This patch is used to add CryptBn library, which is wrapped
over OpenSSL.
Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Nickle Wang [Thu, 22 Sep 2022 14:06:32 +0000 (22:06 +0800)]
RedfishPkg/JsonLib: Fix JsonLib build failure
VS2019 reports build failure: "warning C4701: potentially uninitialized
local variable 'Ucs2Str' used". Initial Ucs2Str to NULL at the beginning
of function.
Cc: Abner Chang <abner.chang@amd.com> Cc: Nick Ramirez <nramirez@nvidia.com> Signed-off-by: Nickle Wang <nicklew@nvidia.com> Reviewed-by: Abner Chang <abner.chang@amd.com>
CertCtx is used to be defined as a struct and ZeroMem is called to
init this struct. But now CertCtx is defined as a point, so use
ZeroMem (&CertCtx, sizeof (CertCtx)) is not correct any more.
Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenyi Xie <xiewenyi2@huawei.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Michael Kubacki [Fri, 16 Sep 2022 19:44:27 +0000 (15:44 -0400)]
nasm_ext_dep.yaml: Remove leading zero in patch version
The patch version is currently: "2.15.05"
When a formal semantic version validator is run against this version
it is recognized as being invalid due to the leading zero in the
patch which is not allowed per the Semantic Versioning Specification:
https://semver.org/#spec-item-2
The NuGet Gallery already reports the version without the leading
zero: https://www.nuget.org/packages/mu_nasm/2.15.5
This change simply removes the leading zero to prevent code such as
https://pypi.org/project/semantic-version/ from reporting a version
error.
Cc: Bob Feng <bob.c.feng@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Yuwei Chen <yuwei.chen@intel.com> Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <mikuback@linux.microsoft.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Sean Brogan [Wed, 21 Sep 2022 20:44:59 +0000 (04:44 +0800)]
BaseTools: Edk2ToolsBuild: Fixing pipeline build due to path too long
Current implementation of looking up toolchain will _insert_ the findings
from vsvarsall.bat to existing path and potentially stuff the variable to
exceed the length of maximal path length accepted by Windows.
This change updated the logic to use the discovered shell varialbes to
replace the existing path, which is desirable in the specific use case.
Cc: Bob Feng <bob.c.feng@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Yuwei Chen <yuwei.chen@intel.com> Co-authored-by: Sean Brogan <sean.brogan@microsoft.com> Signed-off-by: Kun Qin <kuqin12@gmail.com> Reviewed-by: Sean Brogan <sean.brogan@microsoft.com> Reviewed-by: Bob Feng <bob.c.feng@intel.com>
Nickle Wang [Thu, 15 Sep 2022 01:46:17 +0000 (09:46 +0800)]
Maintainers.txt: Update email address
Update Nickle's email address from csie.io to nvidia.com for those
packages which are reviewed by Nickle. Per suggestion from Abner,
change Nickle from reviewer to maintainer for RedfishPkg.
Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <quic_llindhol@quicinc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Abner Chang <abner.chang@amd.com> Signed-off-by: Nickle Wang <nicklew@nvidia.com> Reviewed-by: Abner Chang <abner.chang@amd.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Andrew Fish <afish@apple.com>
Fix the gcc build warning:
variable PldInfo set but not used [-Wunused-but-set-variable]
Reviewed-by: James Lu <james.lu@intel.com> Reviewed-by: Zhiguang Liu <zhiguang.liu@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Gang Chen <gang.c.chen@intel.com>
Add Michael Kubacki to:
- .azurepipelines
- .pytool
Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Michael Kubacki <mikuback@linux.microsoft.com> Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com>
Jeff Brasen [Tue, 6 Sep 2022 20:33:56 +0000 (14:33 -0600)]
DynamicTablesPkg: AcpiSsdtPcieLibArm: Allow use of segment number as UID
Add support for selecting to use index or segment number as UID and name.
This allows the path of the nodes to be well known.
