mirror_edk2.git
5 years agoIntelSiliconPkg/VtdInfoSample: Fix IGD RMRR memory.
Jiewen Yao [Fri, 20 Oct 2017 08:47:48 +0000 (16:47 +0800)]
IntelSiliconPkg/VtdInfoSample: Fix IGD RMRR memory.

Fix a calculation problem in IGD RMRR memory.

Cc: Zeng Star <zeng.star@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Zeng Star <zeng.star@intel.com>
5 years agoUefiCpuPkg/MtrrLib: Make comments align with function
Dandan Bi [Thu, 19 Oct 2017 07:48:56 +0000 (15:48 +0800)]
UefiCpuPkg/MtrrLib: Make comments align with function

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
5 years agoMdeModulePkg/DxeIplPeim: Refine coding style in function comments
Dandan Bi [Thu, 19 Oct 2017 07:42:27 +0000 (15:42 +0800)]
MdeModulePkg/DxeIplPeim: Refine coding style in function comments

Make the comments align with the function.
And add some missing function comments.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
5 years agoIntelFrameworkModule/LegacyBios: Avoid explicit comparison for BOOLEAN
Dandan Bi [Thu, 19 Oct 2017 07:34:53 +0000 (15:34 +0800)]
IntelFrameworkModule/LegacyBios: Avoid explicit comparison for BOOLEAN

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
5 years agoIntelFrameworkModulePkg/Csm: Refine coding style in comments
Dandan Bi [Thu, 19 Oct 2017 07:30:23 +0000 (15:30 +0800)]
IntelFrameworkModulePkg/Csm: Refine coding style in comments

Make the comments follow Edk2 coding style:
1. Make the comments starts with /** and end with **/.
2. Make the comments descrition end with '.'

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
5 years agoEmbeddedPkg: add driver to set graphical/serial console preference
Ard Biesheuvel [Fri, 20 Oct 2017 13:30:11 +0000 (14:30 +0100)]
EmbeddedPkg: add driver to set graphical/serial console preference

Linux on ARM/arm64 will infer from the presence of a /chosen/stdout-path
DT property or of a SPCR ACPI table that the primary console is the serial
port, even if a graphical console is available as well.

So let's introduce a driver that allows the user to set a preference
between graphical and serial if both are available. If the preference
is set to 'Graphical', and any GOP protocol instances have been installed
by the time the ReadyToBoot event is signalled, remove the DT property
and/or the SPCR table entirely.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
5 years agoMdeModulePkg/PciBus: Fix bug that PCI BUS claims too much resource
Ruiyu Ni [Fri, 20 Oct 2017 09:55:01 +0000 (17:55 +0800)]
MdeModulePkg/PciBus: Fix bug that PCI BUS claims too much resource

The bug was caused by 728d74973c9262b6c7b7ef4be213223d55affec3
"MdeModulePkg/PciBus: Count multiple hotplug resource paddings".

The patch firstly updated the Bridge->Alignment to the maximum
alignment of all devices under the bridge, then aligned the
Bridge->Length to Bridge->Alignment.
It caused too much resources were claimed.

The new patch firstly aligns Bridge->Length to Bridge->Alignment,
then updates the Bridge->Alignment to the maximum alignment of all
devices under the bridge.
Because the step to update the Bridge->Alignment is to make sure
the resource allocated to the bus under the Bridge meets all
devices alignment. But the Bridge->Length doesn't have to align
to the maximum alignment.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
5 years agoUefiCpuPkg/MtrrLib: Use SetMem instead of SetMem64 to fix hang
Ruiyu Ni [Mon, 23 Oct 2017 05:11:40 +0000 (13:11 +0800)]
UefiCpuPkg/MtrrLib: Use SetMem instead of SetMem64 to fix hang

ClearMasks and OrMasks are not 8-byte aligned.
But SetMem64 requires the input address is 8-byte aligned.
If the input is not 8-byte aligned, assertion is hit.
Use SetMem instead.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
5 years agoShellPkg/editor: Fix system hang when console max column > 200
Ruiyu Ni [Thu, 19 Oct 2017 06:14:33 +0000 (14:14 +0800)]
ShellPkg/editor: Fix system hang when console max column > 200

EditorClearLine() assumes the console max column is less than 200.
When the max column is bigger than 200, the code incorrectly
modifies the content out side of Line buffer.
It may cause system hang or reset.

The patch changes the function to print several times when
the max column is bigger than 200.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
5 years agoNetworkPkg: Remove ping6 and ifconfig shell application.
Fu Siyuan [Tue, 17 Oct 2017 13:05:59 +0000 (21:05 +0800)]
NetworkPkg: Remove ping6 and ifconfig shell application.

Edk2 has duplicated ping6/ifconfig6 implementation in NetworkPkg and ShellPkg.
The usage and parameter format of these 2 versions are exactly same. These two
commands have been added to Shell specification so the copy under
  ShellPkg\Library\UefiShellNetwork2CommandsLib\
will be actively maintained in future.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
5 years agoShellPkg/alias: Fix flag parsing logic
Huajing Li [Fri, 13 Oct 2017 02:44:10 +0000 (10:44 +0800)]
ShellPkg/alias: Fix flag parsing logic

Existing logic to parse the flags isn't complete and cannot detect
some invalid combinations of flags.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
5 years agoMdeModulePkg/PciHostBridge: Set SpecificFlag to 0 for Mem32/Mem64
Ruiyu Ni [Thu, 19 Oct 2017 02:47:40 +0000 (10:47 +0800)]
MdeModulePkg/PciHostBridge: Set SpecificFlag to 0 for Mem32/Mem64

Existing code forgot to set Descriptor->SpecificFlag to 0 when
the resource type is non-prefetchable MMIO.
The patch adds the missing assignment.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
5 years agoUefiCpuPkg/MtrrLib: Fix bug that may incorrectly set <1MB attribute
Ruiyu Ni [Thu, 19 Oct 2017 02:43:08 +0000 (10:43 +0800)]
UefiCpuPkg/MtrrLib: Fix bug that may incorrectly set <1MB attribute

MtrrLibSetBelow1MBMemoryAttribute() may be called multiple times.
It's possible that in a 2nd call, Modified[0] is set to TRUE in
1st call but ClearMasks[0] and OrMasks[0] is uninitialized in
2nd call. It causes FixedSettings->Mtrr[0] be set to random
data.

The patch fixes this issue by introducing a local Modified[]
array and only updates FixedSettings->Mtrr[] when LocalModified[i]
is TRUE.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
5 years agoUefiCpuPkg/MpInitLib: Avoid call PcdGet* in Ap & Bsp.
Eric Dong [Thu, 19 Oct 2017 02:40:16 +0000 (10:40 +0800)]
UefiCpuPkg/MpInitLib: Avoid call PcdGet* in Ap & Bsp.

MicrocodeDetect function will run by every threads, and it will
use PcdGet to get PcdCpuMicrocodePatchAddress and
PcdCpuMicrocodePatchRegionSize, if change both PCD default to dynamic,
system will in non-deterministic behavior.

By design, UEFI/PI services are single threaded and not re-entrant
so Multi processor code should not use UEFI/PI services. Here, Pcd
protocol/PPI is used to access dynamic PCDs so it would result in
non-deterministic behavior.

This code get PCD value in BSP and save them in CPU_MP_DATA for Ap.

https://bugzilla.tianocore.org/show_bug.cgi?id=726

Cc: Crystal Lee <CrystalLee@ami.com.tw>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
5 years agoSecurityPkg/SecureBootConfigDxe: Handle lack of STR_SIGNATURE_* tokens
chenc2 [Wed, 18 Oct 2017 06:23:45 +0000 (14:23 +0800)]
SecurityPkg/SecureBootConfigDxe: Handle lack of STR_SIGNATURE_* tokens

Add check to avoid NULL ptr dereference. The function HiiGetString
will return NULL pointer when the platform does not install the
appropriate string or call HiiGetString fail.(For example, HII not
support specified language.)

