Re: [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libraries
Hi I am going to merge this. However, I realize that my mailbox filtered patch 6/11 and 10/11. So I am going to merge the one in https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v3 Please double confirm: 1) the latest one 256220d82191effae32d91897ab0f65a4fa0641b is identical to the one you submitted to EDKII mailing list. 2) the latest one passed the EDKII CI. Once you confirm above, I will start merging process. Thank you Yao Jiewen > -Original Message- > From: devel@edk2.groups.io On Behalf Of Kun Qin > Sent: Friday, July 1, 2022 7:54 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Xu, Min M ; Sean Brogan ; > Ard Biesheuvel ; Justen, Jordan L > ; Gerd Hoffmann ; Rebecca > Cran ; Peter Grehan ; Boeuf, > Sebastien ; Andrew Fish ; Ni, > Ray > Subject: [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libraries > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911 > > This is a follow-up of a previously submitted patch series based on top > of master branch: https://edk2.groups.io/g/devel/message/90491. > > The main changes between v2 and v3 patches are: > - Added reviewed-by and acked-by tags collected from previous iteration > - Updated default timestamp for default secure boot variable enrollment > > The updated changes are verified on QEMU based Q35 virtual platform as > well as proprietary physical platforms. > > Patch v3 branch: > https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v3 > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Min Xu > Cc: Sean Brogan > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Gerd Hoffmann > Cc: Rebecca Cran > Cc: Peter Grehan > Cc: Sebastien Boeuf > Cc: Andrew Fish > Cc: Ray Ni > > Kun Qin (8): > SecurityPkg: UefiSecureBoot: Definitions of cert and payload > structures > SecurityPkg: PlatformPKProtectionLib: Added PK protection interface > SecurityPkg: SecureBootVariableLib: Updated time based payload creator > SecurityPkg: SecureBootVariableProvisionLib: Updated implementation > SecurityPkg: Secure Boot Drivers: Added common header files > SecurityPkg: SecureBootConfigDxe: Updated invocation pattern > OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency > EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency > > kuqin (3): > SecurityPkg: SecureBootVariableLib: Updated signature list creator > SecurityPkg: SecureBootVariableLib: Added newly supported interfaces > SecurityPkg: SecureBootVariableLib: Added unit tests > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > |1 + > > SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLib > VarPolicy.c | 51 + > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > | 485 - > > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio > nLib.c | 36 + > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c > | 201 ++ > > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices > TableLib.c | 13 + > > SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnit > Test.c| 2037 > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisi > onLib.c | 145 +- > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigIm > pl.c | 128 +- > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefa > ultKeysDxe.c |1 + > EmulatorPkg/EmulatorPkg.dsc > |1 + > OvmfPkg/Bhyve/BhyveX64.dsc > |1 + > OvmfPkg/CloudHv/CloudHvX64.dsc > |1 + > OvmfPkg/IntelTdx/IntelTdxX64.dsc > |1 + > OvmfPkg/OvmfPkgIa32.dsc > |1 + > OvmfPkg/OvmfPkgIa32X64.dsc > |1 + > OvmfPkg/OvmfPkgX64.dsc > |1 + > SecurityPkg/Include/Library/PlatformPKProtectionLib.h > | > 31 + > SecurityPkg/Include/Library/SecureBootVariableLib.h > | > 103 +- > SecurityPkg/Include/UefiSecureBoot.h > | 94 + > > SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLib > VarPolicy.inf | 36 + > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > | 14 +- > > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio > nLib.inf| 33 +
[edk2-devel] [PATCH v2] SecurityPkg: Add TPM NVIndex Extend support.
code: https://github.com/qizhangz/edk2/tree/NvIndexExtend Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Rahul Kumar Cc: Qi Zhang --- SecurityPkg/Include/Library/Tpm2CommandLib.h | 21 +++ .../HashLibBaseCryptoRouterDxe.c | 86 +++-- .../Library/Tpm2CommandLib/Tpm2NVStorage.c| 120 ++ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 25 +++- 4 files changed, 238 insertions(+), 14 deletions(-) diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h index a2fb97f18d..f2ff3a5c0c 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -467,6 +467,27 @@ Tpm2NvGlobalWriteLock ( IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL ); +/** + This command extends a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace(). + + @param[in] AuthHandle the handle indicating the source of the authorization value. + @param[in] NvIndexThe NV Index of the area to extend. + @param[in] AuthSessionAuth Session context + @param[in] InData The data to extend. + + @retval EFI_SUCCESSOperation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvExtend ( + IN TPMI_RH_NV_AUTHAuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, + IN TPM2B_MAX_BUFFER *InData + ); + /** This command is used to cause an update to the indicated PCR. The digests parameter contains one or more tagged digest value identified by an algorithm ID. diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c index ee8fe6e06e..591cbfcb79 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include "HashLibBaseCryptoRouterCommon.h" @@ -128,6 +129,49 @@ HashUpdate ( return EFI_SUCCESS; } +/** + extend Data to NvIndex. + + @param NvIndex NvIndex to be extended. + @param DataSize Data size. + @param Data Data to be extended. + + @retval EFI_SUCCESS Data is extended to NvIndex successfully. +**/ +EFI_STATUS +EFIAPI +Tpm2ExtendNvIndex ( + TPMI_RH_NV_INDEX NvIndex, + UINT16DataSize, + BYTE *Data + ) +{ + EFI_STATUSStatus; + TPMI_RH_NV_AUTH AuthHandle; + TPM2B_MAX_BUFFER NvExtendData; + + AuthHandle = TPM_RH_PLATFORM; + ZeroMem (, sizeof (NvExtendData)); + CopyMem (NvExtendData.buffer, Data, DataSize); + NvExtendData.size = DataSize; + Status= Tpm2NvExtend ( +AuthHandle, +NvIndex, +NULL, + +); + if (EFI_ERROR (Status)) { +DEBUG (( + DEBUG_ERROR, + "Extend TPM NV index failed, Index: 0x%x Status: %d\n", + NvIndex, + Status + )); + } + + return Status; +} + /** Hash sequence complete and extend to PCR. @@ -149,11 +193,16 @@ HashCompleteAndExtend ( OUT TPML_DIGEST_VALUES *DigestList ) { - TPML_DIGEST_VALUES Digest; - HASH_HANDLE *HashCtx; - UINTN Index; - EFI_STATUS Status; - UINT32 HashMask; + TPML_DIGEST_VALUES Digest; + HASH_HANDLE *HashCtx; + UINTNIndex; + EFI_STATUS Status; + UINT32 HashMask; + TPML_DIGEST_VALUES TcgPcrEvent2Digest; + EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; + UINT32 ActivePcrBanks; + UINT32 *BufferPtr; + UINT32 DigestListBinSize; if (mHashInterfaceCount == 0) { return EFI_UNSUPPORTED; @@ -175,10 +224,29 @@ HashCompleteAndExtend ( FreePool (HashCtx); - Status = Tpm2PcrExtend ( - PcrIndex, - DigestList - ); + if (PcrIndex <= MAX_PCR_INDEX) { +Status = Tpm2PcrExtend ( + PcrIndex, + DigestList + ); + } else { +Status = Tpm2GetCapabilitySupportedAndActivePcrs (, ); +ASSERT_EFI_ERROR (Status); +ActivePcrBanks = ActivePcrBanks & mSupportedHashMaskCurrent; +ZeroMem (, sizeof (TcgPcrEvent2Digest)); +BufferPtr = CopyDigestListToBuffer (, DigestList, ActivePcrBanks); +DigestListBinSize = (UINT32)((UINT8 *)BufferPtr - (UINT8 *)); + +// +// Extend to TPM NvIndex +
[edk2-devel] [edk2-staging][PATCH v1 6/7] SecurityPkg: TcgPei: Replace PcdStatusCodeSubClassTpmDevice
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 This change replaces the references of PcdStatusCodeSubClassTpmDevice with newly defined EFI_PERIPHERAL_TPM. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Kun Qin --- SecurityPkg/Tcg/TcgPei/TcgPei.c | 4 ++-- SecurityPkg/Tcg/TcgPei/TcgPei.inf | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c index 5aa80511aa81..dd9f996df9fe 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c @@ -355,7 +355,7 @@ HashLogExtendEvent ( BuildGuidHob (, 0); REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + (BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR) ); Status = EFI_DEVICE_ERROR; } @@ -922,7 +922,7 @@ PeimEntryMA ( BuildGuidHob (, 0); REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + (BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR) ); } diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf index 2e3e7e0575d5..f49bb09062e3 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf @@ -78,7 +78,6 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice## SOMETIMES_CONSUMES [Depex] gEfiPeiMasterBootModePpiGuid AND -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91081): https://edk2.groups.io/g/devel/message/91081 Mute This Topic: https://groups.io/mt/92200218/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 7/7] SecurityPkg: SubClassTpm: Updated default value
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 This change updated the default value of TPM device subclass PCD to `0x010E` in order to match the definition of EFI_PERIPHERAL_TPM from PI specification. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Kun Qin --- SecurityPkg/SecurityPkg.dec | 6 +++--- SecurityPkg/SecurityPkg.uni | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 0ee75efc1a97..cc93ebb54f99 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -310,10 +310,10 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x0006 ## Progress Code for TPM device subclass definitions. - # EFI_PERIPHERAL_TPM = (EFI_PERIPHERAL | 0x000D) = 0x010D + # EFI_PERIPHERAL_TPM = (EFI_PERIPHERAL | 0x000E) = 0x010E # @Prompt Status Code for TPM device definitions - # @ValidList 0x8003 | 0x010D - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D|UINT32|0x0007 + # @ValidList 0x8003 | 0x010E + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010E|UINT32|0x0007 ## Defines the IO port used to trigger a software System Management Interrupt (SMI). # Used as the SMI Command IO port by security functionality that triggers a software SMI such diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni index 68587304d779..6c28b8021333 100644 --- a/SecurityPkg/SecurityPkg.uni +++ b/SecurityPkg/SecurityPkg.uni @@ -169,7 +169,7 @@ #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeSubClassTpmDevice_PROMPT #language en-US "Status Code for TPM device definitions" #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeSubClassTpmDevice_HELP #language en-US "Progress Code for TPM device subclass definitions.\n" - "EFI_PERIPHERAL_TPM = (EFI_PERIPHERAL | 0x000D) = 0x010D" + "EFI_PERIPHERAL_TPM = (EFI_PERIPHERAL | 0x000E) = 0x010E" #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRsa2048Sha256PublicKeyBuffer_PROMPT #language en-US "One or more SHA 256 Hashes of RSA 2048 bit public keys used to verify Recovery and Capsule Update images" -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91082): https://edk2.groups.io/g/devel/message/91082 Mute This Topic: https://groups.io/mt/92200219/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 3/7] SecurityPkg: Tcg2Dxe: Replace PcdStatusCodeSubClassTpmDevice
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 This change replaces the references of PcdStatusCodeSubClassTpmDevice with newly defined EFI_PERIPHERAL_TPM. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Kun Qin --- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 4 ++-- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index f6ea8b2bbf18..d6d2994f400b 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -1256,7 +1256,7 @@ TcgDxeHashLogExtendEvent ( mTcgDxeData.BsCap.TPMPresentFlag = FALSE; REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + (BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR) ); } @@ -1342,7 +1342,7 @@ Tcg2HashLogExtendEvent ( mTcgDxeData.BsCap.TPMPresentFlag = FALSE; REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, -(PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) +(BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR) ); } } else { diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf index 7dc7a2683d71..b40bdfc1c975 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -98,7 +98,6 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91078): https://edk2.groups.io/g/devel/message/91078 Mute This Topic: https://groups.io/mt/92200215/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 5/7] SecurityPkg: TcgDxe: Replace PcdStatusCodeSubClassTpmDevice
