回复: [edk2-devel] Event: TianoCore Bug Triage - APAC / NAMO - 06/14/2022 #cal-reminder

[gaoliming]

Few issues are submitted this week. Let’s cancel the meeting. 

 

Thanks

Liming

发件人: devel@edk2.groups.io  代表 Group Notification
发送时间: 2022年6月14日 9:30
收件人: devel@edk2.groups.io
主题: [edk2-devel] Event: TianoCore Bug Triage - APAC / NAMO - 06/14/2022 
#cal-reminder

 

Reminder: TianoCore Bug Triage - APAC / NAMO 

When:
06/14/2022
6:30pm to 7:30pm
(UTC-07:00) America/Los Angeles 

Where:
https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTk1YzJhN2UtOGQwNi00NjY4LWEwMTktY2JiODRlYTY1NmY0%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%226e4ce4c4-1242-431b-9a51-92cd01a5df3c%22%7d
 

Organizer: Liming Gao gaolim...@byosoft.com.cn 

  

View Event  

Description:

TianoCore Bug Triage - APAC / NAMO

Hosted by Liming Gao

 


 

Microsoft Teams meeting 

Join on your computer or mobile app 

 

 Click here to join the meeting 

Join with a video conferencing device 

te...@conf.intel.com   

Video Conference ID: 116 062 094 0 

 

 Alternate VTC dialing instructions 

Or call in (audio only) 

  +1 916-245-6934,,77463821#   United States, 
Sacramento 

Phone Conference ID: 774 638 21# 

 

 Find a local number |   Reset 
PIN 

  Learn More |  

 Meeting options 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90514): https://edk2.groups.io/g/devel/message/90514
Mute This Topic: https://groups.io/mt/91744163/21656
Mute #cal-reminder:https://edk2.groups.io/g/devel/mutehashtag/cal-reminder
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH EDK2 v1 1/1] edksetup.sh:The version compare issue in shell script

[wenyi,xie via groups.io]

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3948

In function of SetupPython3, the version of python will be
compared to get the new one. When python 3.10 is compared with
python 3.4, the result is not right. Because the version number
is treated as a float and 3.10 is smaller than 3.4.
So using sort to arrange the version from old to new in order
to get the new one.

Cc: Andrew Fish 
Cc: Leif Lindholm 
Cc: Michael D Kinney 
Signed-off-by: Wenyi Xie 
---
 edksetup.sh | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/edksetup.sh b/edksetup.sh
index 06d2f041e635..b9da62440f71 100755
--- a/edksetup.sh
+++ b/edksetup.sh
@@ -20,6 +20,11 @@
 SCRIPTNAME="edksetup.sh"
 RECONFIG=FALSE
 
+function IsVersionGreaterThan()
+{
+  test "$(echo "$@" | tr " " "\n" | sort -V | head -n 1)" != "$1";
+}
+
 function HelpMsg()
 {
   echo "Usage: $SCRIPTNAME [Options]"
@@ -122,7 +127,7 @@ function SetupPython3()
   export PYTHON_COMMAND=$python
   continue
 fi
-  if [[ "$origin_version" < "$python_version" ]]; then
+if IsVersionGreaterThan $python_version $origin_version; then
   origin_version=$python_version
   export PYTHON_COMMAND=$python
 fi
@@ -164,7 +169,7 @@ function SetupPython()
 export PYTHON_COMMAND=$python
 continue
   fi
-  if [[ "$origin_version" < "$python_version" ]]; then
+  if IsVersionGreaterThan $python_version $origin_version; then
 origin_version=$python_version
 export PYTHON_COMMAND=$python
   fi
-- 
2.20.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90513): https://edk2.groups.io/g/devel/message/90513
Mute This Topic: https://groups.io/mt/91742510/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH EDK2 v1 0/1] edksetup.sh:The version compare issue in shell script

[wenyi,xie via groups.io]

Main Changes :
1.Using sort command to get the new version.

Wenyi Xie (1):
  edksetup.sh:The version compare issue in shell script

 edksetup.sh | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

-- 
2.20.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90512): https://edk2.groups.io/g/devel/message/90512
Mute This Topic: https://groups.io/mt/91742508/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] Event: TianoCore Bug Triage - APAC / NAMO - 06/14/2022 #cal-reminder

[Group Notification]

*Reminder: TianoCore Bug Triage - APAC / NAMO*

*When:*
06/14/2022
6:30pm to 7:30pm
(UTC-07:00) America/Los Angeles

*Where:*
https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTk1YzJhN2UtOGQwNi00NjY4LWEwMTktY2JiODRlYTY1NmY0%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%226e4ce4c4-1242-431b-9a51-92cd01a5df3c%22%7d

*Organizer:* Liming Gao gaolim...@byosoft.com.cn ( 
gaolim...@byosoft.com.cn?subject=Re:%20Event:%20TianoCore%20Bug%20Triage%20-%20APAC%20%2F%20NAMO
 )

View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=1262369 )

*Description:*

TianoCore Bug Triage - APAC / NAMO

Hosted by Liming Gao



Microsoft Teams meeting

*Join on your computer or mobile app*

Click here to join the meeting ( 
https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTUyZTg2NjgtNDhlNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%22b286b53a-1218-4db3-bfc9-3d4c5aa7669e%22%7d
 )

*Join with a video conferencing device*

te...@conf.intel.com

Video Conference ID: 116 062 094 0

Alternate VTC dialing instructions ( 
https://conf.intel.com/teams/?conf=1160620940&ivr=teams&d=conf.intel.com&test=test_call
 )

*Or call in (audio only)*

+1 916-245-6934,,77463821# ( tel:+19162456934,,77463821# ) United States, 
Sacramento

Phone Conference ID: 774 638 21#

Find a local number ( 
https://dialin.teams.microsoft.com/d195d438-2daa-420e-b9ea-da26f9d1d6d5?id=77463821
 ) | Reset PIN ( https://mysettings.lync.com/pstnconferencing )

Learn More ( https://aka.ms/JoinTeamsMeeting ) | Meeting options ( 
https://teams.microsoft.com/meetingOptions/?organizerId=b286b53a-1218-4db3-bfc9-3d4c5aa7669e&tenantId=46c98d88-e344-4ed4-8496-4ed7712e255d&threadId=19_meeting_OTUyZTg2NjgtNDhlNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh@thread.v2&messageId=0&language=en-US
 )


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90511): https://edk2.groups.io/g/devel/message/90511
Mute This Topic: https://groups.io/mt/91740886/21656
Mute #cal-reminder:https://edk2.groups.io/g/devel/mutehashtag/cal-reminder
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel][PATCH v1 0/2] Add EDKII_PCI_DEVICE_PPI support to EDK2

[Wu, Hao A]

Got it, thanks for the information. I am fine with the plan.

Best Regards,
Hao Wu

> -Original Message-
> From: Czajkowski, Maciej 
> Sent: Monday, June 13, 2022 9:20 PM
> To: Wu, Hao A ; devel@edk2.groups.io
> Cc: Ni, Ray ; Gao, Liming 
> Subject: RE: [edk2-devel][PATCH v1 0/2] Add EDKII_PCI_DEVICE_PPI support
> to EDK2
> 
> For now, the priority will be to add the support for AHCI and NVMe. However,
> in the future the plan is to have support in all of these drivers.
> 
> Regards,
> Maciej
> 
> -Original Message-
> From: Wu, Hao A 
> Sent: czwartek, 9 czerwca 2022 04:47
> To: Czajkowski, Maciej ;
> devel@edk2.groups.io
> Cc: Ni, Ray ; Gao, Liming 
> Subject: RE: [edk2-devel][PATCH v1 0/2] Add EDKII_PCI_DEVICE_PPI support
> to EDK2
> 
> Sorry for a question, if the EDKII_PCI_DEVICE_PPI were added to edk2,
> would there be a plan to add support to:
> * NVMe
> * UFS
> * SD/MMC
> * USB (XHCI, EHCI and UHCI)
> 
> Best Regards,
> Hao Wu
> 
> > -Original Message-
> > From: Czajkowski, Maciej 
> > Sent: Monday, June 6, 2022 8:45 PM
> > To: devel@edk2.groups.io
> > Cc: Wu, Hao A ; Ni, Ray ; Gao,
> > Liming 
> > Subject: [edk2-devel][PATCH v1 0/2] Add EDKII_PCI_DEVICE_PPI support
> > to
> > EDK2
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3907
> >
> > The purpose of those changes is to introduce the way to enumerate and
> > assign resources in PEI for the systems with more than one PCI root.
> > Here is a need to have an interface that will support such a
> > mechanizm.
> > For now, the part that performs the enumeration will be implemented in
> > the silicon code.
> > Sample code can be seen here: https://github.com/mczaj/edk2-
> > platforms/commit/d443062e58f9fba228869b54f2546d9735b3b506
> >
> > Cc: Hao A Wu 
> > Cc: Ray Ni 
> > Cc: Liming Gao 
> >
> > Maciej Czajkowski (2):
> >   MdeModulePkg: Add EDKII_PCI_DEVICE_PPI definition
> >   MdeModulePkg/AhciPei: Use PCI_DEVICE_PPI to manage AHCI device
> >
> >  MdeModulePkg/Bus/Ata/AhciPei/AhciPei.c| 615 +++
> -
> >  MdeModulePkg/Bus/Ata/AhciPei/DevicePath.c |  44 --
> >  MdeModulePkg/Bus/Ata/AhciPei/AhciPei.inf  |   5 +-
> >  MdeModulePkg/Include/Ppi/PciDevice.h  |  32 +
> >  MdeModulePkg/MdeModulePkg.dec |   3 +
> >  5 files changed, 493 insertions(+), 206 deletions(-)  create mode
> > 100644 MdeModulePkg/Include/Ppi/PciDevice.h
> >
> > --
> > 2.27.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90510): https://edk2.groups.io/g/devel/message/90510
Mute This Topic: https://groups.io/mt/91575907/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel][PATCH v1 2/2] MdeModulePkg/AhciPei: Use PCI_DEVICE_PPI to manage AHCI device

[Wu, Hao A]

Thanks.

For 2 (DevicePathLib PEIM instance), please ensure it is done before merging 
this series.

For 3 (IOMMU codes in storage device PEIMs):
Yes, you are right that we still need to consider the 
EDKII_ATA_AHCI_HOST_CONTROLLER_PPI case.
As far as I can recall, this PPI was added for the support of OPAL/HDD Password 
S3 unlock feature. So my take is that the PPI producers are mainly Intel Client 
platforms.
I think in order to add a library (or directly use services in 
EDKII_PCI_DEVICE_PPI) to abstract the IOMMU related logics in AhciPei, both 2 
conditions below should be met:
a) Retire the EDKII_ATA_AHCI_HOST_CONTROLLER_PPI
This should be no hard, as there are not many producers of this PPI.
b) A public reference PciBusPei module is needed in edk2 like PciBusDxe for DXE 
case
As I mentioned earlier, an enforcement for producers of EDKII_PCI_DEVICE_PPI to 
add IOMMU support is required.
If there is no reference module (like PciBusDxe for DXE), such enforcement 
cannot be guaranteed.
Meanwhile, adding a reference PciBusPei implementation might not be easy.
As I went through the RFC discussion 
(https://edk2.groups.io/g/rfc/topic/86658203), it seems to me that the PEI 
phase enumeration requirement varies dramatically between platforms.
Not sure what is the long-term goal for the current silicon code that produces 
of EDKII_PCI_DEVICE_PPI, if the target is to eventually put it in edk2 (not 
edk2-platform), then I see the feasibility of handling PEI phase IOMMU in one 
common place.

For 5 (GitHub Pull Request to trigger the CI tests), since 2 is not done yet, 
my take is that the build tests are likely to fail. Need to wait for 
DevicePathLib PEIM instance being merged for this.

Best Regards,
Hao Wu

> -Original Message-
> From: Czajkowski, Maciej 
> Sent: Monday, June 13, 2022 9:20 PM
> To: Wu, Hao A ; devel@edk2.groups.io
> Cc: Ni, Ray 
> Subject: RE: [edk2-devel][PATCH v1 2/2] MdeModulePkg/AhciPei: Use
> PCI_DEVICE_PPI to manage AHCI device
> 
> Hello,
> 
> 1. Yes, I will try to fix that in the v2 patch.
> 2. We have a review opened to add such instance -
> https://edk2.groups.io/g/devel/message/89970
> 3. For now it will be implemented in the silicon code, so you are right - we
> should keep them. Also, it would require a larger library refactor to consume
> such code from PCI_DEVICE_PPI if we are going to still support both
> PCI_DEVICE_PPI and AHCI_HOST_CONTROLLER_PPI. However, what are you
> thoughts about future of the library? If we can get rid of
> AHCI_HOST_CONTROLLER_PPI, I think that it is possible to remove the
> IOMMU code.
> 4. It has been run in the simulation environment, and a BlockIo read has been
> performed in PEI phase - and it was performed successfully.
> 5. Sure, will do that for v2 patch.
> 
> -Original Message-
> From: Wu, Hao A 
> Sent: czwartek, 9 czerwca 2022 05:08
> To: devel@edk2.groups.io; Wu, Hao A ; Czajkowski,
> Maciej 
> Cc: Ni, Ray 
> Subject: RE: [edk2-devel][PATCH v1 2/2] MdeModulePkg/AhciPei: Use
> PCI_DEVICE_PPI to manage AHCI device
> 
> For "3) Could you help to check if the DMA memory related codes in
> MdeModulePkg\Bus\Ata\AhciPei\DmaMem.c can be covered by the 'PciIo'
> service in EDKII_PCI_DEVICE_PPI?"
> After a second thought, my take is that there will be no PciBusPei
> implementation added in edk2.
> So there will be no enforcement for producers of EDKII_PCI_DEVICE_PPI to
> add IOMMU support like in PciBusDxe.
> 
> If my above understanding is correct, then I think we might still need to keep
> those IOMMU support codes in AhciPei PEIM.
> 
> Best Regards,
> Hao Wu
> 
> > -Original Message-
> > From: devel@edk2.groups.io  On Behalf Of Wu,
> Hao
> > A
> > Sent: Thursday, June 9, 2022 10:48 AM
> > To: Czajkowski, Maciej ;
> > devel@edk2.groups.io
> > Cc: Ni, Ray 
> > Subject: Re: [edk2-devel][PATCH v1 2/2] MdeModulePkg/AhciPei: Use
> > PCI_DEVICE_PPI to manage AHCI device
> >
> > Couple of general level comments/questions:
> > 1) The implementation of functions
> > AtaAhciPciDevicePpiInstallationCallback() &
> > AtaAhciInitPrivateDataFromPciDevice() has many duplications. Is it
> > possible to abstract a separate function to reduce duplicated codes?
> > 2) What DevicePathLib instance should be used for the PEI case? As far
> > as I know, current DevicePathLib instances in edk2 do not support PEIM.
> > 3) Could you help to check if the DMA memory related codes in
> > MdeModulePkg\Bus\Ata\AhciPei\DmaMem.c can be covered by the 'PciIo'
> > service in EDKII_PCI_DEVICE_PPI?
> > 4) May I know what kind of tests are performed for this patch? Would
> > like to ensure the origin gEdkiiPeiAtaAhciHostControllerPpiGuid path is not
> broken.
> > 5) Could you help to create a GitHub Pull Request to trigger the CI
> > tests for this series?
> >
> > More inline comments below:
> >
> >
> > > -Original Message-
> > > From: Czajkowski, Maciej 
> > > Sent: Monday, June 6, 2022 8:45 PM
> > > To: devel@edk2.groups.io
> > > Cc: Wu, Hao A ; Ni, 

回复: [edk2-devel] [PATCH edk2-platforms 0/3] Ext4Pkg: Add ext2/3 support and move crc16/32c to BaseLib

[gaoliming]

Pedro:

 Yes. You can merge this patch with my ACK.

