operations are performed from python scripts that wrap OpenSsl command line utilities. Verification operations are performed using the OpenSsl libraries in the CryptoPkg.
The guided encapsulation sections uses the UEFI 2.4 Specification defined GUID called EFI_CERT_TYPE_RSA2048_SHA256_GUID. The data layout for the encapsulation section starts with the UEFI 2.4 Specification defined structure called EFI_CERT_BLOCK_RSA_2048_SHA256 followed immediately by the data. The signing tool included in these patches performs encode/decode operations using this data layout. HashType is set to the UEFI 2.4 Specification defined GUID called EFI_HASH_ALGORITHM_SHA256_GUID.
The verification operations require the use of public key(s). A new PCD called gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer is added to the SecurityPkg that supports one or more SHA 256 hashes of the public keys. A SHA 256 hash is performed to minimize the FLASH overhead of storing the public keys. When a verification operation is performed, a SHA 256 hash is performed on EFI_CERT_BLOCK_RSA_2048_SHA256.PublicKey and a check is made to see if that hash matches any of the hashes in the new PCD. It is recommended that this PCD always be configured in the DSC file as storage type of [PcdsDynamixExVpd], so the public keys are stored in a protected read-only region.
While working on this feature, I noticed that the CRC32 signing and verification feature was incomplete. It only supported CRC32 based verification in the DXE Phase, so the attached patches also provide support for CRC32 based verification in the PEI Phase.
I also noticed that the most common method for incorporating guided section extraction libraries was to directly link them to the DXE Core, which is not very flexible. The attached patches also add a generic section extraction PEIM and a generic section extraction DXE driver that can each be linked against one or more section extraction libraries. This provides a platform developer with the option of providing section extraction services with the DXE Core or providing section extraction services with these generic PEIM/DXE Drivers.
Patch Summary
==============
1) BaseTools - Rsa2049Sha256Sign python script that can perform test signing or custom signing of PI FFS file GUIDed sections
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard OS path or in path specified by OS environment variable called OPENSSL_PATH
c. Provides standard EDK II command line arguments for a tool that encodes/decodes guided encapsulation section
Rsa2048Sha256Sign - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256Sign -e|-d [options] <input_file>
positional arguments:
input_file specify the input filename
optional arguments:
-e encode file
-d decode file
-o filename, --output filename
specify the output filename
--private-key PRIVATEKEYFILE
specify the private key filename. If not specified, a
test signing key is used.
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
2) BaseTools - Rsa2049Sha256GenerateKeys python script that can generate new private/public key and PCD value that is SHA 256 hash of public key using OpenSsl command line utilities.
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard path or in path specified by OS environment variable called OPENSSL_PATH
Rsa2048Sha256GenerateKeys - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256GenerateKeys [options]
optional arguments:
-o [filename [filename ...]], --output [filename [filename ...]]
specify the output private key filename in PEM format
-i [filename [filename ...]], --input [filename [filename ...]]
specify the input private key filename in PEM format
--public-key-hash PUBLICKEYHASHFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in binary format
--public-key-hash-c PUBLICKEYHASHCFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in C structure format
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
3) BaseTools\Conf\tools_def.template
a. Define GUID/Tool to perform RSA 2048 SHA 256 test signing and instructions on how to use alternate private/public key
b. GUID is EFI_CERT_TYPE_RSA2048_SHA256_GUID
c. Tool is Rsa2049Sha256Sign
4) MdeModulePkg\Library\PeiCrc32GuidedSectionExtractionLib
a. Add peer for DxeCrc32GuidedSectionExtractionLib so both PEI and DXE phases can perform basic integrity checks of PEI and DXE components
5) MdeModulePkg\Universal\SectionExtractionPei
a. Generic PEIM that can link against one or more NULL section extraction library instances to provided one or more GUIDED Section Extraction PPIs
6) MdeModulePkg\Universal\SectionExtractionDxe
a. Generic DXE Driver that can link against one or more NULL section extraction library instances to provide one or more GUIDED Section Extraction Protocols.