Cc: Zhang Chao <chao.b.zhang@intel.com>
Cc: Wu Hao <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Wu Hao <hao.a.wu@intel.com>
5 years agoOvmfPkg: fix dynamic default for oprom verification policy PCD without SB
Laszlo Ersek [Tue, 17 Oct 2017 21:29:33 +0000 (23:29 +0200)]
OvmfPkg: fix dynamic default for oprom verification policy PCD without SB

I missed the following, both while reviewing and while testing commit
6041ac65ae87 ("OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION
when SEV is active", 2017-10-05):

If "-D SECURE_BOOT_ENABLE" is not passed on the "build" command line, then
OVMF has no dynamic default at all for
"PcdOptionRomImageVerificationPolicy". This means that the PcdSet32S()
call added in the subject commit doesn't even compile:

> OvmfPkg/PlatformPei/AmdSev.c: In function 'AmdSevInitialize':
> OvmfPkg/PlatformPei/AmdSev.c:67:3: error: implicit declaration of
> function '_PCD_SET_MODE_32_S_PcdOptionRomImageVerificationPolicy'
> [-Werror=implicit-function-declaration]
>    PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);
>    ^
> cc1: all warnings being treated as errors

Make the current, SB-only, 0x00 dynamic default unconditional.

This is the simplest approach, and it reflects the intent of original
commit 1fea9ddb4e3f ("OvmfPkg: execute option ROM images regardless of
Secure Boot", 2016-01-07). Without SECURE_BOOT_ENABLE,
"SecurityPkg/Library/DxeImageVerificationLib" is not used anyway, so the
PCD is never read.

This issue was first caught and reported by Gerd Hoffmann
<kraxel@redhat.com>'s Jenkins CI. Later it was also reported in
<https://bugzilla.tianocore.org/show_bug.cgi?id=737>.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Fixes: 6041ac65ae879389f3ab5c0699f916d3e71c97fe
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
[lersek@redhat.com: trim commit message as suggested by Jordan]
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
[lersek@redhat.com: add reference to TianoCore BZ#737]

5 years agoSecurityPkg/Pkcs7Verify: Add the comments to address security problem
Long Qin [Thu, 12 Oct 2017 01:12:42 +0000 (09:12 +0800)]
SecurityPkg/Pkcs7Verify: Add the comments to address security problem

Add the comments to address security problems in the Pkcs7Verify Protocol
per UEFI 2.7 updates.

The Pkcs7Verifier function VerifySignature() has problematic use cases
where it might be used to unwittingly bypass security checks.  The specific
problem is that if the supplied hash is a different algorithm from the
blacklist hash, the hash will be approved even if it should have been
denied. The added comments place a strong warning about the problem.
It is possible to use the protocol reliably, either by agreeing a hash to
use for all time (like sha256) or by looping over all supported hashes when
using the protocol.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
5 years agoBaseTools/BuildEnv: override "set -C" (noclobber) in sourcing shell env
Laszlo Ersek [Sun, 8 Jul 2012 09:55:50 +0000 (11:55 +0200)]
BaseTools/BuildEnv: override "set -C" (noclobber) in sourcing shell env

The BuildEnv utility is sourced (executed by the user's interactive shell)
when the user sets up the build session. Some users like to set -C
(noclobber) for some additional safety in their shells, which trips up
BuildEnv. Update the redirection operator so that it overrides noclobber.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Thomas Huth <thuth@redhat.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
5 years agoSecurityPkg/AuthVariableLib: fix GCC build error
Laszlo Ersek [Tue, 17 Oct 2017 18:54:00 +0000 (20:54 +0200)]
SecurityPkg/AuthVariableLib: fix GCC build error

Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for
Private Auth Variable", 2017-09-12) introduced the following build
failure under several GCC toolchain versions:

> SecurityPkg/Library/AuthVariableLib/AuthService.c: In function
> 'CalculatePrivAuthVarSignChainSHA256Digest':
> SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error:
> pointer targets in passing argument 3 of 'X509GetCommonName' differ in
> signedness [-Werror=pointer-sign]
>    Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
>                                                           ^~~~~~~~~~~~~~
> In file included from
> SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0,
>                  from
>                  SecurityPkg/Library/AuthVariableLib/AuthService.c:32:
> CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 *
> {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}'
>  X509GetCommonName (
>  ^~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors

Fix it by changing the type of "CertCommonName" to array-of-CHAR8.

Locations where "CertCommonName" is used in the
CalculatePrivAuthVarSignChainSHA256Digest() function:

- it is taken the size of -- not impacted by this patch;

- passed to X509GetCommonName() as an argument -- the patch fixes the
  build error;

- passed to Sha256Update() as argument for "IN CONST VOID  *Data" -- not
  impacted by the patch;

- passed to AsciiStrLen() as argument -- drop the now-superfluous explicit
  cast.

Since we are touching the Sha256Update() function call, fix the coding
style too:

- the line is overlong, so break each argument to its own line;

- insert a space between "AsciiStrLen" and the opening paren "(".

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Gary Lin <glin@suse.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Long Qin <qin.long@intel.com>
Reported-by: Gary Lin <glin@suse.com>
Suggested-by: Gary Lin <glin@suse.com>
Suggested-by: Long Qin <qin.long@intel.com>
Fixes: 53c6ff18032737fabb644a9e0c781d91a6830248
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
5 years agoOvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active
Brijesh Singh [Thu, 5 Oct 2017 20:16:42 +0000 (15:16 -0500)]
OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active

The following commit:

1fea9ddb4e3f OvmfPkg: execute option ROM images regardless of Secure Boot

sets the OptionRomImageVerificationPolicy to ALWAYS_EXECUTE the expansion
ROMs attached to the emulated PCI devices. A expansion ROM constitute
another channel through which a cloud provider (i.e hypervisor) can
inject a code in guest boot flow to compromise it.

When SEV is enabled, the bios code has been verified by the guest owner
via the SEV guest launch sequence before its executed. When secure boot,
is enabled, lets make sure that we do not allow guest bios to execute a
code which is not signed by the guest owner.

Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
5 years agoSecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
Brijesh Singh [Thu, 5 Oct 2017 20:16:41 +0000 (15:16 -0500)]
SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic

By default the image verification policy for option ROM images is 0x4
(DENY_EXECUTE_ON_SECURITY_VIOLATION) but the following OvmfPkg commit:

1fea9ddb4e3f OvmfPkg: execute option ROM images regardless of Secure Boot

set it to 0x0 (ALWAYS_EXECUTE). This is fine because typically option
ROMs comes from host-side and most of the time cloud provider (i.e
hypervisor) have full access over a guest anyway. But when secure boot
is enabled, we would like to deny the execution of option ROM when
SEV is active. Having dynamic Pcd will give us flexibility to set the
security policy at the runtime.

Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
5 years agoSecurityPkg/SecureBootConfigDxe: Change the declaring of buffer.
chenc2 [Tue, 17 Oct 2017 08:45:06 +0000 (16:45 +0800)]
SecurityPkg/SecureBootConfigDxe: Change the declaring of buffer.

The change doesn't impact the functionality.
To avoid magic code is helpful for maintaining the codes.
Use stack variable for known max length variable is more
clear and safe than heap buffer.

Cc: Zhang Chao B <chao.b.zhang@intel.com>
Cc: Wu Hao A <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
5 years agoSecurityPkg/SecureBootConfigDxe: Fix coding style issue
chenc2 [Tue, 17 Oct 2017 07:14:17 +0000 (15:14 +0800)]
SecurityPkg/SecureBootConfigDxe: Fix coding style issue

The change doesn't impact the functionality.