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 This change replaces the references of PcdStatusCodeSubClassTpmDevice with newly defined EFI_PERIPHERAL_TPM. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Kun Qin --- SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 2 +- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c index ee6c6273033b..779125b1beb4 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c @@ -593,7 +593,7 @@ TcgDxeHashLogExtendEventI ( TcgData->BsCap.TPMPresentFlag = FALSE; REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + (BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR) ); Status = EFI_DEVICE_ERROR; } diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf index c93b377b34ff..be0f4a64958c 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf @@ -70,7 +70,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES [Depex] -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91080): https://edk2.groups.io/g/devel/message/91080 Mute This Topic: https://groups.io/mt/92200217/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 1/7] EDK2 Code First: PI Specification: New peripheral subclass for TPM
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 This change includes specification update markdown file that describes the proposed PI Specification v1.7 Errata A in detail and potential impact to the existing codebase. Cc: Andrew Fish Cc: Leif Lindholm Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Signed-off-by: Kun Qin --- CodeFirst/BZ3966-SpecChange.md | 60 1 file changed, 60 insertions(+) diff --git a/CodeFirst/BZ3966-SpecChange.md b/CodeFirst/BZ3966-SpecChange.md new file mode 100644 index ..8a1541bdd577 --- /dev/null +++ b/CodeFirst/BZ3966-SpecChange.md @@ -0,0 +1,60 @@ +# Title: Introduction of `EFI_PERIPHERAL_TPM` Peripheral Subclass Definition + +## Status: Draft + +## Document: UEFI Platform Initialization Specification Version 1.7 Errata A + +## License + +SPDX-License-Identifier: CC-BY-4.0 + +## Submitter: [TianoCore Community](https://www.tianocore.org) + +## Summary of the change + +Add `EFI_PERIPHERAL_TPM` into Peripheral Subclass definition. + +## Benefits of the change + +Current status code covered various [peripheral subclass definitions](https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Pi/PiStatusCode.h). + +As Trusted Platform Module (TPM) becomes more available on the modern systems, status reports from such peripheral are playing more important roles in anaylzing the secruity state and healthiness of a system. However, peripheral subclass definitions do not cover TPM as of today. + +Standardizing the TPM peripheral subclass definition could facilitate the parsing of peripheral reported errors and avoid potential definition collisions from implementation based subclass usages. + +The request of this change intends to expand definitions of `EFI_PERIPHERAL_**` under Periperhal Subclass definitions to cover the TPM subclass. + +## Impact of the change + +Occupy a new macro definitions of subclass under `Defined Subclasses: User-Accessible Peripheral Class`. + +## Detailed description of the change [normative updates] + +### Specification Changes + +1. In PI Specification v1.7 Errata A: Vol. 3, Table 3-30: Defined Subclasses: User-Accessible Peripheral Class, add one new rows below `EFI_PERIPHERAL_DOCKING` definition and adjust the rest of reserved definitions accordingly: + +| Subclass | Code Name | Description | +| --- | --- | --- | +| Trusted Platform Module | EFI_PERIPHERAL_TPM | The peripheral referred to is a Trusted Platform Module | +| 0x0F–0x7F | Reserved for future use by this specification | | + +1. In PI Specification v1.7 Errata A: Vol. 3, Table 3-84: Defined Subclasses: User-Accessible Peripheral Class, add one new rows below `EFI_PERIPHERAL_DOCKING` definition and adjust the rest of reserved definitions accordingly: + +| Subclass | Code Name | +| --- | --- | +| Trusted Platform Module | EFI_PERIPHERAL_TPM | +| 0x0F–0x7F | Reserved for future use by this specification. | + +1. In PI Specification v1.7 Errata A: Vol. 3, Section 6.7.2.1 Subclass Definitions: Prototype, add one new definitions below `EFI_PERIPHERAL_DOCKING` definition: + +```c +#define EFI_PERIPHERAL_TPM \ + (EFI_PERIPHERAL | 0x000E) +``` + +### Code Changes + +1. Add macro definitions in `MdePkg/Include/Pi/PiStatusCode.h` to match new specification. +1. Replace existing references of `gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice` from SecurityPkg with new definition. +1. Updated the default value of `gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice` to `(EFI_PERIPHERAL | 0x000E)` for consistency and backwards compatibility outside of SecurityPkg. -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91076): https://edk2.groups.io/g/devel/message/91076 Mute This Topic: https://groups.io/mt/92200212/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 4/7] SecurityPkg: Tcg2Pei: Replace PcdStatusCodeSubClassTpmDevice
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 This change replaces the references of PcdStatusCodeSubClassTpmDevice with newly defined EFI_PERIPHERAL_TPM. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Kun Qin --- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 4 ++-- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c index 26bb5282a58b..4fe474aade49 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -501,7 +501,7 @@ HashLogExtendEvent ( BuildGuidHob (, 0); REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + (BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR) ); } @@ -1150,7 +1150,7 @@ PeimEntryMA ( BuildGuidHob (, 0); REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + (BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR) ); } diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf index 17ad1161265d..98a26b0ad87c 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -82,7 +82,6 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy ## CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES ## SOMETIMES_CONSUMES ## SOMETIMES_PRODUCES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91079): https://edk2.groups.io/g/devel/message/91079 Mute This Topic: https://groups.io/mt/92200216/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 0/7] Add TPM subclass definition
