mirror_edk2.git
5 months agoArmPkg: only attempt buildin MmCommunicationDxe for AArch64 master
Leif Lindholm [Sun, 7 Jun 2020 20:03:43 +0000 (21:03 +0100)]
ArmPkg: only attempt buildin MmCommunicationDxe for AArch64

Commit 045e4b84c18f  ("ArmPkg/ArmPkg.dsc: Add missing components")
adds some components to the ArmPkg.dsc build config, but it adds
them to Components.common, and MmCommunicationDxe is AArch64 only.
Move it to Components.AARCH64 to stop the ARM build breaking.

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Leif Lindholm <leif@nuviainc.com>
5 months agoBaseTools: Warn user the file not found issue instead of break build.
Bob Feng [Mon, 1 Jun 2020 06:40:10 +0000 (14:40 +0800)]
BaseTools: Warn user the file not found issue instead of break build.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2770

The Trim.py would break the build process when the file not found
issue occures, however sometimes we do not care about this issue.
This patch changes the error with warning in order to solve this
kind of break.

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Yuwei Chen <yuwei.chen@intel.com>
Reviewed-by: Bob Feng<bob.c.feng@intel.com>
5 months agoBaseTools/build.py: Exit with 1 when AutoGen error occurred
Irene Park [Tue, 2 Jun 2020 21:58:50 +0000 (05:58 +0800)]
BaseTools/build.py: Exit with 1 when AutoGen error occurred

AutoGen manager/workers halt the progress when an error occurs but
doesn't propagate the error code to main and allows main exit with 0
and gets the build system unable to catch the occurrence of an error.
This change informs main with an error when a progress is halted and
helps main exit with 1.

Signed-off-by: Irene Park <ipark@nvidia.com>
Reviewed-by: Bob Feng<bob.c.feng@intel.com>
5 months agoArmPkg/PlatformBootManagerLib: don't connect all devices on each boot
Ard Biesheuvel [Thu, 28 May 2020 09:17:41 +0000 (11:17 +0200)]
ArmPkg/PlatformBootManagerLib: don't connect all devices on each boot

In order to avoid boot delays from devices such as network controllers
that may not even be involved in booting at all, drop the call to
EfiBootManagerConnectAll () from the boot path. It will be called by
UiApp, so when going through the menu, all devices will be connected
as usual, but for the default boot, it is really not necessary so
let's get rid of this.

Enumerating all possible boot options and creating Boot#### variables
for them is equally unnecessary in the default case, and also happens
automatically in UiApp, so drop that as well.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
5 months agoArmPkg/PlatformBootManagerLib: hide UEFI Shell as a regular boot option
Ard Biesheuvel [Thu, 28 May 2020 09:17:40 +0000 (11:17 +0200)]
ArmPkg/PlatformBootManagerLib: hide UEFI Shell as a regular boot option

Without ConnectAll() being called on the boot path, the UEFI shell will
be entered with no block devices or anything else connected, and so for
the novice user, this is not a very accommodating environment. Now that
we have made the UiApp the last resort on boot failure, and made the
UEFI Shell accessible directly via the 's' hotkey if you really need
it, let's hide it as an ordinary boot option.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
5 months agoMdeModulePkg/BootManagerUiLib: show inactive boot options
Ard Biesheuvel [Thu, 28 May 2020 09:17:39 +0000 (11:17 +0200)]
MdeModulePkg/BootManagerUiLib: show inactive boot options

UEFI boot options may exist but have the LOAD_OPTION_ACTIVE flag
cleared. This means that the boot option should not be selected
by default, but it does not mean it should be omitted from the
boot selection presented by the boot manager: for this purpose,
another flag LOAD_OPTION_HIDDEN exists.

Given that the latter flag exists solely for the purpose of omitting
boot options from the boot selection menu, and LOAD_OPTION_XXX flags
can be combined if desired, hiding inactive boot options as well is
a mistake, and violates the intent of paragraph 3.1.3 of the UEFI
specification (revision 2.8 errata A). Let's fix this by dropping
the LOAD_OPTION_ACTIVE check from the code that populates the boot
selection menu.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>
5 months agoArmPkg/PlatformBootManagerLib: fall back to the UiApp on boot failure
Ard Biesheuvel [Thu, 28 May 2020 09:17:38 +0000 (11:17 +0200)]
ArmPkg/PlatformBootManagerLib: fall back to the UiApp on boot failure

As a last resort, drop into the UiApp application when no active boot
options could be started. Doing so will connect all devices, and so
it will allow the user to enter the Boot Manager submenu and pick a
network or removable disk option.

Note that this only occurs if even the default removable filepath
could not be booted (e.g., \EFI\BOOT\BOOTAA64.EFI on AArch64)

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
5 months agoArmPkg/PlatformBootManagerLib: register 's' as UEFI Shell hotkey
Ard Biesheuvel [Thu, 28 May 2020 09:17:37 +0000 (11:17 +0200)]
ArmPkg/PlatformBootManagerLib: register 's' as UEFI Shell hotkey

In preparation of hiding the UEFI Shell boot option as an ordinary
boot option, make sure we can invoke it directly using the 's'
hotkey. Without ConnectAll() having been called, this results in
a shell that may have no block devices or other things connected,
so don't advertise the 's' in the console string that is printed
at boot - for novice users, we will go through the UiApp which
connects everything first. For advanced use, having the ability
to invoke the UEFI shell without any devices connected may be an
advantage, so let's keep this behavior as is for now.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
5 months agoArmPkg/PlatformBootManagerLib: connect non-discoverable USB hosts
Ard Biesheuvel [Fri, 22 May 2020 08:40:06 +0000 (10:40 +0200)]
ArmPkg/PlatformBootManagerLib: connect non-discoverable USB hosts

The way the BDS handles the short-form USB device path of the console
keyboard relies on USB host controllers to be locatable via their PCI
metadata, which implies that these controllers already have a PCI I/O
protocol installed on their handle.

This is not the case for non-discoverable USB host controllers that are
supported by the NonDiscoverable PCI device driver. These controllers
must be connected first, or the BDS will never notice their existence,
and will not enable any USB keyboards connected through them.

Let's work around this by connecting these handles explicitly. This is
a bit of a stopgap, but it is the cleanest way of dealing with this
without violating the UEFI driver model entirely. This ensures that
platforms that do not rely on ConnectAll() will keep working as
expected.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
5 months agoArmPkg/ArmSvcLib: prevent speculative execution beyond svc
Vijayenthiran Subramaniam [Thu, 4 Jun 2020 13:12:09 +0000 (18:42 +0530)]
ArmPkg/ArmSvcLib: prevent speculative execution beyond svc

Supervisor Call instruction (SVC) is used by the Arm Standalone MM
environment to request services from the privileged software (such as
ARM Trusted Firmware running in EL3) and also return back to the
non-secure caller via EL3. Some Arm CPUs speculatively executes the
instructions after the SVC instruction without crossing the privilege
level (S-EL0). Although the results of this execution are
architecturally discarded, adversary running on the non-secure side can
manipulate the contents of the general purpose registers to leak the
secure work memory through spectre like micro-architectural side channel
attacks. This behavior is demonstrated by the SafeSide project [1] and
[2]. Add barrier instructions after SVC to prevent speculative execution
to mitigate such attacks.