Cc: Bi Dandan <dandan.bi@intel.com>
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Bi Dandan <dandan.bi@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
5 years agoSecurity/OpalHii.c: Handle NULL Request or Request with no elements
Dandan Bi [Mon, 16 Oct 2017 03:37:08 +0000 (11:37 +0800)]
Security/OpalHii.c: Handle NULL Request or Request with no elements

According to UEFI spec, for the ExtractConfig function in
EFI_HII_CONFIG_ACCESS_PROTOCOL,If a NULL is passed in for the Request
field or if a ConfigHdr is passed in with no request elements, all of
the settings being abstracted by this function will be returned in the
Results field.

The implementation of ExtractConfig function in OpalHii.c misses to
handle above cases.This patch is to do the enhancements.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
5 years agoUefiCpuPkg/MtrrLib: Fix MtrrDebugPrintAllMtrrsWorker to avoid hang
Ruiyu Ni [Tue, 17 Oct 2017 01:46:27 +0000 (09:46 +0800)]
UefiCpuPkg/MtrrLib: Fix MtrrDebugPrintAllMtrrsWorker to avoid hang

ARRAY_SIZE(Mtrrs->Variables.Mtrr) was used in
MtrrDebugPrintAllMtrrsWorker() to parse the MTRR registers.
Instead, the actual variable MTRR count should be used.
Otherwise, the uninitialized random data in MtrrSetting may cause
MtrrLibSetMemoryType() hang.

Steven Shi found this bug in QEMU when using Q35 chip.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Steven Shi <steven.shi@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
5 years agoShellPkg/UefiShellLib: Use a more bright blue/green color
Ruiyu Ni [Mon, 16 Oct 2017 07:30:23 +0000 (15:30 +0800)]
ShellPkg/UefiShellLib: Use a more bright blue/green color

Some developers/QAs complain the color of directory or executable
files is hard to see and suggest to use a more bright color.
I agree with this suggestion so make this patch.
The look and feel is much better now.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
5 years agoBaseTools: Fix a bug Build directory should relative to WORKSPACE
Yonghong Zhu [Fri, 13 Oct 2017 02:47:24 +0000 (10:47 +0800)]
BaseTools: Fix a bug Build directory should relative to WORKSPACE

The bug is for build output files it still use mws.join function, it
cause maybe we will get the build output files in the PACKAGES_PATH
because mws.join will try WORKSPACE first, if the file doesn't exist
then try PACKAGES_PATH. But for build output, we expected it should
relative to WORKSPACE.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
5 years agoUefiCpuPkg/MtrrLib: Skip Base MSR access when the pair is invalid
Ruiyu Ni [Tue, 26 Sep 2017 15:26:32 +0000 (23:26 +0800)]
UefiCpuPkg/MtrrLib: Skip Base MSR access when the pair is invalid

The patch optimized the MTRR access code to skip the Base MSR
access when the Mask MSR indicates the pair is invalid.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
5 years agoUefiCpuPkg/MtrrLib: Update algorithm to calculate optimal settings
Ruiyu Ni [Wed, 27 Sep 2017 09:56:41 +0000 (17:56 +0800)]
UefiCpuPkg/MtrrLib: Update algorithm to calculate optimal settings

The new algorithm converts the problem calculating optimal
MTRR settings (using least MTRR registers) to the problem finding
the shortest path in a graph.
The memory required in extreme but rare case can be up to 256KB,
so using local stack buffer is impossible considering current
DxeIpl only allocates 128KB stack.

The patch changes existing MtrrSetMemoryAttributeInMtrrSettings() and
MtrrSetMemoryAttribute() to use the 4-page stack buffer for
calculation. The two APIs return BUFFER_TOO_SMALL when the buffer
is too small for calculation.

The patch adds a new API MtrrSetMemoryAttribute*s*InMtrrSettings() to
set multiple-range attributes in one function call.
Since every call to MtrrSetMemoryAttributeInMtrrSettings (without-s)
or MtrrSetMemoryAttribute() requires to calculate the MTRRs for the
whole physical memory, combining multiple calls in one API can
significantly reduce the calculation time.
In theory, if N times of call to without-s API costs N seconds,
the new API only costs 1 second.
The new API uses the buffer supplied from caller to calculate
MTRRs and returns BUFFER_TOO_SMALL when the buffer is too small for
calculation.

Test performed:
1. Random test
 a. Generate random memory settings, use the new algorithm to
    calculate the MTRRs.
 b. Read back the MTRRs and check the memory settings match
    the desired memory settings.
 c. Repeat the above #1 and #2 100000 times.
2. OVMF 32PEI + 64DXE boot to shell.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
5 years agoUefiCpuPkg/MtrrLib: Optimize MtrrLibLeastAlignment()
Ruiyu Ni [Wed, 27 Sep 2017 09:47:37 +0000 (17:47 +0800)]
UefiCpuPkg/MtrrLib: Optimize MtrrLibLeastAlignment()

The patch changes MtrrLibLeastAlignment() to
MtrrLibBiggestAlignment() and optimizes the implementation
to be more efficient.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
5 years agoUefiCpuPkg/MtrrLib: refine MtrrLibProgramFixedMtrr()
Ruiyu Ni [Tue, 26 Sep 2017 15:09:50 +0000 (23:09 +0800)]
UefiCpuPkg/MtrrLib: refine MtrrLibProgramFixedMtrr()

The patch replaces some if-checks with assertions because
they are impossible to happen.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
5 years agoSourceLevelDebugPkg: Update SmmDebugAgentLib to restore APIC timer
Liming Gao [Tue, 10 Oct 2017 10:04:12 +0000 (18:04 +0800)]
SourceLevelDebugPkg: Update SmmDebugAgentLib to restore APIC timer

In enter SMI, APIC timer may be initialized. After exit SMI, APIC timer
will be restore.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
5 years agoMdeModulePkg: Update RuntimeDxe Crc32 to check the input parameter
Liming Gao [Thu, 12 Oct 2017 04:22:57 +0000 (12:22 +0800)]
MdeModulePkg: Update RuntimeDxe Crc32 to check the input parameter

This is the regression issue. After apply CalculateCrc32(), the parameter
check is missing.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Wu Hao A <hao.a.wu@intel.com>
5 years agoUefiCpuPkg/PiSmmCpuDxeSmm: Fix bitwise size issue
Jian J Wang [Thu, 12 Oct 2017 04:49:18 +0000 (12:49 +0800)]
UefiCpuPkg/PiSmmCpuDxeSmm: Fix bitwise size issue

Cc: Eric Dong <eric.dong@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
5 years agoSecurityPkg\Tcg2Pei: FV measure performance enhancement
Zhang, Chao B [Thu, 27 Jul 2017 06:22:00 +0000 (14:22 +0800)]
SecurityPkg\Tcg2Pei: FV measure performance enhancement

1. Leverage Pre-Hashed FV PPI to reduce duplicated hash
2. Only measure BFV at the beginning. Other FVs are measured in FVinfo callback with nested
   FV check. https://bugzilla.tianocore.org/show_bug.cgi?id=662

Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
5 years agoSecurityPkg:AuthVariableLib:Implement ECR1707 for Private Auth Variable
Zhang, Chao B [Tue, 12 Sep 2017 07:41:12 +0000 (15:41 +0800)]
SecurityPkg:AuthVariableLib:Implement ECR1707 for Private Auth Variable

ECR1707 for UEFI2.7 clarified certificate management rule for private time-based
AuthVariable.Trusted cert rule changed from whole signer's certificate stack to
top-level issuer cert tbscertificate + SignerCert CN for better management compatibility.
Hash is used to reduce storage overhead.

Cc: Long Qin <qin.long@intel.com>
Cc: Chen Chen <chen.a.chen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>'
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Chen Chen <chen.a.chen@intel.com>
5 years agoIfconfig : Fixed False information about Media State.
Meenakshi Aggarwal [Thu, 5 Oct 2017 06:24:45 +0000 (11:54 +0530)]
Ifconfig : Fixed False information about Media State.