 

Thanks

Liming

发件人: Pedro Falcato  
发送时间: 2022年6月13日 22:45
收件人: gaoliming 
抄送: edk2-devel-groups-io ; Leif Lindholm 
; Michael D Kinney ; Zhiguang 
Liu 
主题: Re: [edk2-devel] [PATCH edk2-platforms 0/3] Ext4Pkg: Add ext2/3 support and 
move crc16/32c to BaseLib

 

Liming,

 

Sorry for the question, but can I merge this with your Ack and my RB or do I 
have to wait for another RB?

I want to solve this as soon as possible since right now Ext4Pkg won't build 
with upstream edk2.

 

Thanks,

Pedro

 

On Thu, Jun 2, 2022 at 4:05 AM gaoliming mailto:gaolim...@byosoft.com.cn> > wrote:

Pedro：

 Thanks for your enhancement to support ext2/3 file system. Acked-by: Liming 
Gao mailto:gaolim...@byosoft.com.cn> > for this 
patch set. 

 

Thanks

Liming

发件人: Pedro Falcato mailto:pedro.falc...@gmail.com> > 
发送时间: 2022年6月1日 5:33
收件人: edk2-devel-groups-io mailto:devel@edk2.groups.io> 
>; Pedro Falcato mailto:pedro.falc...@gmail.com> >
抄送: Leif Lindholm mailto:l...@nuviainc.com> >; Michael D 
Kinney mailto:michael.d.kin...@intel.com> >; 
Liming Gao mailto:gaolim...@byosoft.com.cn> >; 
Zhiguang Liu mailto:zhiguang@intel.com> >
主题: Re: [edk2-devel] [PATCH edk2-platforms 0/3] Ext4Pkg: Add ext2/3 support and 
move crc16/32c to BaseLib

 

Ping. Please review now that the stable freeze is over.

 

On Wed, May 11, 2022 at 6:42 PM Pedro Falcato via groups.io   
mailto:gmail@groups.io> > wrote:

Ping. Could someone review these patches?

 

On Mon, Apr 25, 2022 at 6:14 PM Pedro Falcato via groups.io   
mailto:gmail@groups.io> > wrote:

Ping. If someone could take a look, it would be much appreciated.

 

On Thu, Apr 7, 2022 at 11:01 PM Pedro Falcato mailto:pedro.falc...@gmail.com> > wrote:

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3745
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3871

Hi all,

This patch-set attempts to address two open feature requests for Ext4Pkg
by adding ext2/3 support (id 3745) and moving crc16-ansi/crc32c to BaseLib (id 
3871).

The previous patch-set regarding 3871 attempted to merge the different crc16 
implementations
but failed because, contrary to what I thought, there are many, many different 
CRC16s which
are all slightly different. This one (plus the separate edk2 patch) attempts to 
just merge
CRC16-ANSI (confusingly, also known as CRC16) into BaseLib.

Since this patch set grew to be considerably different from the original, I 
didn't mark it
as v2 but rather a separate, new patch-set.

CC'ing the edk2-platforms stewards (as I cannot review my own code) and the 
CC's of the MdePkg
patch.

Cc: Leif Lindholm mailto:l...@nuviainc.com> >
Cc: Michael D Kinney mailto:michael.d.kin...@intel.com> >
Cc: Liming Gao mailto:gaolim...@byosoft.com.cn> >
Cc: Zhiguang Liu mailto:zhiguang@intel.com> >

Pedro Falcato (3):
  Ext4Pkg: Replace the CRC implementations with BaseLib
  Ext4Pkg: Format using uncrustify
  Ext4Pkg: Add ext2/3 support

 Features/Ext4Pkg/Ext4Dxe/BlockGroup.c |  10 +-
 Features/Ext4Pkg/Ext4Dxe/BlockMap.c   | 279 +
 Features/Ext4Pkg/Ext4Dxe/Collation.c  |   4 +-
 Features/Ext4Pkg/Ext4Dxe/Crc16.c  |  75 -
 Features/Ext4Pkg/Ext4Dxe/Crc32c.c |  84 --
 Features/Ext4Pkg/Ext4Dxe/Directory.c  |  13 +-
 Features/Ext4Pkg/Ext4Dxe/DiskUtil.c   |   6 +-
 Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h   |  30 +-
 Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.c|  95 +++---
 Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h| 417 ++
 Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.inf  |   3 +-
 Features/Ext4Pkg/Ext4Dxe/Extents.c|  27 +-
 Features/Ext4Pkg/Ext4Dxe/File.c   |  19 +-
 Features/Ext4Pkg/Ext4Dxe/Inode.c  |  33 +-
 Features/Ext4Pkg/Ext4Dxe/Partition.c  |  12 +-
 Features/Ext4Pkg/Ext4Dxe/Superblock.c |  20 +-
 16 files changed, 640 insertions(+), 487 deletions(-)
 create mode 100644 Features/Ext4Pkg/Ext4Dxe/BlockMap.c
 delete mode 100644 Features/Ext4Pkg/Ext4Dxe/Crc16.c
 delete mode 100644 Features/Ext4Pkg/Ext4Dxe/Crc32c.c

-- 
2.35.1



-- 

Pedro Falcato



-- 

Pedro Falcato





-- 

Pedro Falcato



-- 

Pedro Falcato



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90508): https://edk2.groups.io/g/devel/message/90508
Mute This Topic: https://groups.io/mt/91740613/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] Now: Tools, CI, Code base construction meeting series - 06/13/2022 #cal-notice

[Group Notification]

*Tools, CI, Code base construction meeting series*

*When:*
06/13/2022
4:30pm to 5:30pm
(UTC-07:00) America/Los Angeles

*Where:*
https://github.com/tianocore/edk2/discussions/2614

View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=1519383 )

*Description:*

TianoCore community,

Microsoft and Intel will be hosting a series of open meetings to discuss build, 
CI, tools, and other related topics. If you are interested, have ideas/opinions 
please join us. These meetings will be Monday 4:30pm Pacific Time on Microsoft 
Teams.

MS Teams Link in following discussion: * 
https://github.com/tianocore/edk2/discussions/2614

Anyone is welcome to join.

* tianocore/edk2: EDK II (github.com)
* tianocore/edk2-basetools: EDK II BaseTools Python tools as a PIP module 
(github.com) https://github.com/tianocore/edk2-basetools
* tianocore/edk2-pytool-extensions: Extensions to the edk2 build system 
allowing for a more robust and plugin based build system and tool execution 
environment (github.com) https://github.com/tianocore/edk2-pytool-extensions
* tianocore/edk2-pytool-library: Python library package that supports UEFI 
development (github.com) https://github.com/tianocore/edk2-pytool-library

MS Teams Browser Clients * 
https://docs.microsoft.com/en-us/microsoftteams/get-clients?tabs=Windows#browser-client


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90507): https://edk2.groups.io/g/devel/message/90507
Mute This Topic: https://groups.io/mt/91739024/21656
Mute #cal-notice:https://edk2.groups.io/g/devel/mutehashtag/cal-notice
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [edk2-rfc] RFC v2: Static Analysis in edk2 CI

[Rebecca Cran]

LLVM's tools also appear to be much easier to review, for other people 
to run etc. I'd suggest at least starting with clang-tidy + scan-build 
and possibly adding Coverity later.


I've found the Coverity tools, while very powerful, tend to get ignored 
after a while because it's quite a process to keep it running, go 
through the issues it detects and keep the database up-to-date etc.



--

Rebecca Cran


On 6/13/22 15:54, Pedro Falcato wrote:

(Replying under Mike for devel visibility)

Felix,

Why coverity? I feel like we could run something akin to LLVM's clang-tidy
+ scan-build; it's open source (transparent *and* we can improve it or add
UEFI quirks) and doesn't rely on a third-party service. I'm sure we could
figure something out for hosting the thing. Otherwise, looks good to me.

Thanks,
Pedro

On Mon, Jun 13, 2022 at 7:54 PM Michael D Kinney 
wrote:


+devel@edk2.groups.io

Mike


-Original Message-
From: r...@edk2.groups.io  On Behalf Of Felix

Polyudov via groups.io

Sent: Monday, June 13, 2022 10:48 AM
To: r...@edk2.groups.io
Cc: Kinney, Michael D 
Subject: [edk2-rfc] RFC v2: Static Analysis in edk2 CI

This is version 2 of the proposal that provides additional details

regarding the bring up process.

The initial version is at https://edk2.groups.io/g/rfc/message/696

The goal of the proposal is integration of the static analysis (SA) into

the edk2 workflow.

- Use Open Coverity SA service to scan edk2 repository. The service is

free for open source projects.

 edk2 Open Coverity project:

https://scan.coverity.com/projects/tianocore-edk2

- Update edk2 CI scripts to run analysis once a week
- Perform analysis on all the edk2 packages using package DSC files

that are used for CI build tests

(Coverity analysis is executed in the course of a specially

instrumented project build).

- SA results are uploaded to scan.coverity.com. To access them one

would need to register on the site and request tianocore-

edk2 project access. The site can be used to triage the reported issues.

Confirmed issues can be addressed using a standard edk2

process (Bugzilla, mailing list).
- During the initial bring up period, access to the SA results is

restricted to stewards, maintainers, and members of the

TianoCore InfoSec group, who are encouraged to review reported issues

with the primary goal of identifying security-related

issues. All such issues should be handled in accordance with the

following guidelines:
https://github.com/tianocore/tianocore.github.io/wiki/Reporting-Security-Issues

- The initial bring up period ends when embargo for all the identified

security issues ends or after 30 days if no security

issues have been identified
- Once brig up period is over, SA results access is open to everybody.
- The package maintainers should monitor weekly scan results for a newly

reported issues and reach back to original patch

submitters to resolve them. Package maintainers can revert the patch if

no action is taken by the submitter.

-The information contained in this message may be confidential and

proprietary to American Megatrends (AMI). This communication

is intended to be read only by the individual or entity to whom it is

addressed or by their designee. If the reader of this

message is not the intended recipient, you are on notice that any

distribution of this message, in any form, is strictly

prohibited. Please promptly notify the sender by reply e-mail or by

telephone at 770-246-8600, and then delete or destroy all

copies of the transmission.














-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90506): https://edk2.groups.io/g/devel/message/90506
Mute This Topic: https://groups.io/mt/91737265/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [edk2-rfc] RFC v2: Static Analysis in edk2 CI

[Pedro Falcato]

(Replying under Mike for devel visibility)

Felix,

Why coverity? I feel like we could run something akin to LLVM's clang-tidy
+ scan-build; it's open source (transparent *and* we can improve it or add
UEFI quirks) and doesn't rely on a third-party service. I'm sure we could
figure something out for hosting the thing. Otherwise, looks good to me.

Thanks,
Pedro

On Mon, Jun 13, 2022 at 7:54 PM Michael D Kinney 
wrote:

> +devel@edk2.groups.io
>
> Mike
>
> > -Original Message-
> > From: r...@edk2.groups.io  On Behalf Of Felix
> Polyudov via groups.io
> > Sent: Monday, June 13, 2022 10:48 AM
> > To: r...@edk2.groups.io
> > Cc: Kinney, Michael D 
> > Subject: [edk2-rfc] RFC v2: Static Analysis in edk2 CI
> >
> > This is version 2 of the proposal that provides additional details
> regarding the bring up process.
> >
> > The initial version is at https://edk2.groups.io/g/rfc/message/696
> >
> > The goal of the proposal is integration of the static analysis (SA) into
> the edk2 workflow.
> >
> > - Use Open Coverity SA service to scan edk2 repository. The service is
> free for open source projects.
> > edk2 Open Coverity project:
> https://scan.coverity.com/projects/tianocore-edk2
> > - Update edk2 CI scripts to run analysis once a week
> >- Perform analysis on all the edk2 packages using package DSC files
> that are used for CI build tests
> >(Coverity analysis is executed in the course of a specially
> instrumented project build).
> >- SA results are uploaded to scan.coverity.com. To access them one
> would need to register on the site and request tianocore-
> > edk2 project access. The site can be used to triage the reported issues.
> Confirmed issues can be addressed using a standard edk2
> > process (Bugzilla, mailing list).
> > - During the initial bring up period, access to the SA results is
> restricted to stewards, maintainers, and members of the
> > TianoCore InfoSec group, who are encouraged to review reported issues
> with the primary goal of identifying security-related
> > issues. All such issues should be handled in accordance with the
> following guidelines:
> >
> https://github.com/tianocore/tianocore.github.io/wiki/Reporting-Security-Issues
> > - The initial bring up period ends when embargo for all the identified
> security issues ends or after 30 days if no security
> > issues have been identified
> > - Once brig up period is over, SA results access is open to everybody.
> > - The package maintainers should monitor weekly scan results for a newly
> reported issues and reach back to original patch
> > submitters to resolve them. Package maintainers can revert the patch if
> no action is taken by the submitter.
> >
> > -The information contained in this message may be confidential and
> proprietary to American Megatrends (AMI). This communication
> > is intended to be read only by the individual or entity to whom it is
> addressed or by their designee. If the reader of this
> > message is not the intended recipient, you are on notice that any
> distribution of this message, in any form, is strictly
> > prohibited. Please promptly notify the sender by reply e-mail or by
> telephone at 770-246-8600, and then delete or destroy all
> > copies of the transmission.
> >
> >
> >
> >
>
>
>
> 
>
>
>

-- 
Pedro Falcato


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90505): https://edk2.groups.io/g/devel/message/90505
Mute This Topic: https://groups.io/mt/91737265/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Physical Address of buffer

[Pedro Falcato]

Hi,

Does this work for you?
https://edk2-docs.gitbook.io/edk-ii-uefi-driver-writer-s-guide/18_pci_driver_design_guidelines/readme.5

On Mon, Jun 13, 2022 at 8:39 PM M.T.  wrote:

> Hello
>
> I'm trying to port some code which interacts with memory mapped hardware
> registers.
> The original code was developed in 2015-18 on edk2, and does not want to
> compile anymore.
>
> The way it works is there are three 32 bit registers.
> The first is a status/command register which I read to determine if the
> hardware is ready.
> The next two are used to pass a 64-bit memory address (hi + lo).
> Once the param registers are set, I update the command/status register and
> the hardware executes the command returning the results at the address
> provided by the two param registers.
>
> In the original code, the address of the buffer is used to fill in the two
> param registers, and as far as I can tell this worked back then.
> When I try to do the same, the address in my pointer is only 32 bits long,
> a virtual address, not a physical address.
>
> Is there a way I can convert this 32 bit virtual address to a 64-bit
> physical address in a uefi shell app, or would I need a driver to do this?
> I did something similar in linux for memory mapped IO, I am guessing I
> just haven't found the right function for this yet.
>
> I would greatly appreciate it if someone could point me in the right
> direction.
>
> Thank you
> xp
>
>
>
> 
>
>

-- 
Pedro Falcato


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90504): https://edk2.groups.io/g/devel/message/90504
Mute This Topic: https://groups.io/mt/91734630/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1 1/1] MdeModulePkg: Add Definition of EDKII_PEI_VARIABLE_PPI

[Nate DeSimone]

Hi Jiewen,

I am fine with deferring the submission of this to edk2 until the 
implementation is ready for review. I just wanted to get feedback on the API so 
that once the implementation patch series arrives we will at least that that 
piece of the review done. I would say this thread achieved that goal. Thank you 
for the pointer to the protected variable code, we will review it and make sure 
that no issues would arise from the pre-memory PEI implementation.