[1]: https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc
[2]: https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c

Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
5 months agoEmulatorPkg/WinHost: Enable network support.
Nickle Wang [Thu, 9 Apr 2020 03:20:39 +0000 (11:20 +0800)]
EmulatorPkg/WinHost: Enable network support.

Follow the implementation from Unix host to implement SNP
EMU_IO_THUNK_PROTOCOL and EMU_SNP_PROTOCOL. The network IO driver is the
same one as Nt32. Please refer to NETWORK-IO Subproject for network Io
driver(SnpNt32Io.dll).

Signed-off-by: Nickle Wang <nickle.wang@hpe.com>
Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Acked-by: Ray Ni <ray.ni@intel.com>
5 months agoArmPkg/ArmPkg.dsc: set terminal type PCD to the right value
Ard Biesheuvel [Wed, 3 Jun 2020 19:32:17 +0000 (21:32 +0200)]
ArmPkg/ArmPkg.dsc: set terminal type PCD to the right value

PlatformBootManagerLib now asserts at build time that the correct
terminal type is used, and so leaving it unset breaks the ArmPkg
DSC build. So fix that.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
5 months agoArmPkg/PlatformBootManagerLib: reject 'default' parity and stop bit count
Ard Biesheuvel [Tue, 19 May 2020 12:23:51 +0000 (14:23 +0200)]
ArmPkg/PlatformBootManagerLib: reject 'default' parity and stop bit count

In the ArmPkg version of PlatformBootManagerLib, we construct a
serial device path based on the default settings for baud rate,
parity and the number of stop bits, to ensure that a serial console
is available even on the very first boot.

This assumes that PcdUartDefaultParity or PcdUartDefaultStopBits are
not set to '0', meaning 'the default', as there is no default for
these when constructing a device path.

So add a couple of STATIC_ASSERT()s to make sure that we catch this
condition, since it otherwise ignores the bogus device path silently,
which is rather tedious to debug,.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Sami Mujawar <Sami.Mujawar@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
5 months agoArmPkg/PlatformBootManagerLib: use static assertion for console type
Ard Biesheuvel [Tue, 19 May 2020 12:23:50 +0000 (14:23 +0200)]
ArmPkg/PlatformBootManagerLib: use static assertion for console type

Replace the runtime ASSERT with the build time STATIC_ASSERT on the
check that ensures that the terminal type we use for the serial
console matches the one we explicitly add to the ConIn/ConOut/StdErr
variables.

This helps catch serial console issues early, even in RELEASE builds,
reducing the risk of ending up with no console at all, which can be
tricky to debug on bare metal.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Sami Mujawar <Sami.Mujawar@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
5 months agoArmPkg/CompilerIntrinsicsLib: provide atomics intrinsics edk2-stable202005
Ard Biesheuvel [Wed, 20 May 2020 11:44:48 +0000 (13:44 +0200)]
ArmPkg/CompilerIntrinsicsLib: provide atomics intrinsics

Gary reports the GCC 10 will emit calls to atomics intrinsics routines
unless -mno-outline-atomics is specified. This means GCC-10 introduces
new intrinsics, and even though it would be possible to work around this
by specifying the command line option, this would require a new GCC10
toolchain profile to be created, which we prefer to avoid.

So instead, add the new intrinsics to our library so they are provided
when necessary.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Tested-by: Gary Lin <glin@suse.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
5 months agoUnitTestFrameworkPkg: Add info to readme about working with UnitTests
Bret Barkelew [Fri, 14 Feb 2020 15:01:01 +0000 (07:01 -0800)]
UnitTestFrameworkPkg: Add info to readme about working with UnitTests

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Bret Barkelew <bret.barkelew@microsoft.com>
Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
6 months agoUnitTestFrameworkPkg/UnitTestResultReportLib: Use AsciiStrnCpyS()
Michael Kubacki [Thu, 21 May 2020 01:28:40 +0000 (09:28 +0800)]
UnitTestFrameworkPkg/UnitTestResultReportLib: Use AsciiStrnCpyS()

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2721

The ReportOutput() function in UnitTestResultReportLib copies characters
from a function input buffer to an intermediate local buffer in fixed
size chunks of the maximum size of the intermediate buffer. The
implementation currently calls AsciiStrCpyS() which will ASSERT on an
error.

This commit changes the call to AsciiStrnCpyS() to avoid the
ASSERT which is not expected in the usage of the string copy in this
implementation.

Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Bret Barkelew <bret.barkelew@microsoft.com>
6 months agoMdePkg/Test/BaseLib: Add SAFE_STRING_CONSTRAINT_CHECK unit test
Michael D Kinney [Tue, 19 May 2020 21:51:17 +0000 (14:51 -0700)]
MdePkg/Test/BaseLib: Add SAFE_STRING_CONSTRAINT_CHECK unit test

Use the safe string function StrCpyS() in BaseLib to test the
SAFE_STRING_CONSTRAINT_CHECK() macro.

Cc: Andrew Fish <afish@apple.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Bret Barkelew <bret.barkelew@microsoft.com>
Cc: Brian J. Johnson <brian.johnson@hpe.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Marvin Häuser <mhaeuser@outlook.de>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Vincent Zimmer <vincent.zimmer@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Vitaly Cheptsov <vit9696@protonmail.com>
Acked-by: Liming Gao <liming.gao@intel.com>
6 months agoMdePkg: Fix SafeString performing assertions on runtime checks
Vitaly Cheptsov [Tue, 19 May 2020 21:51:43 +0000 (14:51 -0700)]
MdePkg: Fix SafeString performing assertions on runtime checks

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2054

Runtime checks returned via status return code should not work as
assertions to permit parsing not trusted data with SafeString
interfaces.  Replace ASSERT() with a DEBUG_VERBOSE message.

Cc: Andrew Fish <afish@apple.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Bret Barkelew <bret.barkelew@microsoft.com>
Cc: Brian J. Johnson <brian.johnson@hpe.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Marvin Häuser <mhaeuser@outlook.de>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Vincent Zimmer <vincent.zimmer@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Vitaly Cheptsov <vit9696@protonmail.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Bret Barkelew <bret.barkelew@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
6 months agoSecurityPkg: Change default value source
Maggie Chu [Mon, 18 May 2020 11:41:50 +0000 (19:41 +0800)]
SecurityPkg: Change default value source

https://bugzilla.tianocore.org/show_bug.cgi?id=2713
In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable
is not exist, code will get default value from two places.
This fix is to make the default value comes from the PCD
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags

Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
6 months agoMdePkg: add definitions for ACPI NVDIMM Device Path
Liu, Zhiguang [Wed, 20 May 2020 05:17:41 +0000 (13:17 +0800)]
MdePkg: add definitions for ACPI NVDIMM Device Path

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2716

Add definitions for ACPI NVDIMM Device Path following UEFI spec.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: James Anandraj <james.sushanth.anandraj@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoBaseTools: Remove deprecated Visual Studio Option
Sami Mujawar [Fri, 22 Nov 2019 18:48:21 +0000 (18:48 +0000)]
BaseTools: Remove deprecated Visual Studio Option

The VS2017 compiler reports 'warning D9035 : option
'Gm' has been deprecated and will be removed in a
future release'

The documentation for the 'Gm' option at
https://docs.microsoft.com/en-us/cpp/build/reference/gm-enable-minimal-rebuild?view=vs-2019
indicates that this option can be safely removed
from the project.