Issue : We were setting MediaPresent as TRUE (default) and
not checking return status of NetLibDetectMedia().
NetLibDetectMedia() sets MediaPresent FLAG in case of success
only and dont change flag on error.
So, Media State will display as 'Media Present', in case of
error also.

Fix : Check return value of NetLibDetectMedia(), if error then
print "Media State Unknown"

Contributed-under: TianoCore Contribution Agreement 1.1

Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
5 years agoUefiCpuPkg/S3Resume2Pei: Handle Communicate Ppi not exist issue.
Eric Dong [Thu, 12 Oct 2017 08:31:58 +0000 (16:31 +0800)]
UefiCpuPkg/S3Resume2Pei: Handle Communicate Ppi not exist issue.

Current code assume Communicate Ppi always existed, so it adds
ASSERT to confirm it. Ovmf platform happened not has this Ppi, so
the ASSERT been trig. This patch handle Ppi not existed case.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
5 years agoMdeModulePkg/PiSmmCore: Install Protocol when S3 resume finished.
Eric Dong [Wed, 11 Oct 2017 01:29:52 +0000 (09:29 +0800)]
MdeModulePkg/PiSmmCore: Install Protocol when S3 resume finished.

Install EdkiiSmmEndOfS3ResumeProtocol when S3 resume finished.
S3ResumePei will send S3 resume finished event to SmmCore through
communication buffer.

V2 change:
 None.

V3 change:
1. Uninstall the protocol right after install it to avoid run out of memory.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
5 years agoUefiCpuPkg/S3Resume2Pei: Send S3 resume finished event to SmmCore.
Eric Dong [Wed, 11 Oct 2017 01:25:07 +0000 (09:25 +0800)]
UefiCpuPkg/S3Resume2Pei: Send S3 resume finished event to SmmCore.

Driver will send S3 resume finished event to SmmCore through communicate
buffer after it signals EndOfPei event.

V2 Changes:
1. Change structures name to avoid they start with EFI_.
2. Base on DXE phase bits to provide communication buffer, current implement
check both PEI and DXE phase.

V3 Changes:
1. Change structure name for better understanding.
2. Enhance communication buffer calculate logic to more accurate.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
5 years agoMdeModulePkg/SmmEndOfS3Resume.h: Add new protocol definition.
Eric Dong [Wed, 11 Oct 2017 01:21:00 +0000 (09:21 +0800)]
MdeModulePkg/SmmEndOfS3Resume.h: Add new protocol definition.

Add gEdkiiSmmEndOfS3ResumeProtocolGuid which used by SmmCore to
notify smm drives that S3 resume has finished.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
5 years agoIntelFrameworkModulePkg/LegacyBiosDxe: Fix GCC5 build warning
Jian J Wang [Thu, 12 Oct 2017 01:01:50 +0000 (09:01 +0800)]
IntelFrameworkModulePkg/LegacyBiosDxe: Fix GCC5 build warning

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
5 years agoMdeModulePkg/Bds: Check variable name even *if* OptionNumber is NULL
Ruiyu Ni [Tue, 10 Oct 2017 08:57:38 +0000 (16:57 +0800)]
MdeModulePkg/Bds: Check variable name even *if* OptionNumber is NULL

Current implementation skips to check whether the last four
characters are digits when the OptionNumber is NULL.
Even worse, it may incorrectly return FALSE when OptionNumber is
NULL.

The patch fixes it to always check the variable name even
OptionNumber is NULL.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
5 years agoMdeModulePkg/Bds: Remove assertion in BmCharToUint
Ruiyu Ni [Tue, 10 Oct 2017 08:39:12 +0000 (16:39 +0800)]
MdeModulePkg/Bds: Remove assertion in BmCharToUint

BmCharToUint() could be called using external data and it
already contains logic to return -1 when data is invalid,
so removing unnecessary assertion to avoid system hang.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
5 years agoOvmfPkg/QemuVideoDxe: Bypass NULL pointer detection during VBE SHIM installing
Jian J Wang [Mon, 9 Oct 2017 14:02:27 +0000 (22:02 +0800)]
OvmfPkg/QemuVideoDxe: Bypass NULL pointer detection during VBE SHIM installing

QemuVideoDxe driver will link VBE SHIM into page 0. If NULL pointer
detection is enabled, this driver will fail to load. NULL pointer detection
bypassing code is added to prevent such problem during boot.

Please note that Windows 7 will try to access VBE SHIM during boot if it's
installed, and then cause boot failure. This can be fixed by setting BIT7
of PcdNullPointerDetectionPropertyMask to disable NULL pointer detection
after EndOfDxe. As far as we know, there's no other OSs has such issue.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ayellet Wolman <ayellet.wolman@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
5 years agoIntelFrameworkModulePkg/Csm: Add code to bypass NULL pointer detection
Jian J Wang [Mon, 9 Oct 2017 14:01:49 +0000 (22:01 +0800)]
IntelFrameworkModulePkg/Csm: Add code to bypass NULL pointer detection

Legacy has to access interrupt vector, BDA, etc. located in memory between
0-4095. To allow as much code as possible to be monitored by NULL pointer
detection, we add code to temporarily disable this feature right before
those memory access and enable it again afterwards.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ayellet Wolman <ayellet.wolman@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
5 years agoUefiCpuPkg/PiSmmCpuDxeSmm: Implement NULL pointer detection for SMM code
Jian J Wang [Mon, 9 Oct 2017 14:00:39 +0000 (22:00 +0800)]
UefiCpuPkg/PiSmmCpuDxeSmm: Implement NULL pointer detection for SMM code

The mechanism behind is the same as NULL pointer detection enabled in EDK-II
core. SMM has its own page table and we have to disable page 0 again in SMM
mode.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ayellet Wolman <ayellet.wolman@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
5 years agoMdeModulePkg/Core/Dxe: Add EndOfDxe workaround for NULL pointer detection
Jian J Wang [Mon, 9 Oct 2017 13:58:55 +0000 (21:58 +0800)]
MdeModulePkg/Core/Dxe: Add EndOfDxe workaround for NULL pointer detection

One of issue caused by enabling NULL pointer detection is that some PCI
device OptionROM, binary drivers and binary OS boot loaders may have NULL
pointer access bugs, which will prevent BIOS from booting and is almost
impossible to fix. BIT7 of PCD PcdNullPointerDetectionPropertyMask is used
as a workaround to indicate BIOS to disable NULL pointer detection right
after event gEfiEndOfDxeEventGroupGuid, and then let boot continue.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ayellet Wolman <ayellet.wolman@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
5 years agoMdeModulePkg/DxeIpl: Implement NULL pointer detection
Jian J Wang [Mon, 9 Oct 2017 13:56:32 +0000 (21:56 +0800)]
MdeModulePkg/DxeIpl: Implement NULL pointer detection

NULL pointer detection is done by making use of paging mechanism of CPU.
During page table setup, if enabled, the first 4-K page (0-4095) will be
marked as NOT PRESENT. Any code which unintentionally access memory between
0-4095 will trigger a Page Fault exception which warns users that there's
potential illegal code in BIOS.

This also means that legacy code which has to access memory between 0-4095
should be cautious to temporarily disable this feature before the access
and re-enable it afterwards; or disalbe this feature at all.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ayellet Wolman <ayellet.wolman@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
5 years agoMdeModulePkg/MdeModulePkg.dec,.uni: Add NULL pointer detection PCD
Wang, Jian J [Sat, 26 Aug 2017 01:08:10 +0000 (09:08 +0800)]
MdeModulePkg/MdeModulePkg.dec,.uni: Add NULL pointer detection PCD

PCD PcdNullPointerDetectionPropertyMask is a bitmask used to control the
NULL address detection functionality in code for different phases.