Thanks,
Nate

-Original Message-
From: Yao, Jiewen  
Sent: Friday, June 10, 2022 6:09 PM
To: Desimone, Nathaniel L ; 
devel@edk2.groups.io; michael.kuba...@outlook.com
Cc: Wang, Jian J ; Gao, Liming 
; Kinney, Michael D ; 
Oram, Isaac W ; Chiu, Chasel ; 
Cheng, Gao ; Zhang, Di ; Bu, Daocheng 
; Kubacki, Michael 
Subject: RE: [edk2-devel] [PATCH V1 1/1] MdeModulePkg: Add Definition of 
EDKII_PEI_VARIABLE_PPI

Thanks for the response.

1) Why we need "enable UEFI variable write before permanent memory is 
available"?

2) If the implementation is not ready, I do have concern to add it so early in 
EDKII.
If I don’t have a big picture, I am not sure how to review the completeness.

Can we put it to EDKII-staging (https://github.com/tianocore/edk2-staging) for 
a moment?
I don’t see the need to add the interface now for work-in-progress feature, 
since there is no consumer and no producer.

Another reason is that I happen to know other feature (in EDKII stage) is 
impacting variable driver.
https://github.com/tianocore/edk2-staging/tree/ProtectedVariable/libs

Please do consider that as well - how to write a protected variable in PEI 
phase.

Thank you
Yao Jiewen

> -Original Message-
> From: Desimone, Nathaniel L 
> Sent: Saturday, June 11, 2022 5:49 AM
> To: Yao, Jiewen ; devel@edk2.groups.io; 
> michael.kuba...@outlook.com
> Cc: Wang, Jian J ; Gao, Liming 
> ; Kinney, Michael D 
> ; Oram, Isaac W ; 
> Chiu, Chasel ; Cheng, Gao 
> ; Zhang, Di ; Bu, Daocheng 
> ; Kubacki, Michael 
> 
> Subject: RE: [edk2-devel] [PATCH V1 1/1] MdeModulePkg: Add Definition 
> of EDKII_PEI_VARIABLE_PPI
> 
> Hi Jiewen,
> 
> Thanks for the feedback, per your questions:
> 
> 1. The primary use case for this is to enable UEFI variable writes 
> before permanent memory is available.
> 2. The implementation is a work in progress. We will provide it 
> shortly. As this will be a rather large patch set, I would like to get 
> this piece in place beforehand so that the reviewers can focus on the 
> implementation separate from the API definition.
> 3. No impact to secure boot. We are not going to support writing to 
> authenticated variables in PEI. As mentioned in the comments, if a 
> PEIM wishes to update any of the authenticated variables it must use 
> the existing HOB mechanism to have a later DXE phase perform the update.
> 4. With regard to atomicity, we have a complete implementation of the 
> fault tolerant write services operational in Pre-Memory PEI.
> 5. Good point on the S3 resume, we will need to add an SMI to have the 
> variable services re-initialize the mNvVariableCache.
> 
> Hope that helps,
> Nate
> 
> -Original Message-
> From: Yao, Jiewen 
> Sent: Friday, June 10, 2022 9:56 AM
> To: devel@edk2.groups.io; michael.kuba...@outlook.com; Desimone, 
> Nathaniel L 
> Cc: Wang, Jian J ; Gao, Liming 
> ; Kinney, Michael D 
> ; Oram, Isaac W ; 
> Chiu, Chasel ; Cheng, Gao 
> ; Zhang, Di ; Bu, Daocheng 
> ; Kubacki, Michael 
> 
> Subject: RE: [edk2-devel] [PATCH V1 1/1] MdeModulePkg: Add Definition 
> of EDKII_PEI_VARIABLE_PPI
> 
> Hi
> 
> I am curious why we need this interface. Why we need write variable 
> capability in PEI phase?
> 
> Where is the implementation of this? I prefer to see an implementation 
> submitted together with header file.
> For example, what is the impact to secure boot related feature, how to 
> write auth variable in PEI, how PEI write variable cowork with SMM 
> version in S3 resume phase, how to support variable atomicity, etc.
> 
> Thank you
> Yao Jiewen
> 
> 
> > -Original Message-
> > From: devel@edk2.groups.io  On Behalf Of 
> > Michael Kubacki
> > Sent: Friday, June 10, 2022 10:00 AM
> > To: devel@edk2.groups.io; Desimone, Nathaniel L 
> > 
> > Cc: Wang, Jian J ; Gao, Liming 
> > ; Kinney, Michael D 
> > ; Oram, Isaac W 
> > ; Chiu, Chasel ; 
> > Cheng, Gao ; Zhang, Di ; 
> > Bu, Daocheng ; Kubacki, Michael 
> > 
> > Subject: Re: [edk2-devel] [PATCH V1 1/1] MdeModulePkg: Add 
> > Definition of EDKII_PEI_VARIABLE_PPI
> >
> > Is this change just adding the interface to Tianocore or is there 
> > additional implementation planned as well?
> >
> > ---
> >
> > I thought we were following this convention now:
> >
> > "#ifndef __PEI_VARIABLE_PPI_H_" -> "#ifndef PEI_VARIABLE_PPI_H_"
> >
> > Some other comments are inline.
> >
> > Regards,
> > Michael
> >
> > On 6/9/2022 9:17 PM, Nate DeSimone wrote:
> > > Adds definition of EDKII_PEI_VARIABLE_PPI, a pre-cursor to 
> > > enabling variable writes in the PEI envi

[edk2-devel] [PATCH v2 11/11] EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency

[Kun Qin]

The new changes in SecureBootVariableLib brought in a new dependency of
PlatformPKProtectionLib.

This change added the new library instance from SecurityPkg to resolve
pipeline builds.

Cc: Andrew Fish 
Cc: Ray Ni 

Signed-off-by: Kun Qin 
---
 EmulatorPkg/EmulatorPkg.dsc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 4cf886b9eac7..b44435d7e6ee 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -134,6 +134,7 @@ [LibraryClasses]
   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
   
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+  
PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
   
SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
-- 
2.35.1.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90502): https://edk2.groups.io/g/devel/message/90502
Mute This Topic: https://groups.io/mt/91735880/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 10/11] OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency

[Kun Qin]

The new changes in SecureBootVariableLib brought in a new dependency of
PlatformPKProtectionLib.

This change added the new library instance from SecurityPkg to resolve
pipeline builds.

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Jordan Justen 
Cc: Gerd Hoffmann 
Cc: Rebecca Cran 
Cc: Peter Grehan 
Cc: Sebastien Boeuf 

Signed-off-by: Kun Qin 
---
 OvmfPkg/Bhyve/BhyveX64.dsc   | 1 +
 OvmfPkg/CloudHv/CloudHvX64.dsc   | 1 +
 OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
 OvmfPkg/OvmfPkgIa32.dsc  | 1 +
 OvmfPkg/OvmfPkgIa32X64.dsc   | 1 +
 OvmfPkg/OvmfPkgX64.dsc   | 1 +
 6 files changed, 6 insertions(+)

diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index f0166e136cd1..36270456aa31 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -199,6 +199,7 @@ [LibraryClasses]
   
PlatformSecureLib|OvmfPkg/Bhyve/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
   
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+  
PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
   
SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index 8a111444f867..5883fa81f3a7 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -210,6 +210,7 @@ [LibraryClasses]
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
   
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+  
PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
   
SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index a40f7228b98e..d44aa23ef325 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -183,6 +183,7 @@ [LibraryClasses]
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
   
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+  
PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
   
SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index a9841cbfc3ca..c291b20d4504 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -207,6 +207,7 @@ [LibraryClasses]
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
   
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+  
PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
   
SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index f7949780fa38..22ff966464c2 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -211,6 +211,7 @@ [LibraryClasses]
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
   
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+  
PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
   
SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 1448f925b782..5b681716397d 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -227,6 +227,7 @@ [LibraryClasses]
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
   
SecureBootVariableLib|SecurityPkg/Library/Sec

[edk2-devel] [PATCH v2 09/11] SecurityPkg: SecureBootVariableLib: Added unit tests

[Kun Qin]

From: kuqin 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911

This change added unit test and enabled it from pipeline for the updated
SecureBootVariableLib.

The unit test covers all implemented interfaces and certain corner cases.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Min Xu 

Signed-off-by: Kun Qin 
---
 
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
   |   36 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c   
|  201 ++
 
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c
   |   13 +
 
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
 | 2037 
 
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
 |   33 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf 
|   45 +
 
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
 |   25 +
 
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf
   |   36 +
 SecurityPkg/SecurityPkg.ci.yaml
|   11 +
 SecurityPkg/Test/SecurityPkgHostTest.dsc   
|   38 +
 10 files changed, 2475 insertions(+)

diff --git 
a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
 
b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
new file mode 100644
index ..a8644d272df6
--- /dev/null
+++ 
b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
@@ -0,0 +1,36 @@
+/** @file
+  Provides a mocked interface for configuring PK related variable protection.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+/**
+  Disable any applicable protection against variable 'PK'. The implementation
+  of this interface is platform specific, depending on the protection 
techniques
+  used per platform.
+
+  Note: It is the platform's responsibility to conduct cautious operation after
+disabling this protection.
+
+  @retval EFI_SUCCESS State has been successfully updated.
+  @retval Others  Error returned from implementation 
specific
+  underying APIs.
+
+**/
+EFI_STATUS
+EFIAPI
+DisablePKProtection (
+  VOID
+  )
+{
+  return (EFI_STATUS)mock ();
+}
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c 
b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
new file mode 100644
index ..df271c39f26c
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
@@ -0,0 +1,201 @@
+/** @file
+  The UEFI Library provides functions and macros that simplify the development 
of
+  UEFI Drivers and UEFI Applications.  These functions and macros help manage 
EFI
+  events, build simple locks utilizing EFI Task Priority Levels (TPLs), install
+  EFI Driver Model related protocols, manage Unicode string tables for UEFI 
Drivers,
+  and print messages on the console output and standard error devices.
+
+  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+
+#include 
+#include 
+#include 
+
+/**
+  Returns the status whether get the variable success. The function retrieves
+  variable  through the UEFI Runtime Service GetVariable().  The
+  returned buffer is allocated using AllocatePool().  The caller is responsible
+  for freeing this buffer with FreePool().
+
+  If Name  is NULL, then ASSERT().
+  If Guid  is NULL, then ASSERT().
+  If Value is NULL, then ASSERT().
+
+  @param[in]  Name  The pointer to a Null-terminated Unicode string.
+  @param[in]  Guid  The pointer to an EFI_GUID structure
+  @param[out] Value The buffer point saved the variable info.
+  @param[out] Size  The buffer size of the variable.
+
+  @return EFI_OUT_OF_RESOURCES  Allocate buffer failed.
+  @return EFI_SUCCESS   Find the specified variable.
+  @return Others Errors Return errors from call to 
gRT->GetVariable.
+
+**/
+EFI_STATUS
+EFIAPI
+GetVariable2 (
+  IN CONST CHAR16*Name,
+  IN CONST EFI_GUID  *Guid,
+  OUT VOID   **Value,
+  OUT UINTN  *Size OPTIONAL
+  )
+{
+  EFI_STATUS  Status;
+  UINTN   BufferSize;
+
+  ASSERT (Name != NULL && Guid != NULL && Value != NULL);
+
+  //
+  // Try to get the variable size.
+  //
+  BufferSize = 0;
+  *Value = NULL;
+  if (Size != NULL) {
+*Size = 0;
+  }
+
+  Status = gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, 
&BufferSize, *Value);
+  if (Status != EFI_BUFFER_TOO_SMALL) {
+return Status;
+  }
+
+  //
+  // Allocate buffer to get the variable.
+  //
+  *Valu

[edk2-devel] [PATCH v2 08/11] SecurityPkg: SecureBootConfigDxe: Updated invocation pattern

[Kun Qin]

From: Kun Qin 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909

This change is in pair with the previous SecureBootVariableLib change,
which updated the interface of `CreateTimeBasedPayload`.

This change added a helper function to query the current time through
Real Time Clock protocol. This function is used when needing to format
an authenticated variable payload.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Min Xu 

Signed-off-by: Kun Qin 
---
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c  
| 127 ++--
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf 
|   1 +
 2 files changed, 119 insertions(+), 9 deletions(-)

diff --git 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index a13c349a0f89..4299a6b5e56d 100644
--- 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include "SecureBootConfigImpl.h"
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -136,6 +137,51 @@ CloseEnrolledFile (
   FileContext->FileType = UNKNOWN_FILE_TYPE;
 }
 
+/**
+  Helper function to populate an EFI_TIME instance.
+
+  @param[in] Time   FileContext cached in SecureBootConfig driver
+
+**/
+STATIC
+EFI_STATUS
+GetCurrentTime (
+  IN EFI_TIME  *Time
+  )
+{
+  EFI_STATUS  Status;
+  VOID*TestPointer;
+
+  if (Time == NULL) {
+return EFI_INVALID_PARAMETER;
+  }
+
+  Status = gBS->LocateProtocol (&gEfiRealTimeClockArchProtocolGuid, NULL, 
&TestPointer);
+  if (EFI_ERROR (Status)) {
+return Status;
+  }
+
+  ZeroMem (Time, sizeof (EFI_TIME));
+  Status = gRT->GetTime (Time, NULL);
+  if (EFI_ERROR (Status)) {
+DEBUG ((
+  DEBUG_ERROR,
+  "%a(), GetTime() failed, status = '%r'\n",
+  __FUNCTION__,
+  Status
+  ));
+return Status;
+  }
+
+  Time->Pad1   = 0;
+  Time->Nanosecond = 0;
+  Time->TimeZone   = 0;
+  Time->Daylight   = 0;
+  Time->Pad2   = 0;
+
+  return EFI_SUCCESS;
+}
+
 /**
   This code checks if the FileSuffix is one of the possible DER-encoded 
certificate suffix.
 
@@ -436,6 +482,7 @@ EnrollPlatformKey (
   UINT32  Attr;
   UINTN   DataSize;
   EFI_SIGNATURE_LIST  *PkCert;
+  EFI_TIMETime;
 
   PkCert = NULL;
 
@@ -463,7 +510,13 @@ EnrollPlatformKey (
   Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
  | EFI_VARIABLE_BOOTSERVICE_ACCESS | 
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
   DataSize = PkCert->SignatureListSize;
-  Status   = CreateTimeBasedPayload (&DataSize, (UINT8 **)&PkCert);
+  Status   = GetCurrentTime (&Time);
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "Fail to fetch valid time data: %r", Status));
+goto ON_EXIT;
+  }
+
+  Status = CreateTimeBasedPayload (&DataSize, (UINT8 **)&PkCert, &Time);
   if (EFI_ERROR (Status)) {
 DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", 
Status));
 goto ON_EXIT;
@@ -522,6 +575,7 @@ EnrollRsa2048ToKek (
   UINTN   KekSigListSize;
   UINT8   *KeyBuffer;
   UINTN   KeyLenInBytes;
+  EFI_TIMETime;
 
   Attr   = 0;
   DataSize   = 0;
@@ -608,7 +662,13 @@ EnrollRsa2048ToKek (
   //
   Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
  | EFI_VARIABLE_BOOTSERVICE_ACCESS | 
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
-  Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8 **)&KekSigList);
+  Status = GetCurrentTime (&Time);
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "Fail to fetch valid time data: %r", Status));
+goto ON_EXIT;
+  }
+
+  Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8 **)&KekSigList, 
&Time);
   if (EFI_ERROR (Status)) {
 DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", 
Status));
 goto ON_EXIT;
@@ -689,6 +749,7 @@ EnrollX509ToKek (
   UINTN   DataSize;
   UINTN   KekSigListSize;
   UINT32  Attr;
+  EFI_TIMETime;
 
   X509Data   = NULL;
   X509DataSize   = 0;
@@ -735,7 +796,13 @@ EnrollX509ToKek (
   //
   Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
  | EFI_VARIABLE_BOOTSERVICE_ACCESS | 
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
-  Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8 **)&KekSigList);
+  Status = GetCurrentTime (&Time);
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "Fail to fetch valid time data: %r", Status));
+goto ON_EXIT;
+  }
+
+  Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8 **)&KekSigList, 
&Time);
   if (EFI_ERROR (Status)) {
 DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", 
Status));
 goto ON_EXIT;
@@ -861,6 +928,7 

[edk2-devel] [PATCH v2 07/11] SecurityPkg: Secure Boot Drivers: Added common header files

[Kun Qin]

From: Kun Qin 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910

This change added common header files to consumer drivers to unblock
pipeline builds.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Min Xu 

Signed-off-by: Kun Qin 
---
 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
   | 1 +
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c   
   | 1 +
 
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c
 | 1 +
 3 files changed, 3 insertions(+)

diff --git a/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c 
b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
index cb7095b269b1..aa4d0c7a993d 100644
--- a/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
+++ b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
@@ -19,6 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include  // AsciiPrint()
 #include  // gRT
 #include 
+#include 
 #include 
 #include 
 
diff --git 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index 0122e8d55fa0..a13c349a0f89 100644
--- 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -8,6 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
 #include "SecureBootConfigImpl.h"
+#include 
 #include 
 #include 
 #include 
diff --git 
a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c
 
b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c
index ef7b01f16119..0abde52a05ae 100644
--- 
a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c
+++ 
b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c
@@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 
-- 
2.35.1.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90498): https://edk2.groups.io/g/devel/message/90498
Mute This Topic: https://groups.io/mt/91735876/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 05/11] SecurityPkg: SecureBootVariableLib: Added newly supported interfaces

[Kun Qin]

From: kuqin 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911

This change updated the interfaces provided by SecureBootVariableLib.