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 >From PI Specification v1.7 Errata A, EFI_PERIPHERAL_DOCKING is defined as 0xD (as well as included in PiStatusCode.h). However, subclass employed as PCD for TPM peripheral in SecurityPkg is also defined as 0xD. The TPM subclass code was used in TcgPei.c when reporting error codes. The collision of subclass definition could cause the parsing of reported errors being ambiguous. This patch series add EFI_PERIPHERAL_TPM as a spec-defined value and removed potential usages in the SecurityPkg. Patch v1 branch: https://github.com/kuqin12/edk2/tree/BZ3966-add_tpm_subclass Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Cc: Andrew Fish Cc: Leif Lindholm Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Kun Qin (7): EDK2 Code First: PI Specification: New peripheral subclass for TPM MdePkg: MmCommunication: Add TPM subclass definition to MdePkg SecurityPkg: Tcg2Dxe: Replace PcdStatusCodeSubClassTpmDevice SecurityPkg: Tcg2Pei: Replace PcdStatusCodeSubClassTpmDevice SecurityPkg: TcgDxe: Replace PcdStatusCodeSubClassTpmDevice SecurityPkg: TcgPei: Replace PcdStatusCodeSubClassTpmDevice SecurityPkg: SubClassTpm: Updated default value SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 4 +- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 4 +- SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 2 +- SecurityPkg/Tcg/TcgPei/TcgPei.c | 4 +- CodeFirst/BZ3966-SpecChange.md | 60 MdePkg/Include/Pi/PiStatusCode.h| 1 + SecurityPkg/SecurityPkg.dec | 6 +- SecurityPkg/SecurityPkg.uni | 2 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf | 1 - SecurityPkg/Tcg/TcgPei/TcgPei.inf | 1 - 12 files changed, 72 insertions(+), 15 deletions(-) create mode 100644 CodeFirst/BZ3966-SpecChange.md -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91075): https://edk2.groups.io/g/devel/message/91075 Mute This Topic: https://groups.io/mt/92200211/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 2/7] MdePkg: MmCommunication: Add TPM subclass definition to MdePkg
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 This change introduces a new peripheral subclass definition. The new subclass definition will cover system reboot events under the status reports from Trusted Platform Modules (TPMs). These definition could provide helpful datapoints to OEMs to analyze system security state and healthiness, as well as avoid definition collision with other existing peripheral subclass definitions. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Signed-off-by: Kun Qin --- MdePkg/Include/Pi/PiStatusCode.h | 1 + 1 file changed, 1 insertion(+) diff --git a/MdePkg/Include/Pi/PiStatusCode.h b/MdePkg/Include/Pi/PiStatusCode.h index ef2aea7364bc..d65b65654053 100644 --- a/MdePkg/Include/Pi/PiStatusCode.h +++ b/MdePkg/Include/Pi/PiStatusCode.h @@ -363,6 +363,7 @@ typedef struct { #define EFI_PERIPHERAL_LCD_DEVICE (EFI_PERIPHERAL | 0x000B) #define EFI_PERIPHERAL_NETWORK (EFI_PERIPHERAL | 0x000C) #define EFI_PERIPHERAL_DOCKING (EFI_PERIPHERAL | 0x000D) +#define BZ3966_EFI_PERIPHERAL_TPM (EFI_PERIPHERAL | 0x000E) ///@} /// -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91077): https://edk2.groups.io/g/devel/message/91077 Mute This Topic: https://groups.io/mt/92200214/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] ArmVirtPkg: boot fail on numa system
When qemu aarch64 is configured as NUMA, the EDK2 boot fail. Below is my test command: ``` qemu-system-aarch64 \ -nographic \ -serial tcp:localhost:54320 -serial tcp:localhost:54321 \ -smp 4 \ -s -S -machine virt,secure=on,mte=off,gic-version=3,virtualization=false \ -cpu max,sve=off \ -d unimp -semihosting-config enable=on,target=native \ -m 2048 \ -bios bl1.bin\ -initrd rootfs.cpio.gz \ -kernel Image -no-acpi \ -append 'console=ttyAMA0,38400 keep_bootcon root=/dev/vda2 ' \ -machine virt,iommu=smmuv3 -device virtio-scsi-pci,disable-legacy=on,id=scsi0,iommu_platform=on,addr=0x2 \ -object memory-backend-ram,id=mem0,size=1G \ -object memory-backend-ram,id=mem1,size=1G \ -numa node,memdev=mem0,cpus=0-1,nodeid=0 \ -numa node,memdev=mem1,cpus=2-3,nodeid=1 ``` Then I found that ArmVirtPkg always take the first memory node as system memory, but when I configure qemu, the memory node in qemu dtb is as following. ``` memory@8000 { numa-node-id = <0x01>; reg = <0x00 0x8000 0x00 0x4000>; device_type = "memory"; }; memory@4000 { numa-node-id = <0x00>; reg = <0x00 0x4000 0x00 0x4000>; device_type = "memory"; }; ``` Then edk2 use 'memory@8000' as system memory which is NUMA node 1. And the memory node order is implement in qemu: arm_load_dtb() which add memory from node 0 to N. https://gitlab.com/qemu-project/qemu/-/blob/master/hw/arm/boot.c#L618 As I understand it, loader should take node 0. Should I modify ArmVirtPkg/PrePi/FdtParser.c: FindMemnode() for the NUMA case ? -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91074): https://edk2.groups.io/g/devel/message/91074 Mute This Topic: https://groups.io/mt/92198841/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] Event: TianoCore Bug Triage - APAC / NAMO - 07/05/2022 #cal-reminder
*Reminder: TianoCore Bug Triage - APAC / NAMO* *When:* 07/05/2022 6:30pm to 7:30pm (UTC-07:00) America/Los Angeles *Where:* https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTk1YzJhN2UtOGQwNi00NjY4LWEwMTktY2JiODRlYTY1NmY0%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%226e4ce4c4-1242-431b-9a51-92cd01a5df3c%22%7d *Organizer:* Liming Gao gaolim...@byosoft.com.cn ( gaolim...@byosoft.com.cn?subject=Re:%20Event:%20TianoCore%20Bug%20Triage%20-%20APAC%20%2F%20NAMO ) View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=1262372 ) *Description:* TianoCore Bug Triage - APAC / NAMO Hosted by Liming Gao Microsoft Teams meeting *Join on your computer or mobile app* Click here to join the meeting ( https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTUyZTg2NjgtNDhlNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%22b286b53a-1218-4db3-bfc9-3d4c5aa7669e%22%7d ) *Join with a video conferencing device* te...@conf.intel.com Video Conference ID: 116 062 094 0 Alternate VTC dialing instructions ( https://conf.intel.com/teams/?conf=1160620940=teams=conf.intel.com=test_call ) *Or call in (audio only)* +1 916-245-6934,,77463821# ( tel:+19162456934,,77463821# ) United States, Sacramento Phone Conference ID: 774 638 21# Find a local number ( https://dialin.teams.microsoft.com/d195d438-2daa-420e-b9ea-da26f9d1d6d5?id=77463821 ) | Reset PIN ( https://mysettings.lync.com/pstnconferencing ) Learn More ( https://aka.ms/JoinTeamsMeeting ) | Meeting options ( https://teams.microsoft.com/meetingOptions/?organizerId=b286b53a-1218-4db3-bfc9-3d4c5aa7669e=46c98d88-e344-4ed4-8496-4ed7712e255d=19_meeting_OTUyZTg2NjgtNDhlNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh@thread.v2=0=en-US ) -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91073): https://edk2.groups.io/g/devel/message/91073 Mute This Topic: https://groups.io/mt/92177453/21656 Mute #cal-reminder:https://edk2.groups.io/g/devel/mutehashtag/cal-reminder Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [edk2-platforms] [PATCH 1/1] Platform/Sgi: Add support to disable isolated cpus