Therefore, remove the deprecated 'Gm' Visual Studio
Compiler option.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2660

Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoOvmfPkg/Tcg2ConfigPei: skip TPM-1.2 detection when building for ARM/AARCH64
Laszlo Ersek [Wed, 20 May 2020 22:58:41 +0000 (00:58 +0200)]
OvmfPkg/Tcg2ConfigPei: skip TPM-1.2 detection when building for ARM/AARCH64

Dating back to commits f5cb3767038e and ddd34a818315d, the
"ArmVirtPkg/ArmVirtQemu.dsc" platform includes the
"OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf" module when the TPM2_ENABLE
build flag is defined.

This was regressed in commit 89236992913f, which added a Tpm12DeviceLib
dependency to Tcg2ConfigPei. "ArmVirtQemu.dsc" does not resolve that class
to any instance, so now we get a build failure:

> build.py...
> ArmVirtPkg/ArmVirtQemu.dsc(...): error 4000: Instance of library class
> [Tpm12DeviceLib] is not found
>         in [OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf] [AARCH64]
>         consumed by module [OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf]

The TPM-1.2 code in OvmfPkg/Tcg2ConfigPei is limited to a special use case
(a kind of physical TPM-1.2 assignment), and that has never applied to
"ArmVirtQemu.dsc".

Short-circuit the TPM-1.2 detection in the ARM/AARCH64 builds of
OvmfPkg/Tcg2ConfigPei, removing the Tpm12DeviceLib dependency.

Functionally, this patch is a no-op on IA32 / X64.

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Eric Auger <eric.auger@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Simon Hardy <simon.hardy@itdev.co.uk>
Cc: Stefan Berger <stefanb@linux.ibm.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2728
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200520225841.17793-4-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Tested-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
6 months agoOvmfPkg/Tcg2ConfigPei: factor out InternalTpm12Detect()
Laszlo Ersek [Wed, 20 May 2020 22:58:40 +0000 (00:58 +0200)]
OvmfPkg/Tcg2ConfigPei: factor out InternalTpm12Detect()

Move the calls to the Tpm12RequestUseTpm() and Tpm12SubmitCommand()
Tpm12DeviceLib functions to a separate C file, so that we can override
these actions in a subsequent patch.

This code movement requires moving the TPM_RSP_GET_TICKS / TestTpm12()
helper structure / function too.

While at it, give the TestTpm12() function @retval / @return
documentation, plus wrap an overlong line in it.

Functionally, this patch is a no-op.

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Eric Auger <eric.auger@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Simon Hardy <simon.hardy@itdev.co.uk>
Cc: Stefan Berger <stefanb@linux.ibm.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2728
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200520225841.17793-3-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Tested-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
6 months agoOvmfPkg/Tcg2ConfigPei: clean up some lib class dependencies
Laszlo Ersek [Wed, 20 May 2020 22:58:39 +0000 (00:58 +0200)]
OvmfPkg/Tcg2ConfigPei: clean up some lib class dependencies

Commit 89236992913f introduced an explicit Tpm12CommandLib dependency to
Tcg2ConfigPei.

In reality this lib class is not consumed by Tcg2ConfigPei at all (such a
dependency is not even inherited from other lib instances). Simplify the
module by dropping the superfluous dependency.

(The Tpm12CommandLib class resolution that was also added in commit
89236992913f is not useless, at the platform build level: it is consumed
by TcgPei and TcgDxe. Meaning that said Tpm12CommandLib resolution should
have likely been a part of the subsequent patch in the original series,
namely commit 6be54f15a0c9.)

Commit 89236992913f also introduced SwapBytesXx() calls. Those functions
are provided by BaseLib. Spell out the BaseLib dependency.

Functionally, this patch is a no-op.

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Eric Auger <eric.auger@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Simon Hardy <simon.hardy@itdev.co.uk>
Cc: Stefan Berger <stefanb@linux.ibm.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2728
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200520225841.17793-2-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Tested-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
6 months agoIntelFsp2Pkg: Add FunctionParametePtr to FspGlobalData.
Chasel Chiu [Wed, 20 May 2020 03:23:13 +0000 (11:23 +0800)]
IntelFsp2Pkg: Add FunctionParametePtr to FspGlobalData.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2726

When FSP switching stack and calling bootloader functions,
the function parameter in stack may not be accessible easily.
We can store the function parameter pointer to FspGlobalData
and retrieve it after stack switched.

Also need to add Loader2PeiSwitchStack () to header file
as public function for platform FSP code to consume.

Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Signed-off-by: Chasel Chiu <chasel.chiu@intel.com>
Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
6 months agoSignedCapsulePkg: Add FMP Capsule Image Header extension
Oleksiy Yakovlev [Fri, 15 May 2020 07:38:48 +0000 (15:38 +0800)]
SignedCapsulePkg: Add FMP Capsule Image Header extension

Add bitmask to structure which gives a binary-inspectable mechanism to
determine if a capsule contains an authentication section or depex section.
(UEFI 2.8 errata a, mantis 2026)

Signed-off-by: Oleksiy Yakovlev <oleksiyy@ami.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoMdeModulePkg: Add FMP Capsule Image Header extension
Oleksiy Yakovlev [Fri, 15 May 2020 07:38:47 +0000 (15:38 +0800)]
MdeModulePkg: Add FMP Capsule Image Header extension

Add bitmask to structure which gives a binary-inspectable mechanism to
determine if a capsule contains an authentication section or depex section.
(UEFI 2.8 errata a, mantis 2026)

Signed-off-by: Oleksiy Yakovlev <oleksiyy@ami.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoMdePkg: Add FMP Capsule Image Header extension
Oleksiy Yakovlev [Thu, 14 May 2020 20:51:43 +0000 (04:51 +0800)]
MdePkg: Add FMP Capsule Image Header extension

Add bitmask to structure which gives a binary-inspectable mechanism to
determine if a capsule contains an authentication section or depex section.
(UEFI 2.8 errata a, mantis 2026)

Signed-off-by: Oleksiy Yakovlev <oleksiyy@ami.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoMdePkg: Add EFI_RT_PROPERTIES_TABLE
Liming Gao [Tue, 19 May 2020 15:47:33 +0000 (23:47 +0800)]
MdePkg: Add EFI_RT_PROPERTIES_TABLE

Define Guid & data structure for EFI_RT_PROPERTIES_TABLE, designed
to be published by a platform if it no longer supports all EFI
runtime services once ExitBootServices() has been called by the OS.
(UEFI 2.8 errata a, mantis 2049)

Signed-off-by: Oleksiy Yakovlev <oleksiyy@ami.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoMdePkg: Fix OUT parameters marked as IN OUT
Oleksiy Yakovlev [Thu, 14 May 2020 20:51:41 +0000 (04:51 +0800)]
MdePkg: Fix OUT parameters marked as IN OUT

Some OUT parameters in the specification were mistakenly marked as IN OUT.
"IN OUT" replaced with "OUT" in the following interfaces

EFI_BOOT_SERVICES.GetMemoryMap():MemoryMap
EFI_BOOT_SERVICES.LocateHandleBuffer():NoHandles
EFI_SIMPLE_POINTER_PROTOCOL.GetState():State
EFI_ABSOLUTE_POINTER_PROTOCOL.GetState():State
EFI_EDID_OVERRIDE_PROTOCOL.GetEdid():EdidSize and Edid
EFI_ATA_PASS_THRU_PROTOCOL.BuildDevicePath():DevicePath
EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL.BuildDevicePath():DevicePath
EFI_SD_MMC_PASS_THRU_PROTOCOL.BuildDevicePath():DevicePath
EFI_EXT_SCSI_PASS_THRU_PROTOCOL.BuildDevicePath():DevicePath
EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImage():Image
(UEFI 2.8 errata a, mantis 2035)