For example, if the PCIe node needs to be notified from by an interrupt
for a Generic Event Device
Signed-off-by: Jeff Brasen <jbrasen@nvidia.com> Reviewed-by: Pierre Gondois <pierre.gondois@arm.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Kuo, Ted [Mon, 29 Aug 2022 09:28:17 +0000 (17:28 +0800)]
BaseTools: 64bit FSP FV map file cannot be created correctly
https://bugzilla.tianocore.org/show_bug.cgi?id=4035
64bit FSP FV map file cannot be created correctly when using CLANG
compiler. When compiling 64bit FSP with CLANG, there is no prefix
symbol '_' added to function name. Hence FSP FV map file cannot be
created properly. Updated the if condition for CLANG in GenFv to
get the issue fixed.
Cc: Bob Feng <bob.c.feng@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Yuwei Chen <yuwei.chen@intel.com> Cc: Lee Hamel <lee.m.hamel@intel.com> Signed-off-by: Ted Kuo <ted.kuo@intel.com> Reviewed-by: Bob Feng <bob.c.feng@intel.com>
There is a mistake in getting MMIO base using PciDevicePpi that
can lead to the data corruption.
Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Ray Ni <ray.ni@intel.com> Signed-off-by: Maciej Czajkowski <maciej.czajkowski@intel.com> Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
AHCI commands are retried internally which prevents platform feature
like drive password to process correctly entered password on subsequent
attempts. PCD allows the platform to determine the number of retries.
Signed-off-by: Baraneedharan Anbazhagan <anbazhagan@hp.com> Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
Ard Biesheuvel [Mon, 15 Aug 2022 09:17:12 +0000 (11:17 +0200)]
OvmfPkg: Allow runtime control of IPv4 and IPv6 support on QEMU
Wire up the newly added UefiDriverEntrypoint in a way that ties dispatch
of the Ip4Dxe and Ip6Dxe drivers to QEMU fw_cfg variables
'opt/org.tianocore/IPv4Support' and 'opt/org.tianocore/IPv6Support'
respectively.
Setting both variables to 'n' disables IP based networking entirely,
without the need for additional code changes at the NIC driver or
network boot protocol level.
OvmfPkg: gather common NetworkComponents overrides in .dsc.inc file
All QEMU based OVMF platforms override the same set of network
components, to specify NULL library class resolutions that modify the
behavior of those components in a QEMU specific way.
Before adding more occurrences of that, let's drop those definitions in
a common include file.
Ard Biesheuvel [Mon, 15 Aug 2022 08:47:51 +0000 (10:47 +0200)]
OvmfPkg: Introduce alternate UefiDriverEntrypoint to inhibit driver load
Add a new library that can be incorporated into any driver built from
source, and which permits loading of the driver to be inhibited based on
the value of a QEMU fw_cfg boolean variable. This will be used in a
subsequent patch to allow dispatch of the IPv4 and IPv6 network protocol
driver to be controlled from the QEMU command line.
This approach is based on the notion that all UEFI and DXE drivers share
a single UefiDriverEntryPoint implementation, which we can easily swap
out at build time with one that will abort execution based on the value
of some QEMU fw_cfg variable.
The DEBUG macro updated in this patch previously contained 11 print
specifiers in the debug string but passeed 13 arguments. This change
attempts to update the macro to the author's intention so the number
of specifiers match the number of arguments.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Michael Kubacki [Thu, 25 Aug 2022 02:55:48 +0000 (22:55 -0400)]
NetworkPkg/TcpDxe: Fix debug macro arguments
Removes Status argument that is not needed from DEBUG macros.
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Michael Kubacki [Tue, 2 Aug 2022 17:28:21 +0000 (13:28 -0400)]
MdeModulePkg: Fix imbalanced debug macros
Updates debug macros in the package that have an imbalanced number
of print specifiers to arguments. These changes try to preserve
what was likely intended by the author. In cases information was
missing due to the bug, the specifier may be removed since it was
not previously accurately printing the expected value.
Cc: Dandan Bi <dandan.bi@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Ray Ni <ray.ni@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Hao A Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
This debug macro should take one argument based on the number of
print specifiers defined. However, two arguments are given.
