Yonghong Zhu [Wed, 11 Nov 2015 06:30:42 +0000 (06:30 +0000)]
BaseTools/GenFw: add new option to not zero PE/COFF optional header fields
Add new option --keepoptionalheader and that flag does not zero PE/COFF
optional header fields including the version fields. It can support the
case that the PE/COFF optional header would be kept.
Liming Gao [Wed, 11 Nov 2015 02:16:35 +0000 (02:16 +0000)]
MdePkg: Add more DataBits support to Port80 output
The BasePostCodeLibPort80 instance just prints UINT8 to IoPort 80. Some boards
may support 16bit or 32bit. To support them, new PCD PcdPort80DataWidth is
introduced to specify the width of data bits to Port80.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18765 6f19259b-4bc3-4df7-8a09-765794883524
Eugene Cohen [Tue, 10 Nov 2015 10:02:24 +0000 (10:02 +0000)]
MdeModulePkg PeiCore: Fix issue AuthenticationStatus is not propagated correctly
This patch fixes an issue in PEI with encapsulated FV images where the
AuthenticationStatus is not correctly propagated down to child FV
handles. The PEI core registers for callbacks for both FvInfo and
FvInfo2 PPIs. These callbacks process the FVs which will recurse as
necessary to find more encapsulated FVs. (FvInfo2 is an updated PPI
that includes an AuthenticationStatus field - the original FvInfo did
not include this.)
When encapsulated FV processing occurs the PEI core installs both
FvInfo and FvInfo2 PPIs. The original implementation installs FvInfo
first and FvInfo2 second. As soon as the FvInfo PPI is installed the
notification callback handler immediately fires causing recursive FV
processing to occur. Since there is no AuthenticationStatus provided
for the original FvInfo the callback assumes AuthenticationStatus is
zero (unsigned / unverified) even though the parent FV may have been
verified.
This changes the order of FvInfo and FvInfo2 installs to ensure that
the notification callback occurs for FvInfo2 first and appropriate
AuthenticationStatus data can be propagated from parent FV to child
FV.
Zhang Lubo [Tue, 10 Nov 2015 02:18:31 +0000 (02:18 +0000)]
NetworkPkg: Report Http Errors to screen when http layer occurs an error
Http server will return error status in http header when http connection
cannot be established,so the http boot driver should print the error code
code to the screen and the users can know what happened.
Yao, Jiewen [Tue, 10 Nov 2015 02:03:40 +0000 (02:03 +0000)]
Add error handling for TPM in S3 resume failure.
If TPM2_Startup(TPM_SU_STATE) to return an error, the system
firmware that resumes from S3 MUST deal with a TPM2_Startup
error appropriately.
For example, issuing a TPM2_Startup(TPM_SU_CLEAR) command and
configuring the device securely by taking actions like extending
a separator with an error digest (0x01) into PCRs 0 through 7.
Ard Biesheuvel [Mon, 9 Nov 2015 13:28:33 +0000 (13:28 +0000)]
ArmPkg/ArmDmaLib: use the cache writeback granularity for alignment
When allocating memory to perform non-coherent DMA, use the cache
writeback granule rather than the data cache linesize for alignment.
This prevents the explicit cache maintenance from corrupting
unrelated adjacent data if the cache writeback granule exceeds
the cache linesize.
Ard Biesheuvel [Mon, 9 Nov 2015 13:28:17 +0000 (13:28 +0000)]
ArmPkg/ArmLib: add accessor function for Cache Writeback Granule
Add a function to ArmLib that provides access to the Cache Writeback
Granule (CWG) field in CTR_EL0. This information is required when
performing non-coherent DMA.
Ard Biesheuvel [Mon, 9 Nov 2015 13:27:56 +0000 (13:27 +0000)]
ArmVirtPkg/PrePi: do not invalidate the entire data cache at startup
Drop the call to ArmInvalidateDataCache () from the PrePi startup
sequence. This kind of data cache maintenance should not be performed
when running under virtualization.
The ARM architecture provides no reliable way to clean or invalidate
the entire data cache at runtime. The reason is that such maintenance
requires the use of set/way maintenance operations, which are suitable
only for the kind of maintenance that is carried out when the cache is
taken offline entirely.