Signed-off-by: Oleksiy Yakovlev <oleksiyy@ami.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoMdePkg: Add new CPER Notification types
Oleksiy Yakovlev [Thu, 14 May 2020 20:51:40 +0000 (04:51 +0800)]
MdePkg: Add new CPER Notification types

Add SEA, SEI, and PEI CPER Notification types defined in UEFI 2.8 errata a.
(UEFI 2.8 errata a, mantis 2026)

Signed-off-by: Oleksiy Yakovlev <oleksiyy@ami.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoNetworkPkg/DxeNetLib: Change the order of conditions in IF statement
Zhang, Shenglei [Wed, 20 May 2020 03:08:47 +0000 (11:08 +0800)]
NetworkPkg/DxeNetLib: Change the order of conditions in IF statement

The condition, NET_HEADSPACE(&(Nbuf->BlockOp[Index])) < Len, is
meaningless if Index = 0. So checking 'Index != 0' should be
performed first in the if statement.

Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
6 months agoOvmfPkg/PlatformPei: increase memory type info defaults
Laszlo Ersek [Fri, 8 May 2020 12:16:51 +0000 (14:16 +0200)]
OvmfPkg/PlatformPei: increase memory type info defaults

Any new OVMF binary (containing commit d42fdd6f8384, and built with
SMM_REQUIRE) is likely to reboot during its first boot, regardless of
whether the variable store is logically empty, or it contains a
MemoryTypeInformation variable from an earlier OVMF binary.

This "reboot on first boot after OVMF upgrade" occurs despite having
eliminated BS Code/Data tracking in earlier parts of this series. Meaning
that we've outgrown the bins of those memory types too that matter for SMM
security.

Eliminating said reboot will make an upgrade to edk2-stable202005 more
comfortable for users. Increase the defaults empirically. (The total
doesn't exceed 3MB by much.)

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2706
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200508121651.16045-5-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
6 months agoOvmfPkg/PlatformPei: extract memory type info defaults to PCDs
Laszlo Ersek [Fri, 8 May 2020 12:16:50 +0000 (14:16 +0200)]
OvmfPkg/PlatformPei: extract memory type info defaults to PCDs

Some OvmfPkg modules already depend on "EmbeddedPkg.dec"; thus, replace
the open-coded memory type info defaults in the source code with the
EmbeddedPkg PCDs that stand for the same purpose. Consequently, platform
builders can override these values with the "--pcd" option of "build",
without source code updates.

While at it, sort the memory type names alphabetically.

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2706
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200508121651.16045-4-lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
6 months agoOvmfPkg/PlatformPei: rewrite MemTypeInfo HOB production logic
Laszlo Ersek [Fri, 8 May 2020 12:16:49 +0000 (14:16 +0200)]
OvmfPkg/PlatformPei: rewrite MemTypeInfo HOB production logic

The previous patch has no effect -- i.e., it cannot stop the tracking of
BS Code/Data in MemTypeInfo -- if the virtual machine already has a
MemoryTypeInformation UEFI variable.

In that case, our current logic allows the DXE IPL PEIM to translate the
UEFI variable to the HOB, and that translation is verbatim. If the
variable already contains records for BS Code/Data, the issues listed in
the previous patch persist for the virtual machine.

For this reason, *always* install PlatformPei's own MemTypeInfo HOB. This
prevents the DXE IPL PEIM's variable-to-HOB translation.

In PlatformPei, consume the records in the MemoryTypeInformation UEFI
variable as hints:

- Ignore all memory types for which we wouldn't by default install records
  in the HOB. This hides BS Code/Data from any existent
  MemoryTypeInformation variable.

- For the memory types that our defaults cover, enable the records in the
  UEFI variable to increase (and *only* to increase) the page counts.

  This lets the MemoryTypeInformation UEFI variable function as designed,
  but it eliminates a reboot when such a new OVMF binary is deployed (a)
  that has higher memory consumption than tracked by the virtual machine's
  UEFI variable previously, *but* (b) whose defaults also reflect those
  higher page counts.

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2706
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200508121651.16045-3-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
6 months agoOvmfPkg/PlatformPei: don't track BS Code/Data in default MemTypeInfo HOB
Laszlo Ersek [Fri, 8 May 2020 12:16:48 +0000 (14:16 +0200)]
OvmfPkg/PlatformPei: don't track BS Code/Data in default MemTypeInfo HOB

In commit d42fdd6f8384 ("OvmfPkg: improve SMM comms security with adaptive
MemoryTypeInformation", 2020-03-12), we enabled the boot-to-boot tracking
of the usages of various UEFI memory types.

Both whitepapers listed in that commit recommend that BS Code/Data type
memory *not* be tracked. This recommendation was confirmed by Jiewen in
the following two messages as well:

[1] https://edk2.groups.io/g/devel/message/55741
    http://mid.mail-archive.com/74D8A39837DF1E4DA445A8C0B3885C503F97B579@shsmsx102.ccr.corp.intel.com

[2] https://edk2.groups.io/g/devel/message/55749
    http://mid.mail-archive.com/74D8A39837DF1E4DA445A8C0B3885C503F97BDC5@shsmsx102.ccr.corp.intel.com

While tracking BS Code/Data type memory has one benefit (it de-fragments
the UEFI memory map), the downsides outweigh it. Spikes in BS Data type
memory usage are not uncommon in particular, and they may have the
following consequences:

- such reboots during normal boot that look "spurious" to the end user,
  and have no SMM security benefit,

- a large BS Data record in MemoryTypeInformation may cause issues when
  the DXE Core tries to prime the according bin(s), but the system's RAM
  size has been reduced meanwhile.

Removing the BS Code/Data entries from MemoryTypeInformation leads to a
bit more fragmentation in the UEFI memory map, but that should be
harmless.

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2706
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200508121651.16045-2-lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
6 months agoUefiCpuPkg/MpService: GetProcessorInfo returns 6-level topology
Ray Ni [Mon, 25 Mar 2019 09:32:15 +0000 (17:32 +0800)]
UefiCpuPkg/MpService: GetProcessorInfo returns 6-level topology

Intel SDM introduces 6-levels for describing the CPU topology:
* Package
* Module
* Tile
* Die
* Core
* Thread

A PI spec ECR was submitted to enhance CPU_MP PPI/Protocol to
support returning such information through GetProcessorInfo().
An accordingly change was implemented and pushed to edk2-staging.

