mirror_edk2.git
3 weeks agoMaintainers.txt: Update email address master
Abner [Tue, 19 Jul 2022 01:43:01 +0000 (09:43 +0800)]
Maintainers.txt: Update email address

Update Abner's email address from hpe.com to amd.com for
the packages those are maintained by Abner, except RISC-V stuff.

Cc: Andrew Fish <afish@apple.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Signed-off-by: Abner Chang <abner.chang@amd.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
3 weeks agoUefiPayloadPkg: Add macro to support selective driver in UPL
James Lu [Thu, 7 Jul 2022 16:15:09 +0000 (09:15 -0700)]
UefiPayloadPkg: Add macro to support selective driver in UPL

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3967

Add macros to decide modules built into UPL.elf.

Macro list:
 - GENERIC_MEMORY_TEST_ENABLE: GenericMemoryTestDxe
 - MEMORY_TEST: NullMemoryTestDxe or GenericMemoryDxe
 - ATA_ENABLE: SataControllerDxe, AtaBusDxe
 - SD_ENABLE: SdMmcPciDxe, EmmcDxe, SdDxe
 - PS2_MOUSE_ENABLE: Ps2MouseDxe

Cc: Guo Dong <guo.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Gua Guo <gua.guo@intel.com>
Signed-off-by: James Lu <james.lu@intel.com>
Reviewed-by: Ray Ni <Ray.ni@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
3 weeks agoMaintainers.txt: Update Maintainers/reviewers for UefiPayloadPkg
Guo Dong [Sat, 16 Jul 2022 00:59:15 +0000 (17:59 -0700)]
Maintainers.txt: Update Maintainers/reviewers for UefiPayloadPkg

Promote Sean Rhodes as UefiPayloadPkg maintainer.
Remove Maurice and Benjamin since their role was changed.

Signed-off-by: Guo Dong <guo.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Benjamin You <benjamin.you@intel.com>
Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Benjamin You <benjamin.you@intel.com>
3 weeks agoMaintainers.txt: Add IntelFsp2*Pkg Maintainer
Nate DeSimone [Mon, 18 Jul 2022 20:24:55 +0000 (13:24 -0700)]
Maintainers.txt: Add IntelFsp2*Pkg Maintainer

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
3 weeks agoIntelFsp2Pkg: Add Definition of EDKII_PEI_VARIABLE_PPI
Nate DeSimone [Mon, 18 Jul 2022 20:11:24 +0000 (13:11 -0700)]
IntelFsp2Pkg: Add Definition of EDKII_PEI_VARIABLE_PPI

Adds definition of EDKII_PEI_VARIABLE_PPI.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
3 weeks agoDynamicTablesPkg: Fix generated _HID value for SBSA
Pierre Gondois [Wed, 7 Apr 2021 14:43:39 +0000 (15:43 +0100)]
DynamicTablesPkg: Fix generated _HID value for SBSA

SSDT tables describing an SBSA compatible serial port receive an '_HID'
value of 'ARMH0011'. This value represents a PL011 serial port.

This patch:
 - Generates an 'ARMHB000' instead
 - References the 'ACPI for Arm Components 1.0 - 2020' document
   specifying the '_HID' values to use.

Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
3 weeks agoDynamicTables: Fix DT PCI interrupt flags parsing
Pierre Gondois [Wed, 27 Apr 2022 14:49:31 +0000 (16:49 +0200)]
DynamicTables: Fix DT PCI interrupt flags parsing

Device Tree PCI interrupt flags use the convention described at
linux/Documentation/devicetree/bindings/interrupt-controller/arm,gic.yaml

The 3rd cell is the flags, encoded as follows:
  bits[3:0] trigger type and level flags.
  1 = low-to-high edge triggered
  2 = high-to-low edge triggered (invalid for SPIs)
  4 = active high level-sensitive
  8 = active low level-sensitive (invalid for SPIs).

Fix the incorrect code.

Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
3 weeks agoBaseTools: Fix DSC LibraryClass precedence rule
Chen, Christine [Thu, 30 Jun 2022 09:04:05 +0000 (17:04 +0800)]
BaseTools: Fix DSC LibraryClass precedence rule

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3965

Currently DSC LibraryClass precedence rule is not align with DSC Spec.

The expectation rule should be:
[LibraryClasses.$(ARCH)] < [LibraryClasses.Common.$(MODULE_TYPE)]

The actual behavior is:
[LibraryClasses.$(ARCH)] > [LibraryClasses.Common.$(MODULE_TYPE)]

This patch fixes the issue.

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Long1 Huang <long1.huang@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Yuwei Chen <yuwei.chen@intel.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
3 weeks agoBaseTools: add '-p' for Linux 'cp' command.
Chen, Christine [Fri, 8 Jul 2022 13:10:00 +0000 (21:10 +0800)]
BaseTools: add '-p' for Linux 'cp' command.

Currently BaseTools use 'cp' command for PcdValueInit and GenMake
process, as the command can not keep the time info of the source
file, which will cause incremental build issue in Linux system,
thus the '-p' need be added to keep the source file's attributes
in copy process.

This patch fixes this issue.

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Yuwei Chen <yuwei.chen@intel.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
4 weeks agoUefiPayloadPkg/PlatformBootManagerLib: Evenly space boot prompt
Sean Rhodes [Mon, 4 Jul 2022 19:39:15 +0000 (12:39 -0700)]
UefiPayloadPkg/PlatformBootManagerLib: Evenly space boot prompt

Add 4 spaces before the boot prompt "F2 or Down..." so that the
spacing is equadistant from the top, which is spaced with a `\n`,
and the left.

Cc: Guo Dong <guo.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Benjamin You <benjamin.you@intel.com>
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Guo Dong <guo.dong@intel.com>
4 weeks agoDynamicTablesPkg: Add support to specify FADT minor revision
Sami Mujawar [Wed, 6 Jul 2022 11:40:09 +0000 (12:40 +0100)]
DynamicTablesPkg: Add support to specify FADT minor revision

The CM_STD_OBJ_ACPI_TABLE_INFO.AcpiTableRevision can be used to specify
the major revision number of the ACPI table that the generator must use.
Although most ACPI tables only have a major revision number, the FADT
table additionally has a minor revision number.

The FADT generator currently defaults to setting the latest supported
ACPI revision for the FADT table i.e. ACPI 6.4. This means that the minor
revision for the FADT table is always set to 4 and there is no provision
for a user to specify the minor revision to be selected.

Therefore, update CM_STD_OBJ_ACPI_TABLE_INFO to introduce a new field
MinorRevision which can be used to specify the minor revision for an
ACPI table. Also update the FADT generator to validate the supported
FADT revisions ans use the specified minor revision for the FADT table
if supported. If an unsupported minor revision is specified the FADT
generator defaults to the latest supported minor revision.

Since the CM_STD_OBJ_ACPI_TABLE_INFO.MinorRevision field is added to
the end of the structure, it should not break existing platform code.

Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
Reviewed-by: <pierre.gondois@arm.com>
Tested-by: Jagadeesh Ujja <Jagadeesh.Ujja@arm.com>
4 weeks agoIntelFsp2Pkg: Update SEC_IDT_TABLE struct
Kuo, Ted [Tue, 12 Jul 2022 09:30:58 +0000 (02:30 -0700)]
IntelFsp2Pkg: Update SEC_IDT_TABLE struct

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3957
The reserved IDT table size in SecCore is too small for X64. Changed the type
of IdtTable in SEC_IDT_TABLE from UINT64 to IA32_IDT_GATE_DESCRIPTOR to have
sufficient size reserved in IdtTable for X64.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Ashraf Ali S <ashraf.ali.s@intel.com>
Signed-off-by: Ted Kuo <ted.kuo@intel.com>
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
4 weeks agoUefiCpuPkg: Update SEC_IDT_TABLE struct
Kuo, Ted [Tue, 12 Jul 2022 09:30:57 +0000 (02:30 -0700)]
UefiCpuPkg: Update SEC_IDT_TABLE struct

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3957
The reserved IDT table size in SecCore is too small for X64. Changed the type
of IdtTable in SEC_IDT_TABLE from UINT64 to IA32_IDT_GATE_DESCRIPTOR to have
sufficient size reserved in IdtTable for X64. dff

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Ashraf Ali S <ashraf.ali.s@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Signed-off-by: Ted Kuo <ted.kuo@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
4 weeks agoMdePkg/include: Update DMAR definitions to Intel VT-d spec ver4.0
Robert Kowalewski [Wed, 6 Jul 2022 13:47:36 +0000 (21:47 +0800)]
MdePkg/include: Update DMAR definitions to Intel VT-d spec ver4.0

Updated DMAR definitions accordingly to changes in Intel(R) Virtualization
Technology for Directed I/O (VT-D) Architecture Specification ver4.0.