So ASSERT () when any of the CacheMaintenanceLib whole data cache routines
are invoked rather than pretending we can do anything meaningful here.
Ard Biesheuvel [Mon, 9 Nov 2015 13:27:15 +0000 (13:27 +0000)]
ArmPkg/ArmLib: move cache maintenance sync barriers out of loop
There is no need to issue a full data synchronization barrier and an
instruction synchronization barrier after each and every set/way or
MVA cache maintenance operation. For the set/way case, we can simply
remove them, since the set/way outer loop already issues the required
barriers after completing its traversal over all the cache levels.
For the MVA case, move the data synchronization barrier out of the
loop, and add the instruction synchronization barrier to the I-cache
invalidation by MVA routine.
Ard Biesheuvel [Mon, 9 Nov 2015 13:26:52 +0000 (13:26 +0000)]
ArmPkg/ArmLib: retrieve cache line length from CTR not CCSIDR
The stride used by the cache maintenance by MVA instructions should
be retrieved from CTR_EL0.DminLine and CTR_EL0.IminLine, whose values
reflect the actual geometry of the caches. Using CCSIDR for this purpose
violates the architecture.
Also, move the line length accessors to common code, since there is no
need to keep them separate between ARMv7 and AArch64.
Ard Biesheuvel [Mon, 9 Nov 2015 13:26:32 +0000 (13:26 +0000)]
ArmPkg/ArmLib: remove CCSIDR based cache info routines
The ARM architecture does not allow the actual geometries of the caches
to be inferred from the CCSIDR cache info system register, since the
geometry it reports is intended for performing cache maintenance by
set/way and nothing else. Since the ArmLib cache info routines are
based solely on CCSIDR contents, they should not be used.
The function ArmCleanDataCacheToPoU() has no users, and its purpose
is unclear, since it uses cache maintenance by set/way to perform
the clean to PoU, which is a dubious practice to begin with. So
remove the declaration and all definitions.
Ard Biesheuvel [Mon, 9 Nov 2015 13:25:31 +0000 (13:25 +0000)]
ArmPkg/ArmLib: remove unused ARM9 support
The ARM9 ArmLib implementation is not referenced anywhere in the
tree, and unlikely to be useful going forward, considering that
ARM9 outdates even ARMv6. So remove it.
Mark Rutland [Mon, 9 Nov 2015 13:25:12 +0000 (13:25 +0000)]
ArmPkg/ArmLib: fix barriers in AArch64 ArmEnableMmu
The ARM architecture requires a DSB to complete TLB maintenance, with a
subsequent ISB being required to synchronize subsequent items in the
current instruction stream against the completed TLB maintenance.
The ArmEnableMmu function is currently missing the DSB, and hence the
TLB maintenance is not guaranteed to have completed at the point the MMU
is enabled. This may result in unpredictable behaviour.
The DSB subsequent to the write to SCTLR_EL1 is unnecessary; the ISB
alone is sufficient to complete all prior instructions and to
synchronise the new context with any subsequent instructions.
This patch adds missing DSBs to complete TLB maintenance, and removes
the unnecessary trailing DSB.
Ashutosh Singh [Mon, 9 Nov 2015 13:13:37 +0000 (13:13 +0000)]
ArmPkg/BdsLib: Increase fallback tftp buffer size
When performing a tftp download from a server which does not support
rfc2349 transfer size option (such as netkit-tftpd), the existing code
falls back to allocating an 8MB buffer. Since this is insufficient for
an uncompressed AArch64 Linux kernel image, double the size to 16MB.
Ard Biesheuvel [Mon, 9 Nov 2015 08:39:28 +0000 (08:39 +0000)]
BaseTools GCC: move PECOFF_HEADER_SIZE definition before LD script
Older versions of binutils need all symbols to be defined when consuming
the linker script passed via the command line. So move the definition
'--defsym=PECOFF_HEADER_SIZE=...' before the '--script=...' command line
argument.
Yonghong Zhu [Mon, 9 Nov 2015 07:43:07 +0000 (07:43 +0000)]
BaseTools: Allow decimal values in the EDK II meta-data file
Because the EDK II meta-data specifications already allow using decimal
values in the EDK II Meta-data file [Defines] section, this patch update
code to allow this usage.
Zhang Lubo [Mon, 9 Nov 2015 07:00:20 +0000 (07:00 +0000)]
NetworkPkg:Fix the issue that cannot parse ipv6 address correctly.