Now the PI spec has been published.
The patch is cherry-picked from edk2-staging to edk2.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
6 months agoMdePkg: Update structures for MpServices Protocol
Robert Phelps [Mon, 11 May 2020 20:24:13 +0000 (04:24 +0800)]
MdePkg: Update structures for MpServices Protocol

Added EXTENDED_PROCESSOR_INFORMATION structure and supporting
structures and definitions.  The intent is to support updated
topology layout for CPUs.  (PI 1.7a Mantis 2071)

Signed-off-by: Robert Phelps <robert@ami.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoMdePkg: Added header file for Delayed Dispatch PPI
Robert Phelps [Mon, 11 May 2020 20:24:12 +0000 (04:24 +0800)]
MdePkg: Added header file for Delayed Dispatch PPI

Created new header file for the new EFI_DELAYED_DISPATCH_PPI  PPI
(PI 1.7 Mantis 1891)

Signed-off-by: Robert Phelps <robert@ami.com>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoMdePkg: Updates to PI 1.7 Revision numbers
Robert Phelps [Mon, 11 May 2020 20:24:10 +0000 (04:24 +0800)]
MdePkg: Updates to PI 1.7 Revision numbers

Revision number defines and MACROs were incorrect for the current
version of the Specification (PI 1.7 Mantis 1892)

Signed-off-by: Robert Phelps <robert@ami.com>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoMdePkg: New Status Codes
Robert Phelps [Mon, 11 May 2020 20:24:09 +0000 (04:24 +0800)]
MdePkg: New Status Codes

Updated PiStatusCodes to reflect changes to PI 1.7 Specification
(PI 1.7 Mantis 1889)

Signed-off-by: Robert Phelps <robert@ami.com>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoCryptoPkg/Crypto.h: Update the version of Crypto Driver
Zhichao Gao [Thu, 23 Apr 2020 08:23:13 +0000 (16:23 +0800)]
CryptoPkg/Crypto.h: Update the version of Crypto Driver

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

The binary is totally changed, so update the Crypto Version to 7:
1. Retire below deprecated function:
MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
6 months agoCryptoPkg/opensslconf.h: Covert the file ending to dos format
Zhichao Gao [Fri, 15 May 2020 03:45:40 +0000 (11:45 +0800)]
CryptoPkg/opensslconf.h: Covert the file ending to dos format

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

Convert file ending of the crypto created openssl config file -
opensslconf.h from '\n' to '\r\n' to make align the line ending and
pass the patch check.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
6 months agoCryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm
Zhichao Gao [Thu, 23 Apr 2020 08:20:19 +0000 (16:20 +0800)]
CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

HMAC SHA1 is not secure any longer.
Remove the HMAC SHA1 support from edk2.
Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
6 months agoCryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm
Zhichao Gao [Thu, 23 Apr 2020 07:04:37 +0000 (15:04 +0800)]
CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

HMAC MD5 is not secure any longer.
Remove the HMAC MD5 support from edk2.
Change the HMAC MD5 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
6 months agoCryptoPkg/OpensslLib: Remove the Aes Ecb file in the OpensslLib
Zhichao Gao [Thu, 14 May 2020 05:38:38 +0000 (13:38 +0800)]
CryptoPkg/OpensslLib: Remove the Aes Ecb file in the OpensslLib

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

Add the unrequired aes_ecb files in process_files.pl and run it
thru perl.
It would remove the unrequired aes_ecb files from OpensslLib inf.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
6 months agoCryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
Zhichao Gao [Thu, 23 Apr 2020 06:43:08 +0000 (14:43 +0800)]
CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

Aes Ecb mode is not secure any longer.
Remove the Aes Ecb mode support from edk2.
Change the Aes Ecb mode field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
6 months agoCryptoPkg/OpensslLib: Set TDES disable in OpensslLib
Zhichao Gao [Mon, 11 May 2020 10:57:55 +0000 (18:57 +0800)]
CryptoPkg/OpensslLib: Set TDES disable in OpensslLib

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

This patch is create by adding the setting "no_des" of
process_files.pl and running it thru perl.
It would remove the TDES from OpensslLib.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
6 months agoCryptoPkg/BaseCryptLib: Retire the TDES algorithm
Zhichao Gao [Wed, 22 Apr 2020 09:48:02 +0000 (17:48 +0800)]
CryptoPkg/BaseCryptLib: Retire the TDES algorithm

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

TDES is not secure any longer.
Remove the Tdes support from edk2.
Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
6 months agoCryptoPkg/OpensslLib: Set ARC4 disable in OpensslLib
Zhichao Gao [Mon, 11 May 2020 10:24:43 +0000 (18:24 +0800)]
CryptoPkg/OpensslLib: Set ARC4 disable in OpensslLib

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

This patch is create by adding the setting "no_rc4" of
process_files.pl and running it thru perl.
It would remove the ARC4 from OpensslLib.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
6 months agoCryptoPkg/BaseCryptLib: Retire ARC4 algorithm
Zhichao Gao [Wed, 22 Apr 2020 09:44:12 +0000 (17:44 +0800)]
CryptoPkg/BaseCryptLib: Retire ARC4 algorithm

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

ARC4 is not secure any longer.
Remove the ARC4 support from edk2.
Change the ARC4 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
6 months agoCryptoPkg/OpensslLib: Set MD4 disable in OpensslLib
Zhichao Gao [Mon, 11 May 2020 10:19:06 +0000 (18:19 +0800)]
CryptoPkg/OpensslLib: Set MD4 disable in OpensslLib

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

This patch is create by adding the setting "no_md4" of
process_files.pl and running it thru perl.
It would remove the MD4 from OpensslLib.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
6 months agoCryptoPkg/BaseCrpytLib: Retire MD4 algorithm
Zhichao Gao [Fri, 17 Apr 2020 07:37:59 +0000 (15:37 +0800)]
CryptoPkg/BaseCrpytLib: Retire MD4 algorithm

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

MD4 is not secure any longer.
Remove the MD4 support from edk2.
Change the MD4 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
6 months agoCryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm
Zhichao Gao [Wed, 6 May 2020 01:36:03 +0000 (09:36 +0800)]
CryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

Add a internal worker function to indicate the deprecated functions.
It would print out debug messages and asserts to inform the consumer
they are using a deprecated function.
Change the Name of BaseCryptLibServciceNotEnabled to correct spelling
BaseCryptLibServiceNotEnabled.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
6 months agoFmpDevicePkg/FmpDxe: Use new Fmp dependency libraries
Wei6 Xu [Tue, 12 May 2020 05:33:54 +0000 (13:33 +0800)]
FmpDevicePkg/FmpDxe: Use new Fmp dependency libraries

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2696

Remove the orginal Fmp Capsule Dependency implement, and use new
FmpDependencyLib, FmpDependencyCheckLib and FmpDependencyDeviceLib
APIs instead.
A platform can perform the dependency check in a platform specific
manner by implementing its own FmpDependencyCheckLib.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoFmpDevicePkg: Add FmpDependencyDevice library class and NULL instance
Wei6 Xu [Tue, 12 May 2020 08:12:37 +0000 (16:12 +0800)]
FmpDevicePkg: Add FmpDependencyDevice library class and NULL instance

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2696

This library provides firmware device specific services to support
saving dependency to firmware device and getting dependency from
firmware device.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoFmpDevicePkg: Add FmpDependencyCheck library class and instances
Wei6 Xu [Tue, 12 May 2020 05:27:34 +0000 (13:27 +0800)]
FmpDevicePkg: Add FmpDependencyCheck library class and instances

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2696

* This library class provides platform specific services to support
dependency check during updating firmware image. Platform can perform
dependency check in platform specific manner by implementing its own
FmpDependencyCheckLib.
* Add FmpDependencyCheck instance to provide a sample of dependency
check. The sample instance only checks the dependency from capsule
image. The dependency from other FMP instances isn't checked here.
* Add NULL instance as an option to skip the dependency check.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoFmpDevicePkg/Test: Add FmpDependencyLib unit test
Wei6 Xu [Tue, 12 May 2020 05:27:21 +0000 (13:27 +0800)]
FmpDevicePkg/Test: Add FmpDependencyLib unit test