The new additions provided interfaces to enroll single authenticated
variable from input, a helper function to query secure boot status,
enroll all secure boot variables from UefiSecureBoot.h defined data
structures, a as well as a routine that deletes all secure boot related
variables.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Min Xu 

Signed-off-by: Kun Qin 
---
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c   | 366 

 SecurityPkg/Include/Library/SecureBootVariableLib.h |  69 
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf |   3 +
 3 files changed, 438 insertions(+)

diff --git a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c 
b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
index f56f0322e943..6718133aa6e4 100644
--- a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
+++ b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
@@ -21,6 +21,7 @@
 #include 
 #include 
 #include 
+#include 
 
 // This time can be used when deleting variables, as it should be greater than 
any variable time.
 EFI_TIME  mMaxTimestamp = {
@@ -37,6 +38,25 @@ EFI_TIME  mMaxTimestamp = {
   0x00
 };
 
+//
+// MS Default Time-Based Payload Creation Date
+// This is the date that is used when creating SecureBoot default variables.
+// NOTE: This is a placeholder date that doesn't correspond to anything else.
+//
+EFI_TIME  mDefaultPayloadTimestamp = {
+  15,   // Year (2015)
+  8,// Month (Aug)
+  28,   // Day (28)
+  0,// Hour
+  0,// Minute
+  0,// Second
+  0,// Pad1
+  0,// Nanosecond
+  0,// Timezone (Dummy value)
+  0,// Daylight (Dummy value)
+  0 // Pad2
+};
+
 /** Creates EFI Signature List structure.
 
   @param[in]  Data A pointer to signature data.
@@ -413,6 +433,44 @@ GetSetupMode (
   return EFI_SUCCESS;
 }
 
+/**
+  Helper function to quickly determine whether SecureBoot is enabled.
+
+  @retval TRUESecureBoot is verifiably enabled.
+  @retval FALSE   SecureBoot is either disabled or an error prevented 
checking.
+
+**/
+BOOLEAN
+EFIAPI
+IsSecureBootEnabled (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+  UINT8   *SecureBoot;
+
+  SecureBoot = NULL;
+
+  Status = GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID 
**)&SecureBoot, NULL);
+  //
+  // Skip verification if SecureBoot variable doesn't exist.
+  //
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "Cannot check SecureBoot variable %r \n ", Status));
+return FALSE;
+  }
+
+  //
+  // Skip verification if SecureBoot is disabled but not AuditMode
+  //
+  if (*SecureBoot == SECURE_BOOT_MODE_DISABLE) {
+FreePool (SecureBoot);
+return FALSE;
+  } else {
+return TRUE;
+  }
+}
+
 /**
   Clears the content of the 'db' variable.
 
@@ -531,3 +589,311 @@ DeletePlatformKey (
  );
   return Status;
 }
+
+/**
+  This function will delete the secure boot keys, thus
+  disabling secure boot.
+
+  @return EFI_SUCCESS or underlying failure code.
+**/
+EFI_STATUS
+EFIAPI
+DeleteSecureBootVariables (
+  VOID
+  )
+{
+  EFI_STATUS  Status, TempStatus;
+
+  DEBUG ((DEBUG_INFO, "%a - Attempting to delete the Secure Boot 
variables.\n", __FUNCTION__));
+
+  //
+  // Step 1: Notify that a PK update is coming shortly...
+  Status = DisablePKProtection ();
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "%a - Failed to signal PK update start! %r\n", 
__FUNCTION__, Status));
+// Classify this as a PK deletion error.
+Status = EFI_ABORTED;
+  }
+
+  //
+  // Step 2: Attempt to delete the PK.
+  // Let's try to nuke the PK, why not...
+  if (!EFI_ERROR (Status)) {
+Status = DeletePlatformKey ();
+DEBUG ((DEBUG_INFO, "%a - PK Delete = %r\n", __FUNCTION__, Status));
+// If the PK is not found, then our work here is done.
+if (Status == EFI_NOT_FOUND) {
+  Status = EFI_SUCCESS;
+}
+// If any other error occurred, let's inform the caller that the PK delete 
in particular failed.
+else if (EFI_ERROR (Status)) {
+  Status = EFI_ABORTED;
+}
+  }
+
+  //
+  // Step 3: Attempt to delete remaining keys/databases...
+  // Now that the PK is deleted (assuming Status == EFI_SUCCESS) the system is 
in SETUP_MODE.
+  // Arguably we could leave these variables in place and let them be deleted 
by whoever wants to
+  // update all the SecureBoot variables. However, for cleanliness sake, let's 
try to
+  // get rid of them here.
+  if (!EFI_ERROR (Status)) {
+//
+// If any of THESE steps have an error, report the error but attempt to 
delete all keys.
+// Using TempStatus will prevent an error from being trampled by an 
EFI_SUCCESS.
+// Overwrite Status ONLY if TempStatus is an error.
+//
+// If the error is EFI_NOT_FOUND, we can safely ignore it since

[edk2-devel] [PATCH v2 06/11] SecurityPkg: SecureBootVariableProvisionLib: Updated implementation

[Kun Qin]

From: Kun Qin 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910

This change is in pair with the previous SecureBootVariableLib, which
removes the explicit invocation of `CreateTimeBasedPayload` and used new
interface `EnrollFromInput` instead.

The original `SecureBootFetchData` is also moved to this library and
incorporated with the newly defined `SecureBootCreateDataFromInput` to
keep the original code flow.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Min Xu 

Signed-off-by: Kun Qin 
---
 
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
 | 145 
 1 file changed, 115 insertions(+), 30 deletions(-)

diff --git 
a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
 
b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
index 536b0f369907..bed1fe86205d 100644
--- 
a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
+++ 
b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
@@ -8,10 +8,13 @@
   Copyright (c) 2021, Semihalf All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
+#include 
+#include 
 #include 
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -19,6 +22,117 @@
 #include 
 #include 
 #include 
+#include 
+
+/**
+  Create a EFI Signature List with data fetched from section specified as a 
argument.
+  Found keys are verified using RsaGetPublicKeyFromX509().
+
+  @param[in]KeyFileGuidA pointer to to the FFS filename GUID
+  @param[out]   SigListsSize   A pointer to size of signature list
+  @param[out]   SigListOuta pointer to a callee-allocated buffer with 
signature lists
+
+  @retval EFI_SUCCESS  Create time based payload successfully.
+  @retval EFI_NOT_FOUNDSection with key has not been found.
+  @retval EFI_INVALID_PARAMETEREmbedded key has a wrong format.
+  @retval Others   Unexpected error happens.
+
+**/
+STATIC
+EFI_STATUS
+SecureBootFetchData (
+  IN  EFI_GUID*KeyFileGuid,
+  OUT UINTN   *SigListsSize,
+  OUT EFI_SIGNATURE_LIST  **SigListOut
+  )
+{
+  EFI_SIGNATURE_LIST*EfiSig;
+  EFI_STATUSStatus;
+  VOID  *Buffer;
+  VOID  *RsaPubKey;
+  UINTN Size;
+  UINTN KeyIndex;
+  UINTN Index;
+  SECURE_BOOT_CERTIFICATE_INFO  *CertInfo;
+  SECURE_BOOT_CERTIFICATE_INFO  *NewCertInfo;
+
+  KeyIndex  = 0;
+  EfiSig= NULL;
+  *SigListOut   = NULL;
+  *SigListsSize = 0;
+  CertInfo  = AllocatePool (sizeof (SECURE_BOOT_CERTIFICATE_INFO));
+  NewCertInfo   = CertInfo;
+  while (1) {
+if (NewCertInfo == NULL) {
+  Status = EFI_OUT_OF_RESOURCES;
+  break;
+} else {
+  CertInfo = NewCertInfo;
+}
+
+Status = GetSectionFromAnyFv (
+   KeyFileGuid,
+   EFI_SECTION_RAW,
+   KeyIndex,
+   &Buffer,
+   &Size
+   );
+
+if (Status == EFI_SUCCESS) {
+  RsaPubKey = NULL;
+  if (RsaGetPublicKeyFromX509 (Buffer, Size, &RsaPubKey) == FALSE) {
+DEBUG ((DEBUG_ERROR, "%a: Invalid key format: %d\n", __FUNCTION__, 
KeyIndex));
+if (EfiSig != NULL) {
+  FreePool (EfiSig);
+}
+
+FreePool (Buffer);
+Status = EFI_INVALID_PARAMETER;
+break;
+  }
+
+  CertInfo[KeyIndex].Data = Buffer;
+  CertInfo[KeyIndex].DataSize = Size;
+  KeyIndex++;
+  NewCertInfo = ReallocatePool (
+  sizeof (SECURE_BOOT_CERTIFICATE_INFO) * KeyIndex,
+  sizeof (SECURE_BOOT_CERTIFICATE_INFO) * (KeyIndex + 1),
+  CertInfo
+  );
+}
+
+if (Status == EFI_NOT_FOUND) {
+  Status = EFI_SUCCESS;
+  break;
+}
+  }
+
+  if (EFI_ERROR (Status)) {
+goto Cleanup;
+  }
+
+  if (KeyIndex == 0) {
+Status = EFI_NOT_FOUND;
+goto Cleanup;
+  }
+
+  // Now that we collected all certs from FV, convert it into sig list
+  Status = SecureBootCreateDataFromInput (SigListsSize, SigListOut, KeyIndex, 
CertInfo);
+  if (EFI_ERROR (Status)) {
+goto Cleanup;
+  }
+
+Cleanup:
+  if (CertInfo) {
+for (Index = 0; Index < KeyIndex; Index++) {
+  FreePool ((VOID *)CertInfo[Index].Data);
+}
+
+FreePool (CertInfo);
+  }
+
+  return Status;
+}
 
 /**
   Enroll a key/certificate based on a default variable.
@@ -52,36 +166,7 @@ EnrollFromDefault (
 return Status;
   }
 
-  CreateTimeBasedPayload (&DataSize, (UINT8 **)&Data);
-  if (EFI_ERROR (Status)) {
-DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", 
Status));
-return Status;
-  }
-
-  //
-  // Allocate memory for auth variable
-  //
-  Status = gRT->SetVariable (
-  VariableName,
- 

[edk2-devel] [PATCH v2 03/11] SecurityPkg: SecureBootVariableLib: Updated time based payload creator

[Kun Qin]

From: Kun Qin 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909

This change updated the interface of 'CreateTimeBasedPayload' by
requiring the caller to provide a timestamp, instead of relying on time
protocol to be ready during runtime. It intends to extend the library
availability during boot environment.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Min Xu 

Signed-off-by: Kun Qin 
---
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c   | 53 

 SecurityPkg/Include/Library/SecureBootVariableLib.h |  9 +++-
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf |  8 +--
 3 files changed, 40 insertions(+), 30 deletions(-)

diff --git a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c 
b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
index e0d137666e0e..3b33a356aba3 100644
--- a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
+++ b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
@@ -6,8 +6,10 @@
   (C) Copyright 2018 Hewlett Packard Enterprise Development LP
   Copyright (c) 2021, ARM Ltd. All rights reserved.
   Copyright (c) 2021, Semihalf All rights reserved.
+  Copyright (c) Microsoft Corporation.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
+#include 
 #include 
 #include 
 #include 
@@ -21,6 +23,21 @@
 #include 
 #include "Library/DxeServicesLib.h"
 
+// This time can be used when deleting variables, as it should be greater than 
any variable time.
+EFI_TIME  mMaxTimestamp = {
+  0x, // Year
+  0xFF,   // Month
+  0xFF,   // Day
+  0xFF,   // Hour
+  0xFF,   // Minute
+  0xFF,   // Second
+  0x00,
+  0x, // Nanosecond
+  0,
+  0,
+  0x00
+};
+
 /** Creates EFI Signature List structure.
 
   @param[in]  Data A pointer to signature data.
@@ -118,7 +135,7 @@ ConcatenateSigList (
 
   @param[in]KeyFileGuidA pointer to to the FFS filename GUID
   @param[out]   SigListsSize   A pointer to size of signature list
-  @param[out]   SigListOuta pointer to a callee-allocated buffer with 
signature lists
+  @param[out]   SigListsOuta pointer to a callee-allocated buffer with 
signature lists
 
   @retval EFI_SUCCESS  Create time based payload successfully.
   @retval EFI_NOT_FOUNDSection with key has not been found.
@@ -210,28 +227,30 @@ SecureBootFetchData (
pointer to NULL to wrap an empty payload.
On output, Pointer to the new payload date 
buffer allocated from pool,
it's caller's responsibility to free the 
memory when finish using it.
+  @param[in]Time   Pointer to time information to created time 
based payload.
 
   @retval EFI_SUCCESS  Create time based payload successfully.
   @retval EFI_OUT_OF_RESOURCES There are not enough memory resources to 
create time based payload.
   @retval EFI_INVALID_PARAMETERThe parameter is invalid.
   @retval Others   Unexpected error happens.
 
-**/
+--*/
 EFI_STATUS
+EFIAPI
 CreateTimeBasedPayload (
-  IN OUT UINTN  *DataSize,
-  IN OUT UINT8  **Data
+  IN OUT UINTN *DataSize,
+  IN OUT UINT8 **Data,
+  IN EFI_TIME  *Time
   )
 {
-  EFI_STATUS Status;
   UINT8  *NewData;
   UINT8  *Payload;
   UINTN  PayloadSize;
   EFI_VARIABLE_AUTHENTICATION_2  *DescriptorData;
   UINTN  DescriptorSize;
-  EFI_TIME   Time;
 
-  if ((Data == NULL) || (DataSize == NULL)) {
+  if ((Data == NULL) || (DataSize == NULL) || (Time == NULL)) {
+DEBUG ((DEBUG_ERROR, "%a(), invalid arg\n", __FUNCTION__));
 return EFI_INVALID_PARAMETER;
   }
 
@@ -247,6 +266,7 @@ CreateTimeBasedPayload (
   DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + 
OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
   NewData= (UINT8 *)AllocateZeroPool (DescriptorSize + PayloadSize);
   if (NewData == NULL) {
+DEBUG ((DEBUG_ERROR, "%a() Out of resources.\n", __FUNCTION__));
 return EFI_OUT_OF_RESOURCES;
   }
 
@@ -256,19 +276,7 @@ CreateTimeBasedPayload (
 
   DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *)(NewData);
 
-  ZeroMem (&Time, sizeof (EFI_TIME));
-  Status = gRT->GetTime (&Time, NULL);
-  if (EFI_ERROR (Status)) {
-FreePool (NewData);
-return Status;
-  }
-
-  Time.Pad1   = 0;
-  Time.Nanosecond = 0;
-  Time.TimeZone   = 0;
-  Time.Daylight   = 0;
-  Time.Pad2   = 0;
-  CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME));
+  CopyMem (&DescriptorData->TimeStamp, Time, sizeof (EFI_TIME));
 
   DescriptorData->AuthInfo.Hdr.dwLength = OFFSET_OF 
(WIN_CERTIFICATE_UEFI_GUID, CertData);
   DescriptorData->AuthInfo.Hdr.wRevision= 0x0200;
@@ -277,6 +285,7 @@ CreateTimeBasedPayload (
 
 

[edk2-devel] [PATCH v2 04/11] SecurityPkg: SecureBootVariableLib: Updated signature list creator

[Kun Qin]

From: kuqin 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910

This change removes the interface of SecureBootFetchData, and replaced
it with `SecureBootCreateDataFromInput`, which will require caller to
prepare available certificates in defined structures.