7) SecurityPkg\Library\PeiRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs PEI phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
8) SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs DXE phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
Michael Kinney [Thu, 14 Aug 2014 06:29:07 +0000 (06:29 +0000)]
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
Add support for RSA 2048 SHA 256 signing and verification encoded in a PI FFS GUIDED Encapsulation Section. The primary use case of this feature is in support of signing and verification of encapsulated FVs for Recovery and Capsule Update, but can potentially be used for signing and verification of any content that can be stored in a PI conformant FFS file. Signing operations are performed from python scripts that wrap OpenSsl command line utilities. Verification operations are performed using the OpenSsl libraries in the CryptoPkg.
The guided encapsulation sections uses the UEFI 2.4 Specification defined GUID called EFI_CERT_TYPE_RSA2048_SHA256_GUID. The data layout for the encapsulation section starts with the UEFI 2.4 Specification defined structure called EFI_CERT_BLOCK_RSA_2048_SHA256 followed immediately by the data. The signing tool included in these patches performs encode/decode operations using this data layout. HashType is set to the UEFI 2.4 Specification defined GUID called EFI_HASH_ALGORITHM_SHA256_GUID.
The verification operations require the use of public key(s). A new PCD called gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer is added to the SecurityPkg that supports one or more SHA 256 hashes of the public keys. A SHA 256 hash is performed to minimize the FLASH overhead of storing the public keys. When a verification operation is performed, a SHA 256 hash is performed on EFI_CERT_BLOCK_RSA_2048_SHA256.PublicKey and a check is made to see if that hash matches any of the hashes in the new PCD. It is recommended that this PCD always be configured in the DSC file as storage type of [PcdsDynamixExVpd], so the public keys are stored in a protected read-only region.
While working on this feature, I noticed that the CRC32 signing and verification feature was incomplete. It only supported CRC32 based verification in the DXE Phase, so the attached patches also provide support for CRC32 based verification in the PEI Phase.
I also noticed that the most common method for incorporating guided section extraction libraries was to directly link them to the DXE Core, which is not very flexible. The attached patches also add a generic section extraction PEIM and a generic section extraction DXE driver that can each be linked against one or more section extraction libraries. This provides a platform developer with the option of providing section extraction services with the DXE Core or providing section extraction services with these generic PEIM/DXE Drivers.
Patch Summary
==============
1) BaseTools - Rsa2049Sha256Sign python script that can perform test signing or custom signing of PI FFS file GUIDed sections
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard OS path or in path specified by OS environment variable called OPENSSL_PATH
c. Provides standard EDK II command line arguments for a tool that encodes/decodes guided encapsulation section
Rsa2048Sha256Sign - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256Sign -e|-d [options] <input_file>
positional arguments:
input_file specify the input filename
optional arguments:
-e encode file
-d decode file
-o filename, --output filename
specify the output filename
--private-key PRIVATEKEYFILE
specify the private key filename. If not specified, a
test signing key is used.
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
2) BaseTools - Rsa2049Sha256GenerateKeys python script that can generate new private/public key and PCD value that is SHA 256 hash of public key using OpenSsl command line utilities.
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard path or in path specified by OS environment variable called OPENSSL_PATH
Rsa2048Sha256GenerateKeys - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256GenerateKeys [options]
optional arguments:
-o [filename [filename ...]], --output [filename [filename ...]]
specify the output private key filename in PEM format
-i [filename [filename ...]], --input [filename [filename ...]]
specify the input private key filename in PEM format
--public-key-hash PUBLICKEYHASHFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in binary format
--public-key-hash-c PUBLICKEYHASHCFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in C structure format
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
3) BaseTools\Conf\tools_def.template
a. Define GUID/Tool to perform RSA 2048 SHA 256 test signing and instructions on how to use alternate private/public key
b. GUID is EFI_CERT_TYPE_RSA2048_SHA256_GUID
c. Tool is Rsa2049Sha256Sign
4) MdeModulePkg\Library\PeiCrc32GuidedSectionExtractionLib
a. Add peer for DxeCrc32GuidedSectionExtractionLib so both PEI and DXE phases can perform basic integrity checks of PEI and DXE components
5) MdeModulePkg\Universal\SectionExtractionPei
a. Generic PEIM that can link against one or more NULL section extraction library instances to provided one or more GUIDED Section Extraction PPIs
6) MdeModulePkg\Universal\SectionExtractionDxe
a. Generic DXE Driver that can link against one or more NULL section extraction library instances to provide one or more GUIDED Section Extraction Protocols.