If there is a ipv6 expressed url, the NetLibAsciiStrToIp6 cannot get the Ipv6
address from the host name, because the host name contains left and right
bracket which cannot be used to configure the Tcp6 connection.
Zhang Lubo [Mon, 9 Nov 2015 03:45:23 +0000 (03:45 +0000)]
MdeModulePkg:Fix a bug that HttpLib can not parse Ipv6 address correctly.
When parsing the authority component of the input URL, it can not distinguish
the ":" is the flag that indicates the port or the separator between
the ipv6 address.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Gary Ching-Pang Lin <glin@suse.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18744 6f19259b-4bc3-4df7-8a09-765794883524
Qiu Shumin [Mon, 9 Nov 2015 02:29:31 +0000 (02:29 +0000)]
ShellPkg: Don't strip positional parameters of quotation marks.
Per Shell SPEC 2.1 'Double-quotation marks that surround arguments are not stripped in positional parameters'. This patch makes Shell implementation to follow SPEC.
Daryl McDaniel [Sat, 7 Nov 2015 19:43:57 +0000 (19:43 +0000)]
AppPkg/Applications/Python/Python-2.7.10: Initial Checkin part 5/5.
These files are candidates for modification during the port to EDK II.
The following files were copied, unchanged, from the Python 2.7.2 port.
Ia32/pyconfig.h
X64/pyconfig.h
PyMod-2.7.10/Modules/config.c
PyMod-2.7.10/Modules/edk2module.c
Py2710ReadMe.txt // Copied from PythonReadMe.txt
Python2710.inf // Copied from PythonCore.inf
The remaining files were copied, unchanged, from the cPython 2.7.10 distribution.
These files are unchanged and set the baseline for subsequent commits.
Daryl McDaniel [Sat, 7 Nov 2015 19:29:24 +0000 (19:29 +0000)]
AppPkg/Applications/Python/Python-2.7.10: Initial Checkin part 3/5.
The Objects directory from the cPython 2.7.10 distribution, along with the LICENSE and README files. These files are unchanged and set the baseline for subsequent commits.
Daryl McDaniel [Sat, 7 Nov 2015 19:19:19 +0000 (19:19 +0000)]
AppPkg/Applications/Python/Python-2.7.10: Initial Checkin part 1/5.
The Include, Parser, and Python directories from the cPython 2.7.10 distribution.
These files are unchanged and set the baseline for subsequent commits.
In ArmPkg/Include/Chipset, several CPU-specific header files reside.
Most of these provide no actual, or very little, use.
ARM1176JZ-S.h is not used at all (and unusable since SVN r18237).
ArmAemV8.h simply includes AArch64.h.
ArmCortexA15.h defines one processor-specific configuration bit and
then includes ArmV7.h.
Delete these include files, and update their sole users to function
without them.
Nagaraj Hegde [Fri, 6 Nov 2015 09:35:09 +0000 (09:35 +0000)]
NetworkPkg:Missing CloseEvent() in HttpResponseWorker
Two additional scenarios in which CloseEvent() needs to be called:
When sending a request to http server using HTTP Head method, if the process
is success, we did a response call, and then go to exit without close the
event in Rxtoken in wrap structure and in httpinstance struceure, so
another call() to response using http get method to receive http header,
those events are not closed either..
Ard Biesheuvel [Thu, 5 Nov 2015 14:41:43 +0000 (14:41 +0000)]
CryptoPkg: fix AARCH64 build under CLANG35
The OpenSSL function sk_X509_delete_ptr() resolves through preprocessor
substitution to '(X509 *)sk_delete_ptr()', in which the cast causes the
call to be interpreted as an expression (whose value is not used) rather
than a statement, resulting in the following error under Clang:
...: error: expression result unused [-Werror,-Wunused-value]
Qin Long [Thu, 5 Nov 2015 08:50:39 +0000 (08:50 +0000)]
CryptoPkg: Add one new API (Pkcs7GetCertificatesList) for certs retrieving.