It looks like the code may have been refactored such that the
second argument was moved to a new print and this argument was
not removed. In any case, it should not be there now.
Cc: Ray Ni <ray.ni@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Ard Biesheuvel [Sun, 21 Aug 2022 13:31:21 +0000 (15:31 +0200)]
BaseTools/GenFw AARCH64: Convert more types of explicit GOT references
Rebecca reports that builds of AArch64 DSCs that involve PIE linking
when using ELF based toolchains are failing in some cases, resulting in
an error message like
bad definition for symbol '_GLOBAL_OFFSET_TABLE_'@0x72d8 or
unsupported symbol type. For example, absolute and undefined symbols
are not supported.
The reason turns out to be that, while GenFw does carry some logic to
convert GOT based symbol references into direct ones (which is always
possible given that our ELF to PE/COFF conversion only supports fully
linked executables), it does not support all possible combinations of
relocations that the linker may emit to load symbol addresses from the
GOT.
In particular, when performing a non-LTO link on object code built with
GCC using -fpie, we may end up with GOT based references such as the one
below, where the address of the GOT itself is taken, and the offset of
the symbol in the GOT is reflected in the immediate offset of the
subsequent LDR instruction.
The reason that we omit GOT based symbol references when performing ELF to
PE/COFF conversion is that the GOT is not described by static ELF
relocations, which means that the ELF file lacks the metadata to
generate the PE/COFF relocations covering the GOT table in the PE/COFF
executable. Given that none of the usual motivations for using a GOT
(copy on write footprint, shared libraries) apply to EFI executables in
the first place, the easiest way around this is to convert all GOT based
symbol address loads to PC relative ADR/ADRP instructions.
So implement this handling for R_AARCH64_LD64_GOTPAGE_LO15 and
R_AARCH64_LD64_GOTOFF_LO15 relocations as well, and turn the LDR
instructions in question into ADR instructions that generate the
address immediately.
This leaves the reference to _GLOBAL_OFFSET_TABLE_ itself, which is what
generated the error to begin with. Considering that this symbol is never
referenced (i.e., it doesn't appear anywhere in the code) and is only
meaningful in combination with R_*_GOT_* based relocations that follow
it, we can just disregard any references to it entirely, given that we
convert all of those followup relocations into direct references.
Sebastien Boeuf [Fri, 19 Aug 2022 09:59:22 +0000 (17:59 +0800)]
OvmfPkg: Update I/O port related to ACPI devices for CloudHv
Both ACPI shutdown and ACPI PM timer devices has been moved to different
port addresses in the latest version of Cloud Hypervisor. These changes
need to be reflected on the OVMF firmware.
UefiPayloadPkg: Allow DxeMain.inf to consume the new SerialPortLib
Let DxeMain.inf consume new SerialPortLib to support multiple
channel debug message on early DXE if the macro
MULTIPLE_DEBUG_PORT_SUPPORT is TRUE.
Reviewed-by: Guo Dong <guo.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Sean Rhodes <sean@starlabs.systems> Reviewed-by: James Lu <james.lu@intel.com> Reviewed-by: Gua Guo <gua.guo@intel.com> Signed-off-by: Kavya <k.kavyax.sravanthi@intel.com>
UefiPayloadPkg: Implement a new SerialPortLib instance
Add new Serial port library instance that consumes the HOB defined
in MdeModulePkg/Include/UniversalPayload/SerialPortInfo.h to support
multiple UART's.
Reviewed-by: Guo Dong <guo.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Sean Rhodes <sean@starlabs.systems> Cc: James Lu <james.lu@intel.com> Reviewed-by: Gua Guo <gua.guo@intel.com> Signed-off-by: Kavya <k.kavyax.sravanthi@intel.com>
Add VgaInb() helper function to read vga registers. With that in place
fix the unblanking. We need to put the ATT_ADDRESS_REGISTER flip flop
into a known state, which is done by reading the
INPUT_STATUS_1_REGISTER. Reading the INPUT_STATUS_1_REGISTER only works
when the device is in color mode, so make sure that bit (0x01) is set in
MISC_OUTPUT_REGISTER.