7) SecurityPkg\Library\PeiRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs PEI phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
8) SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs DXE phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
Laszlo Ersek [Tue, 12 Aug 2014 07:29:17 +0000 (07:29 +0000)]
AppPkg: introduce OrderedCollectionTest
In this patch a small application is added to AppPkg, with the following
two goals:
- demonstrate how to use OrderedCollectionLib,
- allow users to test and "fuzz" BaseOrderedCollectionRedBlackTreeLib in
particular, entering API "commands" interactively, or providing them
from a script file.
A shell script is included that generates such an API command script.
Speaking about BaseOrderedCollectionRedBlackTreeLib specifically,
OrderedCollectionTest validates the internal red-black properties of the
tree after each read-write operation by setting the
PcdValidateOrderedCollection feature flag to TRUE.
The OrderedCollectionTest application's debugging environment is strictly
specified in the DSC file, because OrderedCollectionTest is entirely
useless for unit testing without full ASSERT() enablement.
The OrderedCollectionTest application deliberately doesn't follow the edk2
coding style in the following:
- const vs. CONST,
- void vs. VOID,
- assert() vs. ASSERT(),
- calloc() and free() vs. AllocateZeroPool() and FreePool(),
- integer types.
This is because OrderedCollectionTest is a standard C application, not a
UEFI application per se. In particular it relies on stdio. INTN, EFIAPI
and CONST VOID are used only in two places, where we provide the
comparator callbacks to OrderedCollectionLib. Proper range checking is
ensured for integers.
The application takes command input from stdin or a file (if the user
requests it), sends command output to stdout or a file (if the user
requests it), prints debug output to the console (as other AppPkg
applications do when debugging is enabled for them), and prints
diagnostics to stderr (like well behaved standard C programs should).
Input/output selection is implemented manually because the old shell
doesn't support input redirection at all, and because the new shell's
input redirection does not co-operate with fgets() for the time being.
edk2 should have a fast and easy-to-use associative array (a dictionary)
type.
Red-black trees have O(log(n)) worst case time complexity for lookup,
insertion, and deletion (where n is the number of nodes in the tree). They
support minimum and maximum lookup with the same time complexity, hence
red-black trees double as priority queues as well.
Given an iterator to a red-black tree node, getting the next or previous
node (which corresponds to the ordered successor or the predecessor,
respectively, according to the user-defined ordering) is O(log(n)) as
well.
The code reflects the Binary Search Trees and Red-Black Trees chapters of
Introduction to Algorithms, by Cormen, Leiserson, Rivest. One point where
the implementation diverges is the first phase of the Delete() operation.
During that phase, the book's algorithm copies the key and other business
*contents* of the successor node (in case the successor node is affected),
and releases the successor node (instead of the node that the user
requested to delete).
While semantically correct, this would break the above iterator validity
guarantee. This implementation replaces the copying of business contents
between nodes with suitable relinking of nodes, so that all iterators
(except the one whose deletion is being requested) remain valid.
I had written this code originally in approx. 2002. I personally own the
copyright of that version and am hereby relicensing it to Red Hat, under
the BSDL. I had used the original code in a few personal projects since,
for example in the lbzip2-0.x parallel (de)compressor, and now I've ported
the library to edk2. Both during the original implementation and now
during the porting I verified all the cases and their proofs as rigorously
as I could, on paper. (NB, I couldn't find any errors in the 2002 code
now.)
During the porting to edk2, I documented all those cases in code comments
as well (at least half of the source is documentation). These comments are
not blind copies of diagrams from the Algorithms book, nor are they copies
from my original code -- I've done them all fresh now, and I've only
matched the results against the book. Reviewers are invited to sit down
with a pen, some paper, the book, and the code.