Adding one new API (Pkcs7GetCertificatesList) to retrieve and sort all
embedded certificates from Pkcs7 signedData. This new API will provide
the support for UEFI 2.5 Secure-Boot AuditMode feature.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18729 6f19259b-4bc3-4df7-8a09-765794883524
Cinnamon Shia [Thu, 5 Nov 2015 01:03:14 +0000 (01:03 +0000)]
ShellPkg/UefiDpLib: Fix a DP cumulative data issue
The value of PERF_CUM_DATA.Count and PERF_CUM_DATA.Duration field
keep cumulating on every execution of dp.
Initialize the CumData at dp's entry point.
The PiSmmCpuDxeSmm module is using PcdFrameworkCompatibilitySupport to
provide compatibility with the SMM support in the IntelFrameworkPkg.
This change removes the Framework compatibility and requires all SMM
modules that provide SMI handlers to follow the PI Specification.
Cc: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18726 6f19259b-4bc3-4df7-8a09-765794883524
Daryl McDaniel [Tue, 3 Nov 2015 18:58:06 +0000 (18:58 +0000)]
AppPkg: Replace all occurrences of ` within comments with '.
Within the Ia32 and X64 pyconfig.h files, there are 178 occurrences
of an accent character, `, being used instead of a regular single quote, ',
within comments.
Example:
OLD: `foobar'
NEW: 'foobar'
The same changes are applied to both
AppPkg/Applications/Python/Ia32/pyconfig.h and
AppPkg/Applications/Python/X64/pyconfig.h.
Jeremy Linton [Tue, 3 Nov 2015 11:11:22 +0000 (11:11 +0000)]
ArmPlatformPkg: Juno - add correct SPI interrupt numbers for MSI
The JunoR1 has a GICv2m which is a GICv2 with a little piece of hardware
that has some memory mapped locations that can trigger traditional SPI
interrupts. This allows some basic PCIe MSI capabilities.
Setup the SPI range that is mapped by the MSI window. This range is
described in the JunoR1 SoC TRM, table 3-3. Under Interrupt ID 244-351 is
described as "GICv2m PCI Express MSI". In the future when these tables
are generated programmatically the information may be found in the
MSI_TYPER register as well.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18723 6f19259b-4bc3-4df7-8a09-765794883524
Ruiyu Ni [Tue, 3 Nov 2015 02:34:21 +0000 (02:34 +0000)]
MdeModulePkg: Fix a PciBusDxe hot plug bug
For a hot plug bridge with device attached, PciBusDxe driver reserves
the resources which equal to the total amount of padding resource
returned from HotPlug->GetResourcePadding() and the actual occupied
resource by the attached device. The behavior is incorrect.
Correct behavior is to reserve the bigger one between the padding
resource and the actual occupied resource.
Michael Kinney [Tue, 3 Nov 2015 02:06:57 +0000 (02:06 +0000)]
MdeModulePkg: PiSmmCore: Remove confusing CopyMem() of SMM_ENTRY_CONTEXT
A subset of fields in the EFI_SMM_SYSTEM_TABLE2 structure are identical
to the fields in the SMM_ENTRY_CONTEXT structure. CopyMem() is used to
transfer the contents of the SMM_ENTRY_CONTEXT structure into the
EFI_SMM_SYSTEM_TABLE2. This is confusing because SMM_ENTRY_CONTEXT is
not used in the declaration of EFI_SMM_SYSTEM_TABLE2 and field contents
are transferred without any reference to individual field names (e.g.
CurrentlyExecutingCpu). In order to make the code easier to maintain
and understand, the CopyMem() is replaced with statements that transfer
each field of SMM_ENTRY_CONTEXT into EFI_SMM_SYSTEM_TABLE2.