Hi Team, Is there any comment on this patch? Thanks, Nishant -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91071): https://edk2.groups.io/g/devel/message/91071 Mute This Topic: https://groups.io/mt/91816363/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] NetworkPkg/HttpBootDxe: Add Support for HTTP Boot Basic Authentication
Thanks Maciej. I've sent out a patch v2 which fixes the memory leak. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91070): https://edk2.groups.io/g/devel/message/91070 Mute This Topic: https://groups.io/mt/91829185/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2 1/1] NetworkPkg/HttpBootDxe: Add Support for HTTP Boot Basic Authentication
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2504 Add support for TLS Client Authentication using Basic Authentication for HTTP Boot Cc: Maciej Rabeda Cc: Wu Jiaxin Cc: Siyuan Fu Signed-off-by: Saloni Kasbekar --- MdePkg/Include/IndustryStandard/Http11.h | 8 ++ MdePkg/Include/Protocol/HttpBootCallback.h | 6 +- NetworkPkg/HttpBootDxe/HttpBootClient.c| 91 +- NetworkPkg/HttpBootDxe/HttpBootClient.h| 6 +- NetworkPkg/HttpBootDxe/HttpBootDxe.h | 6 ++ NetworkPkg/HttpBootDxe/HttpBootImpl.c | 23 +- 6 files changed, 135 insertions(+), 5 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Http11.h b/MdePkg/Include/IndustryStandard/Http11.h index f1f113e04b69..2137ef1f1ac3 100644 --- a/MdePkg/Include/IndustryStandard/Http11.h +++ b/MdePkg/Include/IndustryStandard/Http11.h @@ -204,6 +204,14 @@ /// #define HTTP_HEADER_IF_NONE_MATCH "If-None-Match" +/// +/// The WWW-Authenticate Response Header +/// If a server receives a request for an access-protected object, and an +/// acceptable Authorization header is not sent, the server responds with +/// a "401 Unauthorized" status code, and a WWW-Authenticate header. +/// +#define HTTP_HEADER_WWW_AUTHENTICATE "WWW-Authenticate" + /// /// Authorization Request Header /// The Authorization field value consists of credentials diff --git a/MdePkg/Include/Protocol/HttpBootCallback.h b/MdePkg/Include/Protocol/HttpBootCallback.h index 926f6c1b3076..b56c631b1f4f 100644 --- a/MdePkg/Include/Protocol/HttpBootCallback.h +++ b/MdePkg/Include/Protocol/HttpBootCallback.h @@ -32,7 +32,7 @@ typedef enum { /// HttpBootDhcp6, /// - /// Data points to an EFI_HTTP_MESSAGE structure, whichcontians a HTTP request message + /// Data points to an EFI_HTTP_MESSAGE structure, which contains a HTTP request message /// to be transmitted. /// HttpBootHttpRequest, @@ -46,6 +46,10 @@ typedef enum { /// buffer of the entity body data. /// HttpBootHttpEntityBody, + /// + /// Data points to the authentication information to provide to the HTTP server. + /// + HttpBootHttpAuthInfo, HttpBootTypeMax } EFI_HTTP_BOOT_CALLBACK_DATA_TYPE; diff --git a/NetworkPkg/HttpBootDxe/HttpBootClient.c b/NetworkPkg/HttpBootDxe/HttpBootClient.c index 62e87238fef7..deeea6f38669 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootClient.c +++ b/NetworkPkg/HttpBootDxe/HttpBootClient.c @@ -922,6 +922,7 @@ HttpBootGetBootFileCallback ( @retval EFI_BUFFER_TOO_SMALL The BufferSize is too small to read the current directory entry. BufferSize has been updated with the size needed to complete the request. + @retval EFI_ACCESS_DENIEDThe server needs to authenticate the client. @retval Others Unexpected error happened. **/ @@ -951,6 +952,9 @@ HttpBootGetBootFile ( CHAR16 *Url; BOOLEAN IdentityMode; UINTNReceivedSize; + CHAR8BaseAuthValue[80]; + EFI_HTTP_HEADER *HttpHeader; + CHAR8*Data; ASSERT (Private != NULL); ASSERT (Private->HttpCreated); @@ -1009,8 +1013,9 @@ HttpBootGetBootFile ( // Host // Accept // User-Agent + // [Authorization] // - HttpIoHeader = HttpIoCreateHeader (3); + HttpIoHeader = HttpIoCreateHeader ((Private->AuthData != NULL) ? 4 : 3); if (HttpIoHeader == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ERROR_2; @@ -1063,6 +1068,35 @@ HttpBootGetBootFile ( goto ERROR_3; } + // + // Add HTTP header field 4: Authorization + // + if (Private->AuthData != NULL) { +ASSERT (HttpIoHeader->MaxHeaderCount == 4); + +if ((Private->AuthScheme != NULL) && (CompareMem (Private->AuthScheme, "Basic", 5) != 0)) { + Status = EFI_UNSUPPORTED; + goto ERROR_3; +} + +AsciiSPrint ( + BaseAuthValue, + sizeof (BaseAuthValue), + "%a %a", + "Basic", + Private->AuthData + ); + +Status = HttpIoSetHeader ( + HttpIoHeader, + HTTP_HEADER_AUTHORIZATION, + BaseAuthValue + ); +if (EFI_ERROR (Status)) { + goto ERROR_3; +} + } + // // 2.2 Build the rest of HTTP request info. // @@ -,6 +1145,7 @@ HttpBootGetBootFile ( goto ERROR_4; } + Data = NULL; Status = HttpIoRecvResponse ( >HttpIo, TRUE, @@ -1121,6 +1156,60 @@ HttpBootGetBootFile ( StatusCode = HttpIo->RspToken.Message->Data.Response->StatusCode; HttpBootPrintErrorMessage (StatusCode); Status = ResponseData->Status; + if ((StatusCode == HTTP_STATUS_401_UNAUTHORIZED) || \ + (StatusCode == HTTP_STATUS_407_PROXY_AUTHENTICATION_REQUIRED)) + { +if (Private->AuthData != NULL) { + FreePool (Private->AuthData); + Private->AuthData = NULL; +
[edk2-devel] [PATCH] ArmVirtPkg: Fix boot fail on numa system.