Currently the mode setting works more by luck because
ATT_ADDRESS_REGISTER flip flop happens to be in the state we need.
Feng, Bob C [Fri, 2 Sep 2022 06:17:55 +0000 (14:17 +0800)]
pip-requirement: Upgrade the edk2-basetools version from 0.1.24 to 0.1.28
features and bug fixes:
1. Fix the incremental build issue on Linux @176016387f
2. Fix DSC LibraryClass precedence rule @039bdb4d3e
3. INF should use latest Pcd value instead of default value @a512913
4. Support signtool input subject name to sign capsule @594b795
Signed-off-by: Bob Feng <bob.c.feng@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Yuwei Chen <yuwei.chen@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Yuwei Chen <yuwei.chen@intel.com>
The function reads the boot order from qemu fw_cfg, translates it into
device paths and stores them in 'QemuBootOrderNNNN' variables. In case
there is no boot ordering configured the function will do nothing.
Use case: Allow applications loaded via 'qemu -kernel bootloader.efi'
obey the boot order.
Memory layout in CLoud Hypervisor for arm is changed and is different
with Qemu, thus we should build its own PeiMemInfoLib.
The main change in the memory layout is that normal ram may not contiguous
under 4G. The top 64M under 4G is reserved for 32bit device.
What this patch does:
1. get all of the memory node from DT;
2. Init page table for each memory node;
3. Add all of the memory nodes to Hob;
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
The current ACPI Reclaim memory size is set as 0x10 (64KiB). The ACPI
table size will be increased if the memory slots' number of the guest
gets increased. In the guest with more memory slots, the ACPI Reclaim
memory size may not be sufficient for hibernation. This may cause
resume failure of the hibernated guest that was booted up with a fresh
copied writable OVMF_VARS file. However, the failure doesn't happen in
following hibernation/resume cycles.
The ACPI_MAX_RAM_SLOTS is set as 256 in the current QEMU. With
ACPI_MAX_RAM_SLOTS, 18 pages are required to be allocated in ACPI
Reclaim memory. However, due to the 0x10 (16 pages) setting, 2 extra
pages will be allocated in other space. This may break the
hibernation/resume in the above scenario.
This patch increases the ACPI Reclaim memory size to 0x12, i.e.
PcdMemoryTypeEfiACPIReclaimMemory is set as 0x12 (18 pages).
Signed-off-by: Annie Li <annie.li@oracle.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
This patch is similar to the c477b2783f patch for Td guest.
Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI
OptionRom needs to be ignored if it is Sev guest. According to
"Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage"
PI spec 1.7, type-specific flags can be set to 0 when Address
Translation Offset == 6 to skip device option ROM.
Without this patch, Sev guest may shows invalid MMIO opcode error
as following:
Abner Chang [Tue, 30 Aug 2022 04:15:47 +0000 (12:15 +0800)]
RedfishPkg/RedfishDiscoverDxe: Install protocol on each network interface
BZ 4037:
Install EFI_DISCOVER_PROTOCOL on each network interface.
This fixes the issue that causes the high-level Redfish driver
on the network interface is stopped when:
1. EFI_DISCOVER_PROTOCOL is reinstalled on a new-found network
interface, or
2. EFI_DISCOVER_PROTOCOL is stopped on the network interface
other than the one which is used to communicate with Redfish
service.