Added new definition of remapping structure - SIDP. The SoC Integrated
Device Property (SIDP) reporting structure identifies devices that have
special properties and that may put restrictions on how system software
must configure remapping structures that govern such devices in a platform
where remapping hardware is enabled.

Updated DRHD definition - field 'reserved' is replaced with 'Size'.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3978

Signed-off-by: Robert Kowalewski <robert.kowalewski@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jenny Huang <jenny.huang@intel.com>
Cc: Sheng Wei <w.sheng@intel.com>
Reviewed-by: Sheng Wei <w.sheng@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
4 weeks agoUefiPayloadPkg: Add CryptoDxe driver to UefiPayload
PaytonX Hsieh [Wed, 6 Jul 2022 10:21:40 +0000 (18:21 +0800)]
UefiPayloadPkg: Add CryptoDxe driver to UefiPayload

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3979

Add CryptoDxe into UPL.
Drviers can locate protocol instead of building openssl lib into drivers.
This can reduce the binary size that UPL required.

Cc: Guo Dong <guo.dong@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: James Lu <james.lu@intel.com>
Reviewed-by: Gua Guo <gua.guo@intel.com>
Signed-off-by: PaytonX Hsieh <paytonx.hsieh@intel.com>
5 weeks ago.gitignore: Ignore build tools build logs
Jeff Brasen [Thu, 21 Apr 2022 17:01:06 +0000 (01:01 +0800)]
.gitignore: Ignore build tools build logs

The python BaseTools/Edk2ToolsBuild.py creates files in
BaseTools/BaseToolsBuild and should be ignored.

Signed-off-by: Jeff Brasen <jbrasen@nvidia.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
5 weeks agoArmVirtPkg: Pipeline: Resolving newly introduced dependency
Kun Qin [Fri, 8 Jul 2022 19:59:44 +0000 (12:59 -0700)]
ArmVirtPkg: Pipeline: Resolving newly introduced dependency

The new changes in SecureBootVariableLib brought in a new dependency
of PlatformPKProtectionLib.

This change added the new library instance from SecurityPkg to resolve
ArmVirtPkg builds.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Kun Qin <kuqin12@gmail.com>
5 weeks agoUefiCpuPkg/SecCore: Add debug messages to illuminate data flow
Oram, Isaac W [Mon, 27 Jun 2022 22:48:51 +0000 (06:48 +0800)]
UefiCpuPkg/SecCore: Add debug messages to illuminate data flow

Add debug messages to make it easier to verify PlatformSecLib
is passing the data properly.

Reviewed-by: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Signed-off-by: Isaac Oram <isaac.w.oram@intel.com>
5 weeks agoStandaloneMmPkg: Fix check buffer address failed issue from TF-A
Ming Huang [Fri, 31 Dec 2021 11:06:23 +0000 (19:06 +0800)]
StandaloneMmPkg: Fix check buffer address failed issue from TF-A

There are two scene communicate with StandaloneMm(MM):
1 edk2 -> TF-A -> MM, communicate MM use non-secure buffer which
  specify by EFI_SECURE_PARTITION_BOOT_INFO.SpNsCommBufBase;
2 RAS scene: fiq -> TF-A -> MM, use secure buffer which
  specify by EFI_SECURE_PARTITION_BOOT_INFO.SpShareBufBase;

For now, the second scene will failed because check buffer address.
This patch add CheckBufferAddr() to support check address for secure
buffer.

Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
5 weeks agoStandaloneMmPkg: Replace DEBUG_INFO with DEBUG_ERROR
Ming Huang [Fri, 31 Dec 2021 11:06:22 +0000 (19:06 +0800)]
StandaloneMmPkg: Replace DEBUG_INFO with DEBUG_ERROR

DEBUG_ERROR should be used in error branch.

Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
5 weeks agoStandaloneMmPkg: Fix issue about SpPcpuSharedBufSize field
Ming Huang [Fri, 31 Dec 2021 11:06:21 +0000 (19:06 +0800)]
StandaloneMmPkg: Fix issue about SpPcpuSharedBufSize field

TF-A: TrustedFirmware-A
SPM: Secure Partition Manager(MM)

In TF-A, the name of this field is sp_shared_buf_size. This field is
the size of range for transmit data from TF-A to standaloneMM when
SPM enable.

SpPcpuSharedBufSize is pass from TF-A while StandaloneMM initialize.
So, SpPcpuSharedBufSize should be rename to SpSharedBufSize and this field
should no multiply by PayloadBootInfo->NumCpus;

Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
5 weeks agoEmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency
Kun Qin [Wed, 4 May 2022 02:48:59 +0000 (19:48 -0700)]
EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency

The new changes in SecureBootVariableLib brought in a new dependency of
PlatformPKProtectionLib.

This change added the new library instance from SecurityPkg to resolve
pipeline builds.

Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Kun Qin <kuqin12@gmail.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
5 weeks agoOvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency
Kun Qin [Wed, 4 May 2022 02:41:51 +0000 (19:41 -0700)]
OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency

The new changes in SecureBootVariableLib brought in a new dependency of
PlatformPKProtectionLib.

This change added the new library instance from SecurityPkg to resolve
pipeline builds.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Sebastien Boeuf <sebastien.boeuf@intel.com>
Signed-off-by: Kun Qin <kuqin12@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
5 weeks agoSecurityPkg: SecureBootVariableLib: Added unit tests
kuqin [Wed, 13 Apr 2022 20:30:14 +0000 (13:30 -0700)]
SecurityPkg: SecureBootVariableLib: Added unit tests

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911

This change added unit test and enabled it from pipeline for the updated
SecureBootVariableLib.

The unit test covers all implemented interfaces and certain corner cases.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
5 weeks agoSecurityPkg: SecureBootConfigDxe: Updated invocation pattern
Kun Qin [Sun, 10 Apr 2022 22:37:10 +0000 (15:37 -0700)]
SecurityPkg: SecureBootConfigDxe: Updated invocation pattern

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909

This change is in pair with the previous SecureBootVariableLib change,
which updated the interface of `CreateTimeBasedPayload`.

This change added a helper function to query the current time through
Real Time Clock protocol. This function is used when needing to format
an authenticated variable payload.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
5 weeks agoSecurityPkg: Secure Boot Drivers: Added common header files
Kun Qin [Tue, 12 Apr 2022 00:46:12 +0000 (17:46 -0700)]
SecurityPkg: Secure Boot Drivers: Added common header files

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910

This change added common header files to consumer drivers to unblock
pipeline builds.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
5 weeks agoSecurityPkg: SecureBootVariableProvisionLib: Updated implementation
Kun Qin [Sun, 10 Apr 2022 22:36:53 +0000 (15:36 -0700)]
SecurityPkg: SecureBootVariableProvisionLib: Updated implementation

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910

This change is in pair with the previous SecureBootVariableLib, which
removes the explicit invocation of `CreateTimeBasedPayload` and used new
interface `EnrollFromInput` instead.

The original `SecureBootFetchData` is also moved to this library and
incorporated with the newly defined `SecureBootCreateDataFromInput` to
keep the original code flow.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
5 weeks agoSecurityPkg: SecureBootVariableLib: Added newly supported interfaces
kuqin [Fri, 15 Apr 2022 20:03:22 +0000 (13:03 -0700)]
SecurityPkg: SecureBootVariableLib: Added newly supported interfaces

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911

This change updated the interfaces provided by SecureBootVariableLib.

