This allows the FVP target to be built with UEFI Secure Boot enabled,
by passing -D SECURE_BOOT_ENABLE to the build command line. Note that
this requires the Intel BDS, or you will not be able to enroll
certificates, since the ARM BDS does not provide a GUI to do so.
The FVP Base model is recommended in this case, since the certificate
store is kept in NOR flash.
ArmPlatformPkg/PlatformIntelBdsLib: add splash screen support
Add a call to EnableQuietBoot () to BdsPlatformPolicyBehavior(),
so that a splash screen is shown in case one is present under the
correct GUID in the FV, and we have graphics support.
ArmPlatformPkg/PlatformIntelBdsLib: fix and clean up error handling
InitializeConsolePipe () shadowed its own Status variable, and then
clobbered the top one before printing its error message. Instead,
use a NULL check on the LocateProtocol () output argument.
Also clean up coding style on the error path.
ArmPlatformPkg/PlatformIntelBdsLib: remove ARM BDS dependency
The Intel BDS platform library still depends on the ARM BDS specific
BdsLib. So replace its invocations with GenericBdsLib counterparts,
and fix up where needed, so that we can drop the dependency.
MdeModulePkg/NetworkPkg: Locate IpSec on IP packet processing only if it's installed.
Modified the logic in Ip4Dxe and Ip6Dxe to not locate EFI_IPSEC2_PROTOCOL on each
message transmit/receive. Instead, register a callback in the drivers entry points
on the IpSec protocol installation, and process only if the protocol is installed.
This speeds up the network stacks when IpSec is not installed since there is a
penalty associated with searching the entire handle database on each packet processing.
Laszlo Ersek [Fri, 28 Aug 2015 08:12:51 +0000 (08:12 +0000)]
OvmfPkg: prevent code execution from DXE stack
SVN rev 18166 ("MdeModulePkg DxeIpl: Add stack NX support") enables
platforms to request non-executable stack for the DXE phase, by setting
PcdSetNxForStack to TRUE.
The PCD defaults to FALSE, because:
(a) A non-executable DXE stack is a new feature and causes changes in
behavior. Some platform could rely on executing code from the stack.
(b) The code enabling NX in the DXE IPL PEIM enforces the
PcdSetNxForStack ==> PcdDxeIplBuildPageTables
implication for "64-bit PEI + 64-bit DXE" platforms, with a new
ASSERT(). Some platform might not comply with this requirement
immediately.
Regarding (a), in none of the OVMF builds do we try to execute code from
the stack.
Regarding (b):
- In the OvmfPkgX64.dsc build (which is where (b) applies) we simply
inherit the PcdDxeIplBuildPageTables|TRUE default from
"MdeModulePkg/MdeModulePkg.dec". Therefore we can set PcdSetNxForStack
to TRUE.
- In OvmfPkgIa32X64.dsc, page tables are built by default for DXE. Hence
we can set PcdSetNxForStack to TRUE.
- In OvmfPkgIa32.dsc, page tables used not to be necessary until now.
After we set PcdSetNxForStack to TRUE in this patch, the DXE IPL will
construct page tables even when it is built as part of OvmfPkgIa32.dsc,
provided the (virtual) hardware supports both PAE mode and the XD bit.
Should this setting cause problems in a GPU (or other device) passthru
scenario, with a UEFI_DRIVER in the PCI option rom attempting to execute
code from the stack, the feature can be dynamically disabled on the QEMU
command line, with "-cpu <MODEL>,-nx".
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: "Zeng, Star" <star.zeng@intel.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18360 6f19259b-4bc3-4df7-8a09-765794883524
Since SVN r18316 / git 5ca29abe5297, the HTTP driver needs the HTTP
utilities driver to parse the headers of HTTP requests. Add the driver
into OVMF so that the HTTP driver can work properly.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Gary Ching-Pang Lin <glin@suse.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18359 6f19259b-4bc3-4df7-8a09-765794883524
Hao Wu [Fri, 28 Aug 2015 07:41:08 +0000 (07:41 +0000)]
MdePkg: Modify string expression of Wi-Fi device path to follow UEFI spec
According to UEFI 2.5 spec, the string expression of a Wi-Fi device node
should be displayed as: Wi-Fi(SSID). However, current code displays it as:
WiFi(SSID).