Cc: Nickle Wang <nickle@csie.io> Cc: Igor Kulchytskyy <igork@ami.com> Signed-off-by: Abner Chang <abner.chang@amd.com> Reviewed-by: Nickle Wang <nickle@csie.io> Reviewed-by: Igor Kulchytskyy <igork@ami.com>
SECURE_BOOT_FEATURE_ENABLED is the build-flag defined when secure boot
is enabled. Currently this flag is used in below lib:
- OvmfPkg/PlatformPei
- PeilessStartupLib
So it is defined in below 5 .dsc
- OvmfPkg/CloudHv/CloudHvX64.dsc
- OvmfPkg/IntelTdx/IntelTdxX64.dsc
- OvmfPkg/OvmfPkgIa32.dsc
- OvmfPkg/OvmfPkgIa32X64.dsc
- OvmfPkg/OvmfPkgX64.dsc
Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Min M Xu [Wed, 29 Jun 2022 02:33:09 +0000 (10:33 +0800)]
OvmfPkg/NvVarsFileLib: Shortcut ConnectNvVarsToFileSystem in secure-boot
OvmfPkg/Library/NvVarsFileLib allows loading variables into emulated
varstore from a on-disk NvVars file. We can't allow that when secure
boot is active. So check secure-boot feature and shortcut the
ConnectNvVarsToFileSystem() function when sb is enabled.
Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Suggested-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Min M Xu [Wed, 22 Jun 2022 01:13:48 +0000 (09:13 +0800)]
OvmfPkg: Reserve and init EmuVariableNvStore in Pei-less Startup
EmuVariableNvStore is reserved and init with below 2 functions defined in
PlatformInitLib:
- PlatformReserveEmuVariableNvStore
- PlatformInitEmuVariableNvStore
PlatformInitEmuVariableNvStore works when secure boot feature is enabled.
This is because secure boot needs the EFI variables (PK/KEK/DB/DBX, etc)
and EmuVariableNvStore is cleared when OVMF is launched with -bios
parameter.
Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
ReserveEmuVariableNvStore is updated with below 2 functions defined in
PlatformInitLib:
- PlatformReserveEmuVariableNvStore
- PlatformInitEmuVariableNvStore
PlatformInitEmuVariableNvStore works when secure boot feature is enabled.
This is because secure boot needs the EFI variables (PK/KEK/DB/DBX, etc)
and EmuVariableNvStore is cleared when OVMF is launched with -bios
parameter.
Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Min M Xu [Wed, 29 Jun 2022 02:46:22 +0000 (10:46 +0800)]
OvmfPkg/PlatformInitLib: Add functions for EmuVariableNvStore
There are 3 functions added for EmuVariableNvStore:
- PlatformReserveEmuVariableNvStore
- PlatformInitEmuVariableNvStore
- PlatformValidateNvVarStore
PlatformReserveEmuVariableNvStore allocate storage for NV variables early
on so it will be at a consistent address.
PlatformInitEmuVariableNvStore copies the content in
PcdOvmfFlashNvStorageVariableBase to the storage allocated by
PlatformReserveEmuVariableNvStore. This is used in the case that OVMF is
launched with -bios parameter. Because in that situation UEFI variables
will be partially emulated, and non-volatile variables may lose their
contents after a reboot. This makes the secure boot feature not working.
PlatformValidateNvVarStore is renamed from TdxValidateCfv and it is used
to validate the integrity of FlashNvVarStore
(PcdOvmfFlashNvStorageVariableBase). It should be called before
PlatformInitEmuVariableNvStore is called to copy over the content.
Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Min M Xu [Wed, 29 Jun 2022 02:30:02 +0000 (10:30 +0800)]
OvmfPkg/PeilessStartupLib: Delete TdxValidateCfv
TdxValidateCfv is used to validate the integrity of FlashNvVarStore
(PcdOvmfFlashNvStorageVariableBase) and it is not Tdx specific.
So it will be moved to PlatformInitLib and be renamed to
PlatformValidateNvVarStore in the following patch. And it will be called
before EmuVaribleNvStore is initialized with the content in
FlashNvVarStore.
Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Min M Xu [Fri, 26 Aug 2022 00:41:09 +0000 (08:41 +0800)]
OvmfPkg: Set default Pci PCDs in Tdx guest
In previous implementation below Pci related PCDs were set based on the
ResourceDescriptor passed in TdHob.
- PcdPciMmio64Base / PcdPciMmio64Size
- PcdPciMmio32Base / PcdPciMmio32Size
- PcdPciIoBase / PcdPciIoSize
The PCDs will not be set if TdHob doesn't include these information. This
patch set the PCDs with the information initialized in PlatformInitLib
by default. Then TdxDxe will check the ResourceDescriptor in TdHob and
reset them if they're included.
Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
CcProbeLib once was designed to probe the Confidential Computing guest
type by checking the PcdOvmfWorkArea. But this memory is allocated with
either EfiACPIMemoryNVS or EfiBootServicesData. It cannot be accessed
after ExitBootService. Please see the detailed analysis in BZ#3974.
To fix this issue, CcProbeLib is redesigned as 2 implementation:
- SecPeiCcProbeLib
- DxeCcProbeLib
In SecPeiCcProbeLib we check the CC guest type by reading the
PcdOvmfWorkArea. Because it is used in SEC / PEI and we don't worry about
the issues in BZ#3974.
In DxeCcProbeLib we cache the GuestType in Ovmf work area in a variable.
After that the Guest type is returned with the cached value. So that we
don't need to worry about the access to Ovmf work area after
ExitBootService.
The reason why we probe CC guest type in 2 different ways is the global
varialbe. Global variable cannot be used in SEC/PEI and CcProbe is called
very frequently.
Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
SecPeiCcProbeLib is designed to probe the Confidential Computing guest
type in SEC/PEI phase. The CC guest type was set by each CC guest at
the beginning of boot up and saved in PcdOvmfWorkArea.
Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
The value of gTimeOut is from PcdGdbMaxPacketRetryCount, and this
PCD is UINT32. So change the declaratrion of gTimeOut to UINT32
to fix compile warning.
Laszlo Ersek [Wed, 10 Aug 2022 08:11:40 +0000 (10:11 +0200)]
OvmfPkg: increase max debug message length to 512
Increase the maximum line length for debug messages.
While log messages should be short, they can still
get quite long, for example when printing device paths
or config strings in HII routing.
512 chars is an empirically good value.
ArmPlatformPkg/PrePeiCore: Invoke constructors for SEC phase
On platforms that do not have the serial console port pre-initialized
prior to the SEC phase and due to the absence of a call to
"SerialPortInitialize", this results in missing debug logs. So, call
the auto-generated "ProcessLibraryConstructorList" function from SEC
phase to have all the dependent library constructors called
(this includes a call to "SerialPortInitialize").
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Pranav Madhu [Wed, 24 Aug 2022 16:44:21 +0000 (22:14 +0530)]
ArmPkg: Handle warm reboot request correctly
The warm reboot requests from OSPM are mapped to cold reboot. To handle
the warm reboot separately from a cold reboot, update
ArmSmcPsciResetSystemLib and to invoke the PSCI call with parameters
for warm reboot.
Dimitrije Pavlov [Thu, 18 Aug 2022 19:58:42 +0000 (14:58 -0500)]
OvmfPkg/PlatformDxe: Handle all requests in ExtractConfig and RouteConfig
Per the UEFI specification, if the Request argument in
EFI_HII_CONFIG_ACCESS_PROTOCOL.ExtractConfig() is NULL or does not contain
any request elements, the implementation should return all of the settings
being abstracted for the particular ConfigHdr reference.
The current implementation returns EFI_INVALID_PARAMETER if Request is
NULL or does not contain any request elements. Instead, construct
a new ConfigRequest to handle these cases per the specification.
In addition, per the UEFI specification, if the Configuration argument in
EFI_HII_CONFIG_ACCESS_PROTOCOL.RouteConfig() has a ConfigHdr that
specifies a non-existing target, the implementation should return
EFI_NOT_FOUND.
The current implementation returns EFI_INVALID_PARAMETER if Configuration
has a non-existing target in ConfigHdr. Instead, perform a check and
return EFI_NOT_FOUND in this case.
Yuan Yu [Wed, 24 Aug 2022 02:31:23 +0000 (19:31 -0700)]
OvmfPkg/PlatformDxe: Check RouteConfig arguments for spec compliance
Per UEFI Spec 2.9, EFI_HII_CONFIG_ROUTING_PROTOCOL.RouteConfig()
should return EFI_INVALID_PARAMETER if caller passes in a NULL for
the Configuration parameter (see 35.4 EFI HII Configuration Routing
Protocol).