The new additions provided interfaces to enroll single authenticated
variable from input, a helper function to query secure boot status,
enroll all secure boot variables from UefiSecureBoot.h defined data
structures, a as well as a routine that deletes all secure boot related
variables.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
5 weeks agoSecurityPkg: SecureBootVariableLib: Updated signature list creator
kuqin [Fri, 15 Apr 2022 20:38:11 +0000 (13:38 -0700)]
SecurityPkg: SecureBootVariableLib: Updated signature list creator

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910

This change removes the interface of SecureBootFetchData, and replaced
it with `SecureBootCreateDataFromInput`, which will require caller to
prepare available certificates in defined structures.

This improvement will eliminate the dependency of reading from FV,
extending the availability of this library instance.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
5 weeks agoSecurityPkg: SecureBootVariableLib: Updated time based payload creator
Kun Qin [Sun, 10 Apr 2022 22:35:59 +0000 (15:35 -0700)]
SecurityPkg: SecureBootVariableLib: Updated time based payload creator

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909

This change updated the interface of 'CreateTimeBasedPayload' by
requiring the caller to provide a timestamp, instead of relying on time
protocol to be ready during runtime. It intends to extend the library
availability during boot environment.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
5 weeks agoSecurityPkg: PlatformPKProtectionLib: Added PK protection interface
Kun Qin [Mon, 11 Apr 2022 22:07:34 +0000 (15:07 -0700)]
SecurityPkg: PlatformPKProtectionLib: Added PK protection interface

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911

This patch provides an abstracted interface for platform to implement PK
variable related protection interface, which is designed to be used when
PK variable is about to be changed by UEFI firmware.

This change also provided a variable policy based library implementation
to accomodate platforms that supports variable policy for variable
protections.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
5 weeks agoSecurityPkg: UefiSecureBoot: Definitions of cert and payload structures
Kun Qin [Mon, 11 Apr 2022 23:45:45 +0000 (16:45 -0700)]
SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910

This change added certificate and payload structures that can be consumed
by SecureBootVariableLib and other Secure Boot related operations.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
6 weeks agoNetworkPkg: Add Wi-Fi Wpa3 support in WifiConnectManager
Heng Luo [Fri, 24 Jun 2022 07:59:44 +0000 (15:59 +0800)]
NetworkPkg: Add Wi-Fi Wpa3 support in WifiConnectManager

https://bugzilla.tianocore.org/show_bug.cgi?id=3961

Add below Wpa3 support:
    WPA3-Personal:
      Ieee80211AkmSuiteSAE                = 8
    WPA3-Enterprise:
      Ieee80211AkmSuite8021XSuiteB        = 11
      Ieee80211AkmSuite8021XSuiteB192     = 12
    Wi-Fi CERTIFIED Enhanced Open:
      Ieee80211AkmSuiteOWE                = 18

Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Signed-off-by: Heng Luo <heng.luo@intel.com>
6 weeks agoArmPkg/Drivers: ArmGicIsInterruptEnabled returns incorrect value
Robbie King [Fri, 1 Jul 2022 15:06:17 +0000 (11:06 -0400)]
ArmPkg/Drivers: ArmGicIsInterruptEnabled returns incorrect value

The issue appears to have been introduced by:

41fb5d46 : ArmPkg/ArmGic: Use the GIC Redistributor instead of GIC Distributor for GICv3

The changes to ArmGicIsInterruptEnabled() introduced the error where the Boolean
result is assigned to Interrupts, but then the bit position check is performed
again (against the computed Boolean result instead of the interrupt mask) during
the return statement.

Fix removes erroneous test and relies on boolean test made at return.

Signed-off-by: Robbie King <robbiek@xsightlabs.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
6 weeks agoMdePkg/Acpi62: Add bit definitions to NFIT Platform Capabilities Structure
Miki Shindo [Wed, 29 Jun 2022 22:41:30 +0000 (06:41 +0800)]
MdePkg/Acpi62: Add bit definitions to NFIT Platform Capabilities Structure

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3915

This commit adds each capability bit definition
for NFIT Platform Capabilities Structure.
The type has been added since ACPI Specification Version 6.2A.

Signed-off-by: Miki Shindo <miki.shindo@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
6 weeks agoOvmfPkg/PlatformCI: add IntelTdxBuild.py
Min Xu [Sun, 15 May 2022 11:33:04 +0000 (19:33 +0800)]
OvmfPkg/PlatformCI: add IntelTdxBuild.py

Add build test for OvmfPkg/IntelTdx

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <Jiewen.yao@intel.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
6 weeks agopip-requirements.txt: Update basetools version to 0.1.24
Bob Feng [Wed, 29 Jun 2022 02:29:38 +0000 (10:29 +0800)]
pip-requirements.txt: Update basetools version to 0.1.24

Upgrade the edk2-basetools version from 0.1.17 to 0.1.24

features and bug fixes:
1. Add FMMT Python Tool
2. Remove RVCT support
3. Fix dependency issue in PcdValueInit
4. Output the intermediate library instance when error occurs
5. Ecc: Fix grammar in Ecc error message
6. Fix the GenMake bug for .cpp source file

Signed-off-by: Bob Feng <bob.c.feng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
6 weeks agoUefiPayloadPkg: Align Attribute value with UPL spec
Gua Guo [Mon, 27 Jun 2022 03:05:08 +0000 (11:05 +0800)]
UefiPayloadPkg: Align Attribute value with UPL spec

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3963

Based on UPL spec 2.12.2. Universal Payload Information Section,
it defines item "Attribute" on UPLD_INFO_HEADER for Debug build
should be "1", and Release build should be "0".

Currently, The value of item "Attribute" is always "0"

Cc: Guo Dong <guo.dong@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: James Lu <james.lu@intel.com>
Signed-off-by: Gua Guo <gua.guo@intel.com>
6 weeks agoMdePkg/Acpi62: Add type 7 NFIT Platform Capabilities Structure support
Miki Shindo [Thu, 23 Jun 2022 03:40:17 +0000 (11:40 +0800)]
MdePkg/Acpi62: Add type 7 NFIT Platform Capabilities Structure support

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3915

This commit adds a definition type 7 Platform Capabilities Structure
and the struct definition for NFIT Table Structure Types.
The type has been added since ACPI Specification Version 6.2A.

Signed-off-by: Miki Shindo <miki.shindo@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
6 weeks agoBaseTools: Fix the GenMake bug for .cpp source file
Feng, Bob C [Sat, 25 Jun 2022 05:11:40 +0000 (13:11 +0800)]
BaseTools: Fix the GenMake bug for .cpp source file

Build-rules.txt lists .cc and .cpp as supported file extensions.
BaseTools commit 05217d210e introduce a regression issue that
ignore the .cc and .cpp file type.

This patch is to fix this bug.

Signed-off-by: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Reviewed-by: Yuwei Chen<yuwei.chen@intel.com>
6 weeks agoMdeModulePkg/XhciDxe: Add access xHCI Extended Capabilities Pointer
Ian Chiu [Thu, 23 Jun 2022 06:21:45 +0000 (14:21 +0800)]
MdeModulePkg/XhciDxe: Add access xHCI Extended Capabilities Pointer

Add support process Port Speed field value of PORTSC according to
Supported Protocol Capability (define in xHCI spec 1.1)

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3914

The value of Port Speed field in PORTSC bit[10:13]
(xHCI spec 1.1 section 5.4.8) should be change to use this value to
query thru Protocol Speed ID (PSI) (xHCI spec 1.1 section 7.2.1)
in xHCI Supported Protocol Capability and return the value according
the Protocol Speed ID (PSIV) Dword.

With this mechanism may able to detect more kind of Protocol Speed
in USB3 and also compatiable with three kind of speed of USB2.

Cc: Jenny Huang <jenny.huang@intel.com>
Cc: More Shih <more.shih@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Ian Chiu <Ian.chiu@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
6 weeks agoBaseTools/Ecc: Fix grammar in Ecc error message
Rebecca Cran [Sun, 19 Jun 2022 22:07:09 +0000 (06:07 +0800)]
BaseTools/Ecc: Fix grammar in Ecc error message

Signed-off-by: Rebecca Cran <quic_rcran@quicinc.com>
Reviewed-by: Yuwei Chen <yuwei.chen@intel.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
7 weeks agoOvmf: Include HardwareInfoLib library classes for IntelTdx
Nicolas Ojeda Leon [Thu, 23 Jun 2022 15:26:23 +0000 (17:26 +0200)]
Ovmf: Include HardwareInfoLib library classes for IntelTdx

Include HardwareInfoLib classes in the IntelTdxX64.dsc for this
platform to use it during build given that PciHostBridgeUtilityLib
depends on it.