Hao Wu [Fri, 28 Aug 2015 07:36:55 +0000 (07:36 +0000)]
MdePkg: Modify string expression of BMC device path to follow UEFI spec
According to UEFI 2.5 spec, the string expression of a BMC device node
should be displayed as: BMC(Type,Address). However, current code displays
it as: Bmc(Type,Address).
Jiaxin Wu [Fri, 28 Aug 2015 07:00:32 +0000 (07:00 +0000)]
NetworkPkg: Fix IpSec run into infinite loop issue in some case
v2:
* Update the copyright year and conditional judgment for removing.
When edit one SPEntry in SPD database, the corresponding SA entry will
be updated to the sas list of the new SPD entry. But before that, all
of them should be removed from the original sas list. If not, the list
will be broken into infinite loop.
Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18352 6f19259b-4bc3-4df7-8a09-765794883524
Qiu Shumin [Fri, 28 Aug 2015 04:51:21 +0000 (04:51 +0000)]
ShellBinPkg: Ia32/X64 Shell binary update.
The binaries of ShellBinPkg are generated with ShellPkg project 18330. The binaries are built with no debug information by building with "RELEASE" target.
Dandan Bi [Thu, 27 Aug 2015 08:35:19 +0000 (08:35 +0000)]
MdeModulePkg:Set default string value
Previously construct Default Value in AltResp for string opcode is String Id,
Now change it to string value if the string opcode has default value.
This change is compatible for SetupBrowser to handle.And add default value
for string in DriverSample to test this case.
Jeff Fan [Thu, 27 Aug 2015 02:05:20 +0000 (02:05 +0000)]
SourceLevelDebugPkg/DebugTimer: Fix the issue if CurrentTimer = Timer
If CPU runs fast and timer runs slow, two GetApicTimerCurrentCount() may return
the same timer count value. We need to consider timer roll-over not happened.
Otherwise, one false timeout flag will be set.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jeff Fan <jeff.fan@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18328 6f19259b-4bc3-4df7-8a09-765794883524
Star Zeng [Wed, 26 Aug 2015 09:46:29 +0000 (09:46 +0000)]
MdeModulePkg FaultTolerantWrite: Error handling for erase operation failure
There may be anti-flash wear out feature to forbid erase operation after end of dxe.
The code is missing some error handling for erase operation failure,
it should return directly after the erase operation failed.
Liming Gao [Wed, 26 Aug 2015 06:33:31 +0000 (06:33 +0000)]
BaseTools: Fix the missing depex file in GenFds
If FDF FfsRule describes |.depex for depex file on source build, it may
be missed in the generated FD image. GenFds tool needs to check the
output file list and find the matched one.
Jiaxin Wu [Wed, 26 Aug 2015 06:19:53 +0000 (06:19 +0000)]
NetworkPkg: Update HttpDxe driver to consume EFI_HTTP_UTILITIES_PROTOCOL
v2:
* Register a notification function to be executed for Http utilities protocol
in the drivers entry points.
Since we add EFI_HTTP_UTILITIES_PROTOCOL support, HttpDxe driver should
be updated to remove internal http utilities functions and consume this
protocol directly.
Cc: Ye Ting <ting.ye@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Samer El-Haj-Mahmoud <elhaj@hp.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18316 6f19259b-4bc3-4df7-8a09-765794883524
Qiu Shumin [Wed, 26 Aug 2015 02:25:42 +0000 (02:25 +0000)]
MdePkg: Make the FileHandleGetFileName return the file name in right format.
1. If the file is not a directory remove the redundant '\' char in file name string returned from UefiFileHandleLib.FileHandleGetFileName.