Jeff Fan [Mon, 2 Nov 2015 03:04:19 +0000 (03:04 +0000)]
UefiCpuPkg/PiSmmCpuDxeSmm: Shouldn't use gSmst->CurrentlyExecutingCpu
In ConfigSmmCodeAccessCheck(), we used gSmst->CurrentlyExecutingCpu to get the
current SMM BSP. But ConfigSmmCodeAccessCheck() maybe invoked before executing
SmmCoreEntry() and gSmst->CurrentlyExecutingCpu hasn't been updated to the
latest value. The code flow is as below:
BSPHandler()
gSmmCpuPrivate->SmmCoreEntryContext.CurrentlyExecutingCpu = CpuIndex;
//
// when mRestoreSmmConfigurationInS3 is set:
//
ConfigSmmCodeAccessCheck()
//
// reads gSmst->CurrentlyExecutingCpu to early
//
gSmmCpuPrivate->SmmCoreEntry (&gSmmCpuPrivate->SmmCoreEntryContext)
//
// sets gSmst->CurrentlyExecutingCpu with CopyMem() too late
//
CopyMem (&gSmmCoreSmst.SmmStartupThisAp,
SmmEntryContext, sizeof (EFI_SMM_ENTRY_CONTEXT));
Instead, we should use
gSmmCpuPrivate->SmmCoreEntryContext.CurrentlyExecutingCpu directly.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jeff Fan <jeff.fan@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18715 6f19259b-4bc3-4df7-8a09-765794883524
Michael Kinney [Fri, 30 Oct 2015 17:53:31 +0000 (17:53 +0000)]
UefiCpuPkg: LocalApicLib: Add API to set SoftwareEnable bit
The LocalApicLib does not provide a function to manage the state of the
Local APIC SoftwareEnable bit in the Spurious Vector register. There
are cases where this bit needs to be managed without side effects to.
other Local APIC registers. One use case is in the DebugAgent in the
SourceLevelDebugPkg.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18711 6f19259b-4bc3-4df7-8a09-765794883524
Michael Kinney [Fri, 30 Oct 2015 17:32:27 +0000 (17:32 +0000)]
UefiCpuPkg: CpuDxe: Update GDT to be consistent with DxeIplPeim
The PiSmmCpuDxeSmm module makes some assumptions about GDT selectors
that are based on the GDT layout from the DxeIplPeim. For example,
the protected mode entry code and (where appropriate) the long mode
entry code in the UefiCpuPkg/PiSmmCpuDxeSmm/*/MpFuncs.* assembly
files, which are used during S3 resume, open-code segment selector
values that depend on DxeIplPeim's GDT layout.
This updates the CpuDxe module to use the same GDT layout as the
DxeIplPeim. This enables modules that are dispatched after
CpuDxe to find, and potentially save and restore, a GDT layout that
matches that of DxeIplPeim. The DxeIplPeim has a 2 GDT entries for
data selectors that are identical. These are LINEAR_SEL (GDT Offset
0x08)and LINEAR_DATA64_SEL (GDT offset 0x30). LINEAL_SEL is used for
for IA32 DXE and the LINEAR_DATA64_SEL is used for X64 DXE. This
duplicate data selector was added to the CpuDxe module to keep the
GDT and all selectors consistent.
Using a consistent GDT also improves debug experience.
Nagaraj Hegde [Fri, 30 Oct 2015 06:47:54 +0000 (06:47 +0000)]
NetworkPkg: HttpDxe sometimes free a pointer twice
In EfiHttpRequest, HostName was getting freed twice whenever
HttpTransmitTcp4 failed. Moved FreePool (HostName) after
HttpTransmitTcp4 call to avoid a double free.
David Woodhouse [Thu, 29 Oct 2015 14:17:31 +0000 (14:17 +0000)]
CryptoPkg/OpensslLib: Move OPENSSL_NO_xxx defines into opensslconf.h
Putting these on the command line as we do at the moment means that they
are *only* visible when actually building the OpenSSL code itself. When
building other things like BaseCryptLib, they were missing. Which could
lead to discrepancies in structures defined by the header files, between
the OpenSSL code and the EDK II code which calls it.
Move the definitions into opensslconf.h where they would normally live
in a standard build of OpenSSL.
Note: Do *not* set OPENSSL_NO_LHASH or OPENSSL_NO_OCSP since those weren't
effectively disabled before; the directories was still being included in
the build. If we actually disable then, the build breaks. We can hopefully
fix at least OCSP upstream later, but one thing at a time...
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18708 6f19259b-4bc3-4df7-8a09-765794883524
David Woodhouse [Thu, 29 Oct 2015 14:17:15 +0000 (14:17 +0000)]
CryptoPkg: Fix OpenSSL BN wordsize and OPENSSL_SYS_UEFI handling
We were manually setting -DSIXTY_FOUR_BIT_LONG or -DTHIRTY_TWO_BIT on
the compiler command line when building OpensslLib itself, but not when
building BaseCryptLib.