The Validate() function verifies the internal red-black properties of the
tree. This function helps with unit testing, and is only invoked when
requested with the PcdValidateOrderedCollection feature flag.
A note about diagrams: edges represented by backslash (\) characters are
often written as "\_", ie. with a following underscore. This is because
line-trailing backslashes are processed very early in compilation (in
translation phase 2), "splicing physical source lines to form logical
source lines". Since the edk2 coding style requires "//" comments for such
documentation, a trailing backslash would splice the next physical line
into the "scope" of the comment. To prevent this, trailing backslashes are
defanged by appending underscores, which should be visually bearable.
MdePkg: introduce OrderedCollectionLib library class
This library class provides a set of APIs to manage an ordered collection
of items:
- Init(),
- UnInit(),
- Insert(),
- Delete(),
- IsEmpty(),
- Next(),
- Prev(),
- Min(),
- Max(),
- Find(),
- UserStruct().
There are many ways to implement an ordered collection. Depending on the
frequency of the different actions, different internal implementations may
have different performance, memory overhead, or code size.
Developers can select the library instance for a platform or module in
their DSC files that meets the needs of that platform or module.
Laszlo Ersek [Mon, 11 Aug 2014 22:00:01 +0000 (22:00 +0000)]
StdLib/LibC/Stdio: fix "missing braces around initializer"
The member "fext._ub" is a structure (of type "struct __sbuf"), and the
current initializer triggers
StdLib/LibC/Stdio/vswscanf.c: In function 'vswscanf':
StdLib/LibC/Stdio/vswscanf.c:75:10: error: missing braces around
initializer [-Werror=missing-braces]
StdLib/LibC/Stdio/vswscanf.c:75:10: error: (near initialization for
'fext._ub') [-Werror=missing-braces]
cc1: all warnings being treated as errors
Laszlo Ersek [Mon, 11 Aug 2014 21:59:53 +0000 (21:59 +0000)]
StdLib/LibC/gdtoa: fix "missing braces around initializer"
The member "u.L" is an array, and the current initializer triggers
StdLib/LibC/gdtoa/strtof.c: In function '_strtof':
StdLib/LibC/gdtoa/strtof.c:53:9: error: missing braces around
initializer [-Werror=missing-braces]
StdLib/LibC/gdtoa/strtof.c:53:9: error: (near initialization for
'u.L') [-Werror=missing-braces]
cc1: all warnings being treated as errors
Gao, Liming [Mon, 11 Aug 2014 06:23:51 +0000 (06:23 +0000)]
MdeModulePkg: new PlatformHookLib library with depex of SerialPortPpi.
This library has one depex of SerialPortPpi. Then, the PEIM linked it has this depex so that it is dispatched after SerialPortPpi is installed. SerialPortPpi notifies the platform initialization done, then serial port will work.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Gao, Liming <liming.gao@intel.com> Reviewed-by: Kinney, Michael D <michael.d.kinney@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15782 6f19259b-4bc3-4df7-8a09-765794883524
Gao, Liming [Mon, 11 Aug 2014 05:40:40 +0000 (05:40 +0000)]
MdeModulePkg: DxeCore
If GUIDED section has AUTH attribute only, DxeCore may wrongly set its AuthenticationStatus to 0 when its matched GUIDED extraction handler is not installed and Auth data is not verified. For this case, the return AuthenticationStatus should be EFI_AUTH_STATUS_NOT_TESTED.
Andrew Fish [Fri, 8 Aug 2014 00:57:50 +0000 (00:57 +0000)]
clang warns on guard macro not matching in .h file.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Andrew Fish <afish@apple.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15774 6f19259b-4bc3-4df7-8a09-765794883524
Jaben Carsey [Thu, 7 Aug 2014 20:02:40 +0000 (20:02 +0000)]
ShellPkg: Refactor string manipulation in cp command
This patch replaces StrCpy with StrnCpy or refactors out the usage of StrCpy through some other means.
This patch replaces StrCat with StrnCat or refactors out the usage of StrCat through some other means.