If enabled, accessing NULL address in UEFI or SMM code can be caught
as a page fault exception.

    BIT0    - Enable NULL pointer detection for UEFI.
    BIT1    - Enable NULL pointer detection for SMM.
    BIT2..6 - Reserved for future uses.
    BIT7    - Disable NULL pointer detection just after EndOfDxe. This is a
              workaround for those unsolvable NULL access issues in
              OptionROM, boot loader, etc. It can also help to avoid
              unnecessary exception caused by legacy memory (0-4095) access
              after EndOfDxe, such as Windows 7 boot on Qemu.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ayellet Wolman <ayellet.wolman@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
5 years agoBaseTools: Fix the Keyword error for <ExtendedFvEntry> in FDF File
Yonghong Zhu [Mon, 9 Oct 2017 13:21:56 +0000 (21:21 +0800)]
BaseTools: Fix the Keyword error for <ExtendedFvEntry> in FDF File

current in FDF spec 3.6 [FV] section it use "FV_EXT_ENTRY_TYPE" as
Keyword for <ExtendedFvEntry>, while in the code it use "FV_EXT_ENTRY".
To keep compatibility, this patch support both keyword in the code
first.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
5 years agoBaseTools: Fix the bug 'DSC DEFAULT' in report wrongly use FDF value
Yonghong Zhu [Mon, 9 Oct 2017 13:15:04 +0000 (21:15 +0800)]
BaseTools: Fix the bug 'DSC DEFAULT' in report wrongly use FDF value

current the PCD value in DSC file may be override by FDF file, then it
cause the 'DSC DEFAULT' in build report wrongly display the FDF value
but not the DSC file's value.
This patch add a attribute DscDefaultValue for PcdClassObject to save
the actual DSC file's PCD value and use this value to display for 'DSC
DEFAULT'.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
5 years agoMdeModulePkg/DriverSample: Add questions with bit/union VarStore
Dandan Bi [Wed, 20 Sep 2017 12:20:05 +0000 (20:20 +0800)]
MdeModulePkg/DriverSample: Add questions with bit/union VarStore

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=545

Cc: Eric Dong <eric.dong@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
5 years agoArmPlatformPkg: Store initial timer value
Alexei Fedorov [Thu, 8 Jun 2017 14:40:09 +0000 (15:40 +0100)]
ArmPlatformPkg: Store initial timer value

This commit adds support for storing initial timer value
logged at the beginning of firmware image execution.
This timer value is required for firmware basic boot performance
data record referenced by Firmware Performance Data Table (FPDT).

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Alexei Fedorov <Alxei.Fedorov@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
Reviewed-by: Graeme Gregory <graeme.gregory@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
5 years agoArmVirtPkg ArmVirtDxeHobLib: Implement BuildFv3Hob
Star Zeng [Thu, 5 Oct 2017 06:03:35 +0000 (14:03 +0800)]
ArmVirtPkg ArmVirtDxeHobLib: Implement BuildFv3Hob

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
5 years agoEmbeddedPkg PrePiHobLib: Implement BuildFv3Hob
Star Zeng [Thu, 5 Oct 2017 06:02:51 +0000 (14:02 +0800)]
EmbeddedPkg PrePiHobLib: Implement BuildFv3Hob

Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
5 years agoIntelFrameworkModulePkg FwVolDxe: Get FV auth status propagated from PEI
Star Zeng [Tue, 3 Oct 2017 13:33:04 +0000 (21:33 +0800)]
IntelFrameworkModulePkg FwVolDxe: Get FV auth status propagated from PEI

FV3 HOB was introduced by new (>= 1.5) PI spec, it is intended to
be used to propagate PEI-phase FV authentication status to DXE.
This patch is to update FwVolDxe to get the authentication status
propagated from PEI-phase to DXE by FV3 HOB when producing FV
protocol.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
5 years agoMdeModulePkg Core: Propagate PEI-phase FV authentication status to DXE
Star Zeng [Tue, 3 Oct 2017 13:48:47 +0000 (21:48 +0800)]
MdeModulePkg Core: Propagate PEI-phase FV authentication status to DXE

FV3 HOB was introduced by new (>= 1.5) PI spec, it is intended to
be used to propagate PEI-phase FV authentication status to DXE.
This patch is to update PeiCore to build FV3 HOB with the
authentication status and DxeCore to get the authentication
status from FV3 HOB when producing FVB Protocol.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
5 years agoIntelFrameworkPkg PeiHobLibFramework: Implement BuildFv3Hob
Star Zeng [Tue, 3 Oct 2017 13:41:27 +0000 (21:41 +0800)]
IntelFrameworkPkg PeiHobLibFramework: Implement BuildFv3Hob

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
5 years agoMdePkg HobLib: Add BuildFv3Hob API
Star Zeng [Tue, 3 Oct 2017 13:39:59 +0000 (21:39 +0800)]
MdePkg HobLib: Add BuildFv3Hob API

Add BuildFv3Hob API in HobLib.h and implement the API
in HobLib instances PeiHobLib, DxeHobLib and DxeCoreHobLib.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
5 years agoMdePkg PiHob.h: Add FV3 HOB definitions
Star Zeng [Sat, 30 Sep 2017 07:03:34 +0000 (15:03 +0800)]
MdePkg PiHob.h: Add FV3 HOB definitions

Follow PI 1.6 spec to add FV3 HOB definitions

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
5 years agoMdePkg: Add definitions for ACPI 6.2
Star Zeng [Mon, 24 Jul 2017 01:38:01 +0000 (09:38 +0800)]
MdePkg: Add definitions for ACPI 6.2

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
5 years agoMdeModulePkg: Update Ppi/Protocol/Guid usage in INF files
Liming Gao [Mon, 25 Sep 2017 11:06:24 +0000 (19:06 +0800)]
MdeModulePkg: Update Ppi/Protocol/Guid usage in INF files

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
5 years agoIntelFsp2WrapperPkg: Update Protocol/Guid usage in INF files
Liming Gao [Mon, 25 Sep 2017 11:06:23 +0000 (19:06 +0800)]
IntelFsp2WrapperPkg: Update Protocol/Guid usage in INF files

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
5 years agoIntelFsp2Pkg: Update Section Name in INF files
Liming Gao [Mon, 25 Sep 2017 11:06:22 +0000 (19:06 +0800)]
IntelFsp2Pkg: Update Section Name in INF files

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
5 years agoSecurityPkg: Update Guid usage in INF file to match source code logic
Liming Gao [Mon, 25 Sep 2017 11:06:21 +0000 (19:06 +0800)]
SecurityPkg: Update Guid usage in INF file to match source code logic

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
5 years agoSignedCapsulePkg: Update Guid usage in INF file to match source code logic
Liming Gao [Mon, 25 Sep 2017 11:06:20 +0000 (19:06 +0800)]
SignedCapsulePkg: Update Guid usage in INF file to match source code logic

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
5 years agoNetworkPkg: Update Protocol/Guid usage in INF file to match source code logic
Liming Gao [Mon, 25 Sep 2017 11:06:19 +0000 (19:06 +0800)]
NetworkPkg: Update Protocol/Guid usage in INF file to match source code logic

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
5 years agoShellPkg: Update Guid usage in ShellLib INF to match source code logic
Liming Gao [Mon, 25 Sep 2017 11:06:18 +0000 (19:06 +0800)]
ShellPkg: Update Guid usage in ShellLib INF to match source code logic

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Jaben Carsey <jaben.carsey@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
5 years agoUefiCpuPkg: Update Guid usage in DxeMpInitLib INF to match source code logic
Liming Gao [Mon, 25 Sep 2017 11:06:17 +0000 (19:06 +0800)]
UefiCpuPkg: Update Guid usage in DxeMpInitLib INF to match source code logic