Cc: Alexander Graf <graf@amazon.de>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Nicolas Ojeda Leon <ncoleon@amazon.com>
7 weeks agoArmVirtPkg: Include DxeHardwareInfoLib library class in dsc
Nicolas Ojeda Leon [Thu, 23 Jun 2022 15:23:27 +0000 (17:23 +0200)]
ArmVirtPkg: Include DxeHardwareInfoLib library class in dsc

Include DxeHardwareInfoLib class in the common ArmVirt.dsc.inc so that
ArmVirt* platforms use it during build given that PciHostBridgeUtilityLib
depends on it.

Cc: Alexander Graf <graf@amazon.de>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Nicolas Ojeda Leon <ncoleon@amazon.com>
7 weeks agoUefiPayloadPkg: Backward support with python 3.6
KasimX Liu [Fri, 24 Jun 2022 03:35:43 +0000 (11:35 +0800)]
UefiPayloadPkg: Backward support with python 3.6

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3960

Currently, UniversalPayloadBuild.py don't have support
python3.6, we use python3.6 will encounter f"" failure
use the change to fix it to support python3.6/3.7/3.8.

Cc: Guo Dong <guo.dong@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: James Lu <james.lu@intel.com>
Reviewed-by: Gua Guo <gua.guo@intel.com>
Signed-off-by: KasimX Liu <kasimx.liu@intel.com>
7 weeks agoUefiCpuPkg: CpuDxe: Set RW and P Attributes on Split Pages
Ray Ni [Thu, 23 Jun 2022 06:20:32 +0000 (14:20 +0800)]
UefiCpuPkg: CpuDxe: Set RW and P Attributes on Split Pages

A memory range can be submitted for attribute changes which is large
enough to not require a page split during the attribute update. Consider
the following scenario:

1. An attribute update removed the RW attribute on a range large enough
to not require a page split.
2. Later, an attributes update is called to re-add the RW attribute for
a subsection of that larger page which requires a split
3. The attribute update logic performs a page split, so now the parent
and child pages have matching attributes
4. Then, the attribute update logic changes the child page to have the
RW attribute.
5. The child page would then correctly have the RW attribute added but
the parent page would still have the RW attribute removed which will
cause an improper access violation.

The page being split should have loose attributes to accommodate the
above case. The split page should always have the attributes set so
the lowest level page frame determines the access rights as detailed
in 4.10.2.2 of the Intel 64 and IA-32 Architectures Software
Developer Manual. Setting the User/Supervisor attribute shouldn't
be necessary.

Cc: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Taylor Beebe <t@taylorbeebe.com>
7 weeks agoArmPlatformPkg: Add PCD for serial debug port interrupt
Thomas Abraham [Wed, 22 Jun 2022 15:38:43 +0000 (21:08 +0530)]
ArmPlatformPkg: Add PCD for serial debug port interrupt

For Arm platforms that support more that one serial port, one of the
serial port can be used for connecting debuggers such as WinDbg. There
are PCDs that allow the base address and clock rate to be specified for
this debug serial port but not its interrupt number. So add a PCD to
specify the interrupt number assigned to the serial debug port
controller.

Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
7 weeks agoOvmfPkg/PciHostBridgeUtilityLib: Initialize RootBridges apertures with spec
Nicolas Ojeda Leon [Tue, 29 Jun 2021 15:52:13 +0000 (17:52 +0200)]
OvmfPkg/PciHostBridgeUtilityLib: Initialize RootBridges apertures with spec

Consume the host-provided specification of PCI host bridges if
available. Using the DxeHardwareInfoLib, populate a list of
hardware descriptors based on the content of the "hardware-info"
fw-cfg file, if provided. In the affirmative case, use the
resources and attributes specified by the hypervisor for each
Host Bridge to create the RootBridge elements.

In Ovmf platforms, the host can provide the specification of
non-discoverable hardware resources like PCI host bridges. If the
proper fw-cfg file is found, parse the contents provided by the
host into a linked list by using the Hardware Info library. Then,
using the list of PCI host bridges' descriptions, populate the
PCI_ROOT_BRIDGES array with the resources and attributes specified
by the host. If the file is not provided or no Host Bridge is found
in it, fold back to the legacy method based on pre-defined
apertures and rules.

In some use cases, the host requires additional control over the
hardware resources' configurations in the guest for performance and
discoverability reasons. For instance, to disclose information about
the PCI hierarchy to the guest so that this can profit from
optimized accesses. In this case, the host can decide to describe
multiple PCI Host Bridges and provide a specific set of resources
(e.g. MMIO apertures) so that the guest uses the values provided.
Using the provided values may entitle the guest to added performance,
for example by using specific MMIO mappings that can enable peer-to-peer
communication across the PCI hierarchy or by allocating memory closer
to a device for faster DMA transactions.

Cc: Alexander Graf <graf@amazon.de>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Nicolas Ojeda Leon <ncoleon@amazon.com>
7 weeks agoOvmf/PlatformPei: Use host-provided GPA end if available
Nicolas Ojeda Leon [Wed, 19 Jan 2022 14:48:33 +0000 (15:48 +0100)]
Ovmf/PlatformPei: Use host-provided GPA end if available

Read the "hardware-info" item from fw-cfg to extract specifications
of PCI host bridges and analyze the 64-bit apertures of them to
find out the highest 64-bit MMIO address required which determines
the address space required by the guest, and, consequently, the
FirstNonAddress used to calculate size of physical addresses.

Using the static PeiHardwareInfoLib, read the fw-cfg file of
hardware information to extract, one by one, all the host
bridges. Find the last 64-bit MMIO address of each host bridge,
using the HardwareInfoPciHostBridgeLib API, and compare it to an
accumulate value to discover the highest address used, which
corresponds to the highest value that must be included in the
guest's physical address space.

Given that platforms with multiple host bridges may provide the PCI
apertures' addresses, the memory detection logic must take into
account that, if the host provided the MMIO windows that can and must
be used, the guest needs to take those values. Therefore, if the
MMIO windows are found in the host-provided fw-cfg file, skip all the
logic calculating the physical address size and just use the value
provided. Since each PCI host bridge corresponds to an element in
the information provided by the host, each of these must be analyzed
looking for the highest address used.

Cc: Alexander Graf <graf@amazon.de>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Nicolas Ojeda Leon <ncoleon@amazon.com>
7 weeks agoOvmf/HardwareInfoLib: Add Dxe lib to dynamically parse heterogenous data
Nicolas Ojeda Leon [Wed, 19 Jan 2022 14:12:30 +0000 (15:12 +0100)]
Ovmf/HardwareInfoLib: Add Dxe lib to dynamically parse heterogenous data

Following the Hardware Info library, create the DxeHardwareInfoLib
which implements the whole API capable of parsing heterogeneous hardware
information. The list-like API grants callers a flexible and common
pattern to retrieve the data. Moreover, the initial source is a BLOB
which generalizes the host-to-guest transmission mechanism.

The Hardware Info library main objective is to provide a way to
describe non-discoverable hardware so that the host can share the
available resources with the guest in Ovmf platforms. This change
features and embraces the main idea behind the library by providing
an API that parses a BLOB into a linked list to retrieve hardware
data from any source. Additionally, list-like APIs are provided so
that the hardware info list can be traversed conveniently.
Similarly, the capability is provided to filter results by specific
hardware types. However, heterogeneous elements can be added to the
list, increasing the flexibility. This way, a single source, for
example a fw-cfg file, can be used to describe several instances of
multiple types of hardware.

This part of the Hardware Info library makes use of dynamic memory
and is intended for stages in which memory services are available.
A motivation example is the PciHostBridgeLib. This library, part
of the PCI driver populates the list of PCI root bridges during DXE
stage for future steps to discover the resources under them. The
hardware info library can be used to obtain the detailed description
of available host bridges, for instance in the form of a fw-cfg file,
and parse that information into a dynmaic list that allows, first to
verify consistency of the data, and second discover the resources
availabe for each root bridge.