Add a check to return EFI_INVALID_PARAMETER when Configuration is NULL.
Oliver Steffen [Tue, 30 Aug 2022 16:13:54 +0000 (18:13 +0200)]
OvmfPkg: Add BUILD_SHELL flag for IA32, IA32X64, X64
Add BUILD_SHELL flag, similar to the one in OvmfPkg/AmdSev,
to enable/disable building of the UefiShell as part of
the firmware image. The UefiShell should not be included for
secure production systems (e.g. SecureBoot) because it can be
used to circumvent security features.
The default value for BUILD_SHELL is TRUE to keep the default
behavior of the Ovmf build.
Note: the default for AmdSev is FALSE.
The BUILD_SHELL flag for AmdSev was introduced in b261a30c900a8.
Signed-off-by: Oliver Steffen <osteffen@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
For the system support the Capsule function in UPL,
we replace the libraries for the Capsule driver.
Cc: Guo Dong <guo.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Reviewed-by: James Lu <james.lu@intel.com> Reviewed-by: Gua Guo <gua.guo@intel.com> Signed-off-by: KasimX Liu <kasimx.liu@intel.com>
Jeff Brasen [Thu, 18 Aug 2022 16:47:55 +0000 (10:47 -0600)]
DynamicTablesPkg: Fix nested processor containers
Current code will generate duplicate UID if there are nested processor
containers in the topology. For example if there is a
socket/cluster/core layout.
Change references to processor container from cluster to be more
accurate on what is being created.
Signed-off-by: Jeff Brasen <jbrasen@nvidia.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Jeff Brasen [Wed, 24 Aug 2022 04:35:53 +0000 (22:35 -0600)]
DynamicTablesPkg: AcpiSsdtPcieLibArm : Add UID to slot creation
Expose the UID value to GeneratePciSlots().
This is needed for some cases for example:
https://docs.microsoft.com/en-us/windows-hardware/drivers/pci/dsd-for-pcie-root-ports#identifying-externally-exposed-pcie-root-ports
Certain OSes will complain if the ECAM config space is not reserved in
the ACPI namespace.
This change adds a function to reserve PNP motherboard resources for a
given PCI node.
Co-authored-by: Joe Lopez <joelopez@microsoft.com> Signed-off-by: Kun Qin <kuqin12@gmail.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> Tested-by: Sami Mujawar <sami.mujawar@arm.com>
This change added an extra step to allow check for installed ACPI tables.
For FADT, MADT, GTDT, DSDT, DBG2 and SPCR tables, either pre-installed or
supplied through AcpiTableInfo can be accepted.
An extra check for FADT ACPI table existence during installation step is
also added.
Cc: Sami Mujawar <Sami.Mujawar@arm.com> Cc: Alexei Fedorov <Alexei.Fedorov@arm.com> Co-authored-by: Joe Lopez <joelopez@microsoft.com> Signed-off-by: Kun Qin <kuqin12@gmail.com> Reviewed-by: Pierre Gondois <pierre.gondois@arm.com> Reviewed-by: Sami Mujawar <sami.mujawar@Arm.com> Tested-by: Sami Mujawar <sami.mujawar@arm.com>
This change added more token fixers for other node types, including
NamedComponentNode, RootComplexNode, and SmmuV3Node.
The corresponding entries for tokenFixer functions table is also updated.
Cc: Sami Mujawar <Sami.Mujawar@arm.com> Cc: Alexei Fedorov <Alexei.Fedorov@arm.com> Co-authored-by: Joe Lopez <joelopez@microsoft.com> Signed-off-by: Kun Qin <kuqin12@gmail.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Pierre Gondois <pierre.gondois@arm.com> Tested-by: Sami Mujawar <sami.mujawar@arm.com>
The content of token should be derived from the data section of the
`CmObject` instead of the object itself.
This change fixed the issue by dereferencing the token value from the
data buffer of input CmObject.
