Yao, Jiewen [Tue, 19 Jan 2016 13:20:50 +0000 (13:20 +0000)]
MdeModulePkg: Add MorLockSmm to variable driver.
Microsoft published secure MOR implementation at https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx
with revision 2 update. See URL for tech detail.
Previous revision 1 is handled in SecurityPkg\Tcg\ MemoryOverwriteRequestControlLock.
But the VarCheck API can not satisfy revision 2 requirement.
So we decide include MOR lock control into variable driver directly.
This patch add standalone TcgMorLockSmm implementation.
Yonghong Zhu [Tue, 19 Jan 2016 12:58:52 +0000 (12:58 +0000)]
BaseTools: process the files by the priority in BUILDRULEORDER
By the BUILDRULEORDER feature to process files listed in INF [Sources]
sections in priority order, if a filename is listed with multiple
extensions, the tools will use only the file that matches the first
extension in the space separated list.
Laszlo Ersek [Tue, 19 Jan 2016 10:46:39 +0000 (10:46 +0000)]
MdeModulePkg/.../IdeMode: report early finish of packet read as success
SVN r19611 (git commit 7cac240163), "MdeModulePkg/Ide: return correct
status when DRQ is not ready for ATAPI", changed the behavior of
AtaPacketReadWrite(), when DRQReady2() reported an error. The previous
logic had been to:
(a) terminate the transfer loop,
(b) check the status register with CheckStatusRegister(), and determine
AtaPacketReadWrite()'s return code directly from that.
Action (a) had been correct, but action (b) had masked genuine errors.
For example, when DRQReady2() reported EFI_TIMEOUT -- because the BSY bit
had not been cleared within the allotted time --, CheckStatusRegister()
would report EFI_SUCCESS, simply *because* BSY was still set, and the rest
of the status bits could not be evaluated.
SVN r19611 (git commit 7cac240163) intended to fix action (b) by directly
propagating the error code of DRQReady2() from AtaPacketReadWrite(),
eliminating the CheckStatusRegister() call. This was the right thing for
most of the errors reported by DRQReady2() -- timeout, command abort,
other device error --, but there was one exception: the "read" sub-case of
EFI_NOT_READY, which stands for "'read' complete, with less data available
than the requested amount".
Regarding the "write" sub-case of EFI_NOT_READY: the
AtaPacketCommandExecute() function programs the full transfer length into
the IDE device before it calls AtaPacketReadWrite(), and
AtaPacketReadWrite() only uses CylinderLsb and CylinderMsb for "chunking"
(as requested by the device). Therefore the device cannot justifiedly
clear DRQ earlier than seeing the entire data, when writing.
However, when reading from the device, a "short read" is a successful
operation. (The actual read length will be decoded by the higher level
protocols.) And "short reads" had been handled correctly by the logic
before git 7cac240163. Namely, when DRQReady2() returns EFI_NOT_READY, the
BSY bit is already clear, and we can call CheckStatusRegister() to
investigate all the other bits it cares about.
Therefore restore the logic from before git 7cac240163, but only for the
"read" sub-case of EFI_NOT_READY.
This problem was encountered with OVMF running on QEMU's i440fx IDE
emulation. Many thanks to John Snow for analyzing QEMU's behavior, and
pointing out that it adhered to the relevant specs.
The DRQReady() and DRQReady2() functions only differ in that they poll
different status registers for BSY, ERR, and DRQ: the former looks at the
Status Register (clearing interrupt status), while the latter looks at the
Alternate Status Register (not clearing interrupt status).
They both correctly return a unique status code, EFI_NOT_READY, for the
BSY==0 && ERR==0 && DRQ==0
case; that is, when the device reports "command complete".
However, the functions' leading comments don't explain this case, so it's
easy to miss in callers. Update the comments.