This improvement will eliminate the dependency of reading from FV,
extending the availability of this library instance.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Min Xu 

Signed-off-by: Kun Qin 
---
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c   | 69 
+++-
 SecurityPkg/Include/Library/SecureBootVariableLib.h | 25 
---
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf |  3 -
 3 files changed, 53 insertions(+), 44 deletions(-)

diff --git a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c 
b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
index 3b33a356aba3..f56f0322e943 100644
--- a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
+++ b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
@@ -10,10 +10,10 @@
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 #include 
+#include 
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -21,7 +21,6 @@
 #include 
 #include 
 #include 
-#include "Library/DxeServicesLib.h"
 
 // This time can be used when deleting variables, as it should be greater than 
any variable time.
 EFI_TIME  mMaxTimestamp = {
@@ -130,24 +129,29 @@ ConcatenateSigList (
 }
 
 /**
-  Create a EFI Signature List with data fetched from section specified as a 
argument.
-  Found keys are verified using RsaGetPublicKeyFromX509().
+  Create a EFI Signature List with data supplied from input argument.
+  The input certificates from KeyInfo parameter should be DER-encoded
+  format.
 
-  @param[in]KeyFileGuidA pointer to to the FFS filename GUID
   @param[out]   SigListsSize   A pointer to size of signature list
-  @param[out]   SigListsOuta pointer to a callee-allocated buffer with 
signature lists
+  @param[out]   SigListOut A pointer to a callee-allocated buffer with 
signature lists
+  @param[in]KeyInfoCount   The number of certificate pointer and size 
pairs inside KeyInfo.
+  @param[in]KeyInfoA pointer to all certificates, in the 
format of DER-encoded,
+   to be concatenated into signature lists.
 
-  @retval EFI_SUCCESS  Create time based payload successfully.
+  @retval EFI_SUCCESS  Created signature list from payload 
successfully.
   @retval EFI_NOT_FOUNDSection with key has not been found.
-  @retval EFI_INVALID_PARAMETEREmbedded key has a wrong format.
+  @retval EFI_INVALID_PARAMETEREmbedded key has a wrong format or input 
pointers are NULL.
   @retval Others   Unexpected error happens.
 
 **/
 EFI_STATUS
-SecureBootFetchData (
-  IN  EFI_GUID*KeyFileGuid,
-  OUT UINTN   *SigListsSize,
-  OUT EFI_SIGNATURE_LIST  **SigListOut
+EFIAPI
+SecureBootCreateDataFromInput (
+  OUT UINTN   *SigListsSize,
+  OUT EFI_SIGNATURE_LIST  **SigListOut,
+  IN  UINTN   KeyInfoCount,
+  IN  CONST SECURE_BOOT_CERTIFICATE_INFO  *KeyInfo
   )
 {
   EFI_SIGNATURE_LIST  *EfiSig;
@@ -155,36 +159,41 @@ SecureBootFetchData (
   EFI_SIGNATURE_LIST  *TmpEfiSig2;
   EFI_STATUS  Status;
   VOID*Buffer;
-  VOID*RsaPubKey;
   UINTN   Size;
+  UINTN   InputIndex;
   UINTN   KeyIndex;
 
+  if ((SigListOut == NULL) || (SigListsSize == NULL)) {
+return EFI_INVALID_PARAMETER;
+  }
+
+  if ((KeyInfoCount == 0) || (KeyInfo == NULL)) {
+return EFI_INVALID_PARAMETER;
+  }
+
+  InputIndex= 0;
   KeyIndex  = 0;
   EfiSig= NULL;
   *SigListsSize = 0;
-  while (1) {
-Status = GetSectionFromAnyFv (
-   KeyFileGuid,
-   EFI_SECTION_RAW,
-   KeyIndex,
-   &Buffer,
-   &Size
-   );
-
-if (Status == EFI_SUCCESS) {
-  RsaPubKey = NULL;
-  if (RsaGetPublicKeyFromX509 (Buffer, Size, &RsaPubKey) == FALSE) {
-DEBUG ((DEBUG_ERROR, "%a: Invalid key format: %d\n", __FUNCTION__, 
KeyIndex));
+  while (InputIndex < KeyInfoCount) {
+if (KeyInfo[InputIndex].Data != NULL) {
+  Size   = KeyInfo[InputIndex].DataSize;
+  Buffer = AllocateCopyPool (Size, KeyInfo[InputIndex].Data);
+  if (Buffer == NULL) {
 if (EfiSig != NULL) {
   FreePool (EfiSig);
 }
 
-FreePool (Buffer);
-return EFI_INVALID_PARAMETER;
+return EFI_OUT_OF_RESOURCES;
   }
 
   Status = CreateSigList (Buffer, Size, &TmpEfiSig);
 
+  if (EFI_ERROR (Status)) {
+FreePool (Buffer);
+break;
+  }
+
   //
   // Concatenate lists if mo

[edk2-devel] [PATCH v2 02/11] SecurityPkg: PlatformPKProtectionLib: Added PK protection interface

[Kun Qin]

From: Kun Qin 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911

This patch provides an abstracted interface for platform to implement PK
variable related protection interface, which is designed to be used when
PK variable is about to be changed by UEFI firmware.

This change also provided a variable policy based library implementation
to accomodate platforms that supports variable policy for variable
protections.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Min Xu 

Signed-off-by: Kun Qin 
---
 
SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c
   | 51 
 SecurityPkg/Include/Library/PlatformPKProtectionLib.h  
   | 31 
 
SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
 | 36 ++
 SecurityPkg/SecurityPkg.dec
   |  5 ++
 SecurityPkg/SecurityPkg.dsc
   |  2 +
 5 files changed, 125 insertions(+)

diff --git 
a/SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c
 
b/SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c
new file mode 100644
index ..a2649242246f
--- /dev/null
+++ 
b/SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c
@@ -0,0 +1,51 @@
+/** @file
+  Provides an abstracted interface for configuring PK related variable 
protection.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#include 
+#include 
+
+#include 
+#include 
+
+/**
+  Disable any applicable protection against variable 'PK'. The implementation
+  of this interface is platform specific, depending on the protection 
techniques
+  used per platform.
+
+  Note: It is the platform's responsibility to conduct cautious operation after
+disabling this protection.
+
+  @retval EFI_SUCCESS State has been successfully updated.
+  @retval Others  Error returned from implementation 
specific
+  underying APIs.
+
+**/
+EFI_STATUS
+EFIAPI
+DisablePKProtection (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+  EDKII_VARIABLE_POLICY_PROTOCOL  *VariablePolicy;
+
+  DEBUG ((DEBUG_INFO, "%a() Entry...\n", __FUNCTION__));
+
+  // IMPORTANT NOTE: This operation is sticky and leaves variable protections 
disabled.
+  //  The system *MUST* be reset after performing this 
operation.
+  Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID 
**)&VariablePolicy);
+  if (!EFI_ERROR (Status)) {
+Status = VariablePolicy->DisableVariablePolicy ();
+// EFI_ALREADY_STARTED means that everything is currently disabled.
+// This should be considered SUCCESS.
+if (Status == EFI_ALREADY_STARTED) {
+  Status = EFI_SUCCESS;
+}
+  }
+
+  return Status;
+}
diff --git a/SecurityPkg/Include/Library/PlatformPKProtectionLib.h 
b/SecurityPkg/Include/Library/PlatformPKProtectionLib.h
new file mode 100644
index ..3586a47b77c2
--- /dev/null
+++ b/SecurityPkg/Include/Library/PlatformPKProtectionLib.h
@@ -0,0 +1,31 @@
+/** @file
+  Provides an abstracted interface for configuring PK related variable 
protection.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef PLATFORM_PK_PROTECTION_LIB_H_
+#define PLATFORM_PK_PROTECTION_LIB_H_
+
+/**
+  Disable any applicable protection against variable 'PK'. The implementation
+  of this interface is platform specific, depending on the protection 
techniques
+  used per platform.
+
+  Note: It is the platform's responsibility to conduct cautious operation after
+disabling this protection.
+
+  @retval EFI_SUCCESS State has been successfully updated.
+  @retval Others  Error returned from implementation 
specific
+  underying APIs.
+
+**/
+EFI_STATUS
+EFIAPI
+DisablePKProtection (
+  VOID
+  );
+
+#endif
diff --git 
a/SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
 
b/SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
new file mode 100644
index ..df42ce06c019
--- /dev/null
+++ 
b/SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
@@ -0,0 +1,36 @@
+## @file
+#  Provides an abstracted interface for configuring PK related variable 
protection.
+#
+#  Copyright (c) Microsoft Corporation.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION= 0x00010005
+  BASE_NAME  = PlatformPKProtectionLibVarPolicy
+  FILE_GUID  = AE0C5992-526C-4518-93BA-3C2611B801E0
+  MODULE_TYPE= DXE_DRIVER
+  V

[edk2-devel] [PATCH v2 01/11] SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures

[Kun Qin]

From: Kun Qin 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910

This change added certificate and payload structures that can be consumed
by SecureBootVariableLib and other Secure Boot related operations.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Min Xu 

Signed-off-by: Kun Qin 
---
 SecurityPkg/Include/UefiSecureBoot.h | 94 
 1 file changed, 94 insertions(+)

diff --git a/SecurityPkg/Include/UefiSecureBoot.h 
b/SecurityPkg/Include/UefiSecureBoot.h
new file mode 100644
index ..642fef38f3a1
--- /dev/null
+++ b/SecurityPkg/Include/UefiSecureBoot.h
@@ -0,0 +1,94 @@
+/** @file
+  Provides a Secure Boot related data structure definitions.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef UEFI_SECURE_BOOT_H_
+#define UEFI_SECURE_BOOT_H_
+
+#pragma pack (push, 1)
+
+/*
+  Data structure to provide certificates to setup authenticated secure
+  boot variables ('db', 'dbx', 'dbt', 'pk', etc.).
+
+*/
+typedef struct {
+  //
+  // The size, in number of bytes, of supplied certificate in 'Data' field.
+  //
+  UINTN DataSize;
+  //
+  // The pointer to the certificates in DER-encoded format.
+  // Note: This certificate data should not contain the 
EFI_VARIABLE_AUTHENTICATION_2
+  //   for authenticated variables.
+  //
+  CONST VOID*Data;
+} SECURE_BOOT_CERTIFICATE_INFO;
+
+/*
+  Data structure to provide all Secure Boot related certificates.
+
+*/
+typedef struct {
+  //
+  // The human readable name for this set of Secure Boot key sets.
+  //
+  CONST CHAR16*SecureBootKeyName;
+  //
+  // The size, in number of bytes, of supplied certificate in 'DbPtr' field.
+  //
+  UINTN   DbSize;
+  //
+  // The pointer to the DB certificates in signature list format.
+  // Note: This DB certificates should not contain the 
EFI_VARIABLE_AUTHENTICATION_2
+  //   for authenticated variables.
+  //
+  CONST VOID  *DbPtr;
+  //
+  // The size, in number of bytes, of supplied certificate in 'DbxPtr' field.
+  //
+  UINTN   DbxSize;
+  //
+  // The pointer to the DBX certificates in signature list format.
+  // Note: This DBX certificates should not contain the 
EFI_VARIABLE_AUTHENTICATION_2
+  //   for authenticated variables.
+  //
+  CONST VOID  *DbxPtr;
+  //
+  // The size, in number of bytes, of supplied certificate in 'DbtPtr' field.
+  //
+  UINTN   DbtSize;
+  //
+  // The pointer to the DBT certificates in signature list format.
+  // Note: This DBT certificates should not contain the 
EFI_VARIABLE_AUTHENTICATION_2
+  //   for authenticated variables.
+  //
+  CONST VOID  *DbtPtr;
+  //
+  // The size, in number of bytes, of supplied certificate in 'KekPtr' field.
+  //
+  UINTN   KekSize;
+  //
+  // The pointer to the KEK certificates in signature list format.
+  // Note: This KEK certificates should not contain the 
EFI_VARIABLE_AUTHENTICATION_2
+  //   for authenticated variables.
+  //
+  CONST VOID  *KekPtr;
+  //
+  // The size, in number of bytes, of supplied certificate in 'PkPtr' field.
+  //
+  UINTN   PkSize;
+  //
+  // The pointer to the PK certificates in signature list format.
+  // Note: This PK certificates should not contain the 
EFI_VARIABLE_AUTHENTICATION_2
+  //   for authenticated variables.
+  //
+  CONST VOID  *PkPtr;
+} SECURE_BOOT_PAYLOAD_INFO;
+#pragma pack (pop)
+
+#endif // UEFI_SECURE_BOOT_H_
-- 
2.35.1.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90492): https://edk2.groups.io/g/devel/message/90492
Mute This Topic: https://groups.io/mt/91735869/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 00/11] Enhance Secure Boot Variable Libraries

[Kun Qin]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911

This is a revamp of a previously submitted patch series based on top of
master branch: https://edk2.groups.io/g/devel/message/89507. No changes
added.

Current SecureBootVariableLib provide great support for deleting secure
boot related variables, creating time-based payloads.

However, for secure boot enrollment, the SecureBootVariableProvisionLib
interfaces always assume the changes from variable storage, limiting the
usage, requiring existing platforms to change key initialization process
to adapt to the new methods, as well as bringing in extra dependencies
such as FV protocol, time protocols.

This patch series proposes to update the implementation for Secure Boot
Variable libraries and their consumers to better support the related
variables operations.