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2696

* Add unit tests for EvaluateDependency API in FmpDependencyLib.
* Add Test/FmpDeviceHostPkgTest.dsc to build host based unit test.
* Update FmpDevicePkg.dsc to build target based unit test.
* Update FmpDevicePkg.ci.yaml to build and run host based test.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoFmpDevicePkg: Add FmpDependency library class and BASE instance
Wei6 Xu [Tue, 12 May 2020 05:27:07 +0000 (13:27 +0800)]
FmpDevicePkg: Add FmpDependency library class and BASE instance

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2696

This library provides services to evaluate Fmp capsule dependency
expression, validate dependency expression and get dependency
from firmware image.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoMdePkg: UEFI JSON Capsule Support
Oleksiy Yakovlev [Wed, 13 May 2020 19:52:48 +0000 (03:52 +0800)]
MdePkg: UEFI JSON Capsule Support

Added Guids and structures, that defines the work flow to perform
capsule update using JSON objects.
(UEFI 2.8 mantis 1935)

Signed-off-by: Oleksiy Yakovlev <oleksiyy@ami.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
6 months agoMdePkg: Add UEFI Spec Revision 2.8
Oleksiy Yakovlev [Wed, 13 May 2020 19:52:47 +0000 (03:52 +0800)]
MdePkg: Add UEFI Spec Revision 2.8

Added entrie in the EFI_SYSTEM_TABLE related definitions section,
to signify UEFI 2.8 spec revision.
(UEFI 2.8 mantis 1926)

Signed-off-by: Oleksiy Yakovlev <oleksiyy@ami.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
6 months agoMdePkg: Bootable NVDIMM namespaces
Oleksiy Yakovlev [Wed, 13 May 2020 19:52:46 +0000 (03:52 +0800)]
MdePkg: Bootable NVDIMM namespaces

Provided a mechanism for UEFI FW to identify and hand off bootable
NVDIMM namespaces to the OS by standardizing the EFI device path.
EFI device path for physical NVDIMM devices changed from an ACPI
_ADR device to an ACPI NVDIMM device for correctness.
(UEFI 2.8 mantis 1858)

Signed-off-by: Oleksiy Yakovlev <oleksiyy@ami.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
6 months agoBaseTools: Bootable NVDIMM namespaces
Oleksiy Yakovlev [Wed, 13 May 2020 19:52:45 +0000 (03:52 +0800)]
BaseTools: Bootable NVDIMM namespaces

Provided a mechanism for UEFI FW to identify and hand off bootable
NVDIMM namespaces to the OS by standardizing the EFI device path.
EFI device path for physical NVDIMM devices changed from an ACPI
_ADR device to an ACPI NVDIMM device for correctness.
(UEFI 2.8 mantis 1858)

Signed-off-by: Oleksiy Yakovlev <oleksiyy@ami.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
6 months agoMdePkg: REST style formset
Oleksiy Yakovlev [Wed, 13 May 2020 19:52:44 +0000 (03:52 +0800)]
MdePkg: REST style formset

New ClassGuid EFI_HII_REST_STYLE_FORMSET_GUID is defined.
In question level, a new flag EFI_IFR_FLAG_REST_STYLE is defined.
(UEFI 2.8 mantis 1853)

Signed-off-by: Oleksiy Yakovlev <oleksiyy@ami.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
6 months agoBaseTools: REST style formset
Oleksiy Yakovlev [Wed, 13 May 2020 19:52:43 +0000 (03:52 +0800)]
BaseTools: REST style formset

In question level, a new flag EFI_IFR_FLAG_REST_STYLE is defined.

(UEFI 2.8 mantis 1853)

Signed-off-by: Oleksiy Yakovlev <oleksiyy@ami.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
6 months agoMdePkg: Extend SERIAL_IO with DeviceTypeGuid
Oleksiy Yakovlev [Wed, 13 May 2020 19:52:42 +0000 (03:52 +0800)]
MdePkg: Extend SERIAL_IO with DeviceTypeGuid

EFI_SERIAL_IO_PROTOCOL_REVISION incremented to 0x00010001.
CONST EFI_GUID *DeviceTypeGuid field added to the protocol structure.
UEFI 2.8 mantis 1832.

Signed-off-by: Oleksiy Yakovlev <oleksiyy@ami.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
6 months agoOvmfPkg: Skip initrd command on Xcode toolchain
Roman Bolshakov [Thu, 14 May 2020 13:48:22 +0000 (16:48 +0300)]
OvmfPkg: Skip initrd command on Xcode toolchain

OVMF booting stops with the assert if built with Xcode on macOS:

  Loading driver at 0x0001FAB8000 EntryPoint=0x0001FABF249 LinuxInitrdDynamicShellCommand.efi
  InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF 1F218398
  ProtectUefiImageCommon - 0x1F218140
    - 0x000000001FAB8000 - 0x0000000000008A60

  ASSERT_EFI_ERROR (Status = Unsupported)
  ASSERT LinuxInitrdDynamicShellCommand.c(378): !EFI_ERROR (Status)

The assert comes from InitializeHiiPackage() after an attempt to
retrieve HII package list from ImageHandle.

Xcode still doesn't support HII resource section and
LinuxInitrdDynamicShellCommand depends on it. Likewise 277a3958d93a
("OvmfPkg: Don't include TftpDynamicCommand in XCODE5 tool chain"),
disable initrd command if built with Xcode toolchain

Fixes: ec41733cfd10 ("OvmfPkg: add the 'initrd' dynamic shell command")
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200514134820.62047-1-r.bolshakov@yadro.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
6 months agoMdeModulePkg/RegularExpressionDxe: Optimize the code infrastructure
Shenglei Zhang [Sat, 9 May 2020 06:33:36 +0000 (14:33 +0800)]
MdeModulePkg/RegularExpressionDxe: Optimize the code infrastructure

OnigurumaIntrinsics.c is now not used. So the implement of function
'memcpy' is now not., which causes build failure with CLANG9 and
XCODE. I remove OnigurumaIntrinsics.c and move the necessary function
implement to OnigurumaUefiPort.c/h.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
6 months agoIntelFsp2Pkg: Support Multi-Phase SiInit and debug handlers.
Chasel Chiu [Thu, 30 Apr 2020 01:28:35 +0000 (09:28 +0800)]
IntelFsp2Pkg: Support Multi-Phase SiInit and debug handlers.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2698

To enhance FSP silicon initialization flexibility an optional
Multi-Phase API is introduced and FSP header needs update for
new API offset. Also new SecCore module created for
FspMultiPhaseSiInit API

New ARCH_UPD introduced for enhancing FSP debug message
flexibility now bootloader can pass its own debug handler
function pointer and FSP will call the function to handle
debug message.
To support calling bootloader functions, a FspGlobalData field
added to indicate if FSP needs to switch stack when FSP running
on separate stack from bootloader.

Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Signed-off-by: Chasel Chiu <chasel.chiu@intel.com>
Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
6 months agoBaseTools: Fix parse PCD GUID expression issue
Feng, YunhuaX [Sat, 9 May 2020 00:14:44 +0000 (08:14 +0800)]
BaseTools: Fix parse PCD GUID expression issue

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2686

The build tool will give an incorrect GUID value if the GUID includes character ' or " ASCII value.
This patch is going to fix this issue.