Star Zeng [Tue, 19 Jan 2016 09:19:37 +0000 (09:19 +0000)]
ShellPkg UefiDpLib: Use Image->FilePath to get name for SMM drivers
This enhancement is to use the FilePath field in the loaded image
protocol to find the name of an image as a fallback for when the
loaded image device path protocol is not installed on the image handle.
This is necessary because the SMM core does not install the loaded
image device path protocol, so DP was displaying "Unknown Driver Name"
for every SMM driver.
Star Zeng [Tue, 19 Jan 2016 09:19:28 +0000 (09:19 +0000)]
PerformancePkg Dp_App: Use Image->FilePath to get name for SMM drivers
This enhancement is to use the FilePath field in the loaded image
protocol to find the name of an image as a fallback for when the
loaded image device path protocol is not installed on the image handle.
This is necessary because the SMM core does not install the loaded
image device path protocol, so DP was displaying "Unknown Driver Name"
for every SMM driver.
Yao, Jiewen [Mon, 18 Jan 2016 05:51:18 +0000 (05:51 +0000)]
SecurityPkg: Update final event log calculation.
This patch updated final event log calculation based on
TCG EFI PROTOCOL rev9, 7.1.2 "All options implementation".
The previous logic is to save event to final event log
once GetEventLog() is called. 7.1.1 shows that we should
save event log to both normal even log area and final event
log area after GetEventLog() is called.
And there is no need to record TCG12 format log to final
event log area, and normal event log area can be BootServices
memory because OS will not access it directly.
Previously, NumberOfPCRBanks is calculated based on TPM
capability. However, there might be a case that TPM hardware
support 1 algorithm, but BIOS does not support and BIOS
mask it via PCD. This causes the conflict between
HashAlgorithmBitmap and NumberOfPCRBanks.
So we move the NumberOfPCRBanks calculation based on
HashAlgorithmBitmap to make sure the data is consistent.
Ruiyu Ni [Mon, 18 Jan 2016 04:49:22 +0000 (04:49 +0000)]
MdeModulePkg: Add new library class PciHostBridgeLib
PciHostBridgeDxe driver needs PciHostBridgeLib implemented by platform
to provide the root bridge related information and may call into
PciHostBridgeLib when resource conflicts happen.
Liming Gao [Mon, 18 Jan 2016 03:03:19 +0000 (03:03 +0000)]
EdkCompatibilityPkg: Fix wrong guid value of gEfiManagedNetworkProtocolGuid
UEFI2.1B corrects the guid value of gEfiManagedNetworkProtocolGuid.
ECP package updates its value in ManagedNetwork.h, but miss the one
in EdkIIGlueLib.
Jiaxin Wu [Mon, 18 Jan 2016 01:59:41 +0000 (01:59 +0000)]
NetworkPkg: Fix SPD entry edit policy issue in IPSecConfig.
The current implementation doesn't handle the relationship
between SPD and SAD well, which may introduce some security
and connection issue after SPD updated.
For SPD entry edit policy, if one SPD entry is edited/updated,
the original SAs list should be discard. Current IPSecConfig
tool does not dealt properly with those rules.
Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19653 6f19259b-4bc3-4df7-8a09-765794883524
Jiaxin Wu [Mon, 18 Jan 2016 01:59:16 +0000 (01:59 +0000)]
NetworkPkg: Fix IpSec SPD and SAD mapping issue when SPD is updated
The current implementation doesn't handle the relationship between
SPD and SAD well, which may introduce some security and connection
issue after SPD updated.
For SPD SetData policy:
A) When delete the existed SPD entry, its related SAs also should be
removed from its Sas list(SadEntry->BySpd). If the SA entry is
established by IKE, we can remove it from global SAD list(SadEntry->List)
and then free it directly since its SpdEntry will be freed later.
B) SPD SetData operation should do some setting date validity-check.
For example, whether the SaId specified by setting Data is valid. If
the setting date is invalid, EFI_INVALID_PARAMETER should be returned.
Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19652 6f19259b-4bc3-4df7-8a09-765794883524
Yonghong Zhu [Mon, 18 Jan 2016 01:47:50 +0000 (01:47 +0000)]
BaseTools: VPD Tool to allocate VPD region be aligned based on value type
Base on build spec update, ASCII strings(“string”), will be byte aligned,
Unicode strings(L”string”) will be two-byte aligned, Byte arrays,
{0x00, 0x01} will be 8-byte aligned.
This patch is going to update VPD Tool to allocate VOID* PCDs to an offset
value that is aligned based in syntax of the PCD value.
Yonghong Zhu [Mon, 18 Jan 2016 01:46:25 +0000 (01:46 +0000)]
BaseTools: VOID* PCDs in VPD region must be aligned based on value type
Base on build spec update, ASCII strings(“string”), will be byte aligned,
Unicode strings(L”string”) will be two-byte aligned, Byte arrays,
{0x00, 0x01} will be 8-byte aligned.
This patch is going to halt with an error message if a VOID* PCD has an
offset value that is not aligned based on the syntax of the PCD value.
Yonghong Zhu [Mon, 18 Jan 2016 01:42:20 +0000 (01:42 +0000)]
BaseTools: Fix GenPatchPcdTable to support '-' characters in file names
The Regular Expression parsing of lines in MAP files does not currently
support the use of '-' in the column for the filename the symbol is
sources from, it cause a build break from the GenPatchPcdTable.
Tapan Shah [Fri, 15 Jan 2016 17:05:18 +0000 (17:05 +0000)]
ShellPkg: Update 'dh' command to reflect correct driver handle information
'dh' command shows Supported EFI Specification Version value as DriverVersion. Changing it to 'SupportedEfiSpecVersion' to provide more accurate information.
Dandan Bi [Fri, 15 Jan 2016 09:50:40 +0000 (09:50 +0000)]
MdeModulePkg:Fix the potential memory leak issue in Display Engine
The MenuOption insert to gMenuOption allocate memory every time,but not free.
Now add the code to free it.And for Date/Time,it will create 3 menus,but previously
the Description point to the same address,so when free the Description,it will cause
issue,now reset the Description pointer.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19647 6f19259b-4bc3-4df7-8a09-765794883524
ExtractConfig is called many times, so it's not efficient to update Secure Boot STR_SECURE_BOOT_STATE_CONTENT, STR_CUR_SECURE_BOOT_MODE_CONTENT string in ExtractConfig.
As these 2 strings are displayed on one form, always update them when opening the form.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19645 6f19259b-4bc3-4df7-8a09-765794883524
Chao Zhang [Tue, 12 Jan 2016 00:37:02 +0000 (00:37 +0000)]
SecurityPkg: TcgDxe,Tcg2Dxe,TrEEDxe: New PCD for TCG event log and TCG2 final event log area
TCG event log and TCG2 final event log area length can be configurable to meet platform event log
requirement.
PcdTcgLogAreaMinLen : 0x10000 based on minimum requirement in TCG ACPI Spec 00.37
PcdTcg2FinalLogAreaLen : 0x8000 based on experience value
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19639 6f19259b-4bc3-4df7-8a09-765794883524
Ard Biesheuvel [Mon, 11 Jan 2016 08:50:49 +0000 (08:50 +0000)]
BaseTools AARCH64: build XIP modules with strict alignment
GCC for AARCH64 recognizes byte swapping load and store sequences
and may replace them with wider loads or stores combined with rev
instructions. In some cases (i.e., with GCC version 5 and later)
this may result in unaligned accesses, which are not allowed before
we turn the MMU on.
So build any modules or static libraries that may execute with the MMU
off with -mstrict-align. Other modules don't need this switch, so we
can remove it from the CLANG35/AARCH64 common CC flags.
Ard Biesheuvel [Mon, 11 Jan 2016 08:50:39 +0000 (08:50 +0000)]
BaseTools AARCH64: add separate GCC build rule for XIP objects
This introduces a special .c to .obj build rule for GCC/AARCH64 that
takes into account additional compiler flags that have been specified
via *_*_*_CC_XIPFLAGS. These will be passed after (and in addition to)
the ordinary CC_FLAGS.