Patch v2 branch: https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v2

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Min Xu 
Cc: Sean Brogan 
Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Gerd Hoffmann 
Cc: Rebecca Cran 
Cc: Peter Grehan 
Cc: Sebastien Boeuf 
Cc: Andrew Fish 
Cc: Ray Ni 

Kun Qin (8):
  SecurityPkg: UefiSecureBoot: Definitions of cert and payload
structures
  SecurityPkg: PlatformPKProtectionLib: Added PK protection interface
  SecurityPkg: SecureBootVariableLib: Updated time based payload creator
  SecurityPkg: SecureBootVariableProvisionLib: Updated implementation
  SecurityPkg: Secure Boot Drivers: Added common header files
  SecurityPkg: SecureBootConfigDxe: Updated invocation pattern
  OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency
  EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency

kuqin (3):
  SecurityPkg: SecureBootVariableLib: Updated signature list creator
  SecurityPkg: SecureBootVariableLib: Added newly supported interfaces
  SecurityPkg: SecureBootVariableLib: Added unit tests

 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
   |1 +
 
SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c
   |   51 +
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c  
   |  486 -
 
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
  |   36 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c   
   |  201 ++
 
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c
  |   13 +
 
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
| 2037 
 
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
   |  145 +-
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c   
   |  128 +-
 
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c
 |1 +
 EmulatorPkg/EmulatorPkg.dsc
   |1 +
 OvmfPkg/Bhyve/BhyveX64.dsc 
   |1 +
 OvmfPkg/CloudHv/CloudHvX64.dsc 
   |1 +
 OvmfPkg/IntelTdx/IntelTdxX64.dsc   
   |1 +
 OvmfPkg/OvmfPkgIa32.dsc
   |1 +
 OvmfPkg/OvmfPkgIa32X64.dsc 
   |1 +
 OvmfPkg/OvmfPkgX64.dsc 
   |1 +
 SecurityPkg/Include/Library/PlatformPKProtectionLib.h  
   |   31 +
 SecurityPkg/Include/Library/SecureBootVariableLib.h
   |  103 +-
 SecurityPkg/Include/UefiSecureBoot.h   
   |   94 +
 
SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
 |   36 +
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
   |   14 +-
 
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
|   33 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf 
   |   45 +
 
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
|   25 +
 
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf
  |   36 +
 SecurityPkg/SecurityPkg.ci.yaml
   |   11 +
 SecurityPkg/SecurityPkg.dec
   |5 +
 SecurityPkg/SecurityPkg.dsc
   |2 +
 SecurityPkg/Test/SecurityPkgHostTest.ds

[edk2-devel] Physical Address of buffer

[M.T.]

Hello

I'm trying to port some code which interacts with memory mapped hardware
registers.
The original code was developed in 2015-18 on edk2, and does not want to
compile anymore.

The way it works is there are three 32 bit registers.
The first is a status/command register which I read to determine if the
hardware is ready.
The next two are used to pass a 64-bit memory address (hi + lo).
Once the param registers are set, I update the command/status register and
the hardware executes the command returning the results at the address
provided by the two param registers.

In the original code, the address of the buffer is used to fill in the two
param registers, and as far as I can tell this worked back then.
When I try to do the same, the address in my pointer is only 32 bits long,
a virtual address, not a physical address.

Is there a way I can convert this 32 bit virtual address to a 64-bit
physical address in a uefi shell app, or would I need a driver to do this?
I did something similar in linux for memory mapped IO, I am guessing I just
haven't found the right function for this yet.

I would greatly appreciate it if someone could point me in the right
direction.

Thank you
xp


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90490): https://edk2.groups.io/g/devel/message/90490
Mute This Topic: https://groups.io/mt/91734630/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] RFC v2: Static Analysis in edk2 CI

[Michael D Kinney]

+devel@edk2.groups.io

Mike

> -Original Message-
> From: r...@edk2.groups.io  On Behalf Of Felix Polyudov 
> via groups.io
> Sent: Monday, June 13, 2022 10:48 AM
> To: r...@edk2.groups.io
> Cc: Kinney, Michael D 
> Subject: [edk2-rfc] RFC v2: Static Analysis in edk2 CI
> 
> This is version 2 of the proposal that provides additional details regarding 
> the bring up process.
> 
> The initial version is at https://edk2.groups.io/g/rfc/message/696
> 
> The goal of the proposal is integration of the static analysis (SA) into the 
> edk2 workflow.
> 
> - Use Open Coverity SA service to scan edk2 repository. The service is free 
> for open source projects.
> edk2 Open Coverity project: 
> https://scan.coverity.com/projects/tianocore-edk2
> - Update edk2 CI scripts to run analysis once a week
>- Perform analysis on all the edk2 packages using package DSC files that 
> are used for CI build tests
>(Coverity analysis is executed in the course of a specially instrumented 
> project build).
>- SA results are uploaded to scan.coverity.com. To access them one would 
> need to register on the site and request tianocore-
> edk2 project access. The site can be used to triage the reported issues. 
> Confirmed issues can be addressed using a standard edk2
> process (Bugzilla, mailing list).
> - During the initial bring up period, access to the SA results is restricted 
> to stewards, maintainers, and members of the
> TianoCore InfoSec group, who are encouraged to review reported issues with 
> the primary goal of identifying security-related
> issues. All such issues should be handled in accordance with the following 
> guidelines:
>   
> https://github.com/tianocore/tianocore.github.io/wiki/Reporting-Security-Issues
> - The initial bring up period ends when embargo for all the identified 
> security issues ends or after 30 days if no security
> issues have been identified
> - Once brig up period is over, SA results access is open to everybody.
> - The package maintainers should monitor weekly scan results for a newly 
> reported issues and reach back to original patch
> submitters to resolve them. Package maintainers can revert the patch if no 
> action is taken by the submitter.
> 
> -The information contained in this message may be confidential and 
> proprietary to American Megatrends (AMI). This communication
> is intended to be read only by the individual or entity to whom it is 
> addressed or by their designee. If the reader of this
> message is not the intended recipient, you are on notice that any 
> distribution of this message, in any form, is strictly
> prohibited. Please promptly notify the sender by reply e-mail or by telephone 
> at 770-246-8600, and then delete or destroy all
> copies of the transmission.
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90489): https://edk2.groups.io/g/devel/message/90489
Mute This Topic: https://groups.io/mt/91733673/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH edk2-platforms 0/3] Ext4Pkg: Add ext2/3 support and move crc16/32c to BaseLib

[Pedro Falcato]

Liming,

Sorry for the question, but can I merge this with your Ack and my RB or do
I have to wait for another RB?
I want to solve this as soon as possible since right now Ext4Pkg won't
build with upstream edk2.

Thanks,
Pedro

On Thu, Jun 2, 2022 at 4:05 AM gaoliming  wrote:

> Pedro：
>
>  Thanks for your enhancement to support ext2/3 file system. Acked-by:
> Liming Gao  for this patch set.
>
>
>
> Thanks
>
> Liming
>
> *发件人:* Pedro Falcato 
> *发送时间:* 2022年6月1日 5:33
> *收件人:* edk2-devel-groups-io ; Pedro Falcato <
> pedro.falc...@gmail.com>
> *抄送:* Leif Lindholm ; Michael D Kinney <
> michael.d.kin...@intel.com>; Liming Gao ;
> Zhiguang Liu 
> *主题:* Re: [edk2-devel] [PATCH edk2-platforms 0/3] Ext4Pkg: Add ext2/3
> support and move crc16/32c to BaseLib
>
>
>
> Ping. Please review now that the stable freeze is over.
>
>
>
> On Wed, May 11, 2022 at 6:42 PM Pedro Falcato via groups.io
>  wrote:
>
> Ping. Could someone review these patches?
>
>
>
> On Mon, Apr 25, 2022 at 6:14 PM Pedro Falcato via groups.io
>  wrote:
>
> Ping. If someone could take a look, it would be much appreciated.
>
>
>
> On Thu, Apr 7, 2022 at 11:01 PM Pedro Falcato 
> wrote:
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3745
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3871
>
> Hi all,
>
> This patch-set attempts to address two open feature requests for Ext4Pkg
> by adding ext2/3 support (id 3745) and moving crc16-ansi/crc32c to BaseLib
> (id 3871).
>
> The previous patch-set regarding 3871 attempted to merge the different
> crc16 implementations
> but failed because, contrary to what I thought, there are many, many
> different CRC16s which
> are all slightly different. This one (plus the separate edk2 patch)
> attempts to just merge
> CRC16-ANSI (confusingly, also known as CRC16) into BaseLib.
>
> Since this patch set grew to be considerably different from the original,
> I didn't mark it
> as v2 but rather a separate, new patch-set.
>
> CC'ing the edk2-platforms stewards (as I cannot review my own code) and
> the CC's of the MdePkg
> patch.
>
> Cc: Leif Lindholm 
> Cc: Michael D Kinney 
> Cc: Liming Gao 
> Cc: Zhiguang Liu 
>
> Pedro Falcato (3):
>   Ext4Pkg: Replace the CRC implementations with BaseLib
>   Ext4Pkg: Format using uncrustify
>   Ext4Pkg: Add ext2/3 support
>
>  Features/Ext4Pkg/Ext4Dxe/BlockGroup.c |  10 +-
>  Features/Ext4Pkg/Ext4Dxe/BlockMap.c   | 279 +
>  Features/Ext4Pkg/Ext4Dxe/Collation.c  |   4 +-
>  Features/Ext4Pkg/Ext4Dxe/Crc16.c  |  75 -
>  Features/Ext4Pkg/Ext4Dxe/Crc32c.c |  84 --
>  Features/Ext4Pkg/Ext4Dxe/Directory.c  |  13 +-
>  Features/Ext4Pkg/Ext4Dxe/DiskUtil.c   |   6 +-
>  Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h   |  30 +-
>  Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.c|  95 +++---
>  Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h| 417 ++
>  Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.inf  |   3 +-
>  Features/Ext4Pkg/Ext4Dxe/Extents.c|  27 +-
>  Features/Ext4Pkg/Ext4Dxe/File.c   |  19 +-
>  Features/Ext4Pkg/Ext4Dxe/Inode.c  |  33 +-
>  Features/Ext4Pkg/Ext4Dxe/Partition.c  |  12 +-
>  Features/Ext4Pkg/Ext4Dxe/Superblock.c |  20 +-
>  16 files changed, 640 insertions(+), 487 deletions(-)
>  create mode 100644 Features/Ext4Pkg/Ext4Dxe/BlockMap.c
>  delete mode 100644 Features/Ext4Pkg/Ext4Dxe/Crc16.c
>  delete mode 100644 Features/Ext4Pkg/Ext4Dxe/Crc32c.c
>
> --
> 2.35.1
>
>
>
> --
>
> Pedro Falcato
>
>
>
> --
>
> Pedro Falcato
>
> 
>
>
>
> --
>
> Pedro Falcato
>


-- 
Pedro Falcato


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90488): https://edk2.groups.io/g/devel/message/90488
Mute This Topic: https://groups.io/mt/91728091/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel][PATCH v1 0/2] Add EDKII_PCI_DEVICE_PPI support to EDK2

[Maciej Czajkowski]

For now, the priority will be to add the support for AHCI and NVMe. However, in 
the future the plan is to have support in all of these drivers.

Regards,
Maciej

-Original Message-
From: Wu, Hao A  
Sent: czwartek, 9 czerwca 2022 04:47
To: Czajkowski, Maciej ; devel@edk2.groups.io
Cc: Ni, Ray ; Gao, Liming 
Subject: RE: [edk2-devel][PATCH v1 0/2] Add EDKII_PCI_DEVICE_PPI support to EDK2

Sorry for a question, if the EDKII_PCI_DEVICE_PPI were added to edk2, would 
there be a plan to add support to:
* NVMe
* UFS
* SD/MMC
* USB (XHCI, EHCI and UHCI)

Best Regards,
Hao Wu

> -Original Message-
> From: Czajkowski, Maciej 
> Sent: Monday, June 6, 2022 8:45 PM
> To: devel@edk2.groups.io
> Cc: Wu, Hao A ; Ni, Ray ; Gao, 
> Liming 
> Subject: [edk2-devel][PATCH v1 0/2] Add EDKII_PCI_DEVICE_PPI support 
> to
> EDK2
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3907
> 
> The purpose of those changes is to introduce the way to enumerate and 
> assign resources in PEI for the systems with more than one PCI root. 
> Here is a need to have an interface that will support such a 
> mechanizm.
> For now, the part that performs the enumeration will be implemented in 
> the silicon code.
> Sample code can be seen here: https://github.com/mczaj/edk2-
> platforms/commit/d443062e58f9fba228869b54f2546d9735b3b506
> 
> Cc: Hao A Wu 
> Cc: Ray Ni 
> Cc: Liming Gao 
> 
> Maciej Czajkowski (2):
>   MdeModulePkg: Add EDKII_PCI_DEVICE_PPI definition
>   MdeModulePkg/AhciPei: Use PCI_DEVICE_PPI to manage AHCI device
> 
>  MdeModulePkg/Bus/Ata/AhciPei/AhciPei.c| 615 +++-
>  MdeModulePkg/Bus/Ata/AhciPei/DevicePath.c |  44 --
>  MdeModulePkg/Bus/Ata/AhciPei/AhciPei.inf  |   5 +-
>  MdeModulePkg/Include/Ppi/PciDevice.h  |  32 +
>  MdeModulePkg/MdeModulePkg.dec |   3 +
>  5 files changed, 493 insertions(+), 206 deletions(-)  create mode 
> 100644 MdeModulePkg/Include/Ppi/PciDevice.h
> 
> --
> 2.27.0.windows.1

-
Intel Technology Poland sp. z o.o.
ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydzial 
Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-316 | 
Kapital zakladowy 200.000 PLN.
Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata i 
moze zawierac informacje poufne. W razie przypadkowego otrzymania tej 
wiadomosci, prosimy o powiadomienie nadawcy oraz trwale jej usuniecie; 
jakiekolwiek przegladanie lub rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole 
use of the intended recipient(s). If you are not the intended recipient, please 
contact the sender and delete all copies; any review or distribution by others 
is strictly prohibited.



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90487): https://edk2.groups.io/g/devel/message/90487
Mute This Topic: https://groups.io/mt/91575907/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel][PATCH v1 2/2] MdeModulePkg/AhciPei: Use PCI_DEVICE_PPI to manage AHCI device

[Maciej Czajkowski]

Hello,

1. Yes, I will try to fix that in the v2 patch.
2. We have a review opened to add such instance - 
https://edk2.groups.io/g/devel/message/89970
3. For now it will be implemented in the silicon code, so you are right - we 
should keep them. Also, it would require a larger library refactor to consume 
such code from PCI_DEVICE_PPI if we are going to still support both 
PCI_DEVICE_PPI and AHCI_HOST_CONTROLLER_PPI. However, what are you thoughts 
about future of the library? If we can get rid of AHCI_HOST_CONTROLLER_PPI, I 
think that it is possible to remove the IOMMU code.
4. It has been run in the simulation environment, and a BlockIo read has been 
performed in PEI phase - and it was performed successfully.
5. Sure, will do that for v2 patch.

-Original Message-
From: Wu, Hao A  
Sent: czwartek, 9 czerwca 2022 05:08
To: devel@edk2.groups.io; Wu, Hao A ; Czajkowski, Maciej 

Cc: Ni, Ray 
Subject: RE: [edk2-devel][PATCH v1 2/2] MdeModulePkg/AhciPei: Use 
PCI_DEVICE_PPI to manage AHCI device

For "3) Could you help to check if the DMA memory related codes in 
MdeModulePkg\Bus\Ata\AhciPei\DmaMem.c can be covered by the 'PciIo' service in 
EDKII_PCI_DEVICE_PPI?"
After a second thought, my take is that there will be no PciBusPei 
implementation added in edk2.
So there will be no enforcement for producers of EDKII_PCI_DEVICE_PPI to add 
IOMMU support like in PciBusDxe.

If my above understanding is correct, then I think we might still need to keep 
those IOMMU support codes in AhciPei PEIM.