Cc: Alexander Graf <graf@amazon.de>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Nicolas Ojeda Leon <ncoleon@amazon.com>
7 weeks agoOvmf/HardwareInfoLib: Create Pei lib to parse directly from fw-cfg
Nicolas Ojeda Leon [Wed, 19 Jan 2022 09:49:15 +0000 (10:49 +0100)]
Ovmf/HardwareInfoLib: Create Pei lib to parse directly from fw-cfg

Define the HardwareInfoLib API and create the PeiHardwareInfoLib
which implements it, specifically for Pei usage, supporting
only static accesses to parse data directly from a fw-cfg file.
All list-like APIs are implemented as unsupported and only a
fw-cfg wrapper to read hardware info elements is provided.

The Hardware Info library is intended to describe non-discoverable
hardware information and share that from the host to the guest in Ovmf
platforms. The QEMU fw-cfg extension for this library provides a first
variation to parse hardware info by reading it directly from a fw-cfg
file. This library offers a wrapper function to the plain
QmeuFwCfgReadBytes which, specifically, parses header-data pairs out
of the binary values in the file. For this purpose, the approach is
incremental, reading the file block by block and outputting the values
only for a specific known hardware type (e.g. PCI host bridges). One
element is returned in each call until the end of the file is reached.

Considering fw-cfg as the first means to transport hardware info from
the host to the guest, this wrapping library offers the possibility
to statically, and in steps, read a specific type of hardware info
elements out of the file. This method reads one hardware element of a
specific type at a time, without the need to pre-allocate memory and
read the whole file or dynamically allocate memory for each new
element found.

As a usage example, the static approach followed by this library
enables early UEFI stages to use and read hardware information
supplied by the host. For instance, in early times of the PEI stage,
hardware information can be parsed out from a fw-cfg file prescinding
from memory services, that may not yet be available, and avoiding
dynamic memory allocations.

Cc: Alexander Graf <graf@amazon.de>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Nicolas Ojeda Leon <ncoleon@amazon.com>
7 weeks agoOvmfPkg/Library: Create base HardwareInfoLib for PCI Host Bridges
Nicolas Ojeda Leon [Tue, 18 Jan 2022 18:45:18 +0000 (19:45 +0100)]
OvmfPkg/Library: Create base HardwareInfoLib for PCI Host Bridges

Create the Hardware Info library base together with the specifics to
describe PCI Host Bridges.

The Hardware Info library is intended to be used for disclosing
non-discoverable hardware information from the host to the guest in
Ovmf platforms. Core functionality will provide the possibility to
parse information from a generic BLOB into runtime structures. The
library is conceived in a generic way so that further hardware
elements can also be described using it. For such purpose the length
of the BLOB is not restricted but instead regarded as a sequence of
header-info elements that allow the parsing during runtime. The first
type of hardware defined will be PCI host bridges, providing the
possibility to define multiple and specify the resources each of them
can use. This enables the guest firmware to configure PCI resources
properly. Having the size of each individual element favors the reuse
of a single interface to convey descriptions of an arbitrary number
of heterogenous hardware elements. Furthermore, flexible access
mechanisms coupled with the size will grant the possibility of
interpreting them in a single run.

Define the base types of the generic Hardware Info library to parse
heterogeneous data. Also provide the specific changes to support
PCI host bridges as the first hardware type supported by the
library.
Additionally, define the HOST_BRIDGE_INFO structure to describe PCI
host bridges along with the functionality to parse such information
into proper structures used by the PCI driver in a centralized manner
and taking care of versioning.

As an example and motivation, the library will be used to define
multiple PCI host bridges for complex platforms that require it.
The first means of transportation that will be used is going to be
fw-cfg, over which a stream of bytes will be transferred and later
parsed by the hardware info library. Accordingly, the PCI driver
will make use of these host bridges definitions to populate the
list of Root Bridges and proceed with the configuration and discovery
of underlying hardware components.

As mentioned before, the binary data to be parsed by the Hardware
Info library should be organized as a sequence of Header-element
pairs in which the header describes the type and size of the associated
element that comes right after it. As an illustration, to provide
inforation of 3 host bridges the data, conceptually, would look
like this:

Header PCI Host Bridge (type and size) # 1
PCI Host Bridge info # 1
Header PCI Host Bridge (type and size) # 2
PCI Host Bridge info # 2
Header PCI Host Bridge (type and size) # 3
PCI Host Bridge info # 3

Cc: Alexander Graf <graf@amazon.de>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Nicolas Ojeda Leon <ncoleon@amazon.com>
7 weeks agoOvmfPkg: reduce the number of dsc include files for tpm libs
Gerd Hoffmann [Thu, 16 Jun 2022 12:56:33 +0000 (14:56 +0200)]
OvmfPkg: reduce the number of dsc include files for tpm libs

We can have multiple [LibraryClasses] sections, so we can place
all TPM-related library configuration to a single include file.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
7 weeks agoArmPlatformPkg: Remove overly verbose DEBUG lines in LcdGraphicsBlt
Rebecca Cran [Tue, 3 May 2022 20:07:56 +0000 (14:07 -0600)]
ArmPlatformPkg: Remove overly verbose DEBUG lines in LcdGraphicsBlt

The DEBUG output in LcdGraphicsBlt is overly verbose, and makes using
the console difficult, for example when using the UiApp.

Since the extra output should no longer be needed, delete the DEBUG
lines.

Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
7 weeks agoMdeModulePkg/XhciDxe: Check return value of XHC_PAGESIZE register
Luo, Heng [Mon, 20 Jun 2022 07:08:16 +0000 (15:08 +0800)]
MdeModulePkg/XhciDxe: Check return value of XHC_PAGESIZE register

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3954

Report error if reserved bits are not 0 for PageSize

Cc: Ray Ni <ray.ni@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Signed-off-by: Heng Luo <heng.luo@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
7 weeks agoUefiPayloadPkg: UniversalPayloadBuild.py to support --pcd feature
Gua Guo [Tue, 21 Jun 2022 03:52:05 +0000 (11:52 +0800)]
UefiPayloadPkg: UniversalPayloadBuild.py to support --pcd feature

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3955

Currently, UPL freezed all PCD and only known UPL hob can hook DXE
Drivers behavior, add optional feature on UniversalPayloadBuild.py to
have another way to hook PCD value.

Cc: Guo Dong <guo.dong@intel.com>
Reviewed-by: : Ray Ni <ray.ni@intel.com>
Signed-off-by: Gua Guo <gua.guo@intel.com>
7 weeks agoUefiPayloadPkg: Always split page table entry to 4K if it covers stack.
Liu, Zhiguang [Fri, 17 Jun 2022 08:28:03 +0000 (16:28 +0800)]
UefiPayloadPkg: Always split page table entry to 4K if it covers stack.

We observed page fault in the following situation:
1.PayloadEntry uses 2M entry in page table to cover DXE stack range.
2.In DXE phase, image protection code needs to mark some sub-range in
this 2M entry as readonly. So the the 2M page table entry is split to
512 4K entries, and some of the entries are marked as readonly.
(the entries covering stack still remain R/W)
3.Page fault exception happens when trying to access stack.

Always split the page table entry to 4K if it covers stack to avoid this
issue.
More discussion about this issue can be seen at below link
https://edk2.groups.io/g/devel/topic/91446026

Cc: Guo Dong <guo.dong@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Benjamin You <benjamin.you@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
8 weeks agoUefiPayloadPkg: Increase the PcdMaximumUnicodeStringLength
Xie, Yuanhao [Wed, 15 Jun 2022 10:11:08 +0000 (18:11 +0800)]
UefiPayloadPkg: Increase the PcdMaximumUnicodeStringLength

The maximum Unicode string could be as large as 1800000 in certain
platforms when HII code builds the configuration strings.
This causes assertion in PrintLib.
The patch increases the PcdMaximumUnicodeStringLength to 1800000 to
avoid the assertion.

Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
Cc: Guo Dong <guo.dong@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Benjamin You <benjamin.you@intel.com>
8 weeks agoBaseTools: output the intermediate library instance when error occurs
Ni, Ray [Wed, 15 Jun 2022 04:54:39 +0000 (12:54 +0800)]
BaseTools: output the intermediate library instance when error occurs

When a module "Module" depends on a library instance "Lib1" which
depends on "Lib2" which depends on "Lib3" ... depends on "LibN",
but "LibN" doesn't support the type (e.g.: SEC) of the "Module", the
following error messages are printed by build tool:

<DSC path>(...): error 1001: Module by library instance [<LibN path>]
        consumed by [<Module path>]

But it's unclear to user how LibN is consumed by the Module.