Yao, Jiewen [Mon, 11 Jan 2016 05:18:32 +0000 (05:18 +0000)]
SecurityPkg: Clear AuthSession content after use.
Some commands in Tpm2CommandLib accept AuthSession
as input parameter and copy to local command buffer.
After use, this AuthSession content should be zeroed,
because there might be some secrete there.
Yao, Jiewen [Mon, 11 Jan 2016 05:12:31 +0000 (05:12 +0000)]
SecurityPkg: MOR drivers use Tcg2Protocol instead of TrEE.
The official TCG standard uses Tcg2Protocol, instead of TrEE.
We should update TCG driver to use Tcg2Protocol, too.
TrEE should be used only for old TrEE implementation.
Ruiyu Ni [Mon, 11 Jan 2016 02:29:09 +0000 (02:29 +0000)]
MdeModulePkg: Fix GraphicsConsole driver resolution out of sync issue
When the GOP doesn't support the resolution specified by
PcdVideoHorizontalResolution and PcdVideoVerticalResolution,
the code tries to set the resolution to 800x600 but uses the resolution
equals to the PCD when calculating the text print position.
The patch fixes the bug by updating the resolution to 800x600 for
this case.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19630 6f19259b-4bc3-4df7-8a09-765794883524
When overriding compiler options '/GL' with '/GL-', VS2010 will report
warning C4701 potentially uninitialized local variable for 'LcrParity'
and 'LcrStop' in function SerialPortSetAttributes().
When overriding compiler options '/GL' with '/GL-', VS2010 will report
warning C4701 potentially uninitialized local variable for 'LcrParity'
and 'LcrStop' in function SerialPortSetAttributes().
Change EfiBootManagerDeleteLoadOptionVariable() to not just
remove #### from BootOrder but also remove Boot#### variable.
The old behavior tries to do less for performance but it leaves
unreferenced Boot#### which cannot be reclaimed in variable
reclaim operation though the Boot#### will be eventually be overwritten
by EfiBootManagerAddLoadOptionVariable().
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19626 6f19259b-4bc3-4df7-8a09-765794883524
Fu Siyuan [Fri, 8 Jan 2016 02:21:25 +0000 (02:21 +0000)]
MdeModulePkg: update SNP.GetStatus to handle multiple recycled TX buffer.
This patch fixes a bug in SNP.GetStatus() interface. The UNDI driver may return
multiple transmitted buffers in a single GetStatus command, while SNP.GetStatus
could only return one pointer each time, the rest of them are lost. This patch
fixes this issue by store these recycled pointer in a temporary buffer in SNP
driver.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19623 6f19259b-4bc3-4df7-8a09-765794883524
Remove GPIO expander configuration actions that are now performed in
PEI Phase in PlatformInit module. In order to detect physical presence
only the state of the Reset Button needs to be read.
Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19621 6f19259b-4bc3-4df7-8a09-765794883524
Configure GPIO expander in PEI phase
1) Configure all GPIO expander pins connected to Reset Button as inputs
2) Configure multiplexer for I2C to route I2C bus to Arduino Header
Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19620 6f19259b-4bc3-4df7-8a09-765794883524
Michael Kinney [Thu, 7 Jan 2016 22:43:11 +0000 (22:43 +0000)]
QuarkPlatformPkg/PlatformHelperLib: Move PCAL functions for PEI use
The functions used to manage the PCAL GPIO I2C expander are located
in a DXE specific source file. Move these functions to a source
file that is common to both the PEI and DXE versions of this library
so these GPIO pins can be managed from PEIMs.
Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19619 6f19259b-4bc3-4df7-8a09-765794883524
Michael Kinney [Thu, 7 Jan 2016 22:31:13 +0000 (22:31 +0000)]
QuarkPlatformPkg/PlatformInit: Adjust memory bin size to avoid reboot
Update memory bin sizes in Memory Type Information on first boot after
FLASH update to avoid reboot when memory bins are too small when all
features are enabled.
Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19618 6f19259b-4bc3-4df7-8a09-765794883524
Michael Kinney [Thu, 7 Jan 2016 22:24:22 +0000 (22:24 +0000)]
SecurityPkg/Tcg: Fix debug messages
Debug messages are using a format strings with %s for
a Unicode string, but the strings being printed are
ASCII strings and this results in corrupted debug
messages. Change the the format string to use %a
instead of %s.
Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19617 6f19259b-4bc3-4df7-8a09-765794883524
Laszlo Ersek [Thu, 7 Jan 2016 18:48:17 +0000 (18:48 +0000)]
OvmfPkg: execute option ROM images regardless of Secure Boot
Change the image verification policy for option ROM images to 0x00
(ALWAYS_EXECUTE).
While this may not be a good idea for physical platforms (see e.g.
<https://trmm.net/Thunderstrike>), on the QEMU platform the benefits seem
to outweigh the drawbacks:
- For QEMU's virtual PCI devices, and for some assigned PCI devices, the
option ROMs come from host-side files, which can never be rewritten from
within the guest. Since the host admin has full control over a guest
anyway, executing option ROMs that originate from host-side files
presents no additional threat to the guest.
- For assigned physical PCI devices with option ROMs, the argument is not
so clear-cut. In theory a setup could exist where:
- the host-side UEFI firmware (with DENY_EXECUTE_ON_SECURITY_VIOLATION)
rejects the option ROM of a malicious physical PCI device, but
- when the device is assigned to the guest, OVMF executes the option ROM
in the guest,
- the option ROM breaks out of the guest (using an assumed QEMU
vulnerability) and gains QEMU user privileges on the host.
However, in order to escalate as far as it would happen on the bare
metal with ALWAYS_EXECUTE (i.e., in order to gain firmware-level access
on the host), the malicious option ROM would have to break through (1)
QEMU, (2) traditional UID and GID based privilege separation on the
host, (3) sVirt (SELinux) on the host, (4) the host OS - host firmware
boundary. This is not impossible, but not likely enough to discourage
the use cases below.
- This patch makes it possible to use unsigned iPXE network drivers that
QEMU presents in the option ROMs of virtual NICs and assigned SR-IOV
VFs, even if Secure Boot is in User Mode or Deployed Mode.
- The change also makes it possible to execute unsigned, outdated
(revoked), or downright malicious option ROMs of assigned physical
devices in guests, for corporate, entertainment, academia, or security
research purposes.
Laszlo Ersek [Thu, 7 Jan 2016 18:48:13 +0000 (18:48 +0000)]
OvmfPkg: inherit Image Verification Policy defaults from SecurityPkg
Secure Boot support was originally addded to OvmfPkg on 2012-Mar-09, in
SVN r13093 (git 8cee3de7e9f4), titled
OvmfPkg: Enable secure-boot support when SECURE_BOOT_ENABLE==TRUE
At that time the image verification policies in
SecurityPkg/SecurityPkg.dec were:
- option ROM image: 0x00 (ALWAYS_EXECUTE)
- removable media image: 0x05 (QUERY_USER_ON_SECURITY_VIOLATION)
- fixed media image: 0x05 (QUERY_USER_ON_SECURITY_VIOLATION)
The author of SVN r13093 apparently didn't want to depend on the
SecurityPkg defaults for the latter two image origins, plus the
ALWAYS_EXECUTE policy for option ROM images must have been deemed too lax.
For this reason SVN r13093 immediately spelled out 0x05
(QUERY_USER_ON_SECURITY_VIOLATION) within OvmfPkg for all three image
origins.