But when building BaseCryptLib, we weren't setting OPENSSL_SYS_UEFI
*either*. This meant that *that* build was picking up the definition
from <openssl/opensslconf.h>, and was thus *different* to the version
the library was built with, in some cases.
So set OPENSSL_SYS_UEFI consistently in OpensslSupport.h and *also*
define either SIXTY_FOUR_BIT or THIRTY_TWO_BIT there too.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18706 6f19259b-4bc3-4df7-8a09-765794883524
David Woodhouse [Thu, 29 Oct 2015 14:17:02 +0000 (14:17 +0000)]
CryptoPkg/OpensslLib: Undefine NO_BUILTIN_VA_FUNCS to fix varargs breakage
Instead of patching OpenSSL to add EFIAPI to the one varargs function we
actually *noticed* breakage in, let's fix the problem in a more coherent
way by undefining NO_BUILTIN_VA_FUNCS.
That way, the VA_START and similar macros will actually do the right
thing for non-EFIAPI functions, which is to use the GCC builtins.
It's still fairly broken elsewhere in the tree, with the VA_START macro
being used from both EFIAPI and non-EFIAPI functions — and being broken
in the latter case. We probably ought to make EFIAPI a no-op everywhere
and add -mabi=ms to the GCC builds. But that's a project for another day.
For now, just fix the OpenSSL build in a cleaner fashion.
David Woodhouse [Thu, 29 Oct 2015 14:16:45 +0000 (14:16 +0000)]
CryptoPkg/BaseCryptLib: Use X509_V_FLAG_PARTIAL_CHAIN
Since OpenSSL 1.0.2 we can set this flag on the X509_STORE to instruct
OpenSSL to accept non-self-signed certificates as trusted. So we don't
need two entirely identical copies of a verify_cb() function which makes
it ignore the resulting errors.
We also *didn't* use that verify_cb() function for X509VerifyCert(), but
probably should have done. So that can get X509_V_FLAG_PARTIAL_CHAIN for
consistency, too.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18703 6f19259b-4bc3-4df7-8a09-765794883524
David Woodhouse [Thu, 29 Oct 2015 14:16:30 +0000 (14:16 +0000)]
CryptoPkg/BaseCryptLib: Use accessor functions for ASN1_OBJECT
OpenSSL 1.1 introduces new OBJ_get0_data() and OBJ_length() accessor
functions and makes ASN1_OBJECT an opaque type.
Unlike the accessors in previous commits which *did* actually exist
already but just weren't mandatory, these don't exist in older versions
of OpenSSL. So introduce macros which do the right thing, for
compatibility.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18701 6f19259b-4bc3-4df7-8a09-765794883524
David Woodhouse [Thu, 29 Oct 2015 14:16:22 +0000 (14:16 +0000)]
CryptoPkg/BaseCryptLib: Use accessor functions for X509_ATTRIBUTE
In OpenSSL 1.1, the X509_ATTRIBUTE becomes an opaque structure and we will
no longer get away with accessing its members directly. Use the accessor
functions X509_ATTRIBUTE_get0_object0() and X509_ATTRIBUTE_get0_type()
instead.
Also be slightly more defensive about unlikely failure modes.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18700 6f19259b-4bc3-4df7-8a09-765794883524
David Woodhouse [Thu, 29 Oct 2015 14:16:15 +0000 (14:16 +0000)]
CryptoPkg/BaseCryptLib: Use i2d_X509_NAME() instead of abusing X509_NAME
In OpenSSL 1.1, the X509_NAME becomes an opaque structure and we will no
longer get away with accessing its members directly. Use i2d_X509_NAME()
instead.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18699 6f19259b-4bc3-4df7-8a09-765794883524
David Woodhouse [Thu, 29 Oct 2015 14:15:53 +0000 (14:15 +0000)]
CryptoPkg/BaseCryptLib: Add missing OpenSSL includes
OpenSSL 1.1 has cleaned up its include files a little, and it will now
be necessary to directly include things like <openssl/bn.h> if we want
to use them, rather than assuming they are included indirectly from
other headers.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18698 6f19259b-4bc3-4df7-8a09-765794883524
Thomas Palmer [Thu, 29 Oct 2015 12:59:06 +0000 (12:59 +0000)]
EmbeddedPkg: Add EFIAPI to several Ebl functions
The EFIAPI function declaration is missing for several functions in the
EmbeddedPkg/Ebl directory. A few function pointer struct members expect
EFIAPI though and GCC46/X64 will fail to compile the directory without
them.