With the patch, following errors are printed:

<DSC path>(...): error 1001: Module by library instance [<LibN path>]
        consumed by library instance [<Lib N-1 path>] which is
        consumed by module[<Module path>]

It doesn't print all the intermediate library instances between the
Module and LibN but at least the path of Lib N-1 can help users
to help how to fix the build errors.

I hope this patch can be a trigger point that a better solution could
be developed by tool experts to print all the library instances
between the Module and LibN.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Reviewed-by: Bob Feng <bob.c.fen@intel.com>
8 weeks agoSecurityPkg/HashLibTdx: Return EFI_UNSUPPORTED if it is not Tdx guest
Min M Xu [Sun, 12 Jun 2022 11:24:34 +0000 (19:24 +0800)]
SecurityPkg/HashLibTdx: Return EFI_UNSUPPORTED if it is not Tdx guest

HashLibTdx is designed for the Tdx guest. So if is not a Tdx guest,
return EFI_UNSUPPORTED in RegisterHashInterfaceLib.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
8 weeks agoOvmfPkg: Use PcdOvmfWorkAreaBase instead of PcdSevEsWorkAreaBase
Min M Xu [Sun, 12 Jun 2022 11:24:33 +0000 (19:24 +0800)]
OvmfPkg: Use PcdOvmfWorkAreaBase instead of PcdSevEsWorkAreaBase

It is an typo error that HobList pointer should be stored at
PcdOvmfWorkAreaBase, not PcdSevEsWorkAreaBase.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
8 weeks agoDxeMain: Fix the bug that StackGuard is not enabled
Ray Ni [Fri, 10 Jun 2022 08:43:32 +0000 (16:43 +0800)]
DxeMain: Fix the bug that StackGuard is not enabled

Commit e7abb94d1 removed InitializeCpuExceptionHandlersEx
and updated DxeMain to call InitializeCpuExceptionHandlers
for exception setup. But the old behavior that calls *Ex() sets
up the stack guard as well. To match the old behavior,
the patch calls InitializeSeparateExceptionStacks.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
8 weeks agoArmPkg/ArmExceptionLib: Follow new CpuExceptionHandlerLib APIs
Ray Ni [Mon, 13 Jun 2022 01:51:06 +0000 (09:51 +0800)]
ArmPkg/ArmExceptionLib: Follow new CpuExceptionHandlerLib APIs

CpuExceptionHandlerLib has been refactored with following changes:
1. Removed InitializeCpuInterruptHandlers in 2a09527ebcb459b40
2. Removed InitializeCpuExceptionHandlersEx and
   added InitializeSeparateExceptionStacks in e7abb94d1fb8a0e7

The patch updates ARM version of CpuExceptionHandlerLib to follow
the API changes.

The functionality to ARM platforms should be none.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
2 months agoMdePkg/BaseLib: Add CRC16-ANSI and CRC32c implementations
Pedro Falcato [Thu, 7 Apr 2022 22:02:00 +0000 (06:02 +0800)]
MdePkg/BaseLib: Add CRC16-ANSI and CRC32c implementations

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3871

Add the CRC16-ANSI and CRC32C implementations previously found at
Features/Ext4Pkg/Ext4Dxe/Crc{16,32c}.c to BaseLib.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
2 months agoMdePkg: Remove "assert" from SmmCpuRendevousLibNull.c
Zhihao Li [Wed, 18 May 2022 12:01:51 +0000 (20:01 +0800)]
MdePkg: Remove "assert" from SmmCpuRendevousLibNull.c

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3931

Some drivers will break down when they use
SmmWaitForAllProcessor() which from SmmCpuRendezvousLibNull.c.
Removing the code "ASSERT(False)" will make consumer
work normally if they keep default setting for sync mode.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Zhihao Li <zhihao.li@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
2 months agoRevert "OvmfPkg/Sec: fix stack switch"
Gerd Hoffmann [Fri, 10 Jun 2022 11:02:44 +0000 (19:02 +0800)]
Revert "OvmfPkg/Sec: fix stack switch"

This reverts commit ff36b2550f94dc5fac838cf298ae5a23cfddf204.

Has no effect because GCC_IA32_CC_FLAGS and GCC_X64_CC_FLAGS are unused.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2 months agoMpInitLib: Move the Above1Mb vector allocation to MpInitLibInitialize
Ray Ni [Sun, 8 May 2022 05:22:49 +0000 (13:22 +0800)]
MpInitLib: Move the Above1Mb vector allocation to MpInitLibInitialize

The AP vector consists of 2 parts:
1. the initial 16-bit code that should be under 1MB and page aligned.
2. the 32-bit/64-bit code that can be anywhere in the memory with any
   alignment.

The need of part #2 is because the memory under 1MB is temporary
"stolen" for use and will "give" back after all AP wake up. The range
of memory is not marked as code page in page table. CPU may trigger
exception as soon as NX is enabled.

The part #2 memory allocation can be done in the MpInitLibInitialize.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2 months agoMpInitLib: Only allocate below 1MB memory for 16bit code
Ray Ni [Sat, 7 May 2022 14:25:19 +0000 (22:25 +0800)]
MpInitLib: Only allocate below 1MB memory for 16bit code

Today's implementation allocates below 1MB memory for the 16bit, 32bit
and 64bit code.

But it's not necessary since now the 32bit and 64bit code run at high
memory no matter in PEI and DXE phase.

The patch simplifies the logic to remove the code that handles the
case when WakeupBufferHigh is 0.
It also reduce the memory foot print under 1MB by allocating
memory for 16bit code only.

MP_CPU_EXCHANGE_INFO is still under 1MB which is immediate
after the 16bit code.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2 months agoMpInitLib: Put SEV logic in separate file
Ray Ni [Sat, 7 May 2022 13:19:08 +0000 (21:19 +0800)]
MpInitLib: Put SEV logic in separate file

The patch does several simplifications:
1. Treat SwitchToRealProc as part of RendezvousFunnelProc.
   So the common logic in MpLib.c doesn't need to be aware of
   SwitchToRealProc.
   As a result, SwitchToRealSize/Offset are removed from
   MP_ASSEMBLY_ADDRESS_MAP.

2. Move SwitchToRealProc to AmdSev.nasm.
   All other assembly code in AmdSev.nasm is called through
   OneTimeCall.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Tested-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
2 months agoMpInitLib: remove unneeded global ASM_PFX
Ray Ni [Sat, 7 May 2022 12:34:36 +0000 (20:34 +0800)]
MpInitLib: remove unneeded global ASM_PFX

global in NASM file is used for symbols that are
referenced in C files.
Remove unneeded global keyword in NASM file.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2 months agoMpInitLib: Allocate code buffer for PEI phase
Ray Ni [Sat, 7 May 2022 09:10:49 +0000 (17:10 +0800)]
MpInitLib: Allocate code buffer for PEI phase

Today's implementation assumes PEI phase runs at 32bit so
the execution-disable feature is not applicable.
It's not always TRUE.
The patch allocates 32bit&64bit code buffer for PEI phase as well.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2 months agoCpuException: Add InitializeSeparateExceptionStacks
Ray Ni [Fri, 20 May 2022 11:12:35 +0000 (19:12 +0800)]
CpuException: Add InitializeSeparateExceptionStacks

Today InitializeCpuExceptionHandlersEx is called from three modules:
1. DxeCore (links to DxeCpuExceptionHandlerLib)
    DxeCore expects it initializes the IDT entries as well as
    assigning separate stacks for #DF and #PF.
2. CpuMpPei (links to PeiCpuExceptionHandlerLib)
   and CpuDxe (links to DxeCpuExceptionHandlerLib)
    It's called for each thread for only assigning separate stacks for
    #DF and #PF. The IDT entries initialization is skipped because
    caller sets InitData->X64.InitDefaultHandlers to FALSE.

Additionally, SecPeiCpuExceptionHandlerLib, SmmCpuExceptionHandlerLib
also implement such API and the behavior of the API is simply to initialize
IDT entries only.