Fast forward to 2013-Aug-28: policy 0x05
(QUERY_USER_ON_SECURITY_VIOLATION) had been forbidden in the UEFI spec,
and SVN r14607 (git db44ea6c4e09) reflected this in the source code:
- The policies for the latter two image origins were switched from 0x05 to
0x04 (DENY_EXECUTE_ON_SECURITY_VIOLATION) in SecurityPkg,
- the patch changed the default policy for option ROM images too, from
0x00 (ALWAYS_EXECUTE) to 0x04 (DENY_EXECUTE_ON_SECURITY_VIOLATION),
- any other client DSC files, including OvmfPkg's, underwent a whole-sale
0x05 (QUERY_USER_ON_SECURITY_VIOLATION) -> 0x04
(DENY_EXECUTE_ON_SECURITY_VIOLATION) replacement too.
The practical result of that patch for OvmfPkg was that the explicit 0x04
settings would equal the strict SecurityPkg defaults exactly.
And that's what we have today: the "override the default values from
SecurityPkg" comments in OvmfPkg's DSC files are stale, in practice.
It is extremely unlikely that SecurityPkg would change the defaults from
0x04 (DENY_EXECUTE_ON_SECURITY_VIOLATION) any time in the future, so let's
just inherit those in OvmfPkg.
Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19613 6f19259b-4bc3-4df7-8a09-765794883524
Feng Tian [Thu, 7 Jan 2016 07:03:54 +0000 (07:03 +0000)]
MdeModulePkg/ScsiDisk: Increase the value of SCSI_DISK_TIMEOUT to 30s
As ScsiDisk and ScsiBus driver are used to manage SCSI or ATAPI devices,
the timeout value is updated to 30s to follow ATA/ATAPI spec in which
the device may take up to 30s to respond command.
The change is used to solve device compatibility issue found with a TEAC
DV-W28S-WZ3 slim DVD plus a SONY AccuCORE DVD-R media in which the DVD
spends 8s to response READ_CAPACITY cmd after resetting the host machine.
Feng Tian [Thu, 7 Jan 2016 07:03:32 +0000 (07:03 +0000)]
MdeModulePkg/Ide: return correct status when DRQ is not ready for ATAPI
When executing ATAPI cmd at IDE mode, EFI_SUCCESS may be returned wrongly
with old logic but in fact DRQ is not ready and the transaction doesn't
get executed correctly at this time.
Laszlo Ersek [Wed, 6 Jan 2016 12:34:46 +0000 (12:34 +0000)]
NetworkPkg: DnsDxe: fix return type of DnsFillinQNameForQueryIp()
Change the return type of DnsFillinQNameForQueryIp() from (UINT8*) to
(CHAR*). This brings the function in sync with both its internal variables
and all of its call sites, fixing the following gcc build breakage:
> NetworkPkg/DnsDxe/DnsImpl.c: In function 'DnsFillinQNameForQueryIp':
> NetworkPkg/DnsDxe/DnsImpl.c:1068:3: error: pointer targets in return
> differ in signedness
> [-Werror=pointer-sign]
> return QueryName;
> ^
The code was added in git commit fcae1a99 (SVN r19579).
Daryl McDaniel [Wed, 6 Jan 2016 01:00:19 +0000 (01:00 +0000)]
AppPkg/.../Python: Clean up and document how to escape the -# option.
Depending upon the version of Shell you are using, it may be necessary
to escape the '#' character, when using the "-#" command-line option, so that
the Shell doesn't interpret it as the start of a comment.
The escape character is '^'.
Example:
python -^# -V
* General updating.
* Re-format so that no line is longer than 80 char.
* Add note about escaping the "-#" command-line option.
Dandan Bi [Wed, 6 Jan 2016 00:55:12 +0000 (00:55 +0000)]
MdeModulePkg:Change the type of BootNext
Currently the invalid boot next set to the number of boot option,
when add a new boot option,also need update the boot next value,
otherwise it will be incorrect.Now set the type of BootNext value
to UINT32,the number out of the range of UINT16 means it is an
invalid BootNext Value.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19591 6f19259b-4bc3-4df7-8a09-765794883524