2. Update function comments.
Feng Tian [Wed, 26 Aug 2015 01:19:09 +0000 (01:19 +0000)]
MdeModulePkg/Xhci: Remove TDs from transfer ring when timeout happens
The error handling for timeout case is enhanced to remove TDs from
transfer ring. The original code only removed s/w URB, but the h/w
transfer descriptor TDs didn't get removed. It would cause data lost
for data stream peripheral, such as usb-to-serial device, from the
s/w perspective.
Qin Long [Wed, 26 Aug 2015 00:59:17 +0000 (00:59 +0000)]
SecurityPkg: Fix one returned code issue in P7Verify Protocol
VerifyBuffer() in PKCS7 Verify Protocol should return EFI_UNSUPPORTED
when the embedded content is found in SignedData but InData is not NULL.
This patch is to comply with the spec definition.
Ard Biesheuvel [Tue, 25 Aug 2015 14:54:36 +0000 (14:54 +0000)]
ShellPkg: use UEFI_APPLICATION module type for Shell components
Some of the libraries under ShellPkg/Library/ are only intended to be
loaded into the Shell by means of a NULL LibraryClass resolution, and
serve no other purpose. Since the Shell itself is a UEFI_APPLICATION, it
makes sense to set the module type of those libraries to UEFI_APPLICATION
as well.
This allows us to use different compiler flags for the Shell application
itself but also for the majority of its constituent parts that are built
separately via these libraries.
Ard Biesheuvel [Tue, 25 Aug 2015 13:11:25 +0000 (13:11 +0000)]
ArmPlatformPkg/FVP: unify support for Foundation and Base models
Now that the PL180 and PL111 drivers know how to behave when executed
on the Foundation model (which does not emulate the hardware), we can
remove the ARM_FOUNDATION_FVP ifdefs and produce a single build that
runs on both the Foundation model and the Base model.
Star Zeng [Tue, 25 Aug 2015 07:05:48 +0000 (07:05 +0000)]
MdeModulePkg PeiCore: Recheck SwitchStackSignal after ProcessNotifyList()
in case PeiInstallPeiMemory() is done in a callback with
EFI_PEI_PPI_DESCRIPTOR_NOTIFY_DISPATCH, and the callback is registered on
a PPI that is installed in the last PEIM.
At the case, PeiCore SwitchStack code will be not being invoked.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18305 6f19259b-4bc3-4df7-8a09-765794883524
Star Zeng [Tue, 25 Aug 2015 03:04:18 +0000 (03:04 +0000)]
Vlv2TbltDevicePkg: Link separated VarCheckUefiLib NULL class library instance
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: David Wei <david.wei@intel.com> Reviewed-by: Tim He <tim.he@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18292 6f19259b-4bc3-4df7-8a09-765794883524
Star Zeng [Tue, 25 Aug 2015 03:03:05 +0000 (03:03 +0000)]
EmulatorPkg: Link separated VarCheckUefiLib NULL class library instance
Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Andrew Fish <afish@apple.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18289 6f19259b-4bc3-4df7-8a09-765794883524
Since Variable driver has been updated to consume the separated VarCheckLib.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: David Wei <david.wei@intel.com> Reviewed-by: Tim He <tim.he@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18285 6f19259b-4bc3-4df7-8a09-765794883524
Star Zeng [Tue, 25 Aug 2015 02:59:52 +0000 (02:59 +0000)]
EmulatorPkg: Add VarCheckLib library mapping
Since Variable driver has been updated to consume the separated VarCheckLib.
Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Andrew Fish <afish@apple.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18282 6f19259b-4bc3-4df7-8a09-765794883524
Star Zeng [Tue, 25 Aug 2015 02:58:36 +0000 (02:58 +0000)]
MdeModulePkg: Add VarCheckUefiLib NULL class library
What to do: Implement VarCheckUefiLib NULL class library instance.