Best Regards,
Hao Wu

> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of Wu, Hao 
> A
> Sent: Thursday, June 9, 2022 10:48 AM
> To: Czajkowski, Maciej ; 
> devel@edk2.groups.io
> Cc: Ni, Ray 
> Subject: Re: [edk2-devel][PATCH v1 2/2] MdeModulePkg/AhciPei: Use 
> PCI_DEVICE_PPI to manage AHCI device
> 
> Couple of general level comments/questions:
> 1) The implementation of functions 
> AtaAhciPciDevicePpiInstallationCallback() &
> AtaAhciInitPrivateDataFromPciDevice() has many duplications. Is it 
> possible to abstract a separate function to reduce duplicated codes?
> 2) What DevicePathLib instance should be used for the PEI case? As far 
> as I know, current DevicePathLib instances in edk2 do not support PEIM.
> 3) Could you help to check if the DMA memory related codes in 
> MdeModulePkg\Bus\Ata\AhciPei\DmaMem.c can be covered by the 'PciIo'
> service in EDKII_PCI_DEVICE_PPI?
> 4) May I know what kind of tests are performed for this patch? Would 
> like to ensure the origin gEdkiiPeiAtaAhciHostControllerPpiGuid path is not 
> broken.
> 5) Could you help to create a GitHub Pull Request to trigger the CI 
> tests for this series?
> 
> More inline comments below:
> 
> 
> > -Original Message-
> > From: Czajkowski, Maciej 
> > Sent: Monday, June 6, 2022 8:45 PM
> > To: devel@edk2.groups.io
> > Cc: Wu, Hao A ; Ni, Ray 
> > Subject: [edk2-devel][PATCH v1 2/2] MdeModulePkg/AhciPei: Use 
> > PCI_DEVICE_PPI to manage AHCI device
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3907
> >
> > This change modifies AhciPei library to allow usage both 
> > EDKII_PCI_DEVICE_PPI and EDKII_PEI_ATA_AHCI_HOST_CONTROLLER_PPI to 
> > manage ATA HDD working under AHCI mode.
> >
> > Cc: Hao A Wu 
> > Cc: Ray Ni 
> > Signed-off-by: Maciej Czajkowski 
> > ---
> >  MdeModulePkg/Bus/Ata/AhciPei/AhciPei.c| 615 +++-
> >  MdeModulePkg/Bus/Ata/AhciPei/DevicePath.c |  44 --
> >  MdeModulePkg/Bus/Ata/AhciPei/AhciPei.inf  |   5 +-
> >  3 files changed, 458 insertions(+), 206 deletions(-)
> >
> > diff --git a/MdeModulePkg/Bus/Ata/AhciPei/AhciPei.c
> > b/MdeModulePkg/Bus/Ata/AhciPei/AhciPei.c
> > index 208b7e9a3606..31bb3c0760ab 100644
> > --- a/MdeModulePkg/Bus/Ata/AhciPei/AhciPei.c
> > +++ b/MdeModulePkg/Bus/Ata/AhciPei/AhciPei.c
> > @@ -9,6 +9,47 @@
> >  **/
> >
> >
> >
> >  #include "AhciPei.h"
> >
> > +#include 
> >
> > +#include 
> >
> > +#include 
> >
> > +
> >
> > +/**
> >
> > +  Callback for EDKII_ATA_AHCI_HOST_CONTROLLER_PPI installation.
> >
> > +
> >
> > +  @param[in] PeiServices Pointer to PEI Services Table.
> >
> > +  @param[in] NotifyDescriptorPointer to the descriptor for the 
> > Notification
> >
> > + event that caused this function to 
> > execute.
> >
> > +  @param[in] Ppi Pointer to the PPI data associated with 
> > this
> function.
> >
> > +
> >
> > +  @retval EFI_SUCCESSThe function completes successfully
> >
> > +
> >
> > +**/
> >
> > +EFI_STATUS
> >
> > +EFIAPI
> >
> > +AtaAhciHostControllerPpiInstallationCallback (
> >
> > +  IN EFI_PEI_SERVICES   **PeiServices,
> >
> > +  IN EFI_PEI_NOTIFY_DESCRIPTOR  *NotifyDescriptor,
> >
> > +  IN VOID   *Ppi
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Callback for EDKII_PCI_DEVICE_PPI installation.
> >
> > +
> >
> > +  @param[in] PeiServices Pointer to PEI Services Table.
> >
> > +  @param[in] NotifyDescriptorPoint

Re: [edk2-devel] [PATCH 2/2] DxeMain: Fix the bug that StackGuard is not enabled

[Sami Mujawar]

Hi Ray,

Thank you for this patch.

This change looks good to me.

Reviewed-by: Sami Mujawar 

Regards,

Sami Mujawar

On 13/06/2022 04:39 am, Ni, Ray via groups.io wrote:

Commit e7abb94d1 removed InitializeCpuExceptionHandlersEx
and updated DxeMain to call InitializeCpuExceptionHandlers
for exception setup. But the old behavior that calls *Ex() sets
up the stack guard as well. To match the old behavior,
the patch calls InitializeSeparateExceptionStacks.

Signed-off-by: Ray Ni 
Reviewed-by: Jian J Wang 
Cc: Liming Gao 
---
  MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 8 
  1 file changed, 8 insertions(+)

diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c 
b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
index 83f49d7c00..0a1f3d79e2 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
+++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
@@ -256,6 +256,14 @@ DxeMain (
Status = InitializeCpuExceptionHandlers (VectorInfoList);

ASSERT_EFI_ERROR (Status);

  


+  //

+  // Setup Stack Guard

+  //

+  if (PcdGetBool (PcdCpuStackGuard)) {

+Status = InitializeSeparateExceptionStacks (NULL);

+ASSERT_EFI_ERROR (Status);

+  }

+

//

// Initialize Debug Agent to support source level debug in DXE phase

//




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90485): https://edk2.groups.io/g/devel/message/90485
Mute This Topic: https://groups.io/mt/91719888/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/2] ArmPkg/ArmExceptionLib: Follow new CpuExceptionHandlerLib APIs

[Sami Mujawar]

Hi Ray,

Thank you for this patch.

I have one minor suggestion marked inline as [SAMI], otherwise this 
patch looks good to me.


With that updated.

Reviewed-by: Sami Mujawar 

Regards,

Sami Mujawar

On 13/06/2022 04:39 am, Ray Ni wrote:

CpuExceptionHandlerLib has been refactored with following changes:
1. Removed InitializeCpuInterruptHandlers in 2a09527ebcb459b40
2. Removed InitializeCpuExceptionHandlersEx and
added InitializeSeparateExceptionStacks in e7abb94d1fb8a0e7

The patch updates ARM version of CpuExceptionHandlerLib to follow
the API changes.

The functionality to ARM platforms should be none.

Signed-off-by: Ray Ni
Cc: Leif Lindholm
Cc: Ard Biesheuvel
Cc: Sami Mujawar
---
  .../Library/ArmExceptionLib/ArmExceptionLib.c | 58 ---
  1 file changed, 11 insertions(+), 47 deletions(-)

diff --git a/ArmPkg/Library/ArmExceptionLib/ArmExceptionLib.c 
b/ArmPkg/Library/ArmExceptionLib/ArmExceptionLib.c
index 1904816c16..2c7bc66aa7 100644
--- a/ArmPkg/Library/ArmExceptionLib/ArmExceptionLib.c
+++ b/ArmPkg/Library/ArmExceptionLib/ArmExceptionLib.c
@@ -4,6 +4,7 @@
  *  Copyright (c) 2008 - 2009, Apple Inc. All rights reserved.

  *  Copyright (c) 2011-2021, Arm Limited. All rights reserved.

  *  Copyright (c) 2016 HP Development Company, L.P.

+*  Copyright (c) 2022, Intel Corporation. All rights reserved.

  *

  *  SPDX-License-Identifier: BSD-2-Clause-Patent

  *

@@ -194,32 +195,6 @@ CopyExceptionHandlers (
return RETURN_SUCCESS;

  }

  


-/**

-Initializes all CPU interrupt/exceptions entries and provides the default 
interrupt/exception handlers.

-

-Caller should try to get an array of interrupt and/or exception vectors that 
are in use and need to

-persist by EFI_VECTOR_HANDOFF_INFO defined in PI 1.3 specification.

-If caller cannot get reserved vector list or it does not exists, set 
VectorInfo to NULL.

-If VectorInfo is not NULL, the exception vectors will be initialized per 
vector attribute accordingly.

-

-@param[in]  VectorInfoPointer to reserved vector list.

-

-@retval EFI_SUCCESS   All CPU interrupt/exception entries have been 
successfully initialized

-with default interrupt/exception handlers.

-@retval EFI_INVALID_PARAMETER VectorInfo includes the invalid content if 
VectorInfo is not NULL.

-@retval EFI_UNSUPPORTED   This function is not supported.

-

-**/

-EFI_STATUS

-EFIAPI

-InitializeCpuInterruptHandlers (

-  IN EFI_VECTOR_HANDOFF_INFO  *VectorInfo OPTIONAL

-  )

-{

-  // not needed, this is what the CPU driver is for

-  return EFI_UNSUPPORTED;

-}

-

  /**

  Registers a function to be called from the processor exception handler. (On 
ARM/AArch64 this only

  provides exception handlers, not interrupt handling which is provided through 
the Hardware Interrupt

@@ -229,8 +204,8 @@ This function registers and enables the handler specified 
by ExceptionHandler fo
  interrupt or exception type specified by ExceptionType. If ExceptionHandler 
is NULL, then the

  handler for the processor interrupt or exception type specified by 
ExceptionType is uninstalled.

  The installed handler is called once for each processor interrupt or 
exception.

-NOTE: This function should be invoked after InitializeCpuExceptionHandlers() or

-InitializeCpuInterruptHandlers() invoked, otherwise EFI_UNSUPPORTED returned.

+NOTE: This function should be invoked after InitializeCpuExceptionHandlers() 
is invoked,

+otherwise EFI_UNSUPPORTED returned.

  


  @param[in]  ExceptionType Defines which interrupt or exception to hook.

  @param[in]  ExceptionHandler  A pointer to a function of type 
EFI_CPU_INTERRUPT_HANDLER that is called

@@ -312,33 +287,22 @@ CommonCExceptionHandler (
  }

  


  /**

-  Initializes all CPU exceptions entries with optional extra initializations.

-

-  By default, this method should include all functionalities implemented by

-  InitializeCpuExceptionHandlers(), plus extra initialization works, if any.

-  This could be done by calling InitializeCpuExceptionHandlers() directly

-  in this method besides the extra works.

+  Setup separate stacks for certain exception handlers.

  


-  InitData is optional and its use and content are processor arch dependent.

-  The typical usage of it is to convey resources which have to be reserved

-  elsewhere and are necessary for the extra initializations of exception.

+  InitData is optional and processor arch dependent.

  


-  @param[in]  VectorInfoPointer to reserved vector list.

-  @param[in]  InitData  Pointer to data optional for extra initializations

-of exception.

+  @param[in]  InitData  Pointer to data optional for information about how

+to assign stacks for certain exception handlers.

  


-  @retval EFI_SUCCESS The exceptions have been successfully

-  initialized.

-  @retval EFI_INVALID_PARAMETER   VectorInfo or InitData contains invalid

-  

Re: [edk2-devel] [PATCH v3 1/1] [edk2-platforms]Tools\FitGen: Add extra parameter fixed FIT address

[Bob Feng]

This patch looks good to me.

Reviewed-by: Bob Feng 

-Original Message-
From: Jiang, Wenyi  
Sent: Friday, June 10, 2022 9:15 AM
To: devel@edk2.groups.io
Cc: Chen, Christine ; Feng, Bob C 
Subject: [PATCH v3 1/1] [edk2-platforms]Tools\FitGen: Add extra parameter fixed 
FIT address

From: fanwang2intel 

Add "-T " parameter to provide fixed FIT address on flash 
region. When this parameter is set to a valid address in the input FD/FV file, 
tool will directly generate FIT on this address.

It's users' responsibilities to reserve enough size for FIT table and option 
modules on the target location, otherwise, FIT Gen process will fail.

Cc: Chen Christine 
Cc: Bob Feng 

Signed-off-by: fanwang2intel 
---
 Silicon/Intel/Tools/FitGen/FitGen.c | 163 ++--
 1 file changed, 120 insertions(+), 43 deletions(-)

diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c 
b/Silicon/Intel/Tools/FitGen/FitGen.c
index 290e688f6e4e..4de72ea4225e 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.c
+++ b/Silicon/Intel/Tools/FitGen/FitGen.c
@@ -345,6 +345,7 @@ Returns:
   "\t[-M ] [-M ...]|[-U ||] [-V 
]\n"   "\t[-O RecordType  [-V ]] [-O ... [-V ...]]\n"   "\t[-P 
RecordType  [-V ]] [-P ... 
[-V ...]]\n"+  "\t[-T ]\n"   , UTILITY_NAME); 
  printf ("  Where:\n");   printf ("\t-D - It is FD file 
instead of FV file. (The tool will search FV file)\n");@@ -388,6 +389,7 @@ 
Returns:
   printf ("\tWidth  - The Width of the port.\n");   printf 
("\tBit- The Bit Number of the port.\n");   printf 
("\tIndex  - The Index Number of the port.\n");+  printf 
("\tFixedFitLocation   - Fixed FIT location in flash address. FIT table 
will be generated at this location and Option Modules will be directly put 
right before it.\n");   printf ("\nUsage (view): %s [-view] InputFile -F 
\n", UTILITY_NAME);   printf ("  Where:\n");   printf 
("\tInputFile  - Name of the input file.\n");@@ -445,6 +447,46 @@ 
CheckPath (
   return TRUE; } +UINT32+GetFixedFitLocation (+  IN INTN   argc,+  IN CHAR8  
**argv+  )+/*Routine Description:++  Get fixed FIT location from 
argument++Arguments:++  argc   - Number of command line parameters.+  
argv   - Array of pointers to parameter strings.++Returns:++  
FitLocation - The FIT location specified by Argument+  0   - Argument 
parse fail++*/+{+  UINT32  FitLocation;+  INTN  
  Index;++  FitLocation = 0;++  for (Index = 0; Index + 1 < argc; Index 
++) {++if ((strcmp (argv[Index], "-T") == 0) ||+(strcmp 
(argv[Index], "-t") == 0) ) {+  FitLocation =  xtoi (argv[Index + 1]);+ 
 break;+}+  }++  return FitLocation;+}+ STATUS ReadInputFile (   IN CHAR8   
 *FileName,@@ -1909,10 +1951,11 @@ Returns:
 }  VOID *-GetFreeSpaceFromFv (+GetFreeSpaceForFit (   IN UINT8 *FvBuffer,  
 IN UINT32FvSize,-  IN UINT32FitEntryNumber+  IN UINT32
FitTableSize,+  IN UINT32FixedFitLocation   ) /*++ @@ -1922,9 +1965,10 @@ 
Routine Description:
  Arguments: -  FvBuffer   - FvRecovery binary buffer-  FvSize - 
FvRecovery size-  FitEntryNumber - The FIT entry number+  FvBuffer - 
FvRecovery binary buffer+  FvSize   - FvRecovery size+  FitTableSize
 - The FIT table size+  FixedFitLocation - Fixed FIT location provided by 
argument  Returns: @@ -1939,7 +1983,6 @@ Returns:
   UINT8   *OptionalModuleAddress;   EFI_GUIDVTFGuid = 
EFI_FFS_VOLUME_TOP_FILE_GUID;   UINT32  AlignedSize;-  UINT32  
FitTableSize;EFI_FIRMWARE_VOLUME_HEADER  *FvHeader;   EFI_FFS_FILE_HEADER   
  *FileHeader;@@ -1966,45 +2009,62 @@ Returns:
 }   } -  //-  // Get EFI_FFS_VOLUME_TOP_FILE_GUID location-  //-  
FitTableOffset = NULL;+  if (FixedFitLocation != 0) {+//+// Get Free 
space from fixed location+//+FitTableOffset = (UINT8 *) FLASH_TO_MEMORY 
(FixedFitLocation, FvBuffer, FvSize);+  } else {+//+// Get Free Space 
from FvRecovery+//+FitTableOffset = NULL; -  FvHeader = 
(EFI_FIRMWARE_VOLUME_HEADER *)FvBuffer;-  FvLength = 
FvHeader->FvLength;-  FileHeader   = (EFI_FFS_FILE_HEADER *)(FvBuffer + 
FvHeader->HeaderLength);-  Offset   = (UINTN)FileHeader - 
(UINTN)FvBuffer;+FvHeader = (EFI_FIRMWARE_VOLUME_HEADER 
*)FvBuffer;+FvLength = FvHeader->FvLength;+FileHeader   = 
(EFI_FFS_FILE_HEADER *)(FvBuffer + FvHeader->HeaderLength);+Offset  
 = (UINTN)FileHeader - (UINTN)FvBuffer; -  while (Offset < FvLength) {-
FileLength = (*(UINT32 *)(FileHeader->Size)) & 0x00FF;-FileOccupiedSize 
= GETOCCUPIEDSIZE(FileLength, 8);-if ((CompareGuid (&(FileHeader->Name), 
&VTFGuid)) == 0) {-  // find it-  FitTableOffset = (UINT8 
*)FileHeader;-  break;+//+// Get EFI_FFS_VOLUME_TOP_FILE_GUID 
location+//+while (Offset < FvLength) {+  F