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Yunhua Feng <yunhuax.feng@intel.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
6 months agoBaseTools/Ecc: Replace deprecated function time.clock()
Michael Kubacki [Sat, 9 May 2020 02:22:42 +0000 (10:22 +0800)]
BaseTools/Ecc: Replace deprecated function time.clock()

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2707

Ecc fails with Python 3.8 because it uses the deprecated time.clock()
function - https://docs.python.org/3.7/library/time.html#time.clock

This change updates EccMain.py to use time.perf_counter().

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
6 months agoStandaloneMmPkg: switch to MM communicate 2 protocol
Ard Biesheuvel [Sat, 18 Apr 2020 16:45:40 +0000 (18:45 +0200)]
StandaloneMmPkg: switch to MM communicate 2 protocol

Update the reference to MM communicate to refer to the MM communicate 2
protocol instead. This makes no difference for the MM side of the
implementation, but is more accurate nonetheless, since the original MM
protocol does not work in combination with standalone MM.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
6 months agoMdeModulePkg/VariableSmmRuntimeDxe: switch to MM communicate 2
Ard Biesheuvel [Sat, 18 Apr 2020 16:45:33 +0000 (18:45 +0200)]
MdeModulePkg/VariableSmmRuntimeDxe: switch to MM communicate 2

Switch to the new MM communicate 2 protocol which supports both
traditional and standalone MM.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
6 months agoMdeModulePkg/FaultTolerantWriteSmmDxe: switch to MM communicate 2
Ard Biesheuvel [Sat, 18 Apr 2020 16:45:29 +0000 (18:45 +0200)]
MdeModulePkg/FaultTolerantWriteSmmDxe: switch to MM communicate 2

Switch to the new MM communicate 2 protocol which supports both
traditional and standalone MM.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
6 months agoMdeModulePkg/VariableInfo: switch to MM communicate 2 protocol
Ard Biesheuvel [Sat, 18 Apr 2020 16:45:25 +0000 (18:45 +0200)]
MdeModulePkg/VariableInfo: switch to MM communicate 2 protocol

Switch to the new MM communicate 2 protocol which supports both
traditional and standalone MM.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
6 months agoArmPkg/MmCommunicationDxe: expose MM Communicate 2 protocol
Ard Biesheuvel [Sat, 18 Apr 2020 16:45:21 +0000 (18:45 +0200)]
ArmPkg/MmCommunicationDxe: expose MM Communicate 2 protocol

Implement the new MmCommunication2 protocol which supports the use
of standalone MM at runtime inside an address space that has been
virtually remapped by the OS.

Note that the implementation of the old MM Communicate protocol is
removed: it never worked correctly so there is no point in keeping it.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
6 months agoMdeModulePkg/SmmIpl: expose MM communicate 2 protocol
Ard Biesheuvel [Sat, 18 Apr 2020 16:45:13 +0000 (18:45 +0200)]
MdeModulePkg/SmmIpl: expose MM communicate 2 protocol

The MM communicate 2 protocol was introduced to factor out the mismatch
between traditional MM, which requires the physical address of the MM
buffer to be passed, and standalone MM, which copies the MM communicate
buffer data into a separate buffer, requiring the virtual address. For
this reason, MM communicate 2 carries both addresses, allowing the
implementation to decide which address it needs.

This hides this implementation detail from the callers of the protocol,
which simply passes both addresses without having to reason about what the
implementation of the protocol actually needs.

Note that the old version of the protocol is retained, in order to support
existing implementations that don't require this flexibility.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
6 months agoMdePkg: introduce MM communicate 2 protocol
Ard Biesheuvel [Sat, 18 Apr 2020 16:44:52 +0000 (18:44 +0200)]
MdePkg: introduce MM communicate 2 protocol

Add the protocol definition of the MM communicate 2 protocol,
which has been introduced by version 1.7 errata A of the PI spec.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
6 months agoUefiCpuPkg/CpuExceptionHandler: Revert CpuExceptionHandler binary patching
Lendacky, Thomas [Thu, 7 May 2020 13:06:50 +0000 (08:06 -0500)]
UefiCpuPkg/CpuExceptionHandler: Revert CpuExceptionHandler binary patching

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2340

Now that an XCODE5 specific CpuExceptionHandlerLib library is in place,
revert the changes made to the ExceptionHandlerAsm.nasm in commit
2db0ccc2d7fe ("UefiCpuPkg: Update CpuExceptionHandlerLib pass XCODE5 tool
chain") so that binary patching of flash code is not performed.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Liming Gao <liming.gao@intel.com>
Acked-by: Bret Barkelew <bret.barkelew@microsoft.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <810f67d8604c054c09d17a22f0bcfaeb41ee8e3b.1588856809.git.thomas.lendacky@amd.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
6 months agoOvmfPkg: Use toolchain appropriate CpuExceptionHandlerLib
Lendacky, Thomas [Thu, 7 May 2020 13:06:49 +0000 (08:06 -0500)]
OvmfPkg: Use toolchain appropriate CpuExceptionHandlerLib

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2340

During the SEC phase, use the XCODE5 CpuExceptionHandlerLib library in
place of the standard library when building with the XCODE5 toolchain.
The SEC XCODE5 version of the library performs binary patching and should
only be used when building with the XCODE5 toolchain.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Julien Grall <julien@xen.org>
Cc: Liming Gao <liming.gao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <0cfdd51deb6d39e08380645f2022b9b76e29f66f.1588856809.git.thomas.lendacky@amd.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
6 months agoUefiCpuPkg/CpuExceptionHandler: Make XCODE5 changes toolchain specific
Lendacky, Thomas [Thu, 7 May 2020 13:06:48 +0000 (08:06 -0500)]
UefiCpuPkg/CpuExceptionHandler: Make XCODE5 changes toolchain specific

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2340

Commit 2db0ccc2d7fe ("UefiCpuPkg: Update CpuExceptionHandlerLib pass
XCODE5 tool chain") introduced binary patching into the exception handling
support. CPU exception handling is allowed during SEC and this results in
binary patching of flash, which should not be done.

Separate the changes from commit 2db0ccc2d7fe into an XCODE5 toolchain
specific file, Xcode5ExceptionHandlerAsm.nasm, and create a new SEC INF
file for the XCODE5 version of CpuExceptionHandlerLib.

Since binary patching is allowed when running outside of flash, switch
the Dxe, Pei and Smm versions of the CpuExceptionHandlerLib over to use
the Xcode5ExceptionHandlerAsm.nasm file to retain current functionality.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Liming Gao <liming.gao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <9075570487616c731033a5738f6a444a15d71b74.1588856809.git.thomas.lendacky@amd.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
6 months agoBaseTools/Plugin: Update HostBasedUnitTestRunner to support Linux
Sean Brogan [Wed, 15 Apr 2020 20:30:39 +0000 (04:30 +0800)]
BaseTools/Plugin: Update HostBasedUnitTestRunner to support Linux

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2513

Update HostBasedUnitTestRunner plugin to support the Linux environment
and remove any Windows only logic.