Cc: Sami Mujawar <Sami.Mujawar@arm.com> Cc: Alexei Fedorov <Alexei.Fedorov@arm.com> Co-authored-by: Joe Lopez <joelopez@microsoft.com> Signed-off-by: Kun Qin <kuqin12@gmail.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Pierre Gondois <pierre.gondois@arm.com> Tested-by: Sami Mujawar <sami.mujawar@arm.com>
The DynamicPlatRepoLib has multiple reference to MemoryAllocationLib,
such as DynamicPlatRepo.c and TokenMapper.c. Not including it in the
library inf file could lead to potential build break.
This change added the MemoryAllocationLib into this inf file.
Cc: Sami Mujawar <Sami.Mujawar@arm.com> Cc: Alexei Fedorov <Alexei.Fedorov@arm.com> Co-authored-by: Joe Lopez <joelopez@microsoft.com> Signed-off-by: Kun Qin <kuqin12@gmail.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Pierre Gondois <pierre.gondois@arm.com> Tested-by: Sami Mujawar <sami.mujawar@arm.com>
This change modifies NvmExpressPei library
to allow usage both EDKII_PCI_DEVICE_PPI and
EDKII_NVM_EXPRESS_HOST_CONTROLLER_PPI to manage Nvme device.
Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Ray Ni <ray.ni@intel.com> Signed-off-by: Xiao X Chen <xiao.x.chen@intel.com> Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
Liu, Zhiguang [Fri, 26 Aug 2022 07:39:01 +0000 (15:39 +0800)]
UefiCpuPkg: Enhance logic in InitializeMpExceptionStackSwitchHandlers
Parallelly run the function to SeparateExceptionStacks for all CPUs and
allocate buffers together for better performance.
Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
Yuanhao Xie [Fri, 19 Aug 2022 06:17:28 +0000 (14:17 +0800)]
UefiCpuPkg: Use Top of each AP's stack to save CpuMpData
To remove the dependency of CPU register, 4/8 byte at the top of the
stack is occupied for CpuMpData. BIST information is also taken care
here. This modification is only for PEI phase, since in DXE phase
CpuMpData is accessed via global variable.
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com> Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com>
Liu, Zhiguang [Fri, 26 Aug 2022 07:04:47 +0000 (15:04 +0800)]
UefiCpuPkg: Simplify the implementation when separate exception stacks
The API of InitializeSeparateExceptionStacks is just changed before, and
makes the struct CPU_EXCEPTION_INIT_DATA an internal definition.
Furthermore, we can even remove the struct to make core simpler.
Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
Liu, Zhiguang [Fri, 26 Aug 2022 07:04:46 +0000 (15:04 +0800)]
UefiCpuPkg/MpInitLib: Simplify logic in SwitchBsp
When switch bsp, old bsp and new bsp put CR0/CR4 into stack, and put IDT
and GDT register into a structure. After they exchange their stack, they
restore these registers. This logic is now implemented by assembly code.
This patch aims to reuse (Save/Restore)VolatileRegisters function to
replace such assembly code for better code readability.
Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
Two SMM variables (mSmrrSupported & mSmmFeatureControlSupported) are global
variables, they control whether the SMRR and SMM Feature Control MSR will
be restored respectively.
To avoid the TOCTOU, add PCD to control SMRR & SmmFeatureControl enable.
Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Liu, Zhiguang [Thu, 25 Aug 2022 02:55:04 +0000 (10:55 +0800)]
UefiCpuPkg/MpInitLib: Fix potential issue when IDT table is at above 4G
Currently, when waking up AP, IDT table of AP will be set in 16 bit code,
and assume the IDT table base is 32 bit. However, the IDT table is created
by BSP. Issue will happen if the BSP allocates memory above 4G for BSP's
IDT table. Moreover, even the IDT table location is below 4G, the handler
function inside the IDT table is 64 bit, and it won't take effect until
CPU transfers to 64 bit long mode. There is no benefit to set IDT table in
such an early phase.
To avoid such issue, this patch moves the LIDT instruction into 64 bit
code.
Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
projects / mirror_edk2.git / log