Ruiyu Ni [Thu, 29 Oct 2015 03:26:00 +0000 (03:26 +0000)]
MdeModulePkg: Do not dump NULL padding resource descriptor
Add a check for ResourcePaddingDescriptors being a valid pointer in
DumpPpbPaddingResource() to prevent looping on memory not owned by
PciBusDxe. The ResourcePaddingDescriptors is initialized to NULL
when the PCI_IO_DEVICE structure is allocated and remains NULL if
no PCI hot plug controllers are present. This issue is only
observed when DEBUG_CODE() macros are enabled and was introduced
by the following patch:
[edk2] [Patch] MdeModulePkg: Fix a PciBusDxe hot plug bug
SVN revsion 18658
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com> Reviewed-by: Kinney Michael <michael.d.kinney@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18696 6f19259b-4bc3-4df7-8a09-765794883524
Star Zeng [Thu, 29 Oct 2015 01:13:59 +0000 (01:13 +0000)]
MdeModulePkg SmbiosMeasurementDxe: Correct the comments
1. Correct the return comments of entrypoint function.
2. Add parameters' comments for MeasureSmbiosTable().
3. Correct the Protocols and Guids usage comments in SmbiosMeasurementDxe.inf.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18695 6f19259b-4bc3-4df7-8a09-765794883524
Star Zeng [Thu, 29 Oct 2015 01:13:07 +0000 (01:13 +0000)]
MdeModulePkg SmbiosMeasurementDxe: Use EFI_D_VERBOSE for internal dump functions
Use EFI_D_VERBOSE instead of EFI_D_INFO in InternalDumpData() and InternalDumpHex().
And also add DEBUG_CODE wrapper to InternalDumpHex() call.
It is to avoid the bother from the internal verbose debug information.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18693 6f19259b-4bc3-4df7-8a09-765794883524
Michael Kinney [Wed, 28 Oct 2015 07:16:38 +0000 (07:16 +0000)]
UefiCpuPkg: SmmCpuFeaturesLib: Add MSR_SMM_FEATURE_CONTROL support
Add support for the reading and writing MSR_SMM_FEATURE_CONTROL
through the SmmCpuFeaturesIsSmmRegisterSupported(),
SmmCpuFeaturesGetSmmRegister(), and SmmCpuFeaturesSetSmmRegister()
functions. This MSR is supported if the Family/Model is 06_3C,
06_45, or 06_46.
Cc: "Yao, Jiewen" <jiewen.yao@intel.com> Cc: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: "Yao, Jiewen" <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18690 6f19259b-4bc3-4df7-8a09-765794883524
This change is triggered by R18654 "Enhance variable performance by reading from existed memory cache"
that changed the code to use CacheVariable to improve performance.
So the CacheVariable->InDeletedTransitionPtr NULL pointer check needs to be moved to the place before
it is been used.
Michael Kinney [Tue, 27 Oct 2015 16:15:03 +0000 (16:15 +0000)]
UefiCpuPkg: PiSmmCpuDxeSmm: Replace PcdSet## with PcdSet##S
PcdSet## has no error status returned, then the caller has no idea about
whether the set operation is successful or not. PcdSet##S were added to
return error status and PcdSet## APIs were put in ifndef
DISABLE_NEW_DEPRECATED_INTERFACES condition. To adopt PcdSet##S and
further code development with DISABLE_NEW_DEPRECATED_INTERFACES defined,
we need to Replace PcdSet## usage with PcdSet##S.
Normally, DynamicDefault PCD set is expected to be success, but DynamicHii
PCD set failure is a legal case. So for DynamicDefault, we add assert
when set failure. For DynamicHii, we add logic to handle it.
Cc: "Yao, Jiewen" <jiewen.yao@intel.com> Cc: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18686 6f19259b-4bc3-4df7-8a09-765794883524
Fix the wrong return value of both InternalSyncIncrement()
and InternalSyncDecrement(). The return value shouldn't
be the address of input parameter. It should be the updated
value of input parameter instead.
Eric Dong [Tue, 27 Oct 2015 07:37:56 +0000 (07:37 +0000)]
MdeModulePkg SetupBrowserDxe: Save global variable values before nest function called.