If "numa-node-id" is specified in a memory node, take node 0 as system memory instead of taking the first memory node. Cc: YJ Chiang Signed-off-by: Mark-PK Tsai --- ArmVirtPkg/PrePi/FdtParser.c | 32 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/ArmVirtPkg/PrePi/FdtParser.c b/ArmVirtPkg/PrePi/FdtParser.c index 5a91f7e62d..5c7de3bc31 100644 --- a/ArmVirtPkg/PrePi/FdtParser.c +++ b/ArmVirtPkg/PrePi/FdtParser.c @@ -19,19 +19,43 @@ FindMemnode ( INT32SizeCells; INT32Length; CONST INT32 *Prop; + INT32NumaId; + INT32Node, Prev; + CONST CHAR8 *Type; if (fdt_check_header (DeviceTreeBlob) != 0) { return FALSE; } // - // Look for a node called "memory" at the lowest level of the tree + // Look for the lowest memory node. + // On Numa system, use node 0 as system memory. // - MemoryNode = fdt_path_offset (DeviceTreeBlob, "/memory"); - if (MemoryNode <= 0) { -return FALSE; + MemoryNode = -1; + NumaId = -1; + + for (Prev = 0; ; Prev = Node) { +Node = fdt_next_node (DeviceTreeBlob, Prev, NULL); +if (Node < 0) + break; + +Type = fdt_getprop (DeviceTreeBlob, Node, "device_type", ); +if (Type && (AsciiStrnCmp (Type, "memory", Length) == 0)) { + Prop = fdt_getprop (DeviceTreeBlob, Node, "numa-node-id", ); + if (Prop && Length == 4) { +NumaId = fdt32_to_cpu (*Prop); + } + + if (!Prop || (Prop && NumaId == 0)) { +MemoryNode = Node; +break; + } +} } + if (MemoryNode < 0) +return FALSE; + // // Retrieve the #address-cells and #size-cells properties // from the root node, or use the default if not provided. -- 2.32.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91068): https://edk2.groups.io/g/devel/message/91068 Mute This Topic: https://groups.io/mt/92188181/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] MdeModulePkg/Variable: SCT run AuthVar_conf is failed
From: Lijun10x REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3969 Attr are EFI_VARIABLE_NON_VOLATILE|VARIABLE_AUTHENTICATED_WRITE_ACCESS, will return EFI_INVALID_PARAMETER. Added one case, only when one attribute is EFI_VARIABLE_NON_VOLATILE will EFI_INVALID_PARAMETER be returned. If attr are EFI_VARIABLE_NON_VOLATILE|VARIABLE_AUTHENTICATED_WRITE_ACCESS will return EFI_UNSUPPORTED. In the UEFI2.7 spec, there is a description as below: EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and should not be used. Platforms should return EFI_UNSUPPORTED if a caller to SetVariable() specifies this attribute. Signed-off-by: JunX1 Li Reviewed-by: Liming Gao Reviewed-by: G Edhaya Chandran Reviewed-by: Samer El-Haj-Mahmoud Reviewed-by: Sunny Wang --- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index 6c1a3440ac..14c176887a 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -2676,7 +2676,11 @@ VariableServiceSetVariable ( // // Only EFI_VARIABLE_NON_VOLATILE attribute is invalid // -return EFI_INVALID_PARAMETER; +if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) { + return EFI_UNSUPPORTED; +} else { + return EFI_INVALID_PARAMETER; +} } else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) { if (!mVariableModuleGlobal->VariableGlobal.AuthSupport) { // -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91067): https://edk2.groups.io/g/devel/message/91067 Mute This Topic: https://groups.io/mt/92188170/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] UEFI & RISC-V
Hi Abner, This is Nill, how are you? I found you have lots of work on UEFI on RISC-V, we are interesting in the area as well. Do you have time? I'd like to have talk with you-:). Thanks, -Nill -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91066): https://edk2.groups.io/g/devel/message/91066 Mute This Topic: https://groups.io/mt/92188167/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v3 1/3] [edk2-platforms] Silicon/Intel/FitGen: Support multiple Startup ACM Type 2 entries in FitGen tool
This patch series was pushed. Thanks, Bob -Original Message- From: Lin, Jason1 Sent: Friday, July 1, 2022 11:10 PM To: devel@edk2.groups.io Cc: Lin, Jason1 ; Feng, Bob C ; Gao, Liming ; Chen, Christine ; Oram, Isaac W ; Chaganty, Rangasai V ; Chiang, Dakota Subject: [PATCH v3 1/3] [edk2-platforms] Silicon/Intel/FitGen: Support multiple Startup ACM Type 2 entries in FitGen tool From: Jason1 Lin REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3958 Within current FitGen tool there had limitation only allow one S-ACM to generate the Type 2 entry. This code change is used to support multiple type 2 entries up to 0x20. Signed-off-by: Jason1 Lin Cc: Bob Feng Cc: Liming Gao Cc: Yuwei Chen Cc: Isaac W Oram Cc: Rangasai V Chaganty Cc: Dakota Chiang --- Silicon/Intel/Tools/FitGen/FitGen.c | 89 +++- Silicon/Intel/Tools/FitGen/FitGen.h | 4 +- 2 files changed, 50 insertions(+), 43 deletions(-) diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitGen/FitGen.c index 4de72ea422..eac8fa8715 100644 --- a/Silicon/Intel/Tools/FitGen/FitGen.c +++ b/Silicon/Intel/Tools/FitGen/FitGen.c @@ -2,7 +2,7 @@ This utility is part of build process for IA32/X64 FD. It generates FIT table. -Copyright (c) 2010-2021, Intel Corporation. All rights reserved.+Copyright (c) 2010-2022, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -204,6 +204,7 @@ typedef struct { #define MAX_BIOS_MODULE_ENTRY 0x20 #define MAX_MICROCODE_ENTRY 0x20+#define MAX_STARTUP_ACM_ENTRY 0x20 #define MAX_OPTIONAL_ENTRY 0x20 #define MAX_PORT_ENTRY 0x20 @@ -255,11 +256,12 @@ typedef struct { UINT32 FitEntryNumber; UINT32 BiosModuleNumber; UINT32 MicrocodeNumber;+ UINT32 StartupAcmNumber; UINT32 OptionalModuleNumber; UINT32 PortModuleNumber; UINT32 GlobalVersion; UINT32 FitHeaderVersion;- FIT_TABLE_CONTEXT_ENTRYStartupAcm;+ FIT_TABLE_CONTEXT_ENTRYStartupAcm[MAX_STARTUP_ACM_ENTRY]; UINT32 StartupAcmVersion; FIT_TABLE_CONTEXT_ENTRYDiagnstAcm; UINT32 DiagnstAcmVersion;@@ -1149,14 +1151,15 @@ Returns: Error (NULL, 0, 0, "-I Parameter incorrect, Header Type unsupported!", NULL); return 0; case FIT_TABLE_TYPE_STARTUP_ACM:- if (gFitTableContext.StartupAcm.Type != 0) {-Error (NULL, 0, 0, "-I Parameter incorrect, Duplicated StartupAcm!", NULL);+ if (gFitTableContext.StartupAcmNumber >= MAX_STARTUP_ACM_ENTRY) {+Error (NULL, 0, 0, "-I Parameter incorrect, too many StartupAcm!", NULL); return 0; }- gFitTableContext.StartupAcm.Type= FIT_TABLE_TYPE_STARTUP_ACM;- gFitTableContext.StartupAcm.Address = (UINT32)BiosInfoStruct[BiosInfoIndex].Address;- gFitTableContext.StartupAcm.Size= (UINT32)BiosInfoStruct[BiosInfoIndex].Size;- gFitTableContext.StartupAcmVersion = BiosInfoStruct[BiosInfoIndex].Version;+ gFitTableContext.StartupAcm[gFitTableContext.StartupAcmNumber].Type= FIT_TABLE_TYPE_STARTUP_ACM;+ gFitTableContext.StartupAcm[gFitTableContext.StartupAcmNumber].Address = (UINT32)BiosInfoStruct[BiosInfoIndex].Address;+ gFitTableContext.StartupAcm[gFitTableContext.StartupAcmNumber].Size= (UINT32)BiosInfoStruct[BiosInfoIndex].Size;+ gFitTableContext.StartupAcm[gFitTableContext.StartupAcmNumber].Version = BiosInfoStruct[BiosInfoIndex].Version;+ gFitTableContext.StartupAcmNumber ++; gFitTableContext.FitEntryNumber ++; break; case FIT_TABLE_TYPE_DIAGNST_ACM:@@ -1351,16 +1354,15 @@ Returns: // // 1. StartupAcm //- do {+ while (TRUE) { if ((Index + 1 >= argc) || ((strcmp (argv[Index], "-S") != 0) && (strcmp (argv[Index], "-s") != 0)) ) {- if (BiosInfoExist && (gFitTableContext.StartupAcm.Type == FIT_TABLE_TYPE_STARTUP_ACM)) {- break;+ if (gFitTableContext.StartupAcmNumber == 0) {+printf ("-S not found. WARNING!\n"); } // Error (NULL, 0, 0, "-S Parameter incorrect, expect -S!", NULL); // return 0;- printf ("-S not found. WARNING!\n"); break; } if (IsGuidData (argv[Index + 1], )) {@@ -1381,14 +1383,13 @@ Returns: FileSize = xtoi (argv[Index + 2]); Index += 3; }-if (gFitTableContext.StartupAcm.Type != 0) {- Error (NULL, 0, 0, "-S Parameter incorrect, Duplicated StartupAcm!", NULL);+if (gFitTableContext.StartupAcmNumber >= MAX_STARTUP_ACM_ENTRY) {+ Error (NULL, 0, 0, "-S Parameter incorrect, too many StartupAcm!", NULL); return 0; }-gFitTableContext.StartupAcm.Type = FIT_TABLE_TYPE_STARTUP_ACM;-