Because it mixes the IDT entries initialization and separate stacks
assignment for certain exception handlers together, in order to know
whether the function call only initializes IDT entries, or assigns stacks,
we need to check:
1. value of InitData->X64.InitDefaultHandlers
2. library instance

This patch cleans up the code to separate the stack assignment to a new API:
InitializeSeparateExceptionStacks().

Only when caller calls the new API, the separate stacks are assigned.
With this change, the SecPei and Smm instance can return unsupported which
gives caller a very clear status.

The old API InitializeCpuExceptionHandlersEx() is removed in this patch.
Because no platform module is consuming the old API, the impact is none.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
2 months agoCpuException: Remove InitializeCpuInterruptHandlers
Ray Ni [Wed, 18 May 2022 09:51:21 +0000 (17:51 +0800)]
CpuException: Remove InitializeCpuInterruptHandlers

InitializeCpuExceptionHandlers() expects caller allocates IDT while
InitializeCpuInterruptHandlers() allocates 256 IDT entries itself.

InitializeCpuExceptionHandlers() fills max 32 IDT entries allocated
by caller. If caller allocates 10 entries, the API just fills 10 IDT
entries.

The inconsistency between the two APIs makes code hard to
unerstand and hard to share.

Because there is only one caller (CpuDxe) for
InitializeCpuInterruptHandler(), this patch updates CpuDxe driver
to allocates 256 IDT entries then call
InitializeCpuExceptionHandlers().

This is also a backward compatible change.

With this change, InitializeCpuInterruptHandlers() is removed
completely.

And InitializeCpuExceptionHandlers() fills max 32 entries for PEI
and SMM instance, max 256 entries for DXE instance.
Such behavior matches to the original one.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
2 months agoCpuException: Avoid allocating page but using global variables
Ray Ni [Wed, 18 May 2022 06:45:37 +0000 (14:45 +0800)]
CpuException: Avoid allocating page but using global variables

Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
2 months agoCpuException: Init global variables in-place
Ray Ni [Wed, 18 May 2022 05:56:05 +0000 (13:56 +0800)]
CpuException: Init global variables in-place

Additionally removed two useless global variables:
"SPIN_LOCK  mDisplayMessageSpinLock" from SMM instance.
"UINTN mEnabledInterruptNum" from DXE instance.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
2 months agoCpuException: Avoid allocating code pages for DXE instance
Ray Ni [Wed, 18 May 2022 05:44:24 +0000 (13:44 +0800)]
CpuException: Avoid allocating code pages for DXE instance

Today the DXE instance allocates code page and then copies the IDT
vectors to the allocated code page. Then it fixes up the vector number
in the IDT vector.

But if we update the NASM file to generate 256 IDT vectors, there is
no need to do the copy and fix-up.

A side effect is 4096 bytes (HOOKAFTER_STUB_SIZE * 256) is used for
256 IDT vectors while 32 IDT vectors only require 512 bytes without
this change, in following library instances:
1. 32bit SecPeiCpuExceptionHandlerLib and PeiCpuExceptionHandlerLib
2. 64bit PeiCpuExceptionHandlerLib

But considering the code logic simplification, 3.5K extra space is
not a big deal.
If 3.5K is too much, we can enhance the code further to generate 32
vectors for above mentioned library instances.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Acked-by: Eric Dong <eric.dong@intel.com>
2 months agoOvmfPkg/Sec: fix stack switch
Gerd Hoffmann [Wed, 8 Jun 2022 10:09:36 +0000 (18:09 +0800)]
OvmfPkg/Sec: fix stack switch

The ebp/rbp register can either be used for the frame pointer or
as general purpose register.  With gcc (and clang) this depends
on the -f(no-)omit-frame-pointer switch.

This patch updates tools_def.template to explicitly set the compiler
option and also add a define to allow conditionally compile code.

The new define is used to fix stack switching in TemporaryRamMigration.
The ebp/rbp must not be touched when the compiler can use it as general
purpose register.  With version 12 gcc starts actually using the
register, so changing it leads to firmware crashes in some
configurations.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3934
Reported-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2 months agoOvmfPkg: Delete SecMeasurementLibTdx
Min M Xu [Sun, 5 Jun 2022 01:02:48 +0000 (09:02 +0800)]
OvmfPkg: Delete SecMeasurementLibTdx

The feature of SecMeasurementLibTdx is replaced by SecTpmMeasurementLibTdx
(which is in SecurityPkg). So SecMeasurementLibTdx is deleted.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2 months agoOvmfPkg: Implement MeasureHobList/MeasureFvImage
Min M Xu [Sun, 5 Jun 2022 01:02:47 +0000 (09:02 +0800)]
OvmfPkg: Implement MeasureHobList/MeasureFvImage

MeasureHobList and MeasureFvImage once were implemented in
SecMeasurementTdxLib. The intention of this patch-set is to refactor
SecMeasurementTdxLib to be an instance of TpmMeasurementLib. So these
2 functions (MeasureHobList/MeasureFvImage) are moved to
PeilessStartupLib. This is because:
1. RTMR based trusted boot is implemented in Config-B (See below link)
2. PeilessStartupLib is designed for PEI-less boot and it is the right
   place to do the measurement for Hoblist and Config-FV.

Config-B: https://edk2.groups.io/g/devel/message/76367

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2 months agoSecurity: Add SecTpmMeasurementLibTdx
Min M Xu [Sun, 5 Jun 2022 01:02:46 +0000 (09:02 +0800)]
Security: Add SecTpmMeasurementLibTdx

SecTpmMeasurementLitTdx is an instance of TpmMeasurementLib. It is
designed to used in a Td guest. This lib measures and logs data, and
extendx the measurement result into a specific RTMR.

SecTpmMeasurementLibTdx is a refactored lib of
OvmfPkg/Library/SecMeasurementLibTdx and it just copies
GetMappedRtmrIndex/TdxMeasureAndLogData from that lib. At the end of
this patch-set SecMeasurementLibTdx will be deleted.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2 months ago.pytool: UncrustifyCheck: Set IgnoreFiles path relative to package path
Kun Qin [Mon, 6 Jun 2022 19:24:54 +0000 (12:24 -0700)]
.pytool: UncrustifyCheck: Set IgnoreFiles path relative to package path

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3942

`IgnoreFiles` tag is specified in the CI YAML files in each individual
packages. The current logic for UncrustifyCheck script bases specified
file paths from workspace, which requires the package name to be included
in each entry.

This change updates the ignore checking logic to be based on current
package path in order to reduce redundancy. It also keeps the consistency
of `IgnoreFiles` field other pytools such as SpellCheck and EccCheck.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Signed-off-by: Kun Qin <kuqin12@gmail.com>
Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com>
2 months agoBaseTools: Fix dependency issue in PcdValueInit
Jake Garver [Thu, 7 Apr 2022 16:59:03 +0000 (00:59 +0800)]
BaseTools: Fix dependency issue in PcdValueInit

The generated Makefile was missing a dependency.  This resulted in a
build-time race condition if the recursive make is multi-threaded and
shares job control.

Signed-off-by: Jake Garver <jake@nvidia.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
2 months agoOvmfPkg/IntelTdx: Enable RTMR based measurement and measure boot
Min Xu [Mon, 16 May 2022 07:42:23 +0000 (15:42 +0800)]
OvmfPkg/IntelTdx: Enable RTMR based measurement and measure boot

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853

Enable RTMR based measurement and measure boot for Td guest.

Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ken Lu <ken.lu@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
2 months agoOvmfPkg/IntelTdx: Add TdTcg2Dxe
Min Xu [Mon, 16 May 2022 07:42:22 +0000 (15:42 +0800)]
OvmfPkg/IntelTdx: Add TdTcg2Dxe

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853

TdTcg2Dxe mimics the Security/Tcg/Tcg2Dxe. It does below tasks:
 - Set up and install CC_EVENTLOG ACPI table
 - Parse the GUIDed HOB (gCcEventEntryHobGuid) and create CC event log
 - Measure handoff tables, Boot##### variables etc
 - Measure Exit Boot Service failed
 - Install CcMeasurement Protocol

Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ken Lu <ken.lu@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
2 months agoMdePkg: Define CC Measure EventLog ACPI Table
Min Xu [Mon, 16 May 2022 07:42:21 +0000 (15:42 +0800)]
MdePkg: Define CC Measure EventLog ACPI Table

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853

TDVF set up an ACPI table (EFI_CC_EVENTLOG_ACPI_TABLE) to pass the
event-log information. The event log created by the TD owner contains
the hashes to reconstruct the MRTD and RTMR registers.