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Sean Brogan <sean.brogan@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months ago.pytool/CISettings: Remove Windows only scope for host based unit tests
Sean Brogan [Wed, 15 Apr 2020 20:30:38 +0000 (04:30 +0800)]
.pytool/CISettings: Remove Windows only scope for host based unit tests

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2513

Remove Windows only scopes in the CISettngs file

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Sean Brogan <sean.brogan@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
6 months agoBaseTools: add handling for 'S:' flag to GetMaintainer.py
Leif Lindholm [Wed, 29 Apr 2020 16:36:14 +0000 (00:36 +0800)]
BaseTools: add handling for 'S:' flag to GetMaintainer.py

GetMaintainer.py already extracts the value of any S: tags for sections,
but it doesn't do anything with that information.

Print a warning message, with the status, for each matching section with
a status explicitly set to anything other than 'Supported' or
'Maintained'.

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Leif Lindholm <leif@nuviainc.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
6 months agoBaseTools: add repo name option to SetupGit.py
Rebecca Cran [Fri, 1 May 2020 20:00:44 +0000 (04:00 +0800)]
BaseTools: add repo name option to SetupGit.py

Allow users who didn't clone one of the TianoCore repos from a
canonical URL to specify the name of the repo (edk2, edk2-platforms
or edk2-non-osi) when running SetupGit.py to allow them to configure
their repo properly.

The new option is:

  -n repo, --name repo  set the repo name to configure for, if not
                        detected automatically

Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
6 months agoNetworkPkg: Add RISCV64 architecture
Abner Chang [Tue, 7 Apr 2020 08:04:14 +0000 (16:04 +0800)]
NetworkPkg: Add RISCV64 architecture

Add RISCV64 Arch in NetworkPkg.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2672

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Co-authored-by: Gilbert Chen <gilbert.chen@hpe.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Acked-by: Siyuan Fu <siyuan.fu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
6 months agoMdeModulePkg/DxeIplPeim : RISC-V platform level DxeIPL
Abner Chang [Tue, 7 Apr 2020 08:12:04 +0000 (16:12 +0800)]
MdeModulePkg/DxeIplPeim : RISC-V platform level DxeIPL

Implementation of RISC-V DxeIPL.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2672

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Co-authored-by: Gilbert Chen <gilbert.chen@hpe.com>
Co-authored-by: Daniel Helmut <daniel.schaefer@hpe.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
6 months agoMdeModulePkg/CapsuleRuntimeDxe: Add RISCV64 architecture
Abner Chang [Tue, 7 Apr 2020 07:48:39 +0000 (15:48 +0800)]
MdeModulePkg/CapsuleRuntimeDxe: Add RISCV64 architecture

Add RISC-V in INF for building CapsuleRuntimeDxe RISCV64 image.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2672

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Co-authored-by: Gilbert Chen <gilbert.chen@hpe.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Acked-by: Hao A Wu <hao.a.wu@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
6 months agoMdeModulePkg/Logo:Add RISCV64 architecture
Abner Chang [Tue, 7 Apr 2020 08:02:54 +0000 (16:02 +0800)]
MdeModulePkg/Logo:Add RISCV64 architecture

Add RISCV64 Arch.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2672

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Co-authored-by: Gilbert Chen <gilbert.chen@hpe.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Acked-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
6 months agoMdePkg/BaseSafeIntLib: Add RISCV64 arch for BaseSafeIntLib.
Abner Chang [Tue, 7 Apr 2020 08:02:06 +0000 (16:02 +0800)]
MdePkg/BaseSafeIntLib: Add RISCV64 arch for BaseSafeIntLib.

Add RISCV64 arch for BaseSafeIntLib library.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2672

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
Cc: Daniel Helmut Schaefer <daniel.schaefer@hpe.com>
6 months agoMdePkg/BaseSynchronizationLib: RISC-V cache related code.
Abner Chang [Tue, 21 Apr 2020 01:51:27 +0000 (09:51 +0800)]
MdePkg/BaseSynchronizationLib: RISC-V cache related code.

Support RISC-V cache related functions.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2672

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Co-authored-by: Gilbert Chen <gilbert.chen@hpe.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
6 months agoMdePkg/BaseCpuLib: RISC-V Base CPU library
Abner Chang [Tue, 7 Apr 2020 07:59:20 +0000 (15:59 +0800)]
MdePkg/BaseCpuLib: RISC-V Base CPU library
implementation.

Implement RISC-V CPU related functions in BaseCpuLib.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2672

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Co-authored-by: Gilbert Chen <gilbert.chen@hpe.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
6 months agoMdePkg/BasePeCoff: Add RISC-V PE/Coff related code.
Abner Chang [Tue, 7 Apr 2020 07:57:43 +0000 (15:57 +0800)]
MdePkg/BasePeCoff: Add RISC-V PE/Coff related code.

Support RISC-V image relocation.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2672

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Co-authored-by: Gilbert Chen <gilbert.chen@hpe.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
6 months agoMdePkg/BaseIoLibIntrinsic: Rename IoLibArm.c=>IoLibNoIo.c
Abner Chang [Tue, 7 Apr 2020 07:55:56 +0000 (15:55 +0800)]
MdePkg/BaseIoLibIntrinsic: Rename IoLibArm.c=>IoLibNoIo.c

RISC-V MMIO library instance.
IoLibArm.c in fact implements a generic Mmio-only (and ANSI
C compliant), so rename it to better reflect this.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2672

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Co-authored-by: Gilbert Chen <gilbert.chen@hpe.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
6 months agoMdePkg/BaseCacheMaintenanceLib:
Abner Chang [Tue, 7 Apr 2020 07:54:29 +0000 (15:54 +0800)]
MdePkg/BaseCacheMaintenanceLib:
RISC-V cache maintenance implementation.

Implement RISC-V cache maintenance functions in
BaseCacheMaintenanceLib.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2672

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Co-authored-by: Gilbert Chen <gilbert.chen@hpe.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
6 months agoMdePkg/BaseLib: BaseLib for RISCV64 architecture
Abner Chang [Tue, 7 Apr 2020 07:53:22 +0000 (15:53 +0800)]
MdePkg/BaseLib: BaseLib for RISCV64 architecture

Add RISC-V RV64 BaseLib functions.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2672

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Co-authored-by: Gilbert Chen <gilbert.chen@hpe.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
6 months agoMdePkg/Include: RISC-V definitions.
Abner Chang [Tue, 7 Apr 2020 07:47:31 +0000 (15:47 +0800)]
MdePkg/Include: RISC-V definitions.

Add RISC-V processor related definitions.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2672

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Co-authored-by: Gilbert Chen <gilbert.chen@hpe.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
6 months agoMdePkg: Add RISC-V RISCV64 binding
Abner Chang [Tue, 7 Apr 2020 07:45:31 +0000 (15:45 +0800)]
MdePkg: Add RISC-V RISCV64 binding

Add RISCV64 sections in MdePkg.dec and RISCV64 ProcessorBind.h

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2672

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Co-authored-by: Gilbert Chen <gilbert.chen@hpe.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
6 months ago.pytool: Add RISC-V architecture on RISC-V EDK2 CI.
Abner Chang [Fri, 3 Apr 2020 05:51:12 +0000 (13:51 +0800)]
.pytool: Add RISC-V architecture on RISC-V EDK2 CI.

BZ:2562:
https://bugzilla.tianocore.org/show_bug.cgi?id=2562

Add RISC-V architecture on RISC-V EDK2 CI testing.

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
Cc: Daniel Helmut Schaefer <daniel.schaefer@hpe.com>