Re: [edk2-devel] [PATCH] UefiPayloadPkg: Set console rows and columns to 100
Reviewed-by: Lean Sheng Tan< sheng@9elements.com > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91064): https://edk2.groups.io/g/devel/message/91064 Mute This Topic: https://groups.io/mt/92120219/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] UefiPayloadPkg: Hook up PCIE_BASE build option
Reviewed-by: Lean Sheng Tan< sheng@9elements.com > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91063): https://edk2.groups.io/g/devel/message/91063 Mute This Topic: https://groups.io/mt/92160855/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 1/3] UefiPayloadPkg: Allow full screen setup mode
Reviewed-by: Lean Sheng Tan< sheng@9elements.com > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91062): https://edk2.groups.io/g/devel/message/91062 Mute This Topic: https://groups.io/mt/92172172/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] How to get FrontPage to fill screen
Hi Liming Thanks - I managed to get it working with two patches: https://edk2.groups.io/g/devel/message/91046 https://review.coreboot.org/c/coreboot/+/65643 Sean On Tue, 5 Jul 2022 at 01:56, gaoliming via groups.io wrote: > Please try below setting. > > > > gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn | 128 > > gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow | 40 > > gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution | 1024 > > gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution | 768 > > > > Thanks > > Liming > > *发件人:* devel@edk2.groups.io *代表 *Sean Rhodes > *发送时间:* 2022年7月5日 2:44 > *收件人:* Gerd Hoffmann > *抄送:* devel@edk2.groups.io > *主题:* Re: [edk2-devel] How to get FrontPage to fill screen > > > > Hi Gerd > > > > Thank you very much :) > > > > > > On Mon, 4 Jul 2022 at 10:40, Gerd Hoffmann wrote: > > On Mon, Jul 04, 2022 at 10:03:40AM +0100, Sean Rhodes wrote: > > Hi > > > > Would anyone have any suggestions on getting the Front Page to fill the > > screen? As far as I can see, configuring the below PCDs should allow it > to > > fill the screen - which is being correctly detected as 1920x1080. > > Depends on whenever the system has a serial console or not ... > > ConSplitterDxe uses the intersection of all outputs as final list of > supported text modes. > > > However, it ends up in a rather strange shape: > > [image: UiApp.jpg] > > 80x50? > > take care, > Gerd > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91061): https://edk2.groups.io/g/devel/message/91061 Mute This Topic: https://groups.io/mt/92181096/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2] UefiPayloadPkg: Add macro to support selective driver in UPL
From: James Lu REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3967 Add macros to decide modules built into UPL.elf. Macro list: - GENERIC_MEMORY_TEST_ENABLE: GenericMemoryTestDxe - MEMORY_TEST: NullMemoryTestDxe or GenericMemoryDxe - ATA_ENABLE: SataControllerDxe, AtaBusDxe, AtaAtapiPassThruDxe - SD_ENABLE: SdMmcPciDxe, EmmcDxe, SdDxe - PS2_MOUSE_ENABLE: Ps2MouseDxe Cc: Guo Dong Cc: Ray Ni Cc: Gua Guo Signed-off-by: James Lu --- UefiPayloadPkg/UefiPayloadPkg.dsc | 21 UefiPayloadPkg/UefiPayloadPkg.fdf | 14 - 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index cfcf38578d..25443139a6 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -36,7 +36,16 @@ DEFINE PLATFORM_BOOT_TIMEOUT= 3 DEFINE ABOVE_4G_MEMORY = TRUE DEFINE BOOT_MANAGER_ESCAPE = FALSE + DEFINE ATA_ENABLE = TRUE + DEFINE SD_ENABLE= TRUE + DEFINE PS2_MOUSE_ENABLE = TRUE DEFINE SD_MMC_TIMEOUT = 100 + + # + # NULL:NullMemoryTestDxe + # GENERIC: GenericMemoryTestDxe + # + DEFINE MEMORY_TEST = NULL # # SBL: UEFI payload for Slim Bootloader # COREBOOT: UEFI payload for coreboot @@ -596,7 +605,11 @@ MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf +!if $(MEMORY_TEST) == "GENERIC" + MdeModulePkg/Universal/MemoryTest/GenericMemoryTestDxe/GenericMemoryTestDxe.inf +!elseif $(MEMORY_TEST) == "NULL" MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf +!endif MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf @@ -631,9 +644,11 @@ MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf +!if $(ATA_ENABLE) == TRUE MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf +!endif MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf @@ -644,9 +659,11 @@ # # SD/eMMC Support # +!if $(SD_ENABLE) == TRUE MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf MdeModulePkg/Bus/Sd/EmmcDxe/EmmcDxe.inf MdeModulePkg/Bus/Sd/SdDxe/SdDxe.inf +!endif # # Usb Support @@ -671,7 +688,9 @@ !if $(PS2_KEYBOARD_ENABLE) == TRUE MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf !endif +!if $(PS2_MOUSE_ENABLE) == TRUE MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf +!endif # # Console Support @@ -742,12 +761,14 @@ # This should be FALSE for compiling the dynamic command. gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE } +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE ShellPkg/DynamicCommand/DpDynamicCommand/DpDynamicCommand.inf { ## This flag is used to control initialization of the shell library # This should be FALSE for compiling the dynamic command. gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE } +!endif ShellPkg/Application/Shell/Shell.inf { ## This flag is used to control initialization of the shell library diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayloadPkg.fdf index c7b04978ad..92afc13b9c 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.fdf +++ b/UefiPayloadPkg/UefiPayloadPkg.fdf @@ -149,7 +149,11 @@ INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf -INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf +!if $(MEMORY_TEST) == "GENERIC" +INF MdeModulePkg/Universal/MemoryTest/GenericMemoryTestDxe/GenericMemoryTestDxe.inf +!elseif $(MEMORY_TEST) == "NULL" +INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf +!endif INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf @@ -176,7 +180,9 @@ INF OvmfPkg/SioBusDxe/SioBusDxe.inf !if $(PS2_KEYBOARD_ENABLE) == TRUE INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf !endif +!if $(PS2_MOUSE_ENABLE) == TRUE INF MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf +!endif # # Console Support @@ -195,9 +201,11 @@ INF UefiPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf INF