The SendForm function can be called nest in it. This function also uses some global variables. So we must save global variable values before it been called again.
Checked in the missing change for gBrowserFormSetList.
Yao, Jiewen [Tue, 27 Oct 2015 04:46:50 +0000 (04:46 +0000)]
Move Smbios measurement from TCG driver to Smbios driver.
This is patch to add smbios measurement.
The problem of current SMBIOS measurement is:
1) TCG drivers do not support SMBIOS3.0 table.
2) TCG drivers do not follow TCG platform spec on: "Platform configuration information that is automatically updated,
such as clock registers, and system unique information, such as asset numbers or serial numbers,
MUST NOT be measured into PCR [1], or any other PCR."
So we decide to move Smbios measurement from TCG drivers to Smbios driver.
Yao, Jiewen [Tue, 27 Oct 2015 03:54:08 +0000 (03:54 +0000)]
Move Smbios measurement from TCG driver to Smbios driver.
This is patch to remove smbios measurement in TCG driver. There will be other patch to add it in Smbios driver.
The problem of current SMBIOS measurement is:
1) TCG drivers do not support SMBIOS3.0 table.
2) TCG drivers do not follow TCG platform spec on: "Platform configuration information that is automatically updated,
such as clock registers, and system unique information, such as asset numbers or serial numbers,
MUST NOT be measured into PCR [1], or any other PCR."
So we decide to move Smbios measurement from TCG drivers to Smbios driver.
Yao, Jiewen [Tue, 27 Oct 2015 03:49:31 +0000 (03:49 +0000)]
Add suppressif around TCG hash seleciton checkbox in TCG2
Previous TCG2 configuration UI always add all TCG defined hash algorithm to let user select which one need be used.
This brings risk that user might select unsupported hash, and selection is rejected later.
So we enhance to UI to hide unsupported hash algorithm.
Michael Kinney [Mon, 26 Oct 2015 16:40:52 +0000 (16:40 +0000)]
UefiCpuPkg: PiSmmCpuDxeSmm: Remove unused references to SmmLib
The PiSmmCpuDxeSmm module does not use any services from the SmmLib.
This change removes the SmmLib from PiSmmCpuDxeSmm module and also
removes the lib mapping in the UefiCpuPkg DSC file because no other
modules in the UefiCpuPkg use the SmmLib.
Removal of SmmLib is now possible because the only API call to it,
ClearSmi(), was ultimately removed from PiSmmCpuDxeSmm -- see the
"BUGBUG" comment in git commit 529a5a86.
Cc: "Yao, Jiewen" <jiewen.yao@intel.com> Cc: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: "Yao, Jiewen" <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18673 6f19259b-4bc3-4df7-8a09-765794883524
Laszlo Ersek [Mon, 26 Oct 2015 14:58:46 +0000 (14:58 +0000)]
OvmfPkg: QemuFlashFvbServicesRuntimeDxe: clean up includes and libraries
Before introducing the SMM driver interface, clean up #include directives
and [LibraryClasses] by:
- removing what's not directly used (HobLib and UefiLib),
- adding what's used but not spelled out (DevicePathLib),
- sorting the result.
This helps with seeing each source file's dependencies and with
determining the library classes for the SMM driver.
Laszlo Ersek [Mon, 26 Oct 2015 14:58:39 +0000 (14:58 +0000)]
OvmfPkg: QemuFlashFvbServicesRuntimeDxe: split out runtime DXE specifics
In preparation for introducing an SMM interface to this driver, move the
following traits to separate files, so that we can replace them in the new
SMM INF file:
- Protocol installations. The SMM driver will install protocol interfaces
in the SMM protocol database, using SMM services.
- Virtual address change handler and pointer conversions. SMM drivers run
with physical mappings and pointers must not be converted.
There are further restrictions and changes for an SMM driver, but the rest
of the code either complies with those already, or will handle the changes
transparently. For example:
- SMM drivers have access to both UEFI and SMM protocols in their entry
points (see the PI spec 1.4, "1.7 SMM Driver Initialization"),
- MemoryAllocationLib has an SMM instance that serves allocation requests
with the gSmst->SmmAllocatePool() service transparently, allocating
runtime-marked SMRAM.