Please refer to Sec 4.3.3 in blow link:
https://www.intel.com/content/dam/develop/external/us/en/documents/
intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf

Please be noted, the definition of EFI_CC_EVENTLOG_ACPI_TABLE is a
little different from the above document. This difference is based on
below discussion:
- https://edk2.groups.io/g/devel/message/87396
- https://edk2.groups.io/g/devel/message/87402

This change will be reflected in the next version of the above document.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ken Lu <ken.lu@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
2 months agoOvmfPkg: Add PCDs for LAML/LASA field in CC EVENTLOG ACPI table
Min Xu [Mon, 16 May 2022 07:42:20 +0000 (15:42 +0800)]
OvmfPkg: Add PCDs for LAML/LASA field in CC EVENTLOG ACPI table

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853

Add PCDs to records LAML/LASA field in CC EVENTLOG ACPI table.

Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ken Lu <ken.lu@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
2 months agoOvmfPkg/IntelTdx: Measure Td HobList and Configuration FV
Min Xu [Mon, 16 May 2022 07:42:19 +0000 (15:42 +0800)]
OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853

TdHobList and Configuration FV are external data provided by Host VMM.
These are not trusted in Td guest. So they should be validated , measured
and extended to Td RTMR registers. In the meantime 2 EFI_CC_EVENT_HOB are
created. These 2 GUIDed HOBs carry the hash value of TdHobList and
Configuration FV. In DXE phase EFI_CC_EVENT can be created based on these
2 GUIDed HOBs.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
2 months agoOvmfPkg: Introduce SecMeasurementLib
Min Xu [Mon, 16 May 2022 07:42:18 +0000 (15:42 +0800)]
OvmfPkg: Introduce SecMeasurementLib

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853

SecMeasurementLib is designed to do the measurement in SEC phase. In
current stage there are 2 functions introduced:
 - MeasureHobList: Measure the Hoblist passed from the VMM.
 - MeasureFvImage: Measure the FV image.

SecMeasurementLibTdx is the TDX version of the library.

Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ken Lu <ken.lu@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
2 months agoSecurityPkg: Add definition of EFI_CC_EVENT_HOB_GUID
Min Xu [Mon, 16 May 2022 07:42:17 +0000 (15:42 +0800)]
SecurityPkg: Add definition of EFI_CC_EVENT_HOB_GUID

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853

EFI_CC_EVENT_HOB_GUID is the global ID of a GUIDed HOB used to pass
TDX_DIGEST_VALUE from SEC to a DXE Driver ( This DXE driver will
be introduced in the following commit in this patch-sets ). In that
DXE driver this GUIDed HOB will be parsed and the TDX_DIGEST_VALUE
then will be extracted. After that a EFI_CC_EVENT will be created
based on it.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
2 months agoCryptoPkg: Add SecCryptLib
Min Xu [Mon, 16 May 2022 07:42:16 +0000 (15:42 +0800)]
CryptoPkg: Add SecCryptLib

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853

This is the Cryptographic library instance for SEC. The motivation of
this library is to support SHA384 in SEC phase for Td guest. So only
Hash/CryptSha512.c is included which supports SHA384 and SHA512. Other
cryptographics are added with the null version, such as CryptMd5Null.c.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
2 months agoSecurity: Add HashLibTdx
Min Xu [Mon, 16 May 2022 07:42:15 +0000 (15:42 +0800)]
Security: Add HashLibTdx

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853

This library provides hash service by registered hash handler in Td
guest. Currently only SHA384 is supported. After that the hash value is
extended to Td RTMR registers which is similar to TPM PCRs.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
2 months agoOvmfPkg: Don't access A20 gate register on Cloud Hypervisor
Sebastien Boeuf [Tue, 10 May 2022 12:50:46 +0000 (20:50 +0800)]
OvmfPkg: Don't access A20 gate register on Cloud Hypervisor

Since Cloud Hypervisor doesn't emulate an A20 gate register on I/O port
0x92, it's better to avoid accessing it when the platform is identified
as Cloud Hypervisor.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2 months agoOvmfPkg: CloudHv: Rely on QemuFwCfgLibNull implementation
Sebastien Boeuf [Tue, 10 May 2022 12:50:45 +0000 (20:50 +0800)]
OvmfPkg: CloudHv: Rely on QemuFwCfgLibNull implementation

Since Cloud Hypervisor doesn't support the fw_cfg mechanism, it's more
appropriate to rely on QemuFwCfgLibNull implementation of QemuFwCfgLib
since it provides a null implementation that will not issue any PIO
accesses to ports 0x510 and 0x511.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2 months agoOvmfPkg: Check for QemuFwCfg availability before accessing it
Sebastien Boeuf [Tue, 10 May 2022 12:50:44 +0000 (20:50 +0800)]
OvmfPkg: Check for QemuFwCfg availability before accessing it

There are few places in the codebase assuming QemuFwCfg will be present
and supported, which can cause some issues when trying to rely on the
QemuFwCfgLibNull implementation of QemuFwCfgLib.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2 months agoOvmfPkg: CloudHv: Fix FW_BASE_ADDRESS
Sebastien Boeuf [Tue, 10 May 2022 12:50:43 +0000 (20:50 +0800)]
OvmfPkg: CloudHv: Fix FW_BASE_ADDRESS

The FW_BASE_ADDRESS value provided by OvmfPkgDefines.fdf.inc is
incorrect for the CloudHv target. We know the generated firmware
contains a PVH ELF header, meaning it will be loaded according to the
address provided through this header. And since we know this address
isn't going to change as it's part of CloudHvElfHeader.fdf.inc, we can
hardcode it through a new include file CloudHvDefines.fdf.inc, which
replaces the generic one OvmfPkgDefines.fdf.inc.

With this change, we prevent the firmware from accessing MMIO addresses
from the address range 0xffc00000-0xffffffff since we know the firmware
hasn't been loaded on this address range.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2 months agoOvmfPkg/Microvm/pcie: add pcie support
Gerd Hoffmann [Thu, 2 Jun 2022 08:42:16 +0000 (10:42 +0200)]
OvmfPkg/Microvm/pcie: add pcie support

Link in pcie and host bridge bits.  Enables support for PCIe in microvm
(qemu-system-x86_64 -M microvm,pcie=on).

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3777
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2 months agoOvmfPkg/Microvm/pcie: mPhysMemAddressWidth tweak
Gerd Hoffmann [Thu, 2 Jun 2022 08:42:15 +0000 (10:42 +0200)]
OvmfPkg/Microvm/pcie: mPhysMemAddressWidth tweak

microvm places the 64bit mmio space at the end of the physical address
space.  So mPhysMemAddressWidth must be correct, otherwise the pci host
bridge setup throws an error because it thinks the 64bit mmio window is
not addressable.

On microvm we can simply use standard cpuid to figure the address width
because the host-phys-bits option (-cpu ${name},host-phys-bits=on) is
forced to be enabled.  Side note: For 'pc' and 'q35' this is not the
case for backward compatibility reasons.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2 months agoOvmfPkg/Microvm/pcie: no vbeshim please
Gerd Hoffmann [Thu, 2 Jun 2022 08:42:14 +0000 (10:42 +0200)]
OvmfPkg/Microvm/pcie: no vbeshim please

Those old windows versions which need the vbeshim hack
will not run on microvm anyway.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2 months agoOvmfPkg/Platform: unfix PcdPciExpressBaseAddress
Gerd Hoffmann [Thu, 2 Jun 2022 08:42:13 +0000 (10:42 +0200)]
OvmfPkg/Platform: unfix PcdPciExpressBaseAddress

Will be set by FdtPciHostBridgeLib, so it can't be an fixed when we
want use that library.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2 months agoOvmfPkg/FdtPciHostBridgeLib: io range is not mandatory
Gerd Hoffmann [Thu, 2 Jun 2022 08:42:12 +0000 (10:42 +0200)]
OvmfPkg/FdtPciHostBridgeLib: io range is not mandatory

io range is not mandatory according to pcie spec,
so allow host bridges without io address space.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>