[edk2-devel] [edk2-staging][PATCH 5/5] edk2-staging/RedfishClientPkg: Add missing module

[Nickle Wang]

Add missing module import for conditional, RfCollection, RfResource,
RfResourceRaw, hashlib and OrderedDict

Signed-off-by: Nickle Wang 
Cc: Abner Chang 
Cc: Yang Atom 
Cc: Nick Ramirez 
---
 .../Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py | 5 -
 .../Tools/Redfish-Profile-Simulator/v1sim/resource.py| 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git 
a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py 
b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py
index 35d3794cc6..53a4484979 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py
@@ -1,7 +1,7 @@
 #
 # Copyright Notice:
 # Copyright (c) 2019, Intel Corporation. All rights reserved.
-# (C) Copyright 2021 Hewlett Packard Enterprise Development LP
+# (C) Copyright 2021-2022 Hewlett Packard Enterprise Development LP
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 # Copyright Notice:
@@ -16,6 +16,9 @@ from flask import request
 
 from .flask_redfish_auth import RfHTTPBasicOrTokenAuth
 
+from redfishProfileSimulator import conditional
+from v1sim.resource import RfCollection, RfResource, RfResourceRaw
+
 from werkzeug.serving import WSGIRequestHandler
 
 def rfApi_SimpleServer(root, versions, host="127.0.0.1", port=5000, cert="", 
key=""):
diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py 
b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py
index 0c7a838281..f6bd15cf32 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py
@@ -15,6 +15,8 @@ import os
 import sys
 
 import flask
+import hashlib
+from collections import OrderedDict
 
 if sys.version_info >= (3, 5):
 from typing import Type
-- 
2.32.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90482): https://edk2.groups.io/g/devel/message/90482
Mute This Topic: https://groups.io/mt/91722083/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [edk2-staging][PATCH 4/5] edk2-staging/RedfishClientPkg: Add ETag support

[Nickle Wang]

From: Nickle Wang 

Implement ETag support in HTTP header

Signed-off-by: Nickle Wang 
Cc: Abner Chang 
Cc: Yang Atom 
Cc: Nick Ramirez 
---
 .../v1sim/resource.py | 10 +--
 .../v1sim/systems.py  | 28 +++
 2 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py 
b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py
index e722d16a0b..0c7a838281 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py
@@ -36,6 +36,12 @@ class RfResource:
 self.final_init_processing(base_path, rel_path)
 else:
 self.res_data = {}
+self.generate_etag(json.dumps(self.res_data))
+
+def generate_etag(self, context):
+md5 = hashlib.md5()
+md5.update(context.encode('utf-8'))
+self.etag = 'W/"' + md5.hexdigest() + '"'
 
 def create_sub_objects(self, base_path, rel_path):
 pass
@@ -49,8 +55,8 @@ class RfResource:
 # SHA1 should generate well-behaved etags
 response = flask.make_response(self.response)
 response.mimetype = 'application/json'
-etag = hashlib.sha1(self.response.encode('utf-8')).hexdigest()
-response.set_etag(etag)
+response.headers["ETag"] = self.etag
+
 return response
 except KeyError:
 flask.abort(404)
diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py 
b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
index 6305a51efb..5adf81be5b 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
@@ -92,7 +92,11 @@ class RfSystemObj(RfResource):
 if "BootOrder" in boot_data:
 self.res_data['Boot']['BootOrder'] = boot_data['BootOrder']
 
-resp = flask.Response(json.dumps(self.res_data,indent=4), 
mimetype="application/json")
+context = json.dumps(self.res_data,indent=4)
+self.generate_etag(context)
+resp = flask.Response(context, mimetype="application/json")
+resp.headers["ETag"] = self.etag
+
 return 0, 200, None, resp
 
 def reset_resource(self, reset_data):
@@ -136,26 +140,28 @@ class RfMemoryCollection(RfCollection):
 
 post_data["@odata.id"] = newMemoryUrl
 
-md5 = hashlib.md5()
-md5.update(json.dumps(post_data).encode("utf-8"))
-etag_str = 'W/"' + md5.hexdigest() + '"'
-post_data["@odata.etag"] = etag_str
+self.generate_etag(json.dumps(post_data,indent=4))
+
+post_data["@odata.etag"] = self.etag
 self.elements[str(newMemoryIdx)] = post_data
 
 resp = flask.Response(json.dumps(post_data,indent=4), 
mimetype="application/json")
 resp.headers["Location"] = newMemoryUrl
-resp.headers["ETag"] = etag_str
-
+resp.headers["ETag"] = self.etag
 return 0, 200, None, resp
 
 def patch_memory(self, Idx, patch_data):
-md5 = hashlib.md5()
-md5.update(json.dumps(patch_data).encode("utf-8"))
-etag_str = 'W/"' + md5.hexdigest() + '"'
-patch_data["@odata.etag"] = etag_str
 
+
+self.elements[str(Idx)] = {**self.elements[str(Idx)], **patch_data}
+
+context = json.dumps(self.elements[str(Idx)],indent=4)
+self.generate_etag(context)
+patch_data["@odata.etag"] = self.etag
 self.elements[str(Idx)] = {**self.elements[str(Idx)], **patch_data}
+
 resp = flask.Response(json.dumps(self.elements[str(Idx)],indent=4), 
mimetype="application/json")
+resp.headers["ETag"] = self.etag
 return 0, 200, None, resp
 
 def get_memory(self, Idx):
-- 
2.32.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90481): https://edk2.groups.io/g/devel/message/90481
Mute This Topic: https://groups.io/mt/91722082/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [edk2-staging][PATCH 3/5] edk2-staging/RedfishClientPkg: Update patch method of computer system

[Nickle Wang]

From: Nickle Wang 

Remove attribute check during patch of computer system and return
content-type with JSON format in HTTP header.

Signed-off-by: Nickle Wang 
Cc: Abner Chang 
Cc: Yang Atom 
Cc: Nick Ramirez 
---
 .../v1sim/resource.py |  4 ++-
 .../v1sim/systems.py  | 28 +++
 2 files changed, 13 insertions(+), 19 deletions(-)

diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py 
b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py
index ca7541f172..e722d16a0b 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py
@@ -2,6 +2,7 @@
 # Copyright Notice:
 #
 # Copyright (c) 2019, Intel Corporation. All rights reserved.
+# (C) Copyright 2021-2022 Hewlett Packard Enterprise Development LP
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 # Copyright Notice:
@@ -47,6 +48,7 @@ class RfResource:
 try:
 # SHA1 should generate well-behaved etags
 response = flask.make_response(self.response)
+response.mimetype = 'application/json'
 etag = hashlib.sha1(self.response.encode('utf-8')).hexdigest()
 response.set_etag(etag)
 return response
@@ -69,7 +71,7 @@ class RfResource:
 else:
 raise Exception("attribute %s not found" % key)
 
-resp = flask.Response(json.dumps(self.res_data,indent=4))
+resp = flask.Response(json.dumps(self.res_data,indent=4), 
mimetype="application/json")
 return 0, 200, None, resp
 
 def post_resource(self, post_data):
diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py 
b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
index de4b839aeb..6305a51efb 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
@@ -2,7 +2,7 @@
 # Copyright Notice:
 #
 # Copyright (c) 2019, Intel Corporation. All rights reserved.
-# (C) Copyright 2021 Hewlett Packard Enterprise Development LP
+# (C) Copyright 2021-2022 Hewlett Packard Enterprise Development LP
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 # Copyright Notice:
@@ -63,15 +63,7 @@ class RfSystemObj(RfResource):
 self.components[item] = RfBootOptionCollection(base_path, 
os.path.join(rel_path, item), parent=self)
 
 def patch_resource(self, patch_data):
-# first verify client didn't send us a property we cant patch
-for key in patch_data.keys():
-if key != "AssetTag" and key != "IndicatorLED" and key != "Boot" 
and key != "BiosVersion":
-return 4, 400, "Invalid Patch Property Sent", ""
-elif key == "Boot":
-for prop2 in patch_data["Boot"].keys():
-if prop2 != "BootSourceOverrideEnabled" and prop2 != 
"BootSourceOverrideTarget" and prop2 != "BootNext" and prop2 != "BootOrder":
-return 4, 400, "Invalid Patch Property Sent", ""
-# now patch the valid properties sent
+# patch the valid properties sent
 if "AssetTag" in patch_data:
 print("assetTag:{}".format(patch_data["AssetTag"]))
 self.res_data['AssetTag'] = patch_data['AssetTag']
@@ -100,7 +92,7 @@ class RfSystemObj(RfResource):
 if "BootOrder" in boot_data:
 self.res_data['Boot']['BootOrder'] = boot_data['BootOrder']
 
-resp = flask.Response(json.dumps(self.res_data,indent=4))
+resp = flask.Response(json.dumps(self.res_data,indent=4), 
mimetype="application/json")
 return 0, 200, None, resp
 
 def reset_resource(self, reset_data):
@@ -150,7 +142,7 @@ class RfMemoryCollection(RfCollection):
 post_data["@odata.etag"] = etag_str
 self.elements[str(newMemoryIdx)] = post_data
 
-resp = flask.Response(json.dumps(post_data,indent=4))
+resp = flask.Response(json.dumps(post_data,indent=4), 
mimetype="application/json")
 resp.headers["Location"] = newMemoryUrl
 resp.headers["ETag"] = etag_str
 
@@ -163,7 +155,7 @@ class RfMemoryCollection(RfCollection):
 patch_data["@odata.etag"] = etag_str
 
 self.elements[str(Idx)] = {**self.elements[str(Idx)], **patch_data}
-resp = flask.Response(json.dumps(self.elements[str(Idx)],indent=4))
+resp = flask.Response(json.dumps(self.elements[str(Idx)],indent=4), 
mimetype="application/json")
 return 0, 200, None, resp
 
 def get_memory(self, Idx):
@@ -172,7 +164,7 @@ class RfMemoryCollection(RfCollection):
 def delete_memory(self, Idx):
 print("in delete_memory")
 
-resp = flask.Response(json.dumps(self.elements[Idx],indent=4))
+resp = flask.Response(json.dumps(self.elements[Idx],indent=4), 
mimetype="application/json")
 
 self.elements.pop(Idx)

[edk2-devel] [edk2-staging][PATCH 2/5] edk2-staging/RedfishClientPkg: Update computer system schema version

[Nickle Wang]

Update mock-up file and use computer system schema version 1.5.0 in
order to support Boot.BootOrder attribute.
Update UUID of 2M220101SL for working with Redfish Profile Simulator.

Signed-off-by: Nickle Wang 
Cc: Abner Chang 
Cc: Yang Atom 
Cc: Nick Ramirez 
---
 .../redfish/v1/Systems/2M220100SL/index.json  | 2 +-
 .../redfish/v1/Systems/2M220101SL/index.json  | 4 ++--
 .../redfish/v1/Systems/2M220102SL/index.json  | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git 
a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/index.json
 
b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/index.json
index dbba691302..090fd2ed36 100644
--- 
a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/index.json
+++ 
b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/index.json
@@ -1,5 +1,5 @@
 {
-"@odata.type": "#ComputerSystem.v1_1_0.ComputerSystem",
+"@odata.type": "#ComputerSystem.v1_5_0.ComputerSystem",
 "Id": "2M220100SL",
 "Name": "Catfish System",
 "SystemType": "Physical",
diff --git 
a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/index.json
 
b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/index.json
index 3147cb8827..bc082d3190 100644
--- 
a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/index.json
+++ 
b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/index.json
@@ -1,5 +1,5 @@
 {
-"@odata.type": "#ComputerSystem.v1_1_0.ComputerSystem",
+"@odata.type": "#ComputerSystem.v1_5_0.ComputerSystem",
 "Id": "2M220101SL",
 "Name": "Catfish System",
 "SystemType": "Physical",
@@ -10,7 +10,7 @@
 "SKU": "",
 "PartNumber": "",
 "Description": "Catfish Implementation Recipe of simple scale-out 
monolithic server",
-"UUID": "BADFACED-DEAD-BEEF-1313-131313131313",
+"UUID": "25EF0280-EC82-42B0-8FB6-10ADCCC67C02",
 "HostName": "catfishHostname",
 "PowerState": "On",
 "BiosVersion": "X00.1.2.3.4(build-23)",
diff --git 
a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/index.json
 
b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/index.json
index 49b2d25f53..d9aa7bb1e1 100644
--- 
a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/index.json
+++ 
b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/index.json
@@ -1,5 +1,5 @@
 {
-"@odata.type": "#ComputerSystem.v1_1_0.ComputerSystem",
+"@odata.type": "#ComputerSystem.v1_5_0.ComputerSystem",
 "Id": "2M220102SL",
 "Name": "Catfish System",
 "SystemType": "Physical",
-- 
2.32.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90479): https://edk2.groups.io/g/devel/message/90479
Mute This Topic: https://groups.io/mt/91722070/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [edk2-staging][PATCH 1/5] edk2-staging/RedfishClientPkg: Update requirements.txt

[Nickle Wang]

From: Nickle Wang 

Updates the Python module dependency for Redfish Profile Simulator.

Signed-off-by: Nickle Wang 
Cc: Abner Chang 
Cc: Yang Atom 
Cc: Nick Ramirez 
---
 .../Tools/Redfish-Profile-Simulator/requirements.txt   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/requirements.txt 
b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/requirements.txt
index 88807d87c2..359a814461 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/requirements.txt
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/requirements.txt
@@ -1,2 +1,5 @@
+Werkzeug==0.16
+Jinja2==3.0.3
+itsdangerous==2.0.1
 flask==1.1.1
 pyOpenSSL
-- 
2.32.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90478): https://edk2.groups.io/g/devel/message/90478
Mute This Topic: https://groups.io/mt/91722069/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [edk2-staging][PATCH 0/5] Update Redfish Profile Simulator

[Nickle Wang]

Update Redfish Profile Simulator in order to cooperating with Redfish
feature driver. Computer system schema is updated to version 1.5.0 to 
include Boot.BootOrder attribute. "ETag" HTTP header is implemented to
all Redfish method and fix missing module issue.

Nickle Wang (5):
  edk2-staging/RedfishClientPkg: Update requirements.txt
  edk2-staging/RedfishClientPkg: Update computer system schema version
  edk2-staging/RedfishClientPkg: Update patch method of computer system
  edk2-staging/RedfishClientPkg: Add ETag support
  edk2-staging/RedfishClientPkg: Add missing module

 .../redfish/v1/Systems/2M220100SL/index.json  |  2 +-
 .../redfish/v1/Systems/2M220101SL/index.json  |  4 +-
 .../redfish/v1/Systems/2M220102SL/index.json  |  2 +-
 .../requirements.txt  |  3 ++
 .../v1sim/redfishURIs.py  |  5 +-
 .../v1sim/resource.py | 16 --
 .../v1sim/systems.py  | 54 +--
 7 files changed, 50 insertions(+), 36 deletions(-)

-- 
2.32.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90477): https://edk2.groups.io/g/devel/message/90477
Mute This Topic: https://groups.io/mt/91722066/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-