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
5 years agoPcAtChipsetPkg: Update GUID usage in PcRtc INF to match the source code
Liming Gao [Mon, 25 Sep 2017 11:06:16 +0000 (19:06 +0800)]
PcAtChipsetPkg: Update GUID usage in PcRtc INF to match the source code

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
5 years agoMdePkg: Correct BaseS3PciSegmentLib module name to match its uni file
Liming Gao [Mon, 25 Sep 2017 11:06:14 +0000 (19:06 +0800)]
MdePkg: Correct BaseS3PciSegmentLib module name to match its uni file

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
5 years agoMdeModulePkg: Update modules to consume CalculateCrc32()
Liming Gao [Fri, 8 Sep 2017 05:18:25 +0000 (13:18 +0800)]
MdeModulePkg: Update modules to consume CalculateCrc32()

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
5 years agoMdePkg BaseLib: Add new API CalculateCrc32()
Liming Gao [Fri, 8 Sep 2017 05:18:24 +0000 (13:18 +0800)]
MdePkg BaseLib: Add new API CalculateCrc32()

CalculateCrc32() bases on the initialized mCrcTable. When CalculateCrc32()
is used, mCrcTable will take 1KB size in the image. When CalculateCrc32()
is not used, mCrcTable will not be built in the image, and no size impact.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
5 years agoMdeModulePkg/Variable/RuntimeDxe: delete and lock OS-created MOR variable
Laszlo Ersek [Tue, 3 Oct 2017 15:55:09 +0000 (17:55 +0200)]
MdeModulePkg/Variable/RuntimeDxe: delete and lock OS-created MOR variable

According to the TCG Platform Reset Attack Mitigation Specification (May
15, 2008):

> 5 Interface for UEFI
> 5.1 UEFI Variable
> 5.1.1 The MemoryOverwriteRequestControl
>
> Start of informative comment:
>
> [...] The OS loader should not create the variable. Rather, the firmware
> is required to create it and must support the semantics described here.
>
> End of informative comment.

However, some OS kernels create the MOR variable even if the platform
firmware does not support it (see one Bugzilla reference below). This OS
issue breaks the logic added in the last patch.

Strengthen the MOR check by searching for the TCG or TCG2 protocols, as
edk2's implementation of MOR depends on (one of) those protocols.

The protocols are defined under MdePkg, thus there's no inter-package
dependency issue. In addition, calling UEFI services in
MorLockInitAtEndOfDxe() is safe, due to the following order of events /
actions:

- platform BDS signals the EndOfDxe event group,
- the SMM core installs the SmmEndOfDxe protocol,
- MorLockInitAtEndOfDxe() is invoked, and it calls UEFI services,
- some time later, platform BDS installs the DxeSmmReadyToLock protocol,
- SMM / SMRAM is locked down and UEFI services become unavailable to SMM
  drivers.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ladi Prosek <lprosek@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1498159
Suggested-by: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Ladi Prosek <lprosek@redhat.com>
5 years agoMdeModulePkg/Variable/RuntimeDxe: delay MorLock creation until EndOfDxe
Laszlo Ersek [Sat, 30 Sep 2017 15:37:57 +0000 (17:37 +0200)]
MdeModulePkg/Variable/RuntimeDxe: delay MorLock creation until EndOfDxe

The "MemoryOverwriteRequestControl" (a.k.a. MOR) variable comes from the
"TCG Platform Reset Attack Mitigation Specification":

https://www.trustedcomputinggroup.org/wp-content/uploads/Platform-Reset-Attack-Mitigation-Specification.pdf

The "MemoryOverwriteRequestControlLock" variable (a.k.a. MORL) is a
Microsoft extension, called "Secure MOR implementation":

https://docs.microsoft.com/en-us/windows-hardware/drivers/bringup/device-guard-requirements

Currently the VariableSmm driver creates MORL without regard to MOR. This
can lead to a situation where a platform does not support MOR from the
prerequisite spec (because it does not include the
"SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf" driver), but appears
to support MORL from the dependent Microsoft spec.

"winload.efi" notices this inconsistency, and disables the Device Guard
Virtualization Based Security in Windows Server 2016 and Windows 10 64-bit
Enterprise.

If the platform includes
"SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf", then MOR will exist
by the time EndOfDxe is reached, and VariableSmm can safely create MORL.
Otherwise, do not create MORL (delete it if it exists), and also prevent
other modules from creating it.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ladi Prosek <lprosek@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=727
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1496170
Reported-by: Ladi Prosek <lprosek@redhat.com>
Suggested-by: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Ladi Prosek <lprosek@redhat.com>
5 years agoMdeModulePkg/Variable/RuntimeDxe: permit MorLock deletion for passthru req
Laszlo Ersek [Sat, 30 Sep 2017 17:08:41 +0000 (19:08 +0200)]
MdeModulePkg/Variable/RuntimeDxe: permit MorLock deletion for passthru req

The SetMorLockVariable() function sets "mMorLockPassThru" to TRUE
temporarily, so that it can set the MOR Control Lock variable to
well-formed values without permission checks.

In the next patch, we'll need the same override for deleting the MOR
Control Lock variable; hence obey "mMorLockPassThru" in the deletion
branch of SetVariableCheckHandlerMorLock() as well.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ladi Prosek <lprosek@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Ladi Prosek <lprosek@redhat.com>
5 years agoMdeModulePkg/Variable/RuntimeDxe: introduce MorLockInitAtEndOfDxe() hook
Laszlo Ersek [Sat, 30 Sep 2017 14:39:48 +0000 (16:39 +0200)]
MdeModulePkg/Variable/RuntimeDxe: introduce MorLockInitAtEndOfDxe() hook

Introduce the MorLockInitAtEndOfDxe() hook, in order to allow
MorLockInit() to delay / queue operations until EndOfDxe. (Or, if the
platform never signals EndOfDxe, until ReadyToBoot.)

Call MorLockInitAtEndOfDxe() whenever we set "mEndOfDxe" to TRUE:

- in VariableRuntimeDxe:
  - in the OnReadyToBoot() function,
  - in the OnEndOfDxe() function;

- in VariableSmm:
  - on the SMM_VARIABLE_FUNCTION_READY_TO_BOOT SMI request,
  - in the SmmEndOfDxeCallback() function.

For now, implement MorLockInitAtEndOfDxe() as a no-op in both
VariableRuntimeDxe and VariableSmm.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ladi Prosek <lprosek@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Ladi Prosek <lprosek@redhat.com>
5 years agoMdeModulePkg/Variable/RuntimeDxe: move MOR func. declarations to header
Laszlo Ersek [Sat, 30 Sep 2017 14:04:31 +0000 (16:04 +0200)]
MdeModulePkg/Variable/RuntimeDxe: move MOR func. declarations to header

The MorLockInit() and SetVariableCheckHandlerMor() functions have separate
implementations for VariableRuntimeDxe (= unprivileged, unified
DXE_RUNTIME driver) and VariableSmm (= privileged, DXE_SMM back-end of the
split variable driver).

Move their declarations from "Variable.c" to "PrivilegePolymorphic.h", so
that the compiler enforce that the declarations and the definitions match.
(All C source files with the call sites and the function definitions
already include "PrivilegePolymorphic.h" via "Variable.h".)

At the same time:

- replace two typos in the MorLockInit() description:
  - replace "EFI_SUCEESS" with "EFI_SUCCESS",
  - replace "MOR Lock Control" with "MOR Control Lock";

- in the SetVariableCheckHandlerMor() description:
  - replace @param with @param[in],
  - correct the description of the Attributes parameter (suggested by Star
    Zeng <star.zeng@intel.com>),
  - rewrap the comment to 80 columns.

This change cleans up commit 2f6aa774fe38 ("MdeModulePkg: Add MorLock to
variable driver.", 2016-01-19).

Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ladi Prosek <lprosek@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Ladi Prosek <lprosek@redhat.com>
5 years agoMdeModulePkg/Variable/RuntimeDxe: move SecureBootHook() decl to new header
Laszlo Ersek [Sat, 30 Sep 2017 11:40:32 +0000 (13:40 +0200)]
MdeModulePkg/Variable/RuntimeDxe: move SecureBootHook() decl to new header

If the platform supports SMM, a gRT->SetVariable() call at boot time
results in the following call tree to SecureBootHook():

  RuntimeServiceSetVariable()      [VariableSmmRuntimeDxe.c, unprivileged]
    SmmVariableHandler()           [VariableSmm.c,             PRIVILEGED]
      VariableServiceSetVariable() [Variable.c,                PRIVILEGED]
        SecureBootHook()           [VariableSmm.c,             PRIVILEGED]
          //
          // do nothing
          //
    SecureBootHook()               [Measurement.c,           unprivileged]
      //
      // measure variable if it
      // is related to SB policy
      //

And if the platform does not support SMM:

  VariableServiceSetVariable()     [Variable.c,              unprivileged]
    SecureBootHook()               [Measurement.c,           unprivileged]
      //
      // measure variable if it
      // is related to SB policy
      //

In other words, the measurement always happens outside of SMM.

Because there are two implementations of the SecureBootHook() API, one
that is called from SMM and does nothing, and another that is called
outside of SMM and measures variables, the function declaration should be
in a header file. This way the compiler can enforce that the function
declaration and all function definitions match.

"Variable.h" is used for "including common header files, defining internal
structures and functions used by Variable modules". Technically, we could
declare SecureBootHook() in "Variable.h". However, "Measurement.c" and
"VariableSmmRuntimeDxe.c" themselves do not include "Variable.h", and that
is likely intentional -- "Variable.h" exposes so much of the privileged
variable implementation that it is likely excluded from these C source
files on purpose.

Therefore introduce a new header file called "PrivilegePolymorphic.h".
"Variable.h" includes this header (so that all C source files that have
been allowed to see the variable internals learn about the new
SecureBootHook() declaration immediately). In "Measurement.c" and
"VariableSmmRuntimeDxe.c", include *only* the new header.

This change cleans up commit fa0737a839d0 ("MdeModulePkg Variable: Merge
from Auth Variable driver in SecurityPkg", 2015-07-01).

Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ladi Prosek <lprosek@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Ladi Prosek <lprosek@redhat.com>
5 years agoMdeModulePkg: Update DxeCore to consume PI EfiGcdMemoryTypePersistent
Liming Gao [Wed, 20 Sep 2017 04:02:37 +0000 (12:02 +0800)]
MdeModulePkg: Update DxeCore to consume PI EfiGcdMemoryTypePersistent

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
5 years agoMdePkg: Correct EfiGcdMemoryTypePersistent name to follow PI spec
Liming Gao [Wed, 20 Sep 2017 04:02:36 +0000 (12:02 +0800)]
MdePkg: Correct EfiGcdMemoryTypePersistent name to follow PI spec

PI spec defines EfiGcdMemoryTypePersistent name, MdePkg uses
EfiGcdMemoryTypePersistentMemory name. So, EfiGcdMemoryTypePersistent
is added. And, EfiGcdMemoryTypePersistentMemory is kept for compatility.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
5 years agoMdeModulePkg/S3SaveState: Extract arguments in correct order
Ruiyu Ni [Mon, 9 Oct 2017 07:12:36 +0000 (15:12 +0800)]
MdeModulePkg/S3SaveState: Extract arguments in correct order

EFI_BOOT_SCRIPT_WRITE() interface is a var-arg interface.

Spec defines the order of parameters for
EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE_OPCODE as below:

  typedef
  EFI_STATUS
  (EFIAPI *EFI_BOOT_SCRIPT_WRITE) (
    IN CONST EFI_S3_SAVE_STATE_PROTOCOL *This,
    IN UINT16 OpCode,
    IN EFI_BOOT_SCRIPT_WIDTH Width,
    IN UINT16 Segment,
    IN UINT64 Address,
    IN UINTN Count,
    IN VOID *Buffer
  );

But implementation assumes Segment is in the very end, after Buffer.
Similar spec/implementation gaps are also found for
EFI_BOOT_SCRIPT_PCI_CONFIG2_READ_WRITE_OPCODE.

The patch fixes the implementation to extract the arguments in
correct order.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
5 years agoBaseTools: Fix a bug to use module's Name attribute as compare
Yonghong Zhu [Mon, 9 Oct 2017 07:59:45 +0000 (15:59 +0800)]
BaseTools: Fix a bug to use module's Name attribute as compare

Fix a bug to use module's Name attribute as compare for single module
build. ModuleFile.File can't be used to compare INF file, because it
is the relative path.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
5 years agoUefiCpuPkg/PiSmmCpuDxeSmm: Add check to void use null pointer.
Eric Dong [Mon, 9 Oct 2017 05:23:27 +0000 (13:23 +0800)]
UefiCpuPkg/PiSmmCpuDxeSmm: Add check to void use null pointer.

Current code logic not check the pointer before use it. This may
has potential issue, this patch add code to check it.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
5 years agoMdeModulePkg/DxeCore: Add comments for the ASSERT to check NULL ptr
Hao Wu [Thu, 28 Sep 2017 01:11:36 +0000 (09:11 +0800)]
MdeModulePkg/DxeCore: Add comments for the ASSERT to check NULL ptr

Commit 8932679df5be046feba30fae80776c5815232a08 adds an ASSERT for
checking NULL pointer dereference.

The ASSERT added here is for addressing a false positive NULL pointer
dereference issue raised from static analysis.

This commit adds comments to clarify the reason for using ASSERT as the
check.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
5 years agoMdeModulePkg/PciBus: Count multiple hotplug resource paddings
Ruiyu Ni [Sat, 30 Sep 2017 05:10:08 +0000 (13:10 +0800)]
MdeModulePkg/PciBus: Count multiple hotplug resource paddings

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=720

The current implementation assumes there is only one hotplug resource
padding for each resource type. It's not true considering
DegradeResource(): MEM64 resource could be degraded to MEM32
resource.

The patch treat the resource paddings using the same logic as
treating typical/actual resources and the total resource of a bridge
is set to the MAX of typical/actual resources and resource paddings.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
5 years agoArmPkg/ArmSvcLib: Add ArmSvcLib implementation.
Supreeth Venkatesh [Wed, 20 Sep 2017 19:48:11 +0000 (20:48 +0100)]
ArmPkg/ArmSvcLib: Add ArmSvcLib implementation.

This patch adds a library that enables invocation of SVCs from Exception
Level EL0. It will be used by the Standalone MM environment to request
services from a software running in a privileged EL e.g. ARM Trusted
Firmware. The library is derived directly from Arm SMC Library.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
[ardb: assign frame pointer (AArch64)
       keep stack alignment (ARM)]
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
5 years agoArmPkg/Include: Add ArmSvcLib header file.
Supreeth Venkatesh [Wed, 20 Sep 2017 19:48:13 +0000 (20:48 +0100)]
ArmPkg/Include: Add ArmSvcLib header file.

ArmSvcLib header file to specify the SVC arguments structure and
function prototype to trigger an SVC call.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
5 years agoArmPkg/PlatformBootManagerLib: fix bug in ESRT invocation
Ard Biesheuvel [Fri, 6 Oct 2017 21:27:24 +0000 (22:27 +0100)]
ArmPkg/PlatformBootManagerLib: fix bug in ESRT invocation

The ESRT hook call that I just added invokes the protocol before
retrieving a pointer to it, which interestingly enough did not
result in any crashes, nor did it get picked up by GCC. Clang did
notice, though, so let's fix it right away.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
5 years agoArmPkg/Include: Add SVC function IDs for Management Mode.
Supreeth Venkatesh [Wed, 27 Sep 2017 18:58:59 +0000 (19:58 +0100)]
ArmPkg/Include: Add SVC function IDs for Management Mode.