The code logic are separated from Variable driver, and it will consume VarCheckLib
to register var check handler and variable property set for UEFI defined variables.
Why to do: Share code.
Separate variable check UEFI code from Variable driver in MdeModulePkg.
We are going to separate generic software logic code from Variable Driver
to benefit other variable driver implementation. Auth services has been done
to be AuthVariableLib, now to cover variable check service.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18279 6f19259b-4bc3-4df7-8a09-765794883524
Star Zeng [Tue, 25 Aug 2015 02:58:09 +0000 (02:58 +0000)]
MdeModulePkg: Add VarCheckLib library
What to do:
1. Add VarCheckLib LibraryClass definitions.
2. Implement VarCheckLib library instance.
The code logic are separated from Variable driver.
Why to do: Share code.
Separate variable check service from Variable driver in MdeModulePkg.
We are going to separate generic software logic code from Variable Driver
to benefit other variable driver implementation. Auth services has been done
to be AuthVariableLib, now to cover variable check service.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18278 6f19259b-4bc3-4df7-8a09-765794883524
Liming Gao [Tue, 25 Aug 2015 01:55:52 +0000 (01:55 +0000)]
SecurityPkg: Use PcdGetSize to get the size of VOID* PCD value.
PcdLib introduces generic API to get the size of VOID* PCD value.
Update Pei and Dxe RsaGuidedLib to use generic PCD API instead of GetEx API.
This change can remove PCD type limitation in these two libraries.
Qiu Shumin [Mon, 24 Aug 2015 07:42:27 +0000 (07:42 +0000)]
MdePkg/Library/UefiFileHandleLib: Make FileHandleReadLine return the right buffer size.
1. '\r' char will not return in buffer so buffer size should exclude the number of '\r' char.
2. When 'Truncate' is TRUE return the truncated string with 'EFI_SUCCESS' status.
Liming Gao [Mon, 24 Aug 2015 05:02:07 +0000 (05:02 +0000)]
BaseTools: Fix AutoGen issue for Patchable VOID* PCD.
Patchable VOID* PCD set operation should map LibPatchPcdSetPtr()
and LibPatchPcdSetPtrS() API. This has been done when PCD is used
in driver, but not done when PCD is used in library.
Liming Gao [Mon, 24 Aug 2015 05:01:11 +0000 (05:01 +0000)]
MdePkg: Add two PcdApi for Patch VOID* PCD set operation.
Two new APIs LibPatchPcdSetPtrAndSize() and LibPatchPcdSetPtrAndSizeS()
are added to catch the size of the updated VOID* PCD value buffer, then
PcdGetSize() API can return the actual size.
Update three PcdLib instances to implement these two APIs.
Liming Gao [Mon, 24 Aug 2015 05:00:32 +0000 (05:00 +0000)]
MdePkg: Add four PcdGetSize() API in PcdLib
Add below four PcdGetSize() API in PcdLib header file. They can be used
to get the size of PCD value.
FixedPcdGetSize()
PatchPcdGetSize()
PcdGetSize()
PcdGetExSize()
Liming Gao [Mon, 24 Aug 2015 05:00:05 +0000 (05:00 +0000)]
BaseTools: Add NULL pointer check in AutoGen code
For DynamicEx PCD, if NULL pointer is specified as token space GUID,
it will directly be used to compare GUID value in AutoGen code.
To avoid access NULL pointer, NULL pointer will be checked first.
Star Zeng [Mon, 24 Aug 2015 01:43:20 +0000 (01:43 +0000)]
MdePkg: Follow PI spec to update ExtendedSize in EFI_FFS_FILE_HEADER2
for FFS data above 16 bytes alignment requirement.
PI spec requires FFS header to be at 8 bytes alignment to FV header.
And, FFS data alignment requires the beginning of the file data must
be aligned on a particular boundary, such as 1, 16, 128 bytes or above.
If FFS data alignment requires to be above 16 bytes, and FFS header
must be at 8 byte alignment, so FFS header size must be multiple of 8.