Re: [edk2-devel] [PATCH] UefiPayloadPkg: Add macro to support selective driver in UPL
Replied as below Thanks, James -Original Message- From: Ni, Ray Sent: Monday, July 4, 2022 11:34 AM To: Lu, James ; devel@edk2.groups.io Cc: Dong, Guo ; Guo, Gua Subject: RE: [PATCH] UefiPayloadPkg: Add macro to support selective driver in UPL > > +!if $(GENERIC_MEMORY_TEST_ENABLE) == TRUE > > + > MdeModulePkg/Universal/MemoryTest/GenericMemoryTestDxe/Generic > MemoryTestDxe.inf > > +!endif > > +!if $(NULL_MEMORY_TEST_ENABLE) == TRUE > > > MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryT > estDxe.inf > > +!endif 1. Is there a configuration that both GENERIC and NULL memory test is FALSE? If no, can we add a macro like "MEMORY_TEST" and its value could be "GENERIC" or "NULL"? [James] Will resolve in patch v2 > +!if $(ATA_ENABLE) == TRUE > >MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf > >MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf > >MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf 2. AtaAtapiPassThru also produces "gEfiExtScsiPassThruProtocolGuid" which is used by ScsiBusDxe. So, maybe we need to always include AtaAtapiPassThru driver. [James] This is to align client case that AtaAtapiPassThru.inf will not be included while ATA_ENABLE == FALSE And ScsiBusDxe is taken care the flow while gEfiExtScsiPassThruProtocolGuid not existing > ># > ># Usb Support > > @@ -671,7 +685,9 @@ > !if $(PS2_KEYBOARD_ENABLE) == TRUE > >MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf > > !endif > > +!if $(PS2_MOUSE_ENABLE) == TRUE > >MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf > > +!endif > > > ># > ># Console Support > > @@ -742,12 +758,14 @@ ># This should be FALSE for compiling the dynamic command. > >gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE > >} > > +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE 3. Thanks for catching that. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91059): https://edk2.groups.io/g/devel/message/91059 Mute This Topic: https://groups.io/mt/92047211/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] SecurityPkg: Add TPM NVIndex Extend support.
Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Rahul Kumar Cc: Qi Zhang --- SecurityPkg/Include/Library/Tpm2CommandLib.h | 21 +++ .../HashLibBaseCryptoRouterDxe.c | 77 +-- .../Library/Tpm2CommandLib/Tpm2NVStorage.c| 120 ++ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 26 +++- 4 files changed, 229 insertions(+), 15 deletions(-) diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h index a2fb97f18d..f2ff3a5c0c 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -467,6 +467,27 @@ Tpm2NvGlobalWriteLock ( IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL ); +/** + This command extends a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace(). + + @param[in] AuthHandle the handle indicating the source of the authorization value. + @param[in] NvIndexThe NV Index of the area to extend. + @param[in] AuthSessionAuth Session context + @param[in] InData The data to extend. + + @retval EFI_SUCCESSOperation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvExtend ( + IN TPMI_RH_NV_AUTHAuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, + IN TPM2B_MAX_BUFFER *InData + ); + /** This command is used to cause an update to the indicated PCR. The digests parameter contains one or more tagged digest value identified by an algorithm ID. diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c index ee8fe6e06e..264f500dc6 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include "HashLibBaseCryptoRouterCommon.h" @@ -128,6 +129,40 @@ HashUpdate ( return EFI_SUCCESS; } +EFI_STATUS +EFIAPI +Tpm2ExtendNvIndex ( + TPMI_RH_NV_INDEX NvIndex, + UINT16DataSize, + BYTE *Data + ) +{ + EFI_STATUSStatus; + TPMI_RH_NV_AUTH AuthHandle; + TPM2B_MAX_BUFFER NvExtendData; + + AuthHandle = TPM_RH_PLATFORM; + ZeroMem (, sizeof (NvExtendData)); + CopyMem (NvExtendData.buffer, Data, DataSize); + NvExtendData.size = DataSize; + Status= Tpm2NvExtend ( +AuthHandle, +NvIndex, +NULL, + +); + if (EFI_ERROR (Status)) { +DEBUG (( + DEBUG_ERROR, + "Extend TPM NV index failed, Index: 0x%x Status: %d\n", + NvIndex, + Status + )); + } + + return Status; +} + /** Hash sequence complete and extend to PCR. @@ -149,11 +184,16 @@ HashCompleteAndExtend ( OUT TPML_DIGEST_VALUES *DigestList ) { - TPML_DIGEST_VALUES Digest; - HASH_HANDLE *HashCtx; - UINTN Index; - EFI_STATUS Status; - UINT32 HashMask; + TPML_DIGEST_VALUES Digest; + HASH_HANDLE *HashCtx; + UINTNIndex; + EFI_STATUS Status; + UINT32 HashMask; + TPML_DIGEST_VALUES TcgPcrEvent2Digest; + EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; + UINT32 ActivePcrBanks; + UINT32 *BufferPtr; + UINT32 DigestListBinSize; if (mHashInterfaceCount == 0) { return EFI_UNSUPPORTED; @@ -175,10 +215,29 @@ HashCompleteAndExtend ( FreePool (HashCtx); - Status = Tpm2PcrExtend ( - PcrIndex, - DigestList - ); + if (PcrIndex <= MAX_PCR_INDEX) { +Status = Tpm2PcrExtend ( + PcrIndex, + DigestList + ); + } else { +Status = Tpm2GetCapabilitySupportedAndActivePcrs (, ); +ASSERT_EFI_ERROR (Status); +ActivePcrBanks = ActivePcrBanks & mSupportedHashMaskCurrent; +ZeroMem (, sizeof (TcgPcrEvent2Digest)); +BufferPtr = CopyDigestListToBuffer (, DigestList, ActivePcrBanks); +DigestListBinSize = (UINT32)((UINT8 *)BufferPtr - (UINT8 *)); + +// +// Extend to TPM NvIndex +// +Status = Tpm2ExtendNvIndex ( + PcrIndex, + (UINT16)DigestListBinSize, + (BYTE *) + ); + } + return Status; } diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c