SVCs are in the range 0xC4000060 - 0xC400007f.
The functions available to the secure MM partition:
1. Signal completion of MM event handling.
2. Set/Get memory attributes for a memory region at runtime.
3. Get version number of secure partition manager.

Also, it defines memory attributes required for set/get operations.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
5 years agoArmPkg/Include: Add standard SMC function IDs for MM interface.
Supreeth Venkatesh [Wed, 27 Sep 2017 18:58:58 +0000 (19:58 +0100)]
ArmPkg/Include: Add standard SMC function IDs for MM interface.

This patch adds a list of function IDs that fall under the standard
SMC range as defined in [1]

SMCs associated with Management Mode are in the range 0xC4000040 -
0xC400005f (64 bit) and 0x84000040 - 0x8400005f (32 bit).

The function(s) available to the normal world:
1. Request services from the secure MM environment using MM_COMMUNICATE.

It also defines MM return codes.

[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
5 years agoArmPkg/PlatformBootManagerLib: call ESRT hooks at appropriate times
Ard Biesheuvel [Mon, 2 Oct 2017 19:00:44 +0000 (20:00 +0100)]
ArmPkg/PlatformBootManagerLib: call ESRT hooks at appropriate times

The ESRT management protocol needs to be invoked at the appropriate times
to get the ESRT config table to be published when the ReadyToBoot event
is signalled. So add this handling to the default ArmPkg implementation
of PlatformBootManagerLib.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
5 years agoArmPlatformPkg: Add PCD for SBSA Watchdog Count
Sami Mujawar [Mon, 22 May 2017 14:27:50 +0000 (15:27 +0100)]
ArmPlatformPkg: Add PCD for SBSA Watchdog Count

The Juno and FVP platform implement the SBSA Watchdog timers.
Added PcdWatchdogCount to specify the number of Watchdog timers
that are available.

This allows configurability and an option to disable the watchdog
timers if required for testing.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
5 years agoArmPkg/GenericWatchdogDxe: Set Watchdog interrupt type
Ard Biesheuvel [Thu, 1 Sep 2016 16:21:57 +0000 (17:21 +0100)]
ArmPkg/GenericWatchdogDxe: Set Watchdog interrupt type

Utilise the new HardwareInterrupt2 protocol to adjust the
Edge/Level characteristics of the Watchdog interrupt.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Girish Pathak <girish.pathak@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
Tested-by: Girish Pathak <girish.pathak@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
5 years agoArmPkg/ArmGicDxe: Expose HardwareInterrupt2 protocol
Ard Biesheuvel [Thu, 1 Sep 2016 16:21:56 +0000 (17:21 +0100)]
ArmPkg/ArmGicDxe: Expose HardwareInterrupt2 protocol

The existing HardwareInterrupt protocol lacked a means to configure the
level/edge properties of an interrupt.  The new HardwareInterrupt2
protocol introduced this capability.
This patch updates the GIC drivers to provide the new interfaces.
The changes comprise:
  Update to use HardwareInterrupt2 protocol
  Additions to register info in ArmGicLib.h
  Added new functionality (GetTriggerType and SetTriggerType)

The requirement for this change derives from a problem detected on ARM
Juno boards, but the change is of generic (ARM) relevance.

This commit is in response to review on the mailing list and, as
suggested there, rolls Girish's updates onto Ard's original example.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Girish Pathak <girish.pathak@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
Tested-by: Girish Pathak <girish.pathak@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
5 years agoEmbeddedPkg: Introduce HardwareInterrupt2 protocol
Ard Biesheuvel [Thu, 1 Sep 2016 16:21:55 +0000 (17:21 +0100)]
EmbeddedPkg: Introduce HardwareInterrupt2 protocol

The existing HardwareInterrupt protocol lacks the means to configure
the level/edge and polarity properties of an interrupt. So introduce a
new protocol HardwareInterrupt2, and add some new members that allow
manipulation of those properties.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Girish Pathak <girish.pathak@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
Tested-by: Girish Pathak <girish.pathak@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
5 years agoArmPkg: Tidy GIC code before changes.
Evan Lloyd [Wed, 15 Feb 2017 16:54:29 +0000 (16:54 +0000)]
ArmPkg: Tidy GIC code before changes.

This change is purely cosmetic, to tidy some code before change.
Mods involve:
    Re-order #includes
    Reformat comments.
    Use ns consistently (always "100ns" not sometimes "100 nS")
    Split overlength code lines.
    Make protocol functions STATIC.
    Remove "Horor vacui" comments.
    Rationalize GIC register address calculations
    Replace explicit test and assert with ASSERT_EFI_ERROR.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Girish Pathak <girish.pathak@arm.com>
Signed-off-by: Alexei Fedorov <alexei.fedorov@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
5 years agoOvmfPkg/PciHotPlugInitDxe: translate QEMU's resource reservation hints
Laszlo Ersek [Fri, 22 Sep 2017 09:23:43 +0000 (11:23 +0200)]
OvmfPkg/PciHotPlugInitDxe: translate QEMU's resource reservation hints

Parse QEMU_PCI_BRIDGE_CAPABILITY_RESOURCE_RESERVATION from the bridges'
conventional config spaces. Translate the fields as follows:

* BusNumbers:
  * 0 -- no reservation;
  * (-1) -- firmware default, i.e. no reservation;
  * otherwise -- reserve the requested value. (NB, bus number reservation
    is not supposed to work before
    <https://bugzilla.tianocore.org/show_bug.cgi?id=656> is fixed.)

* Io:
  * 0 -- no reservation;
  * (-1) -- keep our current default (512B);
  * otherwise -- round up the requested value and reserve that.

* NonPrefetchable32BitMmio:
  * 0 -- no reservation;
  * (-1) -- keep our current default (2MB);
  * otherwise -- round up the requested value and reserve that.

* Prefetchable32BitMmio:
  * 0 -- no reservation, proceed to Prefetchable64BitMmio;
  * (-1) -- firmware default, i.e. no reservation, proceed to
    Prefetchable64BitMmio;
  * otherwise -- round up the requested value and reserve that. (NB, if
    Prefetchable32BitMmio is reserved in addition to
    NonPrefetchable32BitMmio, then PciBusDxe currently runs into an
    assertion failure. Refer to
    <https://bugzilla.tianocore.org/show_bug.cgi?id=720>.)

* Prefetchable64BitMmio:
  * only reached if Prefetchable32BitMmio was not reserved;
  * 0 -- no reservation;
  * (-1) -- firmware default, i.e. no reservation;
  * otherwise -- round up the requested value and reserve that.

If QEMU_PCI_BRIDGE_CAPABILITY_RESOURCE_RESERVATION is missing, plus any
time the rounding fails, fall back to the current defaults.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
5 years agoOvmfPkg/PciHotPlugInitDxe: add helper functions for setting up paddings
Laszlo Ersek [Thu, 21 Sep 2017 22:31:12 +0000 (00:31 +0200)]
OvmfPkg/PciHotPlugInitDxe: add helper functions for setting up paddings

Extract the SetIoPadding() and SetMmioPadding() functions, so that we can
set EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR fields using parameter names and
values that are more friendly than the original field names and their
expected values.

Introduce the HighBitSetRoundUp32() and HighBitSetRoundUp64() functions
for calculating the last parameter ("SizeExponent") of SetIoPadding() and
SetMmioPadding().

Put the new functions to use when requesting the default reservations. (In
order to be consistent with a later patch, "SizeExponent" is calculated
for SetIoPadding() with HighBitSetRoundUp64().)

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>